Prepared by: Layer8TechGroup · Framework: 10 Technology Fixes — Tier 1 · Documents Ingested: cached collection (previously ingested)
Overall Score
3.3/10
8-domain blend
Valuation Multiple
4.0 – 4.2×
EBITDA · Lower Middle Market
EBITDA
$864,000
most recent FY
Vertical
Technology / MSP
technology
Assessment Scores — 8-Domain Profile
Value Recovery RoadmapTotal Recoverable Value: $1,641,600
Prioritized by estimated valuation impact · Score-adjusted: 4.0 – 4.2×EBITDA · Ceiling: 6.0×
Complete remediation plan across all scored domains. The Priority Fixes section below highlights the five ranked starting points.
| Domain | Layer8 Service | Multiple Impact | Value at Risk | Est. Timeline | Typical Investment | Est. ROI |
|---|---|---|---|---|---|---|
DRDiligence Risk✓ Quick Win | Security Hardening & Data Room Preparation | +0.4x | $344,736 | ⏱ 6–8 wks | $4,500 – $7,500 | 20x+ |
CQCustomer Quality✓ Quick Win | Contract Audit & CRM Implementation | +0.4x | $328,320 | ⏱ 8–10 wks | $5,000 – $9,000 | 20x+ |
OROwner Risk✓ Quick Win | Succession Planning & Knowledge Capture Sprint | +0.3x | $279,072 | ⏱ 8–10 wks | $6,000 – $10,000 | 20x+ |
OSOperational Scalability✓ Quick Win | Process Documentation & Systems Audit | +0.2x | $164,160 | ⏱ 10+ wks | $6,500 – $11,000 | ~19x |
HCHuman Capital✓ Quick Win | Workforce Retention & Bench Depth Sprint | +0.2x | $164,160 | ⏱ 10+ wks | $5,000 – $8,000 | 20x+ |
LCLegal & Regulatory Compliance | Legal Compliance Audit & Contract Review | +0.2x | $131,328 | ⏱ 8–10 wks | $6,000 – $10,000 | |
FRFinancial Readiness✓ Quick Win | Books Cleanup & Add-Back Schedule | +0.1x | $114,912 | ⏱ 4–6 wks | $2,000 – $4,000 | 20x+ |
TMTechnology & Systems Maturity | Technology Infrastructure Audit & Modernization Plan | +0.1x | $114,912 | ⏱ 8–12 wks | $5,000 – $9,000 | |
| TOTAL | — | $1,641,600 | — | $40,000 – $68,500 | 20x+ | |
Quick Win items are flagged ✓ in the table above — these deliver the highest remediation ROI in the shortest timeline and are the recommended starting point for any remediation plan.
Typical investment ranges reflect market-rate remediation costs and are provided for prioritization purposes only. Actual engagement scope and pricing depend on business size, gap severity, and selected service provider. Layer8 Tech Group provides formal engagement proposals following assessment delivery.
Ready to recover this value before you list?
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Automation Opportunity AssessmentScored separately — upside signals for post-close value creation, not valuation drivers
▲ Automation Maturity IndexScored separately — excluded from overall score and valuation multiple
1.2/10MANUAL (raw: 1/13)
MSP revenue infrastructure is evaluated on lead-to-contract automation, after-hours responsiveness, and client retention sequences — critical signals for buyers assessing whether ARR growth is system-driven or founder-dependent.
Automation maturity is scored separately from the valuation composite. The gaps below represent operational efficiency opportunities and post-close value creation for a buyer — not valuation discounts.
| # | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| R01 | AI Voice / After-Hours Call Handling PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt · PIS_IT_Asset_Inventory_2025.csv The company uses RingCentral cloud phone system with 4 lines for office operations, but there is no evidence of AI voice agent or automated after-hours call handling capability in any retrieved documents. After-hours calls are not addressed in operational procedures, indicating they likely go unanswered or to voicemail. | 0/2 | MANUAL | |
| R02 | CRM Presence & Workflow Automation PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt HubSpot CRM exists and is used for basic pipeline tracking and contact management, but adoption is inconsistent—the SOP explicitly notes that "not all projects logged at closeout" and "reporting incomplete," indicating the system is underutilized without automated workflows or systematic closeout procedures. Follow-up and monitoring are largely manual and person-dependent, with critical alert protocols managed from memory rather than through automated systems. | 1/2 | PARTIAL | |
| R03 | 24/7 Lead Capture PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt There is no evidence of after-hours or 24/7 lead capture capability in the retrieved documents; the company's onboarding process relies entirely on manual steps with person-dependent workflows, and no automated contact form, chatbot, or lead routing system is mentioned. The business appears to generate leads through existing customer relationships and contractor referrals rather than through website-based lead capture infrastructure. | 0/2 | MANUAL | |
| R04 | SMS Appointment Reminders & Confirmations PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json · PIS_GL_Export_2024.csv The company has no automated SMS appointment reminder or confirmation workflows; customer communication during project execution relies on manual phone calls and email, with one document noting "[PERSON] communicates [DATE_TIME] status to customer" without any indication of automated systems. The retrieved documents show no reference to SMS automation, appointment scheduling systems, or confirmation workflows of any kind. | 0/2 | MANUAL | |
| R05 | Automated Review Solicitation PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_IT_Asset_Inventory_2025.csv · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt | N/A/2 | N/A | N/A |
| R06 | Smart Follow-Up Sequences PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt The retrieved documents contain no evidence of automated follow-up sequences for leads or dormant clients; instead, post-project communication is manual, person-dependent, and inconsistently executed (e.g., "Customer satisfaction follow-up: [DATE_TIME] post-completion (not currently done)"). The company lacks any mention of drip campaigns, automated re-engagement workflows, or systematized nurture sequences for unconverted leads or inactive accounts. | 0/2 | MANUAL |
Interpretation: Manual — buyer will underwrite operational risk, expect discount
A low Automation Maturity score for an MSP signals that growth is relationship-driven rather than systematic. Buyers will apply a meaningful discount and may require remediation commitments as a condition of close.
