Checklists — Veritatem Press

Confirm meeting date, time, and quorum requirements (check bylaws for quorum threshold)
Distribute board materials at least 5 business days in advance (7 preferred)
Prepare and circulate draft agenda; confirm with CEO and board chair
Draft resolutions for all action items requiring board approval
Prepare committee reports (Audit, Compensation, Nominating/Governance)
Confirm D&O questionnaires and disclosure updates are current
Review any pending or threatened litigation for board update
Prepare executive session agenda items (if any)
Ensure board portal access is working for all directors
Arrange for corporate secretary or designee to attend and take minutes
Post-meeting: circulate draft minutes within 10 business days; finalize at next meeting

Identify triggering event (litigation filed, government investigation, reasonable anticipation of litigation)
Define scope: custodians, date range, data sources, document types
Issue written legal hold notice to all identified custodians
Suspend routine document destruction and retention policies for in-scope materials
Notify IT to preserve relevant electronic systems, backups, and auto-delete processes
Identify and preserve relevant third-party data (cloud vendors, outside counsel, contractors)
Document the hold process (who was notified, when, what instructions were given)
Send periodic reminders to custodians (quarterly minimum)
Track custodian acknowledgments; follow up on non-responses within 48 hours
Establish process for new hires/departures who fall within hold scope
Review and release hold only after matter is fully resolved and with legal sign-off

Spoliation sanctions can be case-ending. Over-preserve rather than under-preserve. Document everything.

Corporate organization: charter, bylaws, good standing certificates, board/stockholder minutes, capitalization table
Material contracts: review top 20 by revenue/spend; identify change-of-control provisions, consent requirements, and anti-assignment clauses
Litigation: pending, threatened, and settled matters within past 5 years; assess material exposure
IP: patent portfolio, trademark registrations, trade secret protections, open-source usage, IP assignments from employees/contractors
Employment: executive agreements, equity plans, severance obligations, non-compete enforceability, pending EEOC/labor claims
Real estate: lease terms, renewal options, assignment provisions, environmental liabilities
Regulatory: licenses, permits, compliance history, pending investigations, consent decrees
Tax: federal/state/local tax returns (3 years), pending audits, tax sharing agreements, NOL carryforwards
Insurance: current program summary, claims history (5 years), tail coverage needs
Data privacy: privacy policies, data processing agreements, breach history, GDPR/CCPA compliance status
Government contracts: if applicable — ITAR, CFIUS, FOCI considerations
Prepare diligence summary memo with risk ratings (high/medium/low) for each category

Within 4 business days: Form 8-K for any reportable event (material agreements, executive changes, financial restatements, etc.)
Within 2 business days: Section 16 Forms 3/4 (insider transactions) — monitor continuously
40 days after quarter end (accelerated filer): Form 10-Q quarterly report
60 days after fiscal year end (accelerated filer): Form 10-K annual report
120 days after fiscal year end: Proxy statement (DEF 14A) and annual meeting
February (Q4 earnings): Earnings release (8-K), earnings call script, Reg FD compliance review
Quarterly: Reg FD training reminder; insider trading window open/close notices; blackout period enforcement
Annual: D&O questionnaires; director independence determinations; committee charter reviews
Annual: Section 302/906 CEO/CFO certifications (with 10-K and 10-Q)
Annual: SOX 404 internal controls assessment; auditor attestation (for accelerated filers)
As needed: Form S-3/S-8 shelf registration updates; Rule 144 opinions; 10b5-1 plan reviews

All deadlines assume accelerated filer status. Large accelerated filers and non-accelerated filers have different deadlines. Calendar assumes December fiscal year end — adjust for non-calendar FYE.

New Hire: Verify non-compete/non-solicit from prior employer; assess enforceability risk
New Hire: Confirm no misappropriation of prior employer's trade secrets or confidential information
New Hire: Execute employment agreement, IP assignment, confidentiality/NDA, arbitration agreement
New Hire: I-9 verification within 3 business days of start date
New Hire: Equity grant paperwork and Section 83(b) election (if applicable — 30-day deadline)
Termination: Document performance issues and progressive discipline (if for cause)
Termination: Review employment agreement for severance, notice period, and post-termination obligations
Termination: Prepare separation agreement and general release (ADEA: 21 days to consider, 7 days to revoke; group: 45 days)
Termination: Calculate final pay including accrued PTO (check state law — some require immediate payment)
Termination: Revoke system access, collect company property, deactivate credentials
Termination: COBRA notice within 14 days of qualifying event
Termination: Assess WARN Act applicability (60-day notice for mass layoffs / plant closings)

Hour 0-1: Activate incident response team (Legal, CISO, IT, Communications, CEO)
Hour 0-1: Engage outside breach counsel (privilege — all communications through counsel)
Hour 0-4: Contain the breach — isolate affected systems, preserve forensic evidence, do NOT destroy logs
Hour 0-4: Engage forensic investigation firm (through outside counsel for privilege protection)
Hour 4-12: Determine scope: what data, how many individuals, what jurisdictions, what data types (PII, PHI, financial)
Hour 4-12: Review cyber insurance policy; provide notice to carrier per policy terms
Hour 12-24: Assess notification obligations by jurisdiction (state AG notification, GDPR 72-hour rule, HIPAA 60-day rule, SEC 4-day 8-K)
Hour 12-24: Draft internal communications; prepare board notification
Hour 24-48: Prepare consumer notification letters; engage credit monitoring/identity protection vendor
Hour 24-48: Prepare regulatory notifications (state AGs, HHS if PHI, relevant federal regulators)
Hour 48-72: Prepare external communications (press statement if warranted, customer FAQ)
Hour 48-72: Document all response actions, decisions, and timeline for regulatory defense

GDPR requires supervisory authority notification within 72 hours. SEC requires 8-K within 4 business days of determining materiality. State laws vary widely — some require notification within 30 days, others have no specific deadline but require "expedient" notice.

Parties: correct legal entities, authority to bind, good standing
Term and termination: duration, auto-renewal, termination for convenience vs. cause, wind-down obligations
Scope of work / deliverables: clearly defined, measurable, acceptance criteria
Payment terms: amount, schedule, late payment penalties, price adjustment mechanisms
Representations and warranties: scope, survival period, materiality qualifiers, knowledge qualifiers
Indemnification: scope (IP, third-party claims, breach), caps, baskets, exclusions for gross negligence/willful misconduct
Limitation of liability: consequential damages waiver, aggregate cap (typically 12-24 months of fees)
IP ownership: work product ownership, license grants, pre-existing IP carve-outs
Confidentiality: definition of confidential information, exceptions, term, return/destruction obligations
Data protection: DPA required? data processing roles, sub-processor consent, breach notification
Insurance requirements: minimum coverage amounts, additional insured status, certificates
Assignment / change of control: consent requirements, anti-assignment clauses
Governing law and dispute resolution: jurisdiction, venue, arbitration vs. litigation, jury waiver
Force majeure: scope of qualifying events, notice requirements, termination right after extended force majeure

Define scope and objectives in writing before engagement begins
Execute engagement letter with fee arrangement (hourly, fixed, success, blended), staffing plan, and budget
Distribute outside counsel guidelines (billing standards, staffing restrictions, reporting requirements)
Establish budget with not-to-exceed cap; require written approval for overages
Define billing standards: no block billing, minimum time increments, no charges for administrative tasks
Staffing requirements: named partner responsible, no associate staffing changes without approval, leverage ratio
Reporting cadence: weekly status updates for active matters, monthly for maintenance
Conflicts check: confirm firm-wide conflicts clearance before sharing confidential information
Review invoices monthly against guidelines; use e-billing platform if available
Conduct matter post-mortem: outcome, total cost vs. budget, lessons learned, firm performance assessment
Maintain firm roster with performance ratings for future matter staffing decisions

Begin renewal process 90-120 days before expiration
Review prior year claims experience with broker; assess impact on premiums
Update company profile: revenue, headcount, asset values, new products/services, geographic expansion
Review D&O limits in light of current market cap, litigation environment, and peer benchmarking
Assess cyber insurance adequacy: coverage limits vs. estimated breach costs, sublimits for specific coverages
Review EPL (Employment Practices Liability) in light of workforce changes, RIFs, or pending claims
Confirm all policies are coordinated: no gaps between primary and excess layers
Review policy exclusions: are any new business activities excluded? negotiate carve-backs if needed
Obtain multiple quotes from competing carriers (broker should market to at least 3-5 carriers per line)
Review Reps & Warranties insurance needs for any pending M&A transactions
Confirm certificates of insurance are updated and distributed to counterparties as required by contracts
Document program structure, premium allocation, and renewal decisions for board/audit committee reporting

T-18 months: Engage IPO counsel (company-side and underwriter's counsel)
T-18 months: Form IPO steering committee (CEO, CFO, CLO, outside counsel, auditors, bankers)
T-12 months: Corporate housekeeping — clean up capitalization table, option grants, convertible instruments
T-12 months: Audit readiness — ensure 2+ years of audited financials (3 years for large accelerated filers)
T-12 months: SOX 404 internal controls implementation — begin documentation and testing
T-9 months: Board composition — recruit independent directors (majority independent, audit committee financial expert)
T-9 months: Adopt corporate governance framework: committee charters, code of conduct, insider trading policy, Reg FD policy
T-6 months: Draft S-1 registration statement — business description, risk factors, MD&A, compensation disclosure
T-6 months: Prepare executive compensation programs (Section 162(m), golden parachute analysis, equity plan for stockholder approval)
T-3 months: File S-1 with SEC; begin comment/response cycle
T-3 months: D&O insurance placement (pre-IPO tower + public company program)
T-1 month: Roadshow preparation; lock-up agreements executed; Section 16 filings prepared
Pricing: Board approval of final price and share count; underwriting agreement execution
Post-IPO: Quiet period compliance; first 10-Q filing; investor relations program launch

Timeline assumes traditional IPO. SPAC and direct listing processes differ materially in timing and workstreams.

✅ Practical Checklists