Infrastructure and Network:
Assess if the company's IT and network environment is primarily Windows-based and identify other supported platforms.
Provide a list of all company sites with network and e-mail connectivity, detailing the type of business, headcount, and circuit size at each site.
List any additional company sites not connected to a WAN.
Describe external connectivity, including remote access, partners, vendors, firewalls, and third-party data connections.
Detail the company's website hosting environment, including location, server count, and service level agreements.
Internet
Does the company use the Internet for internal use as an interactive part of operations? What functions are used in this manner?
Has the company's firewall ever been penetrated, and how sensitive is the information stored on the company network's publicly available segments?
Does the company provide technical support information through its Web site?
Are Web site usage statistics tracked? If so, how are they used for management decisions?
In what way could operational costs decrease if the company's customers interacted with it through the Internet?
Systems and Applications:
Describe the company's e-mail and calendaring systems.
Identify internal business systems and applications supported, specifying the platforms they run on (e.g., Finance, HR, Sales, Operations, CRM).
Describe the security policies and procedures for the company's website and web services, including firewalls and traffic access points.
Outline connections between the company's website/web services and the internal office network, including usage and traffic volume.
Data Management and Security:
Provide details of the company's data backup solutions and disaster recovery processes.
Confirm if the company's website/web services use encryption.
List third-party IT and network service providers and fulfillment vendors.
Describe the operational interactions with customers and the maintenance of those relationships.
Detail the use of third-party software versus custom-built solutions, including maintenance contracts and version status.
Assess the extent of modifications to third-party systems and the impact on upgradeability.
Compliance and Licensing:
Evaluate monitoring of user computers for unauthorized software and the security of software distribution.
Determine the anticipated difficulty of integrating the company's databases into the buyer's systems.
Ensure there are adequate backup systems with offsite storage for corporate databases and individual computers.
List the software used by the company and provide copies of licensing agreements.
Detail any IT outsourcing agreements.
Operational and Strategic IT Review:
Assess current system usage, age, and the list of interfaces linking systems together.
Document IT processes, including application development, operations, disaster recovery, security, and cost management.
Gather information on the security and controls framework.
Detail any past cybersecurity incidents, including hacks or breaches.
Review the company's research and development plans for anticipated changes and cost implications.
Research, Development, and Compliance:
Evaluate the effectiveness of research and development personnel and their capacity for technological innovation.
Review royalty contracts for contingencies and verify terms with licensees.
Assess professional affiliations of management or R&D personnel for potential competing technology claims.
Ensure the company's exports comply with export control laws.