In the world of B2B sales, due diligence is a term that often gets thrown around, but what exactly does it mean?

Simply put, due diligence is the process a prospective buyer goes through to investigate and evaluate a purchase. It’s crucial, as it allows the buyer to understand the risks and benefits of the investment, so they can make a well-informed decision that they can justify to their boss.

In recent years, the scope of due diligence has expanded significantly. Historically, the focus was on reputational, cybersecurity and financial concerns. In the 2010s, stringent data protection regulations (led by the GDPR) greatly expanded the types of risk businesses need to assess. It’s ballooning rapidly: nowadays businesses are worried about geopolitical exposure to certain countries, their climate impact, and practices far down their supply chains.

Looking to the future, we can expect even more changes. Environmental, social, and governance (ESG) considerations, as well as emerging regulations around AI, are set to further increase the burden of due diligence.

This means that businesses now need to prepare for a more arduous due diligence process, encompassing a wider range of factors than ever before, and increasing the workload for everyone.

This isn't just an enterprise sales problem

Gone are the days when only large enterprises and government entities would put you through the due diligence wringer. Today, businesses of all sizes are recognizing the importance of due diligence in mitigating risks.

Some of this is driven by the viral nature of due diligence. Doing due diligence on your suppliers is a necessary part of showing that you are a competent, risk-aware vendor yourself.

It’s not purely for show though. Physical and digital supply chains are increasingly interconnected and global. Most security incidents and breaches originate from the supply chain. So it’s only natural that vendors are coming under greater scrutiny from companies of all sizes.

Expect to see due diligence requirements on a greater proportion of your deals, and across a wider range of mid-market segments.

At what stage of the sales cycle does due diligence happen?

Stage 1: Initital conversation between the sales team and prospective buyer

The due diligence journey unfolds in distinct phases. It begins with initial conversations between your sales team and the prospective buyer and users. In this early stage, the spotlight is on your product or service, zooming in on the value it promises to deliver.

Due diligence here is highly targeted, focusing on aspects directly relevant to the buyer's specific needs. This could involve discussions about hosting or the performance of your solution. While they might kick the tyres on other facets of your offering, don't expect a deep dive just yet.

Stage 2: The deal has had approval from the economic buyer

Once the economic buyer gives the thumbs up, things start to get real. This is where procurement enters the stage and formal due diligence takes off. Procurement teams are backed up by a network of specialist risk management teams, from legal to information security and beyond.

In this phase, the focus pivots from the 'what' of your offering to the 'how' of your operations. The buyer delves into the details of your business practices to see if any devils are lurking there.

This is where the real challenge begins. Expect a barrage of documents, forms, and pointed queries, with seemingly no end in sight. It's a detailed - and sometimes painful - process but the business relationship will be much stronger for it once you’re out the other side.

Stage 3: After the deal has closed

Just when you thought it was over! Even after the sale completes, due diligence doesn't go away. Post-sale due diligence occurs in several forms:

1. Check ups: These are likely to be focused on ensuring ongoing compliance and reviewing commitments that you made during the sell.
2. Renewal reviews: These reviews ensure everything is still in tip-top shape before renewing contracts. In some cases this can be as complicated as the DD on the original sale.
3. Refresh: Security and regulation never stays still for long. These audits ensure your offering still aligns with the customer's evolving needs.
4. Event-driven assessments: Significant organisational changes, like a merger, could trigger further due diligence. Macro events like a regulatory change or an industry-wide cybersecurity vulnerability might send risk management teams scrambling.

Am I ready for due diligence? Benchmarking your setup

Being ready looks different depending on the maturity of your organisation. Here’s what to aim for:

“I’m looking to make my first enterprise sale”

• Controls & Audit: You’ve checked your security and privacy controls meet a basic standard such as Cyber Essentials Plus
• Policies: You have around 10-15 key policies documented
• Process: You’ve identified an owner to take the lead when a questionnaire comes in. This needs to be someone with a broad view of the organisation and the power to get things done, such as the CTO or COO
• Tooling: Special tools aren’t critical at this stage

“We’ve broken through $1m ARR and we’re trying to go upmarket”

• Controls & Audit: You have checked your security and privacy controls meet a standard such as ISO 27001, and you’ve made a plan for SOC2
• Policies: You have key policies documented, covering InfoSec, Privacy and Governance. They are kept up to date and there is some monitoring of compliance
• Process: Sales reps can do 90% of standard due diligence work independently. Subject matter experts monitor source material and are rarely escalated to
• Tooling: Tools to manage human workflows and organisational knowledge are required here, and you might use AI to decrease the drain on sales team time

“We’re closing Enterprise customers repeatably”

• Controls & Audit: You’ve got the full range of security certifications, neatly summarised in a trust center
• Policies: You have key policies documented, covering InfoSec, Privacy, Regulatory, ESG, with version controlling and designated subject matter expert (SME) owners
• Process: Sales reps can get questionnaires resolved in under 24 hours and can handle ad hoc requests independently. Security, IT, legal, compliance and product teams can easily keep documentation updated
• Tooling: Tools to manage human workflow and complex organisational knowledge are a must-have. AI will give meaningful productivity benefits and auditability/insights will keep SME teams happy.

“The Fortune 500 depends on us”

• Controls & Audit: You’ve got the full range of security certifications, neatly summarised in a trust center. They are responsive to ever-changing requirements from around the world
• Policies: You have a comprehensive set of policies, with thorough authoring, versioning and approval measures in place. Compliance of the policies is measured automatically. Changes to policies flow through to related policies ensuring there are no inconsistencies
• Process: Questionnaires and ad hoc questions are resolved in under 24 hours. Commercial teams hardly ever need to speak to subject matter experts, instead relying on a knowledgebase
• Tooling: Highly customised tooling enables the process to be executed efficiently across hundreds of product lines and jurisdictions without dialogue between commercial and subject-matter-expert teams

Trusted by innovative brands globally, Platformed is an integrated risk management toolkit designed to navigate and revolutionize procurement and risk management processes. Platformed automatically builds and maintains a live graph of trust information about your organization, and empowers your team to showcase your trust credentials, respond to trust enquiries, and build trust with enterprises faster than ever before.

If you regularly sell to enterprise organizations and have to balance multiple RFPs and questionnaires per month, Platformed can help to put your procurement pains to bed. Sign up for a demo with our team of experts, or get in touch to find out more.

This is the first instalment of three blogs in our series:

1. An inside look: Due diligence 101 - Delve Into the reasons behind due diligence, its increasing significance, and its role in deal cycles
2. Reaching DDQ-topia: How to get through RFPs and DDQs quickly and painlessly - The impact of RFPs and DDQs on your organization and how can you reduce it
3. Nine tips to navigate RFPs and due diligence questionnaires quickly - Actionable steps to make customer questionnaires quick and predictable

Subscribe to our newsletter to receive each post hot off the press.