COPPERPOD HELPS NEW ENGLAND PE FIRM INVEST IN CANADIAN HEALTHCARE INFORMATION SYSTEMS VENDOR
A leading private equity firm based in Connecticut which actively invests in information services supporting healthcare, banking, trust, securities, retirement and wealth management sectors was considering investing in a Toronto-based HIPAA-compliant healthcare information systems provider. Copperpod was engaged to perform due diligence to analyze the company’s technology and help the private equity firm make an informed decision. Our team of experts formulated a holistic due diligence strategy covering several key exercises.
1. IT Asset Due Diligence
Copperpod analyzed all IT systems, devices and processes owned by the company to make an exhaustive inventory of the IT assets owned or leased by the company. The inventory noted, for each system:
• Date of Purchase and Life Remaining
• Pricing and Current Market Price
• Alternatives with Feature Comparison
• Backup and Redundancy
• Known Vulnerabilities
2. Code Analysis
Our source code consultants analyzed the complete source code within a short period of time. We provided in depth quantitative and qualitative analysis of the existing code. Some of the reviewing parameters considered by our experts were:
• Size of code base
• Comment Density and Ratios
• Number and Ratio of Classes and Methods
• Inactive to Active Code Ratio
• Open Source vs. Proprietary Code Ratio
• Quality Compliance Rates Per Developer
• Process and system utilized by developer
Copperpod experts evaluated the existing products of the company to provide a detailed report on some of the functional parameters like:
• Ease of maintenance
• Legal protection
• Open source liabilities
• Patentable subject matter
3. Code Quality Recommendations
Copperpod experts found that a significant portion of the source code developed by the company’s external contractors lacked legal copyright and trade secret notices. We recommended certain tools to automatically set up a code template with pre-filled legal terms that would prevent any future litigation and business conflicts.
Also, as an added measure, to help new developers identify who to contact for specific institutional knowledge and bug resolution our experts recommended that author(s), creation dates and a brief revision history be included as comments at the top of each source code file.
Copperpod also found that given the sensitive and confidential nature of their data, the company should consolidate their code into a single active and regularly backed up repository as opposed to multiple fragmented repositories. This would ensure that each checkout of code as well as data is recorded and maintained in a single secure location.
Our experts also highlighted a low comment-to-code ratio in certain product source code which places high dependency on the original author and requires a longer learning curve for new developers.
The reports and recommendations submitted by Copperpod on the source code and functional components of the company’s products enabled the client to make an informed decision on investing into the company and the company itself to strength their source code and data storage for the future. The multi-million dollar investment path taken by our client has led to aggressive expansion of the firm and its sales across US.
Tracking security vulnerabilities known for each IT asset (including network hardware and open-source code) is an existential safeguard for the healthcare industry.
Appropriately commented and organized source code reduces costs of debugging and scaling the product as the company grows in team size, markets and overlapping products.
Applying appropriate copyright, trade secret and authorship notices on each source code can reduce legal costs of enforcement and help establish date of reduction to practice if the technology is ever stolen.