Due Diligence Checklist for B2B SaaS
The List
- 1-00 Legal
- 1-01 - Trademark Information
- 1-02 - Entity details who owns current assets
- 1-03 - Domain Name(s)
- 1-04 - Other Source Identifiers (Social media handles)
- 1-05 - Inventory of software & databases
- 1-06 - Copyrights
- 1-07 - Patents
- 1-08 - Details of prior sale (if applicable)
- 1-09 - Claims / Litigations / Complaints
- 2-0 Finances
- 2-01 - P&L (36 months)
- 2-02 - Income Statement (36 months)
- 2-03 - Stripe Account or equivalent (read-only account)
- 3-00 Privacy & Security
- 3-01 - Privacy Policies
- 3-02 - PII & User Data Collection
- 3-03 - Security Breaches
- 3-04 - Software inventory
- 3-05 - System related information
- 3-06 - AWS inventory
- 3-07 - GDPR / CCPA Compliance
- 3-08 - ToS
- 3-09 - Credential / Secret information
- 4-00 Tech
- 4-01 - Read-only access to the source code
- 4-02 - Inventory of all services used
- 4-03 - Third party services
- 4-04 - Third party software
- 4-05 - Software Architecture documentation
- 4-06 - Deployment information
- 5-00 - Customers, Sales & Marketing
- 5-01 Market information including any market research
- 5-02 Information related to product usage (read-only access to analytics accounts / dashboards etc.)
- 5-03 Customer Support Volume
- 5-04 Customer Support Content (recent history)
- 5-05
- 6-00 - Vendor information
- 6-01 - Full vendor contact details (key suppliers,
- 6-02 - Contractor usage information including previous bills and/or timesheets
For small asset purchases, it may be that there isn’t an independent P&L or Income statement that can be pulled out for the entity. The inventory section becomes critical here to make sure that all expenses are accounted for.
Some process
I created two documents:
- A spreadsheet like the one below here which tracked each line item and the status on both the buyer and seller side.
- An accompanying Google doc which detailed each of the sections above and allowed the seller to input information where relevant so we could share.
These documents were shared between us in the data room.