Skip to content
Managed Support

Maintainability Review & Due Diligence

Know exactly what you're getting before you commit

Whether you're acquiring a product, evaluating a vendor's work, or assessing your own technical debt — we provide an independent, expert review of the codebase. No surprises after the deal is done.

Get a free 30-min consultation All managed support
When you need it

Common scenarios for a maintainability review

Pre-acquisition due diligence

You're acquiring a company or product and need to know what the software is really worth. We assess the codebase, infrastructure, and team practices before you commit.

Vendor assessment

Your current agency or contractor delivered something, but you're not sure about the quality. We provide an independent review before you invest further.

Internal health check

Your in-house team built it, but technical debt is mounting and nobody's sure how bad it is. We give you an honest, external view of where things stand.

Pre-investment review

You're considering investing in a technology business. We assess whether the technical claims stack up and identify risks that could affect valuation.

What we assess

A thorough review across six critical areas

Every review is tailored to your situation, but these are the areas we always cover.

Code quality and architecture

We assess code structure, separation of concerns, naming conventions, duplication, and overall architectural coherence. Is this codebase one that competent engineers can maintain and extend?

Security posture

Authentication, authorisation, data handling, secret management, dependency vulnerabilities, and compliance with standards like OWASP Top 10. We flag issues by severity.

Test coverage and CI/CD

What's tested, what isn't, and how code gets to production. We review pipelines, deployment practices, rollback capabilities, and environment management.

Infrastructure and scalability

Hosting configuration, database design, caching strategy, and whether the system can handle growth. We assess cost efficiency and identify single points of failure.

Documentation and knowledge risk

Is the system documented? Could a new team pick this up? We identify bus factor risks and knowledge gaps that could become expensive problems.

Dependency and licence risk

Third-party libraries, framework versions, end-of-life dependencies, and open-source licence compliance. We flag anything that creates legal or maintenance risk.

How it works

From scoping to actionable report

A structured process designed to give you the information you need to make confident decisions.

Step One 30 minutes

Scoping call

We discuss what you need the review for — acquisition, vendor check, internal health check, or investment. This helps us tailor the review to the questions that matter most to you.

Step Two 3-10 days

Codebase review

Our senior engineers review the codebase, infrastructure, and deployment setup. The depth and duration depends on the size of the system and the scope agreed in step one.

We use a combination of manual review and automated tooling to cover:

  • Architecture and code quality
  • Security vulnerabilities
  • Test coverage and CI/CD maturity
  • Dependency and licence risks
  • Infrastructure configuration
Step Three

Report and recommendations

You receive a detailed written report covering findings, risk ratings, and actionable recommendations. We then walk you through the findings in a presentation, answer questions, and discuss next steps.

The report is yours to share with stakeholders, investors, or legal advisors as needed.

"Talk Think Do were very strategic and intelligent in the way that they set it up right from the beginning, allowing us to make leaps forward."

Bill Mills

CEO, Explore Learning

FAQ

Frequently asked questions

How long does a review take?

Typically 3-10 working days for the review itself, depending on the size and complexity of the codebase. You'll receive the report within a few days of the review completing. The scoping call and report walkthrough are scheduled around your availability.

What access do you need?

Read-only access to the source code repository, plus access to infrastructure configuration and CI/CD pipelines where possible. We can work with limited access if needed — for example, during pre-acquisition due diligence where full access isn't yet available.

Can you sign an NDA?

Yes. We routinely sign NDAs for due diligence and vendor assessment work. We can use your standard NDA or provide ours.

What do we get at the end?

A detailed written report covering all review areas, with findings rated by severity and business impact. Each finding includes a clear recommendation. You also get a walkthrough session where we present the findings and answer questions.

Can you fix the issues you find?

Yes. If the review identifies issues that need addressing, we can provide a proposal for remediation work, either as a standalone engagement or as part of an ongoing managed support arrangement.

How much does a review cost?

Reviews are fixed-price engagements scoped during the initial call. Cost depends on the size of the codebase and depth of review required. Book a consultation for a quote.

Get started

Make informed decisions about software you depend on

Book a free consultation to discuss what you need reviewed and why. We'll scope the engagement, provide a fixed-price quote, and give you an honest assessment of whether a review is even necessary.

Book a free consultation

or call 01202 375647