📈 Buyer Opportunity: A buyer who systematizes these automation gaps post-close would deploy a proven playbook: AI voice handling, CRM workflows, and follow-up sequences that collectively recover 15–25% of leads currently lost to slow response. This is a predictable, acquirable value-creation lever.
► Operational Automation OpportunitiesVertical-specific — excluded from overall score
0.0/10MANUAL (raw: 0/8)
Vertical-specific operational automation gaps identified in MSP & Technology Operational Automation operations. These gaps represent immediate efficiency opportunities for the current owner and post-close value creation levers for a buyer.
Operational automation gaps identified below are framed as efficiency and revenue recovery opportunities. Dollar estimates reflect operational impact, not valuation multiple adjustment. Layer8 delivers these implementations directly.
| Automation Opportunity | Score | Status | Bar | Layer8 Opportunity |
|---|---|---|---|---|
| Ticket Triage & Auto-Assignment | 0/2 | MANUAL | Ticket automation reduces mean time to first response — the metric buyers use most heavily to benchmark MSP operational maturity and client satisfaction. | |
| Patch Management & Compliance Reporting | 0/2 | MANUAL | Automated patch compliance reporting is a premium tier differentiator — it demonstrates systematic security management and supports cyber insurance requirements. | |
| Client Onboarding & Offboarding | N/A/2 | MANUAL | N/A | Onboarding automation is the most visible quality signal to new clients — and the fastest way to surface the gap between an MSP that runs on people and one that runs on systems. |
| Client Health Scoring & Churn Risk Alerts | 0/2 | MANUAL | Client health automation converts churn prevention from a reactive fire drill to a proactive managed process — directly protecting the MRR base that drives MSP valuation. | |
| QBR Scheduling & Preparation | 0/2 | MANUAL | QBR automation enables consistent executive engagement across the entire client base — not just the accounts that squeaky-wheel their way to attention. |
Ready to build your automation infrastructure before you list?
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 Service CatalogOne service per Roadmap row — purpose, inputs, deliverables, and success criteria
DRSecurity Hardening & Data Room Preparation
Purpose
Eliminate the most common pre-close diligence findings — security gaps, disorganized documentation, and missing records — so the buyer's team moves efficiently and the seller enters negotiation with a clean record.
Client Inputs
Administrative access to email and file storage systems, current software and SaaS subscription list, contract inventory, data backup and recovery procedures.
Engagement Approach
Security posture assessment against buyer diligence checklists, MFA deployment verification, endpoint protection confirmation, data room folder structure built to standard buyer request formats, incident response procedure documented.
Deliverables
Organized data room with standard diligence folder structure; MFA confirmed across all systems; endpoint protection report; written incident response procedure; data backup and recovery procedure documented.
Success Criteria
Data room passes a sample buyer diligence checklist without gaps; security posture documented to buyer IT diligence standards; no security findings flagged during sale negotiations.
CQContract Audit & CRM Implementation
Purpose
Protect revenue base transferability by ensuring customer contracts survive a change of control and the pipeline is visible to buyers — two of the most scrutinized items in lower-middle-market diligence.
Client Inputs
All active customer agreements, CRM access or pipeline export, renewal history, list of top 10 accounts by revenue.
Engagement Approach
Contract review for assignment and change-of-control clauses, gap remediation with M&A counsel for missing language, CRM selection or cleanup, pipeline workflow configuration, and renewal tracking implementation.
Deliverables
Contract assignment analysis with remediation recommendations; updated agreements with assignment language; CRM implementation with documented pipeline stages; weighted renewal forecast report.
Success Criteria
All material contracts include assignment language acceptable to buyer counsel; CRM shows a 90-day pipeline with documented renewal rates; top-10 account relationships documented with transition plans.
ORSuccession Planning & Knowledge Capture Sprint
Purpose
Convert undocumented succession risk into a written, buyer-acceptable transition plan that reduces Day 1 integration uncertainty and unlocks negotiation leverage on earn-out and escrow terms.
Client Inputs
Owner interview (2–3 hours), key staff interviews (1 hour each), access to current SOPs and operations documentation, current organizational chart.
Engagement Approach
Structured interview series capturing operational and relationship knowledge. Knowledge capture workshops with key staff. Drafting of formal succession plan with phased transition timeline and relationship handoff schedule.
Deliverables
Written succession plan (10–15 pages); phased 90-day transition timeline; key relationship introduction schedule; operational protocol handoff checklist; retention recommendations for critical staff.
Success Criteria
Plan reviewed and accepted by buyer counsel during diligence; transition timeline supports closing without operational disruption; no retention escrow required beyond standard market terms.
OSProcess Documentation & Systems Audit
Purpose
Demonstrate to buyers that the business can operate and grow without the owner — the core test for platform acquisition suitability and a prerequisite for earn-out terms that don't require owner involvement.
Client Inputs
Existing process documentation (any format), list of core operational workflows, technology stack inventory, vendor contracts, org chart and current role descriptions.
Engagement Approach
Process mapping interviews with key staff, SOP drafting for undocumented workflows, technology stack documentation and gap assessment, vendor contract review, financial controls walkthrough and documentation.
Deliverables
Core SOP library covering sales, delivery, billing, and support; technology stack documentation; vendor contract summary with renewal calendar; financial controls memo; org chart with documented decision authority.
Success Criteria
A buyer's operations team can assess day-to-day execution from documentation alone; no single staff member is required to explain how the business runs; operations continue during a 30-day owner absence.
HCWorkforce Retention & Bench Depth Sprint
Purpose
Demonstrate that key staff will remain post-close and that the business has the organizational depth to operate without the owner — reducing the escrow holdback and earn-out provisions buyers use to hedge staff attrition risk.
Client Inputs
Employee roster with tenure and compensation, org chart with reporting lines, existing employment or retention agreements, list of key non-owner roles, comp benchmarking data if available.
Engagement Approach
Compensation benchmarking against vertical market rates, retention risk assessment per key role, training playbook documentation, succession identification for critical non-owner positions, comp and benefits structure review for post-close transferability.
Deliverables
Compensation benchmarking report by role; retention risk matrix with recommended retention bonus structures; written succession plans for key non-owner roles; training playbook for top-3 operational roles; comp and benefits transferability memo.
Success Criteria
Buyer's HR diligence confirms comp is at or near market for all revenue-generating roles; retention agreements in place for staff with >20% of revenue exposure; succession paths documented for all roles where departure would disrupt operations within 90 days.
LCLegal Compliance Audit & Contract Review
Purpose
Surface and remediate the legal and compliance gaps that most commonly trigger post-LOI price reductions — license transferability, IP ownership, employment compliance, and undisclosed contingent liabilities.
Client Inputs
Business licenses and permits, material vendor and customer contracts, employment agreements and contractor arrangements, corporate formation documents, prior litigation or regulatory correspondence.
Engagement Approach
Business license review and transferability confirmation with counsel, contract assignment analysis, IP ownership confirmation, employment classification and I-9 review, litigation disclosure review and representation letter preparation.
Deliverables
Legal compliance memo covering all identified gaps and remediation actions; license transferability confirmation; contract assignment analysis; IP schedule; employment compliance findings; attorney representation letter.
Success Criteria
No open legal items triggering a material adverse change clause; licenses confirmed transferable by buyer's counsel; no IP ownership gaps; employment practices reviewed; litigation disclosure complete and documented.
FRBooks Cleanup & Add-Back Schedule
Purpose
Ensure the company's financial statements survive a Quality of Earnings review without re-trading — the single most common source of post-LOI price reductions in SMB transactions.
Client Inputs
3 years of P&L statements and balance sheets, accounting system access, list of all owner add-backs with supporting documentation, CPA contact.
Engagement Approach
Bookkeeping normalization review for consistency and GAAP alignment, add-back identification and documentation with evidentiary support, CPA coordination for reviewed or audited presentation, QofE preparation briefing.
Deliverables
Normalized 3-year P&L with documented add-backs; add-back schedule with supporting documentation for each item; buyer-defensible adjusted EBITDA calculation; QofE-ready financial package.
Success Criteria
Add-backs are documented with receipts or third-party statements that a buyer's QofE accountant will accept without pushback; EBITDA figure matches seller's stated number; no surprises in financial diligence.
TMTechnology Infrastructure Audit & Modernization Plan
Purpose
Produce the technology documentation and remediation roadmap buyers need to underwrite the business's systems without applying a 'black box' discount — demonstrating the tech stack is an asset, not a liability.
Client Inputs
List of all software, SaaS subscriptions, and hardware; IT vendor contracts; current cybersecurity policies; network or system architecture documentation; access to primary business applications for documentation.
Engagement Approach
Systems inventory and entity-ownership documentation, cybersecurity posture assessment, data integrity review, vendor rationalization, technical debt assessment, modernization roadmap drafting aligned to buyer integration requirements.
Deliverables
Complete systems inventory with entity-owned credential confirmation; cybersecurity findings report; data integrity assessment; vendor rationalization recommendations; written 18-month technology roadmap; technical debt disclosure memo.
Success Criteria
Buyer's IT diligence team can assess all systems from documentation alone; no critical vulnerabilities undisclosed; all material systems confirmed entity-owned and transferable; technical debt quantified and roadmap accepted by buyer's IT lead.
Ready to start a remediation sprint?
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Valuation Impact Analysis
Lower Middle Market · EBITDA
Technology / MSP businesses in this size range typically trade at
4.0–6.0× EBITDA
— MSPs with high Monthly Recurring Revenue, documented contracts, and system-driven growth command premium multiples. PE-backed roll-ups are active acquirers paying 6–9× for platform-quality businesses.
Score-adjusted range
(Exit Readiness 3.3/10 — Lower Middle Market — at floor)
EBITDA (most recent FY): $864,000 (AI-extracted)
4.0–4.2× EBITDA
$3,456,000 – $3,628,800
| Scenario | Score-Adjusted Range | Implied Value (EBITDA) |
|---|---|---|
| Current (as-is) | 4.0×–4.2× EBITDA | $3,456,000 – $3,628,800 |
| Post-Remediation (5.3/10 est.) | 4.3×–4.8× EBITDA | $3,715,200 – $4,147,200 |
Implementing the recommended priority fixes over 90 days could add an estimated $86,400–$691,200 to the transaction value — a potential 11% lift on the same underlying business.
↑ What drives higher multiples
- High MRR percentage >70%
- Documented service contracts
- NOC/helpdesk not owner-dependent
- Stack standardization across clients
↓ What suppresses multiples
- Break-fix revenue dominant
- No formal service agreements
- Owner is primary engineer
Domain Detail & Findings
Diligence Risk3.4/10 CRITICAL RISK (18% blend)
Deal Impact: Documentation deficiencies are a deal-velocity risk — buyers may require pre-diligence remediation before making an offer.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fix_01 | Documented Processes & SOPs PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated The company has documented core workflows in the Customer Onboarding SOP covering nine steps from contract through invoicing, with assigned owners and performance targets, but documentation is incomplete and inconsistent across critical functions. Specifically, as-built documentation is acknowledged as a "known gap" with "many projects have no formal as-builts," monitoring alert protocols are "largely undocumented — [PERSON] manages," and daily progress photo uploads are "inconsistent — improvement needed." Additionally, the company lacks formal IT/cybersecurity procedures, with internal IT managed ad hoc by a field technician serving dual roles, and multiple business-critical processes (HubSpot CRM logging, customer satisfaction surveys) are either not conducted or incomplete. | 4/10 | NEEDS WORK | |
| fix_02 | Cybersecurity Posture PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated The company's cybersecurity posture is critically deficient. The assessment report identifies an "Overall Risk Rating: HIGH" and documents complete absence of multi-factor authentication (MFA) across all critical business systems, an exposed Remote Desktop Protocol (RDP) port on the public IP address, expired firewall licensing (Cisco Meraki license expired), and no endpoint detection and response (EDR) capability. The company operates with minimal formal cybersecurity program, ad hoc security controls relying on default equipment configurations, no dedicated IT management function, and no formal security assessment history. | 2/10 | CRITICAL RISK | |
| fix_03 | Owner Dependency PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The owner is deeply embedded as the primary operator across sales, customer relationships, and critical operations with no formal succession plan in place. Specific evidence includes: the owner is "required for all significant sales and customer decisions," is "the sole technically qualified field supervisor with no backup," vendor accounts (ADI, bonding) are "tied to [PERSON] personally and not transferable without vendor consent," the low-voltage license is "personally tied to [PERSON]," and key processes for monitoring enrollment and customer alert protocols are "largely undocumented" and managed by the owner "from memory." Additionally, the owner's spouse manages "all financial operations" as a key person and succession risk, with an internal assessment explicitly rating owner dependency at 3/10 and noting the business cannot independently manage without the owner present. | 3/10 | CRITICAL RISK | |
| fix_04 | Revenue Quality & Concentration PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company generates 40% recurring revenue ($1.92M annualized MRR of $160K) through managed services and monitoring contracts, placing it in the mid-range for recurring revenue quality. However, revenue concentration and predictability are concerning: with only 40 active accounts and no documented renewal rates or client concentration disclosures, the company fails to demonstrate the diversification and contractual stability expected of higher-quality revenue bases. The internal exit readiness assessment explicitly assigns a "revenue_quality_score" of 6, and undocumented alert protocols and monitoring processes managed by key personnel create operational risk to recurring revenue sustainability. | 5/10 | NEEDS WORK | |
| fix_05 | Customer Contracts PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated Customer contracts lack standardization and centralized management, with no evidence of change-of-control or assignment language in the retrieved documents. The onboarding SOP shows inconsistent contract execution (written sign-off requested only for accounts >$25K), no centralized contract repository beyond ad hoc SharePoint filing, and no formal renewal tracking system—instead, renewal dates and rates appear managed informally through individual relationships, particularly with top accounts like Northside Hospital and Paces Properties that depend on the owner's personal relationships. | 3/10 | CRITICAL RISK | |
| fix_06 | IT Infrastructure & Asset Documentation PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated The company maintains a basic asset inventory in a JSON dataset (A016–A020) and an on-premises infrastructure of two Dell PowerEdge servers, Cisco Meraki firewall, and Seagate NAS, but documentation is severely deficient and maintenance is inconsistent or deferred. Critical gaps include: no formal as-builts for projects (acknowledged as "a known gap"), undocumented monitoring alert protocols managed "from memory," an expired firewall security license (as of the assessment date), a UPS battery "last tested 2022" with "replacement due," and no verified backup restore testing with unknown last test date. The cybersecurity assessment explicitly states "no dedicated IT management function exists" and systems are managed "on an ad hoc basis" by a single dual-role technician, indicating neither lifecycle tracking nor proactive maintenance discipline. | 3/10 | CRITICAL RISK | |
| fix_07 | CRM & Pipeline Documentation PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated The company uses HubSpot CRM but adoption is extremely limited, with the document stating "CRM maturity: LOW — HubSpot used for active pipeline tracking by [PERSON]. [PERSON] tracks deals primarily in email and memory." Additionally, the sales process shows proposals are drafted in Excel by individuals and the pipeline is heavily dependent on relationship-driven sales by specific people, with critical documentation gaps noted: "Not all projects logged at closeout. Reporting incomplete." | 3/10 | CRITICAL RISK | |
| fix_08 | Key Employee Risks PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated The company exhibits severe key employee risks with multiple critical single points of failure and no formal retention agreements or institutional knowledge capture. Specific documented bottlenecks include: "[PERSON] required for all significant sales and customer decisions," "[PERSON] is the sole technically qualified field supervisor — no backup," "[PERSON] (owner spouse) manages all financial operations — key person and succession risk," and vendor accounts "tied to [PERSON] personally" and not transferable without consent. The assessment explicitly notes "documentation_level: LOW — No formal SOPs documented. Processes exist in people's heads, particularly [PERSON] and [PERSON]," with an overall operational maturity score of 4/10, indicating the business is heavily dependent on key individuals with virtually no documented processes, backup personnel, or succession planning in place. | 2/10 | CRITICAL RISK | |
| fix_09 | Financial Trajectory & EBITDA Quality PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company demonstrates consistent revenue growth over three years ($4.05M to $4.8M, with 9.6% and 8.1% growth rates) and stable EBITDA margins improving from 17% to 18%, with normalized EBITDA of $994,000 after documented add-backs totaling $130,400 ($84K owner compensation above market, $14.4K personal vehicle, $32K one-time legal settlement). However, the documents provide no evidence of audited or reviewed financial statements—only internal financial summaries—and the add-backs, while documented and reasonable, include a significant owner compensation adjustment that raises questions about baseline profitability sustainability. | 6/10 | ADEQUATE | |
| fix_10 | Data Room Readiness PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company's data room contains critical documents (CIM, cybersecurity assessment, SOPs, asset inventory) but reveals significant organizational and content gaps that would impede buyer due diligence. The cybersecurity assessment explicitly notes it was "Prepared for...M&A Data Room" and identifies material risks including expired firewall licenses, no network segmentation, and absent backups that will "reduce buyer confidence" and "result in price reduction demands," while operational documents acknowledge multiple undocumented systems (alert protocols "managed from memory," incomplete HubSpot logging, missing as-builts on projects) that require cleanup before ready for sophisticated buyer review. | 3/10 | CRITICAL RISK |
Owner Risk2.8/10 CRITICAL RISK (15% blend)
Deal Impact: Critical owner dependency — high probability of deal restructuring, escrow requirement, or significant price reduction.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| owr_01 | Succession Readiness PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated No formal succession plan exists, and the company is entirely dependent on the owner for critical functions. The internal assessment explicitly identifies "[PERSON] required for all significant sales and customer decisions," "[PERSON] is the sole technically qualified field supervisor — no backup," and notes that the owner's spouse manages all financial operations as a "key person and succession risk," while the Georgia Low-Voltage Contractor license is "tied to [PERSON] personally" and must be replaced pre- or post-close. The documents contain no evidence of identified successors, documented transition plans, or protocols to transfer key vendor relationships and client accounts. | 2/10 | CRITICAL RISK | |
| owr_02 | Institutional Knowledge Capture PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated The company has minimal institutional knowledge capture, with the internal assessment explicitly stating "documentation_level: LOW — No formal SOPs documented. Processes exist in people's heads, particularly [PERSON] and [PERSON]." While a customer onboarding SOP exists, critical processes lack documentation, and the company is heavily dependent on key individuals: the owner is required for all significant sales and customer decisions, one person is the sole technically qualified field supervisor with no backup, and vendor accounts are personally held by the owner and not transferable. The cybersecurity assessment further notes that internal staff manage the technology environment "on an ad hoc basis" with no dedicated IT management function, and as-built documentation is explicitly called out as "inconsistent" with "many projects having no formal as-builts." | 3/10 | CRITICAL RISK | |
| owr_03 | Management Team Depth PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company lacks a functional management layer capable of independent operation. The internal assessment documents identify the owner as "required for all significant sales and customer decisions," the owner's spouse as the sole manager of "all financial operations," and a single field supervisor as "the sole technically qualified field supervisor — no backup." Additionally, processes exist "in people's heads, particularly [PERSON] and [PERSON]" with "LOW — No formal SOPs documented," making 60+ days of independent operation without the owner infeasible. | 3/10 | CRITICAL RISK | |
| owr_04 | Key Person Concentration Beyond Owner PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Financials_2024.csv — High confidence — multiple documents corroborated The company has multiple critical key employees beyond the owner representing severe concentration risk. Specifically, one employee is identified as "the sole technically qualified field supervisor — no backup," another is "a single point of failure for VMS administration" with undocumented alert response protocols, and a third manages vendor accounts (ADI, Anixter) held in their personal name and credit that are "not transferable without vendor consent." The internal assessment explicitly notes that "processes exist in people's heads, particularly [PERSON] and [PERSON]" with "LOW" documentation levels, indicating that departure of any of these individuals would materially disrupt operations and revenue delivery. | 3/10 | CRITICAL RISK |
Customer Quality4.2/10 NEEDS WORK (21% blend)
Deal Impact: Customer concentration or churn risk will compress the multiple — expect sensitivity analysis and possible escrow.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| cq_01 | Top Customer Concentration PIS_Confidential_Information_Memorandum.txt · PIS_Financials_2024.csv · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated The largest customer, Northside Hospital Affiliates, represents 13.0% of total revenue ($624,000 of $4.8M), and the top 5 customers combined represent 44.0% of revenue ($2.112M), placing the company in the moderate diversification range with manageable concentration risk. The company serves approximately 40 active accounts with a diverse customer base spanning healthcare, commercial real estate, multi-family residential, and general contractors, though customer concentration remains present with the top customer exceeding the 10% threshold by 3 percentage points. | 7/10 | ADEQUATE | |
| cq_02 | Revenue Predictability & Recurring Mix PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated Pinnacle IS generates 40% recurring revenue ($1.92M annualized as of FY 2024), consisting of managed network services retainers, 24/7 remote monitoring, and annual maintenance contracts across approximately 40 active accounts. However, the company lacks documented renewal rates, formal monitoring alert protocols (which are managed from memory by a single individual), and systematic renewal tracking, resulting in moderate revenue predictability that falls between the 30-50% threshold for a score in the 5-6 range; the remaining 60% of revenue derives from project-based structured cabling and systems installation work with inherent volatility. | 5/10 | NEEDS WORK | |
| cq_03 | Contract Transferability PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company has no formal written customer contracts with assignment or change-of-control clauses; instead, relationships are personality-dependent and tied to the owner [PERSON], with top two revenue relationships (Northside and Paces Properties) explicitly described as "personal relationships." Critical vendor accounts (ADI, Anixter, bonding) are held in the owner's personal name and are "not transferable without vendor consent," and the Georgia Low-Voltage Contractor license is personally held by [PERSON], requiring either pre-close replacement or post-close transitional arrangement—all indicating that the business cannot be transferred without significant individual consent and renegotiation. | 2/10 | CRITICAL RISK | |
| cq_04 | Churn Rate & Retention Metrics PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_CRM_Pipeline_Q1_2025.csv · PIS_company_dataset.json — High confidence — multiple documents corroborated The documents provide no information on churn rate, retention metrics, or customer retention tracking. While the company maintains 40 active accounts with 40% recurring revenue ($1.92M annualized), there is no evidence of measured gross or net churn rates, no documented retention programs, and the onboarding SOP explicitly notes that "customer satisfaction follow-up" is "not currently done" with a goal to implement post-project surveys only by Q2 2025. This represents a reactive rather than proactive approach to customer retention. | 3/10 | CRITICAL RISK |
Operational Scalability3.0/10 CRITICAL RISK (13% blend)
Deal Impact: Operational fragility is a deal risk — buyers will factor significant remediation cost and may require price concession.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| ops_01 | Process Documentation & Repeatability PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated No document evidence retrieved for this criterion. | N/A/10 | N/A | N/A |
| ops_02 | Technology & Systems Scalability PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company's technology stack presents critical scalability and sustainability risks. Core systems rely on aging on-premises infrastructure (two Dell PowerEdge servers running Milestone VMS and Lenel S2 access control) with no redundancy, a single point of failure in [PERSON] for VMS administration, and foundational processes documented in people's heads rather than systems—the assessment explicitly states "documentation_level: LOW — No formal SOPs documented. Processes exist in people's heads, particularly [PERSON] and [PERSON]." Additionally, the cybersecurity assessment identifies material vulnerabilities including exposed RDP ports, absent multi-factor authentication, an expired Cisco Meraki firewall license, and ad hoc IT management by a part-time technician, all of which would require substantial remediation before the business could scale 3x without architectural overhaul and critical system replacement. | 3/10 | CRITICAL RISK | |
| ops_03 | Vendor & Supplier Concentration PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company has critical single-source vendor dependencies that create existential risk. Vendor accounts with ADI Global and Anixter are held personally in [PERSON]'s name and personal credit and are "not transferable without vendor consent," creating a bottleneck for procurement operations. Additionally, the low-voltage license is tied to [PERSON] personally and "must be replaced pre-close or post-close by new license holder," and the company's key vendor relationships (Northside and Paces Properties) are described as "personal relationships with [PERSON]" with no formal preferred vendor agreements in place, leaving the business critically dependent on owner relationships with no documented alternatives or formal SLAs. | 3/10 | CRITICAL RISK | |
| ops_04 | Financial Controls & Reporting Cadence PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated The company lacks formal financial controls and reporting cadence documentation. While QuickBooks Online is referenced for PO creation and invoice generation in the customer onboarding SOP, there is no evidence of monthly financial close procedures, budget vs. actual reviews, documented control frameworks, or a dedicated CFO/Controller role—only ad hoc management by operational staff. The documents reveal significant operational gaps (inconsistent project documentation, undocumented monitoring protocols, incomplete CRM logging) that suggest financial controls are similarly informal and lack the rigor expected for exit readiness. | 3/10 | CRITICAL RISK |
Financial Readiness5.0/10 NEEDS WORK (7% blend)
Deal Impact: Financial documentation needs work — expect QofE adjustments, timeline extension, and possible valuation impact.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fr_01 | Books Quality & CPA Relationship PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated No document evidence retrieved for this criterion. | N/A/10 | N/A | N/A |
| fr_02 | Add-Back Documentation PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company has identified only three add-backs totaling $130,400 ($84,000 owner compensation above market rate, $14,400 personal vehicle expense, $32,000 one-time legal dispute settlement) with minimal supporting documentation or verification process. The documents reveal significant commingling of personal and business expenses—vendor accounts are held in the owner's personal name, spouse manages all financial operations, and there is no evidence of CPA review or independent verification of the normalized EBITDA calculation. A buyer's accountant will likely require substantial additional support and rework to validate these adjustments and identify undocumented add-backs, particularly given the owner dependency and lack of formal financial controls documented throughout the materials. | 3/10 | CRITICAL RISK | |
| fr_03 | Revenue Recognition & Consistency PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated Revenue recognition practices lack formal documentation and audit verification, with no evidence of GAAP compliance procedures or deferred revenue tracking mechanisms in the provided materials. While the company demonstrates consistent recurring revenue at 40% across three fiscal periods ($1.62M to $1.92M) and stable gross margins (44-45%), the financial summary includes $130,400 in normalized EBITDA add-backs for 2024 that blur recurring versus one-time items, and the internal documentation notes overall "LOW" process documentation with processes "exist in people's heads" rather than in formalized SOPs, creating uniformity and auditability concerns. | 5/10 | NEEDS WORK | |
| fr_04 | Three-Year Financial Trend PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company demonstrates consistent revenue growth over three years ($4.05M to $4.8M), representing a 9.0% CAGR with stable and slightly improving gross margins (44.0% to 45.0%) and EBITDA margins (17.0% to 18.0%). While year-over-year growth rates have moderated (9.6% to 8.1%), the trend is consistent, and documented add-backs ($130,400 in 2024 including $84,000 owner compensation above market rate, $14,400 personal vehicle expense, and $32,000 one-time legal settlement) demonstrate reasonable comparability and support normalized EBITDA of $994,000. The 40% recurring revenue base ($1.92M annualized MRR) provides additional quality-of-earnings support, though growth rates fall slightly below the 10-15% range threshold for a higher score. | 7/10 | ADEQUATE |
Legal & Regulatory Compliance2.8/10 CRITICAL RISK (6% blend)
Deal Impact: Unresolved legal gaps are the #1 cause of post-LOI price reductions — immediate remediation required before listing.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| lc_01 | Business Licenses & Permits PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company holds two required licenses — a Georgia Low-Voltage Contractor license (LVA003847) and Alarm Systems Contractor license (GA-ASC-28841) — that are current and documented; however, the Low-Voltage Contractor license is held personally by the owner ([PERSON]) and is not transferable in a change-of-control without either obtaining a new license pre-close or negotiating a transitional arrangement post-close. No evidence of formal transferability review with counsel, documented transfer agreements, or alternative qualifying individuals is present in the materials, creating a material compliance risk for transaction close. | 3/10 | CRITICAL RISK | |
| lc_02 | Contract Change-of-Control Provisions PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated The documents contain no evidence that key vendor, customer, or lease agreements have been reviewed by counsel for assignment clauses or change-of-control provisions. While the company maintains relationships with general contractors (Hardin Construction) and customers (WinnCompanies, Post Apartment Homes, Northside, Paces Properties), the CIM explicitly states "has no formal preferred vendor agreements," and no contract review documentation is referenced. Material risks are identified elsewhere—including owner dependency for top two revenue relationships and the Georgia Low-Voltage Contractor license held personally by the owner—but these contractual transfer issues appear to have been identified operationally rather than through systematic legal review of change-of-control provisions. | 3/10 | CRITICAL RISK | |
| lc_03 | Employment Law Compliance PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated The retrieved documents contain no evidence of I-9 verification, non-compete agreements, compensation benchmarking, or any employment law compliance documentation. The materials focus exclusively on operational procedures, cybersecurity gaps, and financial metrics, with no reference to EEOC filings, DOL matters, or employment classification reviews. The absence of employment compliance materials in the due diligence data room represents a material gap that prevents assessment of legal employment practices and suggests significant pre-close remediation will be required. | 2/10 | CRITICAL RISK | |
| lc_04 | Intellectual Property Ownership PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated IP ownership is deeply ambiguous and intertwined with personal assets. Critical vendor accounts for procurement (ADI Global, Anixter) are held in the owner's personal name and credit with no formal assignment to the entity, the low-voltage license is personally tied to the owner and "must be replaced pre-close or post-close by new license holder," and key operational processes—including VMS administration, alert protocols, and customer-specific configurations—exist "in people's heads, particularly [PERSON] and [PERSON]" with no formal documentation. The cybersecurity assessment further notes that internal systems lack basic controls (exposed RDP, no MFA, ad hoc management by a part-time IT person), and there is no evidence of formal IP assignment agreements, trademark registrations, or an IP schedule in the data room. | 3/10 | CRITICAL RISK | |
| lc_05 | Litigation & Contingent Liability PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated No document evidence retrieved for this criterion. | N/A/10 | N/A | N/A |
Technology & Systems Maturity2.8/10 CRITICAL RISK (10% blend)
Deal Impact: Technology infrastructure is a deal risk — undocumented systems, personal dependencies, or technical debt will trigger buyer discount.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| tm_01 | Core Systems Documentation & Ownership PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated Core business systems lack adequate documentation and ownership clarity, with critical dependencies on individual employees. The cybersecurity assessment identifies that "[PERSON], Network/Systems Tech, serves as the de facto IT administrator in addition to his field technician responsibilities" with no dedicated IT management function, and customer monitoring alert protocols are "largely undocumented — [PERSON] manages" them from memory. Additionally, as-built documentation is acknowledged as "inconsistent" with "many projects have no formal as-builts," and monitoring protocols remain undocumented with a stated goal to "document all monitoring protocols by [DATE_TIME]." | 3/10 | CRITICAL RISK | |
| tm_02 | Cybersecurity & Data Protection Posture PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_CRM_Pipeline_Q1_2025.csv — High confidence — multiple documents corroborated The company's cybersecurity posture is critically deficient and presents material acquisition risk. The assessment report explicitly states an "Overall Risk Rating: HIGH" and identifies "complete absence of multi-factor authentication (MFA) across all critical business systems" alongside an exposed RDP port on the public IP address—both recognized attack vectors in recent ransomware incidents. The environment lacks endpoint detection and response (EDR), no incident response plan is documented, no cyber insurance is mentioned, vendor security reviews are absent, and the company operates without a dedicated IT management function, relying instead on ad hoc management by a part-time network technician. | 2/10 | CRITICAL RISK | |
| tm_03 | Data Integrity & Business Intelligence PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company lacks reliable, accessible data across its operations with significant individual dependencies and manual processes. Critical business data is scattered across multiple systems (QuickBooks, ServiceTitan, SharePoint, HubSpot CRM) with incomplete logging — the onboarding SOP notes "HubSpot CRM: Not all projects logged at closeout. Reporting incomplete" and customer-specific alert protocols are "largely undocumented — [PERSON] manages" entirely from memory. Infrastructure monitoring and cybersecurity data indicate no formal BI reporting exists, with ad hoc IT management by a single employee ([PERSON]) who manages the technology environment "on an ad hoc basis" in addition to field responsibilities, creating complete operational dependency on key individuals. | 3/10 | CRITICAL RISK | |
| tm_04 | Technology Vendor & Subscription Management PIS_SOP_Customer_Onboarding_v1.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json — High confidence — multiple documents corroborated The company demonstrates poor vendor and subscription management with critical documentation gaps and transferability risks. While some vendor relationships are identified (ADI Global, Anixter/Wesco for procurement; RingCentral for phone; Cisco Meraki firewall; QuickBooks Online), there is no evidence of formalized vendor contracts, centralized renewal tracking, or license transfer documentation. Additionally, multiple personal subscription dependencies exist—notably the Georgia Low-Voltage Contractor license held personally by [PERSON] rather than entity-owned, and monitoring alert protocols managed by [PERSON] "from memory" with no formal documentation—creating significant transfer risk for a potential acquirer. | 3/10 | CRITICAL RISK | |
| tm_05 | Technical Debt & Modernization Risk PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated The company operates a primarily on-premises IT environment with aging Dell PowerEdge servers running critical business systems (Milestone VMS and Lenel S2), a Cisco Meraki firewall with an expired license, and a UPS with batteries last tested in 2022 and due for replacement—indicating deferred maintenance on infrastructure. The cybersecurity assessment identifies "material risks" including exposed RDP ports, complete absence of multi-factor authentication across critical systems, and an overall HIGH risk rating, with the report noting that "without remediation, these findings are likely to reduce buyer confidence, result in price reduction demands, and/or require escrow holdbacks." Additionally, the company lacks a dedicated IT management function, relying on ad hoc administration by a field technician with dual responsibilities, and has not undergone formal security assessment or remediation planning. | 3/10 | CRITICAL RISK |
▲ Layer8's primary practice area. Technology & Systems Maturity is where Layer8 delivers directly — not just identifies gaps. Where this domain shows deficiencies, remediation is available immediately through Layer8 engagements.
Human Capital2.4/10 CRITICAL RISK (10% blend)
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| hc_01 | Workforce Retention & Tenure PIS_Confidential_Information_Memorandum.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_CRM_Pipeline_Q1_2025.csv · PIS_Financials_2024.csv — High confidence — multiple documents corroborated The documents provide no workforce retention data, turnover rates, tenure metrics, or retention trend analysis. While the SOPs reference specific named individuals managing key functions (Jason for site surveys, Derek/Marcus for oversight, [PERSON] for monitoring enrollment and invoicing), there is no documentation of workforce size, stability, tenure history, or any departures over the rolling 24 months, making it impossible to assess retention risk and suggesting significant due diligence gaps that a buyer would need to underwrite as material retention exposure. | 2/10 | CRITICAL RISK | |
| hc_02 | Compensation Competitiveness PIS_Confidential_Information_Memorandum.txt · PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt — High confidence — multiple documents corroborated No document evidence retrieved for this criterion. | N/A/10 | N/A | N/A |
| hc_03 | Recruiting & Training Capability PIS_company_dataset.json · PIS_Cybersecurity_Assessment_Report_2025.txt · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt — High confidence — multiple documents corroborated No document evidence retrieved for this criterion. | N/A/10 | N/A | N/A |
| hc_04 | Bench Depth & Succession Beyond Owner PIS_company_dataset.json · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company has critical single-points-of-failure across multiple key non-owner roles with no documented succession planning. Specific vulnerabilities include: "[PERSON] is the sole technically qualified field supervisor — no backup," "[PERSON] (owner spouse) manages all financial operations — key person and succession risk," "[PERSON] single point of failure for VMS administration," and vendor accounts "tied to [PERSON] personally" and "not transferable without vendor consent." The internal documentation explicitly states "Processes exist in people's heads, particularly [PERSON] and [PERSON]" with "NO formal SOPs documented," indicating no cross-training cadence or succession paths for critical positions beyond the owner. | 2/10 | CRITICAL RISK | |
| hc_05 | Compensation/Benefits Structure Transferability PIS_company_dataset.json · PIS_SOP_Customer_Onboarding_v1.txt · PIS_Confidential_Information_Memorandum.txt · PIS_Cybersecurity_Assessment_Report_2025.txt — High confidence — multiple documents corroborated The company has significant owner-dependent compensation and benefits structures that require substantial cleanup. Financial documents show $84,000 in owner compensation above market rate and $14,400 in personal vehicle expenses that are add-backs to EBITDA, indicating non-standard arrangements. Additionally, vendor accounts for procurement (ADI Global and Anixter) are held in the owner's personal name and personal credit, creating non-transferable dependencies that the documents explicitly identify as bottlenecks requiring vendor consent to transfer post-close. | 3/10 | CRITICAL RISK |
Top 3 Strengths
- Financial Readiness at 5.0/10 provides an adequate foundation for deal closure and post-acquisition integration planning. While not exceptional, this adequate financial position eliminates acute cash-flow instability concerns during diligence and allows the buyer to focus integration resources on operational rather than immediate liquidity remediation. This baseline financial discipline supports the lower-middle-market valuation multiple and reduces the risk of earn-out clawbacks tied to working-capital deterioration.
