Due Diligence

Vendor Due Diligence Questionnaire

Goodwood Consulting, LLC "Goodwood"

As of February 13, 2026

Goodwood Consulting, LLC is dedicated to providing high-quality consulting services with a strong emphasis on data security, privacy, and regulatory compliance. This questionnaire is designed to provide prospective and existing clients with transparency into our corporate practices, security posture, and operational standards.

For additional detail on any of the topics below, please refer to the corresponding policies on our governance page or contact us directly.

Corporate Overview

Firm Name

Goodwood Consulting, LLC

Headquarters

New York, NY

Year Founded

2019

Principal Contact

Ryan Thibodeaux, President

Core Services

Revenue infrastructure consulting for investment managers — CRM architecture, RevOps engineering, data infrastructure, investor relations technology, fund administration automation, and digital distribution.

Client Base

Private equity, venture capital, credit, real estate, and multi-strategy investment managers ranging from emerging managers to established institutional firms.

Privacy & Data Protection

Does the firm maintain a written privacy policy?

Yes. We maintain both a Website Privacy Policy governing visitor data and a Client Privacy Policy governing data collected in connection with consulting engagements. Both are published on our governance page.

How is client data access controlled?

Access to client data is restricted to authorized personnel on a role-based, need-to-know basis. We maintain a principle of least privilege across all systems and platforms.

Does the firm maintain a written cybersecurity policy?

Yes. Our Cybersecurity Policy provides written guidance on information security risks, device protection, email security, password management, restricted user access controls, portable media handling, and secure data transfer protocols.

How are security incidents handled?

We maintain formal incident response procedures. In the event of a data breach or security incident, affected clients are notified promptly in accordance with our policies and applicable regulatory requirements.

Business Continuity & Disaster Recovery

Does the firm maintain a business continuity plan?

Yes. Our Business Continuity Plan addresses operational resilience in the event of natural disaster, significant business disruption, or loss of key personnel. The plan is reviewed and updated periodically.

What is the recovery approach for critical systems?

We maintain cloud-based infrastructure with redundant backups enabling rapid restoration of critical systems. Client engagement data, configurations, and documentation are continuously backed up across geographically distributed data centers.

Regulatory Compliance

What compliance standards does the firm adhere to?

We adhere to applicable data protection regulations and industry-standard cybersecurity frameworks. Our policies and procedures are designed to meet or exceed the expectations of institutional allocators and their compliance teams.

Does the firm carry professional liability insurance?

Yes. Goodwood Consulting maintains business liability and umbrella insurance coverage. Certificates of insurance are available upon request.

Are background checks conducted on personnel?

All personnel with access to client systems or data undergo appropriate vetting prior to engagement.

Data Management & Integration Practices

How is data secured during transmission?

All data transmitted between our systems and client environments is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent standards provided by our cloud infrastructure partners.

How are integrations and data flows managed?

We implement structured data flow architectures with explicit mapping, validation, and error handling at every integration point. All integration credentials are stored in secure vaults with audit logging enabled.

What platforms does the firm work with?

We work across CRM platforms (HubSpot, Salesforce), investor portals, fund administration systems, document management platforms, and custom-built infrastructure. A full list of supported integrations is available on our website.

Service Implementation

What is the typical onboarding process?

Engagements follow a structured onboarding process including discovery and requirements gathering, architecture design, phased implementation with defined milestones, data migration and validation, team training, and post-launch support.

How are project milestones and progress communicated?

We provide regular project updates through weekly status calls and written summaries. Milestones are defined at project kickoff with clear deliverables, timelines, and acceptance criteria.

Client Support & Communication

What support channels are available?

Clients have access to dedicated support via email and Slack, with scheduled weekly calls for ongoing engagements. Ad-hoc calls are available for urgent matters or time-sensitive issues.

What are standard response times?

We target same-business-day response for standard inquiries and prioritize critical issues for immediate attention. Specific SLAs can be defined as part of individual engagement agreements.

Related Policies & Documents

Website Privacy Policy Client Privacy Policy Cybersecurity Policy Business Continuity Plan

Additional Questions?

If your due diligence process requires additional information beyond what is covered here, please contact us. We are happy to provide supplementary documentation, participate in calls, or complete custom DDQ formats.