Due DiligenceDue DiligenceData Rooms

The Due Diligence Checklist (By Deal Type)

A due diligence checklist is the difference between a deal that closes on schedule and one that dies in the data room from a thousand small "can you send us that?" emails. I have run diligence from bo

By Aryan Pereira12 min readUpdated July 2026
The Due Diligence Checklist (By Deal Type)
On this page

A due diligence checklist is the difference between a deal that closes on schedule and one that dies in the data room from a thousand small "can you send us that?" emails. I have run diligence from both sides of the table, as a founder raising capital and as the person reviewing documents on an acquisition, and the pattern is always the same: the deals that move fast are the ones where someone built a real checklist before the first request list ever arrived.

This guide gives you copyable checklists organized by category and by deal type, explains how to use them, and shows how a well-structured data room maps to each line item. If you want the strategic background first, start with the broader due diligence guide and come back here when you are ready to build the list itself.

What a due diligence checklist actually does

A checklist does two jobs at once. For the party being reviewed, it is a preparation tool that tells you exactly what to gather before anyone asks. For the party doing the review, it is a coverage map that ensures nothing important slips through because everyone assumed someone else was checking it.

The mistake I see most often is treating the checklist as a one-time document dump. It is a living index. Every item should have an owner, a status, and a home in your data room. I keep mine in a shared sheet alongside the room: one column for the item, one for the responsible person, one for status (not started, in progress, in room, N/A), and one for the exact folder path where the document lives. That last column is what makes a room feel organized to the other side. They are not hunting; they are reading.

The master due diligence checklist (by category)

This is the core list. It applies to most equity raises and acquisitions of operating companies. Use it as your spine, then add or trim based on the deal-type sections further down.

ItemWhy it mattersTypical owner
Certificate of incorporation and bylawsConfirms the entity exists and how it is governedLegal / founder
Cap table (fully diluted)Shows who owns what, including options and SAFEsFinance / founder
Board and stockholder consentsProves major decisions were properly approvedLegal
Stock option plan and grant recordsVerifies equity issuance is cleanFinance
Prior financing documents (SAFEs, notes, prior rounds)Surfaces conversion terms and investor rightsLegal
Corporate org chart and subsidiary listMaps the legal structureFounder
Good standing certificatesConfirms the company is current in each state of operationLegal

Financial

ItemWhy it mattersTypical owner
Income statements (3 years or since inception)Shows revenue and cost trendsFinance
Balance sheets and cash flow statementsReveals liquidity and obligationsFinance
Monthly management accountsDemonstrates operating rhythmFinance
Financial model and assumptionsConnects history to projectionsFounder / finance
Accounts receivable and payable agingFlags collection and payment riskFinance
Bank statements and reconciliationsVerifies the numbers are realFinance
Tax returns and any open auditsSurfaces tax exposureAccountant

For anything in this category, the depth of review escalates fast in a buyout. If your deal is acquisition-driven, the dedicated financial due diligence walkthrough covers quality-of-earnings analysis and the adjustments buyers actually make.

Commercial and customers

ItemWhy it mattersTypical owner
Customer list with revenue concentrationShows dependency riskSales
Top customer contractsReveals terms, renewal, and termination rightsLegal / sales
Churn and retention dataIndicates product stickinessFinance / ops
Pipeline and bookings reportSignals forward momentumSales
Pricing and discount policyExplains margin behaviorSales
Key partnership and reseller agreementsMaps revenue dependenciesBD

Technology and product

ItemWhy it mattersTypical owner
Architecture overview and tech stackShows how the product is builtEngineering
IP assignment agreements (all contributors)Confirms the company owns its codeLegal / eng
Open-source license inventoryFlags licensing riskEngineering
Security policies and any audit reportsDemonstrates security postureSecurity
Uptime, incident, and infrastructure recordsReveals reliabilityEngineering
Product roadmapSignals where the product is goingProduct

People and HR

ItemWhy it mattersTypical owner
Org chart with headcount and compShows team structure and costHR / finance
Employment and contractor agreementsConfirms terms and IP assignmentHR / legal
Key-person and non-compete arrangementsFlags retention riskLegal
Benefits and any equity-linked plansSurfaces obligationsHR
Any pending HR disputesReveals liabilityLegal

Contracts, compliance, and risk

ItemWhy it mattersTypical owner
Material supplier and vendor contractsMaps operational dependenciesOps
Insurance policiesShows coverageFinance
Litigation history and pending claimsSurfaces legal exposureLegal
Regulatory licenses and permitsConfirms the right to operateCompliance
Data privacy and processing documentationFlags GDPR and similar exposureLegal / security

How to use the checklist (without drowning the other side)

A checklist only helps if the workflow around it is disciplined. Here is the sequence I use every time.

  1. Build the list before the room. Populate the categories above, mark anything genuinely "not applicable" as N/A so it is clearly intentional, and assign every remaining item an owner.
  2. Gather to a status, not to perfection. Get each item to "in room" or to a clear note explaining why it is delayed. A half-built room with honest status notes beats a pretty empty one.
  3. Structure the room to match the checklist. Your folder tree should mirror your categories, so when a reviewer opens "03 Financial," they find exactly what the financial checklist promises, in order.
  4. Map every line item to a folder path. This is the step most people skip, and the one that saves the most time. When a request comes in, you reply with a folder, not an attachment.
  5. Track requests against the list. Log each incoming request against its checklist line. If a category generates a flood of follow-ups, that is a signal you under-prepared it.

Diligence fatigue is real, and every disorganized request adds a day. A room that maps cleanly to a recognizable checklist tells the other side you run a tight operation, and that impression carries into price and terms. For a deeper treatment of the room layout itself, the virtual data room due diligence guide breaks down folder structures and access controls in detail.

Adjusting the checklist by deal type

The master list is the spine. What changes between deal types is the emphasis and the extra sections you bolt on.

Fundraising (seed to growth)

For a raise, investors weight the cap table, the financial model, customer concentration, and the team. They care less about exhaustive contract review and more about whether the story holds up. Keep the corporate and financial sections airtight, and add a clean metrics dashboard (growth, retention, burn, runway). The room I set up for our own raise lived or died on how fast an investor could move from the deck to the supporting numbers, so the financial folder sat right at the top.

Mergers and acquisitions

An acquisition is where the checklist expands the most. Buyers review everything in the master list plus integration questions, working-capital adjustments, change-of-control clauses in every material contract, and indemnification exposure. The legal and contracts sections balloon. If you are on either side of a sale, the m&a due diligence guide covers the additional workstreams (regulatory clearance, transition planning, escrow) that a fundraise never touches.

Technical and product diligence

When the target is a software business, or when an investor is technically minded, the technology section gets its own deep review: code ownership, architecture scalability, security audits, and technical debt. A clean IP assignment chain for every single contributor is non-negotiable here. The technical due diligence breakdown goes line by line through what reviewers actually inspect in the codebase and infrastructure.

Commercial and customer-focused diligence

For buyers focused on revenue durability, the commercial section leads. Market position, competitive dynamics, customer interviews, and the realism of the growth plan all come under scrutiny. The commercial due diligence guide and the customer due diligence guide cover, respectively, the market-and-strategy lens and the narrower compliance-and-identity checks (KYC, AML, sanctions screening) that regulated transactions require.

Mapping the checklist to your data room

A checklist and a data room are two views of the same thing. The checklist is the index; the room is the shelf. The closer they mirror each other, the less friction the deal carries. I structure rooms with numbered top-level folders that match the checklist categories exactly, so the order is predictable:

FolderChecklist category it serves
01 CorporateCorporate and legal
02 FinancialFinancial
03 CommercialCommercial and customers
04 TechnologyTechnology and product
05 PeoplePeople and HR
06 Contracts and complianceContracts, compliance, and risk
07 Deal-specificWhatever the deal type adds

Inside each folder, I name files so they read as answers, not raw dumps: "2024 Audited Financials" rather than "scan_final_v3." Numbering folders forces a deliberate order and keeps the room from drifting into alphabetical chaos.