- Customer Quality at 4.2/10, though requiring work, represents the strongest revenue-generating domain in the assessment and signals that core customer relationships and revenue visibility are not in acute distress. A buyer can build retention and expansion strategies on this foundation without facing imminent churn risk that would threaten deal economics. This score indicates that the customer base, while not best-in-class, is stable enough to support revenue continuity through the transition period.
- Legal & Regulatory Compliance at 2.8/10, despite its critical-risk classification, reflects that Pinnacle has not triggered material compliance failures or litigation exposure that would create deal-blocking liabilities. The absence of regulatory enforcement actions or unresolved legal disputes removes a catastrophic downside risk from the buyer's diligence checklist. This allows the buyer to proceed with a standard compliance remediation plan rather than conduct extended litigation or regulatory negotiation.
Top 3 Risks
- Owner Risk at 2.8/10 (CRITICAL RISK) represents a critical gap that will trigger a buyer discount and extend diligence timelines significantly. Buyers will conduct extensive key-person risk assessment and require detailed transition plans to mitigate the concentration of operational and strategic decision-making authority. This domain directly impacts post-close stability and retention of revenue streams, creating a material liability that will compress the valuation multiple within the 4.0–4.2× EBITDA range or below.
- Human Capital at 2.4/10 (CRITICAL RISK) poses a deal-completion risk given the absence or weakness of documented talent pipelines, succession planning, and institutional knowledge transfer mechanisms. Buyers will flag this as a critical operational vulnerability during diligence and will demand evidence of management depth and retention agreements before signing. The lack of scalable human capital infrastructure creates a material discount to enterprise value and represents a significant post-close integration risk.
- Technology & Systems Maturity at 2.8/10 (CRITICAL RISK) creates a material liability in the form of technical debt, legacy system dependencies, and operational fragility that buyers will require substantial remediation investment to address. Diligence teams will identify gaps in system architecture, data integrity, and automation readiness that constrain future scaling and increase integration costs. This critical gap will result in a buyer haircut applied to the valuation multiple to reserve for post-close modernization and operational stabilization.
Recommended Priority Fixes
The five highest-priority actions for the next 90 days, ranked by deal impact. For the complete domain-by-domain remediation plan and cost estimates, see the Value Recovery Roadmap above.
Fix 1OR
Document owner transition and key-person retention plan
Address Owner Risk (2.8/10) by producing a written 24-month post-close transition plan that names successor decision-makers, defines operational authority handoff, and includes signed retention agreements for the owner and all critical stakeholders. Buyers will require this document during diligence to assess continuity risk and reduce the likelihood of a valuation discount tied to key-person concentration. Without this, expect a material haircut to the 4.0–4.2× EBITDA multiple.
Fix 2HC
Build and certify documented management depth and succession pipeline
Address Human Capital (2.4/10) by identifying and formally documenting a three-tier talent pipeline (backfill, bench, and external candidates) for all critical operational roles, backed by org charts, job descriptions, and signed non-competes or retention agreements. Buyers will scrutinize this artifact to confirm institutional knowledge is not confined to one or two individuals and that post-close integration risk is containable. This deliverable is essential to unlock full valuation and close faster.
Fix 3TM
Commission independent technology debt and systems modernization audit
Address Technology & Systems Maturity (2.8/10) by engaging a third-party technology firm to conduct a 30-day technical assessment covering system architecture, legacy dependencies, data integrity, cloud-readiness, and automation constraints, resulting in a written remediation roadmap with cost estimates and timeline. Buyers will demand this report during diligence; a professional third-party assessment significantly reduces the perceived risk and the reserve haircut applied to valuation. Without it, expect a 10–15% multiple compression.
Fix 4DR
Resolve material diligence triggers and compile clean data room
Address Diligence Risk (3.4/10) by identifying and resolving the top five blocking issues (contract gaps, litigation exposure, regulatory compliance gaps, tax exposures, or financial restatement needs) and producing a cleaned, indexed data room with all required legal, financial, and operational documents in buyer-ready format. Unresolved diligence blockers extend timelines by 4–8 weeks and signal hidden liabilities; a clean, proactive data room demonstrates control and transparency, reducing buyer skepticism and protecting your position within the 4.0–4.2× range.
Fix 5CQ
Develop customer concentration mitigation and retention strategy
Address Customer Quality (4.2/10) by mapping the top 10 customers, calculating revenue concentration risk, and producing written retention agreements or multi-year contracts with the top 3 revenue drivers, along with a documented customer success plan showing renewal and upsell activity. Buyers view customer concentration as a revenue risk and will discount EBITDA sustainability; locking in multi-year commitments and demonstrating customer stickiness protects recurring revenue visibility and supports a stable or higher multiple.
Compliance Notes
No PII was detected in the ingested documents.