It is becoming cliché to say, but the investor due diligence process has truly evolved from a ‘check the box’ activity to a detailed and analytical process. Today, hedge fund investors want to see a tested investment strategy coupled with institutional-grade business processes.
Here at Eze Castle Integration, each year we help more and more hedge fund clients complete the Technology portion of investor due diligence questionnaires (DDQ). So we thought it would be helpful to share some of the more common technology related questions we are seeing. Not surprisingly, you’ll see security and disaster recovery questions on the list.
As you consider your responses to these questions, keep in mind that in some cases investors are more concerned with your decision process as opposed to seeing the “right” answer. The reality is that often the “right” answer varies from firm to firm and depends on a number of factors, including investment strategy.
On to the questions…also, you can download our more extensive Technology DDQ list HERE – it includes questions on your company and processes.
- Provide an overview of your IT and telecom infrastructure. Please specify whether this solution is hosted onsite, outsourced to a cloud/hosting provider or whether you use a variety of approaches.
- Where are your primary, secondary, business continuity and disaster recovery data centers located and what technology is located in each?
- Who is responsible for IT support? Describe the service they provide.
- Please list any outsourced technology service providers. Please give an overview of the providers and their credentials, as well as background of the relationship.
- Describe your physical and application security protocols to protect building, office, hardware, and data accessibility.
- Detail user login and password requirements for staff accessing systems while in the office as well as remotely.
Describe your process for application/system change management, including:
- Who is responsible for authorizing changes,
- Who has access to the development and production environments, and
- The process to release code/changes into the production environment.
- Describe the organization’s Business Continuity and Disaster Recovery philosophy and provisions, including any relationships with third-party providers.
- Describe your provisions for data back-up, including the frequencies and methods of the back-up. How would data be restored in the event of a loss, and how long would this take? How would you operate in the meantime?
- What would happen in the event that a key decision maker became incapacitated, for example the chief investment officer or portfolio management staff?
How often is the BCP/DR plan tested? What was the last test date and describe the results.
In addition to downloading our complete IT DDQ list, you can also check out these articles:
- Expert Tips for Launching a Hedge Fund in a New Environment
- Answering the FCA's Dear CEO Letter on Outsourcing with Some Practical Steps
- Reflecting on What We're Thankful For This Thanksgiving
- Finding Your One-Stop Shop: The Benefits of Choosing an All-Inclusive IT Provider
- Three Ways Your Cloud Provider Can De-Stress Your Life
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics