Technology Due Diligence Guide for Startups

Table of Content

    Every year Neebal Technologies works with a handful of startups to transform their dreams into reality. We work with them in engineering, UX design, and in building DevOps muscles for day-to-day hustle. Over the years, we have learned a great deal by working with numerous founders and by building our own products like H2OWorks, Subsidex, and Blynk

    Taking into account the experiences I have mentioned, I’m writing this blog post about how a startup can get ready for their technology due diligence with investors. Please note that this blog post is only about the technology part of the due diligence, it won’t cover idea validation, business viability, finance, and other aspects.

    I divided the blog post into 7 questions that startup founders can ask themselves to prepare for their technology due diligence.

    1. Are you building a technology product, feature, or add on?

    Although this is not directly related to technology development, it plays an important role in the overall technology journey. Many startups get into the vicious cycle of providing too many features to their users which dilutes the overall product vision and business value proposition.

    An investor always looks to determine whether the technology will result in building

    • A substantial company
    • An add-on product
    • Another feature

    A product always needs to be built keeping the end-user in mind. Are you helping them achieve 10X in their current process? If not, you will be just another feature load. You should focus on features which are giving 10X improvement in the user's existing process and from your competitor offering. User adoption will always be a key challenge, so unless you think about giving 10X value over your closest competition, it will be very difficult for you to get user adoption.

    To make this happen, you should always focus on your core business objectives and identify 3 core features which can help your customers 10X times greater than the closest competition. You can choose to work with a UX architect to carve out those niches. Get real information from actual users, collect real feedback, and perform A/B testing to identify what users need.

    2. Does your technology scale for demand?

    The second most important aspect is the ability to scale for demand. If you can’t serve customers because of your inability to scale quickly, it can be a hard choice for investors to support you. You never know when there will be sudden demand which you need to make up. Always be ready for at-least 3X scale. Build a technical debt backlog with identified bottleneck items which you need to solve to unlock the next level.

    While working for a prestigious startup in the education domain, we were anticipating a 9-12 month period to reach 1000 teachers and 10,000 students. Due to COVID-19, we had to scale our systems quickly and 25,000 new students were added within 25 days. This helped us win confidence from our customer and in turn with their investors. Now we are ready to support 1,00,000 students whenever we need.

    3. Are you secured?

    Talking about COVID-19, Zoom shot to sudden success with their online conferencing solution. They did a wonderful job managing their scale but failed to get security in place. Zoom-bombing and data leaks corroded what they gained out of their ability to serve. As we are moving global and remote working is becoming the new norm, building products with the right security protocol along with ease of access is a daunting task.

    Design security at the heart of design. Do not put security into the backlog for so-long that people forget about it. Focus on security automation with a ‘Shift Left’ testing approach. This will provide developers feedback about vulnerabilities early on and can quickly be mitigated. Build on standard frameworks which are industry tested. OWASP automated scanner , integration, Infrastructure automated scanning, CIS compliant images are some solutions which are easier to integrate and will save you a lot of hassle. We have implemented CIS compliant Linux OS images for instances and Docker and they are available on the AWS marketplace (if you’d like to use them).

    4. Do you have a defined product roadmap?

    Product building is a continuous task where features get added, prioritized, and upgraded. Investors would like to see the capability of consistent delivery with optimal quality and pressure handling. Your technical backlog and functional backlog matching with vision will help you showcase your crisp vision and your capability to achieve it.

    A simple backlog can be maintained within Google documents or tools like JIRA/Confluence and YouTrack. Have a record of features built, deadlines, progress, known risks, bugs, and technical debts. Build a mechanism to capture customer feedback post each delivery as testimonials help you win future deals faster.

    5. Is your product compliant to clear regulatory/compliant hurdles?

    Many startups take less precautions while architecting production from a compliance angle. Depending on the domain you are targeting, considering regulatory, legal, and compliance requirements is very critical.

    For healthcare startups, are you capturing PII and PHI related data? How are you managing HIPAA compliance? Document the manual process and build a tracker from Day 1. Make sure your infrastructure as well as 3rd party services are also compliant.

    For products built for children, take utmost precaution while capturing private information, validate the COPPA Act and POCSO law along with requirements from app publishers.

    Also make sure you are hosting data on compliant infrastructure and not sharing it cross-borders, especially for government focused products.

    At Neebal, we have managed to create a comprehensive checklist for each type of component to assess the current state and how to mitigate in case of red flags. The same is being used with the STeVa framework* to evaluate and identify the compliance score.

    6. What is your third party liability?

    Open-source definitely helps us deliver at speed, but 3rd party libs/open-source are a double edged sword. You should measure what to use and when to use. Have a matrix of all 3rd party libs, products/platforms. If one of them dies, it shouldn’t kill your product too. Always have an abstract integration to have a lower cost of switch and look out for superior technology and do proper due diligence before making a switch.

    Beware of open-source licenses referred to as “copyleft” or “viral licenses” as they impose on the user of the code the requirement that the entire product be licensed on the same terms as the open source component. (The best known examples of these kinds of licenses are the GPL and LGPL licenses)

    Do validate your license details/negotiation contract before taking a decision to start integrating them within your product. Use integration to validate your license check for open-source licenses. Always calculate per paid user cost of operation for each of 3rd party integrations. Maintain a list of all 3rd party code, library, framework, and services used inside the product.

    7. What is your cost of operations per user/per month from a technology angle?

    Can you showcase your monitoring capability and on track optimization with respect to cost? Apart from focusing on security, scale, and performance, startups should consider calculating operation cost per billable user per month. Investors look for the team's maturity in terms of monitoring and cost optimization.

    To calculate the cost of operation, you should keep track of your internal expenses, your infrastructure expenses, technical debt costing, licensed utilization, and other expenses. Take recurring targets to reduce the costs. Remember, adding a new feature or pivoting a feature should not cost a bomb.

    Also look up to automate manual processes to reduce cost. Consider investing time in setting up demo instances where you should be able to demo without significantly investing time and cost. Also keep a track of your break-even points (no. of customers/users) to reduce the cost to the next level. What are the break point numbers it will take to further reduce the cost? Answers to these will help you make the right decisions at the right time.

    Technology evolution can’t be a one time job, it should be done incrementally and evaluated frequently. As a startup owner, one needs to take extra precaution to keep evaluating and investing in technology debts. 

    *We have created STeVa, a comprehensive checklist and framework to adopt based on the vision of startups to help evaluate the technology maturity of technology products by providing a vision driven scoring service within 2 weeks. We have built the STeVa framework sourcing NFR questionnaires and have matched it with vision requirements to deliver score and priority quick fixes for different areas.

    In case you would like to get assistance in scoring your technology products, we can help you identify what and how to fix along with an overall product technology score. Email us at to get more information.

    About the Author

    Irshad Chohan is Neebal Technologies' Chief Technology Officer. As CTO, Irshad focuses on setting up and implementing technology practices and efficient processes for organizations and adopting new technologies while increasing optimization with re-usability and automation. Irshad believes in creating technology leaders within organizations. Reach out to Irshad at

    Topics: Neebal Insights