Identify potential. Assess risks. Secure decisions.
Due Diligence
Thorough due diligence is the key to successful outsourcing. We support you in the systematic review of potential vendors to make informed decisions and fulfil regulatory requirements.
- ✓Comprehensive assessment of vendors against standardised criteria
- ✓Identification and assessment of risks prior to contract conclusion
- ✓Fulfilment of regulatory requirements (e.g. MaRisk, BAIT, EBA Guidelines)
- ✓Sound decision-making basis for your vendor selection
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
- Your strategic goals and objectives
- Desired business outcomes and ROI
- Steps already taken
Or contact us directly:
Certifications, Partners and more...
IT Vendor Due Diligence: Structured Assessment
Our Strengths
- Many years of experience in conducting due diligence reviews
- Industry-specific know-how and regulatory expertise
- Structured methodology and proven assessment procedures
- Comprehensive documentation and decision-oriented reporting
⚠
Expert Tip
Thorough due diligence should not be limited to document review alone. On-site visits, interviews with key individuals, and independent reference checks provide valuable insights that go beyond the obvious.
ADVISORI in Numbers
11+
Years of Experience
120+
Employees
520+
Projects
Our approach to due diligence reviews is systematic, thorough, and tailored to your specific requirements.
Our Approach:
Definition of the review scope and evaluation criteria
Development and distribution of tailored due diligence questionnaires
Document review, interviews, and on-site assessments where applicable
Analysis and evaluation of the information gathered
Preparation of due diligence reports with recommendations for action
"Sound due diligence is the best investment in successful vendor relationships. It creates transparency, minimises risks, and lays the foundation for long-term partnerships that endure even under difficult conditions."
Sarah Richter
Head of Information Security, Cyber Security
Expertise & Experience:
10+ years of experience, CISA, CISM, Lead Auditor, DORA, NIS2, BCM, Cyber and Information Security
Our Services
We offer you tailored solutions for your digital transformation
Financial Due Diligence
Comprehensive review of the financial stability and business development of potential vendors.
- Analysis of annual financial statements and key financial metrics
- Assessment of financial stability and profitability
- Review of business model and future viability
- Analysis of investments and financial planning
Operational Due Diligence
Assessment of the vendor's operational capability, processes, and resources.
- Analysis of capacities, skills, and resources
- Assessment of process maturity and quality management
- Review of emergency and continuity measures
- Assessment of organisational structure
Compliance & Security Due Diligence
Review of compliance with regulatory requirements as well as IT and data security.
- Assessment of compliance management and governance
- Review of data protection compliance
- Assessment of IT security and information protection
- Analysis of certifications and audit results
Our Competencies in Dienstleisterauswahl
Choose the area that fits your requirements
Risk Analysis for Outsourcing
A well-founded risk analysis is the key to successful outsourcing decisions. We support you in the systematic identification, assessment, and management of all relevant risks in your outsourcing projects.
Frequently Asked Questions about Due Diligence
What is IT due diligence for vendor selection?
IT due diligence is a systematic assessment of potential IT vendors before contract signing. It evaluates IT security posture, data protection compliance, technical capabilities and operational risks. In regulated industries (banking, insurance), it is mandatory under MaRisk AT
9 and EBA outsourcing guidelines. The assessment typically includes document review, questionnaires, interviews and on-site audits for critical outsourcing arrangements.
What should be on a vendor due diligence checklist?
A vendor due diligence checklist covers: IT security certifications (ISO 27001, SOC 2, TISAX), data protection compliance (GDPR, data processing agreements), financial stability and business continuity, disaster recovery and business continuity plans, references and track record, subcontractor management, regulatory requirements (MaRisk, DORA, NIS2) and exit strategies with data return procedures.
What regulatory requirements apply to outsourcing due diligence?
In financial services, MaRisk (AT 9), BAIT and EBA outsourcing guidelines require documented due diligence before any outsourcing arrangement. Since January 2025, DORA (Digital Operational Resilience Act) adds ICT third-party risk assessment requirements. Cross-industry, GDPR mandates data processor assessments, and NIS 2 imposes supply chain security obligations for critical infrastructure operators.
How long does a vendor due diligence process take?
Duration depends on complexity and criticality. A basic screening takes
2 to
4 weeks, while a comprehensive due diligence for critical IT vendors takes
6 to
12 weeks. Regulated organisations face longer timelines due to additional compliance checks. A risk-based approach prioritises assessment depth by criticality — not every vendor requires a full-scope review.
What is the difference between IT due diligence and vendor due diligence?
IT due diligence focuses on technical aspects: IT architecture, security concepts, software quality and technical debt. Vendor due diligence is broader and also covers financial stability, compliance, operational capabilities and strategic fit. For IT outsourcing, both overlap: the IT due diligence becomes a core component of the comprehensive vendor due diligence assessment.
What cybersecurity aspects are assessed in due diligence?
Key cybersecurity assessment areas include: information security management system (ISMS per ISO 27001), access control and authorisation concepts, encryption (data at rest and in transit), network security and segmentation, patch and vulnerability management, security monitoring and incident response capabilities, backup and disaster recovery, and penetration test results and audit findings.
How does ADVISORI support IT vendor due diligence?
ADVISORI supports the entire due diligence process: from developing tailored assessment frameworks and questionnaires through conducting assessments (document review, interviews, on-site audits) to delivering the final due diligence report with risk ratings and recommendations. Our team brings regulatory expertise (MaRisk, BAIT, DORA, NIS2) and sector-specific knowledge from financial services and IT.
Success Stories
Discover how we support companies in their digital transformation
Digitalization in Steel Trading
Klöckner & Co
Digital Transformation in Steel Trading
Case Study
Results
Over 2 billion euros in annual revenue through digital channels
Goal to achieve 60% of revenue online by 2022
Improved customer satisfaction through automated processes
AI-Powered Manufacturing Optimization
Siemens
Smart Manufacturing Solutions for Maximum Value Creation
Case Study
Results
Significant increase in production performance
Reduction of downtime and production costs
Improved sustainability through more efficient resource utilization
AI Automation in Production
Festo
Intelligent Networking for Future-Proof Production Systems
Case Study
Results
Improved production speed and flexibility
Reduced manufacturing costs through more efficient resource utilization
Increased customer satisfaction through personalized products
Generative AI in Manufacturing
Bosch
AI Process Optimization for Improved Production Efficiency
Case Study
Results
Reduction of AI application implementation time to just a few weeks
Improvement in product quality through early defect detection
Increased manufacturing efficiency through reduced downtime
Let's
Work Together!
Is your organization ready for the next step into the digital future? Contact us for a personal consultation.
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
Ready for the next step?
Schedule a strategic consultation with our experts now
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
Your strategic goals and challenges
Desired business outcomes and ROI expectations
Current compliance and risk situation
Stakeholders and decision-makers in the project
Prefer direct contact?
Direct hotline for decision-makers
Strategic inquiries via email
Detailed Project Inquiry
For complex inquiries or if you want to provide specific information in advance
