Banner with dew-covered spider web and the title 'From Technical Debt to Strategic Capability' in white text

Legacy System Analysis for Safer Modernisation and NIS2 compliance

Gå til dansk version

Legacy system analysis is essential when modernising complex IT landscapes, where limited visibility into dependencies, data flows and system logic increases both risk and cost.

Documentation is fragmented.
System knowledge resides with only a few individuals.
Transformation therefore becomes both costly and risky — and NIS2 compliance becomes a challenge.

The result is a familiar situation:

  • No one has a complete overview of system logic
  • Only partial insight exists into specific flows and functions
  • Changes are perceived as risky
  • Reducing technical debt seems complex and uncertain
  • Modernisation, migration and integration projects stall
  • Decisions are made on an uncertain foundation

The system is often too critical to ignore — but too unclear to modernise safely.

ValuePoint helps — in close collaboration with data and integration experts Lars Rasmussen and Torben Streibig Nielsen — organisations quickly establish a fact-based overview of complex legacy system landscapes by analysing the systems’ actual code and metadata.

The result is a solid decision-making foundation, enabling systems to be modernised or migrated faster and with significantly lower risk. At the same time, it provides the level of insight required to meet NIS2 requirements.

The foundation for this service is based on years of hands-on experience, where Lars Rasmussen and Torben Streibig Nielsen — together with ValuePoint’s Frank Jaffa — worked closely on legacy lifecycle extension, optimisation, clean-up and systematic mapping in one of Denmark’s largest public organisations.
This included hundreds of business-critical systems, complex integrations and a legacy-based system landscape built over decades.

This experience provided a deep understanding of what is truly difficult in these types of initiatives — and what actually works.

Based on these learnings, we have independently developed the method and product concept presented here.

From code to system insight

Through automated analysis of code, metadata and data flows, we create a visual overview of the system’s structure and logic.

This makes it possible to:

  • understand how functions call each other
  • identify data flows and dependencies
  • uncover hidden business logic
  • analyse the impact of changes
legacy system analysis data flow dependencies mapping

Legacy system analysis and NIS2 requirements

The NIS2 directive imposes stricter requirements on organisations’ ability to understand, document and manage their IT landscapes — including dependencies, data flows and critical system components.

In practice, many organisations lack this overview. System landscapes have evolved over many years, documentation is fragmented or outdated, and dependencies between systems and components are not fully known.

This creates challenges in meeting key NIS2 requirements such as:

  • risk management
  • understanding system dependencies
  • assessing impact of incidents
  • documentation and governance

Our analysis provides the foundation required for NIS2 compliance

Our approach enables organisations to quickly establish a fact-based overview of:

  • dependencies between systems and components
  • data flows and integration points
  • business-critical logic and hidden relationships

The analysis is based on the systems’ actual implementation and requires only limited involvement from internal resources.

The result is a consistent and up-to-date decision-making foundation that can be used directly for:

  • NIS2-related risk management
  • impact-analyser og beredskabsplanlægning
  • documentation of the system landscape
  • prioritisation of modernisation initiatives

In short:

We help establish the level of system insight that NIS2 compliancy requires — and that is essential for safe and effective modernisation.

What the legacy system analysis provides

Full transparency of system logic

We document the relationship between:

Flow → business rule → technical implementation

This enables both IT and business stakeholders to understand how the system actually works.

Mapped dependencies

We identify:

  • data flows
  • system integrations
  • hidden relationships
  • circular dependencies

This reduces the risk of unexpected consequences when making changes.

Impact analysis in seconds

Once dependencies are mapped, the impact of changing a table, function or integration can be assessed immediately.

This provides a much more reliable foundation for:

  • modernisation
  • migration
  • refactoring
  • lifecycle extension

Identification of technical debt

The analysis reveals, among other things:

  • dead code
  • obsolete structures
  • unused functionality
  • performance bottlenecks

This enables complexity to be reduced easily during modernisation.

GDPR and compliance overview

Sensitive data can be identified and traced across the system landscape.

This enables:

  • insight into where personal data is used
  • improved documentation of data flows
  • a stronger foundation for compliance and audit

Deliverables

The analysis is delivered as structured documentation of system functionality and dependencies.

Typical deliverables include:

Flow register

Overview of key functions and entry points

Function and rule catalogue

Documentation of the relationship between business rules and code

Dependency and complexity maps

Visualisation of data flows and system structure

GDPR and PII tracking

Mapping of sensitive data across the system landscape

Decision package

Risk assessment and recommended roadmap for modernisation or migration

A safe way to get started quickly

A full legacy analysis of a complex system landscape is a substantial undertaking.

Our method, however, makes it possible to establish a clear, up-to-date and fact-based understanding of the system landscape significantly faster, more precisely and with far less resource involvement than traditional approaches typically allow.

That is why we offer the option of carrying out the engagement in two phases, the duration of which depends on the size and complexity of the system landscape:

Phase 1 – Proof of Concept: The method is tested on one or a few selected flows and functions
You receive concrete deliverables and results before deciding whether to proceed with the full engagement.
It is a practical, well-defined and low-risk way to assess the value of the analysis in relation to your own systems

Phase 2 – Full Analysis: Systematic mapping of the full scope
This is carried out using the same method and with the same concrete deliverables as the PoC – just at full scale.
Decision gates are built into the engagement on an ongoing basis throughout the process

Minimal resource requirements on your side

The analysis requires only limited involvement from your organisation.

Typically required:

  • read-only access to code and metadata
  • a kickoff meeting
  • a few short clarification sessions with SMEs (typically 2 × 1 hour per week)

Operations and other ongoing priorities are not impacted.

Next step

We offer a short, informal conversation (45–60 minutes), where we jointly clarify:

  • relevant systems
  • optimal analysis or PoC scope
  • practical preconditions

Based on this, we provide a brief proposal including timeline and budget.

Contact us directly by email to fj@valuepoint.dk or by phone at (+45) 40 74 11 61