pdPurpledecks
Readiness Audit · Technical due diligence

Own it. And prove it holds up.

Before a raise, an enterprise customer's security review, or a regulator, we tell you the truth about your software. Whether you own and control it. Whether it will survive the look. What to fix, and in what order. Built fast, with AI tools, no-code, or a team that has since moved on? That is exactly what we open.

Book a Readiness Audit See a sample report →
Raise

An investor's reviewer is about to read your codebase. See it first, through the same eyes.

Enterprise security review

A big customer's security and procurement team will not sign until your software passes their check.

Regulator

Your domain is regulated, and the evidence has to be there before anyone asks for it.

EST. 2012 · 53.7°N -7.8°W · IRELAND · EU
§ 01 · The audit

A control and readiness audit, not a code scan.

The Readiness Audit is a fixed engagement. Senior engineers look at your product before it faces outside scrutiny, and hand back an honest report and a plan. The code review sits inside it. The bigger question is whether you own the thing, whether you can run it, and whether it will survive a serious look.

Few firms lead with ownership and control as the central readiness question, especially for regulated and connected-product teams. It is the part a code scan never reaches, and it is the thing that stops a raise or a trial.

Lens 01 · The differentiator

Control and ownership

Do you actually control your own product. Repositories, cloud accounts, signing certificates, domains, the accounts a former vendor may still hold. The lock-in that quietly stops a raise. This does not show up in a code scan, and it is where the most serious findings usually sit.

Lens 02

Technical health

Architecture and how it scales. Code quality, security and data handling, testing, the release process. The stack choices where a specific one is causing real, provable problems, not the ones that are merely unfashionable.

Lens 03

Process and continuity

Who owns and runs it on your side. Go-live, maintenance, tested backups, and the key-person risk if one person disappeared tomorrow.

Lens 04 · Where the domain needs it

Regulatory

Medical-device standards, and the newer regimes a buyer will ask you about. We know when the software evidence touches these and when to bring in RA, QA or legal. We are not a notified body, a certification body or a regulatory adviser, and we say so plainly.

§ 02 · What you get

A written report, and a straight readout.

For an audit at this level, a one-line verdict is not enough. You get a written report, and a call to walk through it with the people who did the work. The report is built to be used, not filed.

01A board-ready executive summary.
02A risk register, ranked by severity, with the impact and the rough effort to fix each finding.
03An evidence map: what we reviewed, what was unavailable, what we assumed.
04An ownership and control register: every part of the product, and who actually controls it today.
05A release and control map: how code reaches production, and who can approve it.
06A regulated appendix, where it applies.
07A 30 / 60 / 90 plan: fix before scrutiny, fix before scale, then monitor.
08An investor and customer answer pack: the honest answers to the questions you will be asked.
The answer pack

The point is not the document. It is that you can walk into the raise or the partner call and answer straight. Straight answers, backed by a plan, beat a polished pitch that falls apart under a follow-up question.

See a sample report → An anonymised sample, built from real findings. A real audit is scoped to your product.
§ 03 · How it works

Deep access, earned in stages.

A real audit needs real access to the real product. A founder a month from a raise will not hand an unknown firm the keys on day one, and we would not ask. So access is phased. There is no shallow, keys-locked version, because a light report from a surface look is a guess dressed up as an assessment, and we will not put our name on it.

01 / Scope A short call to size the work, agree the currency, and set the price.
02 / Read-only first Architecture, interviews, cloud posture, process. Under an NDA where needed.
03 / Deeper access Repositories and infrastructure, once trust is set.
04 / Report and readout The written report, then a call to walk through it together.
05 / The fix, if you want it Scoped and priced separately. Never a condition of the audit.
§ 04 · Pricing

One price, in your currency.

From $15,000
· €13,000 in Ireland & the UK

A Readiness Audit starts from $15,000, or €13,000 in Ireland and the UK. It is close to the same number in two currencies, not two decisions. The final figure is fixed in a short scoping call, in your currency, because scope genuinely varies with the size and complexity of the product.

Regulated, medical-device and connected-product audits are scoped separately, and they cost more. The evidence, the access, the security work and the quality-system interfaces materially change the job. It is not a surcharge on the standard price.

The price rules out the tyre-kicker, and it is a straight signal of the seniority you are buying. We do not charge a day rate. You are buying the audit and the answer, not a number of days.

§ 05 · The proof behind it

Built where getting it wrong is expensive.

The claim we lead with
We build software to the standard that applies, under your quality system. In medical devices that means IEC 62304 and IEC 62366-1, under your ISO 13485 quality system, with our software risk analysis feeding your ISO 14971 file.
ResMed is the proof. We built the software for their first consumer product, and it reached market.

The audit is only as good as the eye behind it. Fourteen years of builds where the margin for error is zero. We built the original Bluetooth Low Energy SDK for Fire1's implantable cardiac device, now in clinical trials. We have done biometric identity work at national scale. And we have opened and assessed more than forty codebases since 2012. That is the eye we bring to yours.

See how we work inside a quality system → What we find when we open other people's code →
§ 06 · Honest

The findings stand, whoever fixes them.

If you want us to do the remediation, we can, and we will scope and price it separately. The audit earns that work on merit, not by selling. The severity of a finding is never changed by whether we can be the one to fix it, and you are free to take the report to your own team or to another firm. That independence is written into how we work.

Not sure this is the one?

This is the audit for a funded product facing a trigger. If the product is broken, the team is gone, and the money is in the fix rather than the assessment, that is a different piece of work. It is a Rescue, and it has its own page.

Start here

Book a Readiness Audit.

It starts with a short scoping call. A straight, senior read on where you actually are, and what a full audit would cover.

Start a conversation Read the sample report →
A senior engineer replies. No sales layer, no handoffs.
Read-only access first, under an NDA where needed. Your code stays in your repositories. We work in your environment.
PURPLEDECKS
53.7°N -7.8°W · IRELAND
EST. 2012 · EU
hello@purpledecks.com