This is where the tooling earns its keep. I run our rooms in Plox because it shows me exactly which documents each reviewer opened and for how long, which tells me where the real questions are forming before they hit my inbox. Granular access controls also let me stage sensitive items (detailed customer contracts, for instance) behind a separate permission so they only open up once a deal is serious. Plenty of teams run good diligence in other tools too; the principle matters more than the brand. What matters is that the room maps to the checklist and that you can control and observe access. For a ready-made folder skeleton, the due diligence data room checklist gives you a structure to copy directly, and the best data room for due diligence comparison weighs the options if you are still choosing a platform.

On budget, data room pricing ranges from free tiers up to enterprise quotes that depend on data volume, number of users, and contract length. Most providers price per user, per page, or on a flat monthly plan, and the spread is wide. Rather than anchor on a single number, the virtual data room cost breakdown explains the pricing models so you can match one to your deal size, and the current pricing page lists what Plox charges.

A quick pre-launch sanity check

Before you send the first invite, run the room against five questions:

  • Does every checklist item have a status and an owner?
  • Does the folder tree match the checklist categories one to one?
  • Is anything marked N/A genuinely not applicable, with a note explaining why?
  • Are sensitive documents staged behind appropriate access controls?
  • Can a reviewer get from "first login" to "core financials" in under a minute?

If you can answer yes to all five, you are more prepared than most companies that walk into a raise or a sale. The checklist did its job before the diligence even started.

Frequently asked questions

How long should a due diligence checklist be?

There is no fixed length. A seed-stage raise might run 40 to 60 line items; a mid-market acquisition can run into the hundreds once you account for every contract and jurisdiction. The right length is the one that covers your actual risk surface without padding the list with items that do not apply. Mark non-applicable items as N/A rather than deleting them, so reviewers can see you considered and dismissed them.

Who is responsible for filling out the checklist?

Both sides build a version. The company being reviewed builds a preparation checklist to assemble its documents, and the reviewing party builds a coverage checklist to make sure nothing is missed. In practice the company-side list does most of the heavy lifting, because a well-prepared room answers most reviewer questions before they are asked. Assign each line item to a specific owner so accountability is clear.

When should I start building the checklist?

Before you start the data room, and ideally before you even decide to raise or sell. The companies that close fastest treat diligence readiness as an ongoing habit, keeping core corporate, financial, and contract documents current year-round. If you are starting cold, give yourself two to four weeks to assemble a solid room, longer for a complex acquisition.

Does the checklist change for an acquisition versus a fundraise?

Yes. The master categories stay the same, but acquisitions add substantial weight to legal, contracts, and integration items: change-of-control clauses, working-capital adjustments, indemnification, and regulatory clearance. A fundraise leans harder on the cap table, the financial model, and the growth story. Start from the master list and bolt on the deal-specific section that matches your situation.

How does a data room relate to the checklist?

The checklist is the index and the data room is where the documents live. The best setups mirror each other: numbered folders that match the checklist categories, files named as clear answers, and every line item mapped to a folder path. That mapping is what turns a request into a two-second reply ("see folder 02 Financial") instead of an inbox search.

What is the single most common diligence mistake?

Building a room without a checklist behind it. A pile of documents with no index forces reviewers to hunt, which generates follow-up requests, which adds days, which erodes confidence. Build the checklist first, structure the room to match it, and assign owners to every item. Everything else is downstream of that discipline.

Aryan Pereira

Written by Aryan Pereira · Co-founder, Plox

Aryan co-founded Plox. He works on the product side, mostly on how viewers experience a shared link and what the sender gets to see back.

Connect on LinkedIn