An Application Modernisation Review should answer a practical question: what should be improved first, and why? It should not be a vague audit or a technology wishlist. It should give the business a clearer picture of risk, maintainability, security, deployment, integration and realistic next steps.
The review is most useful when the company depends on a system but no longer has enough confidence in changing it.
1. Business and system context
Start by documenting what the system does for the business. Which workflows does it support? Who uses it? What data does it contain? Which customers, partners or internal teams depend on it? Which parts are business-critical?
This prevents technical work from drifting away from operational value.
2. Architecture and codebase
The review should assess the structure of the application. Is the architecture understandable? Are boundaries clear? Is business logic mixed into user interface code? Are there duplicated patterns? Are there areas everyone is afraid to touch?
The goal is not to criticise old code. The goal is to identify which parts create change risk.
3. Dependencies and platform versions
Outdated frameworks, libraries, runtimes and platforms can create security and maintenance risk. The review should list important dependencies, versions, end-of-life concerns and upgrade constraints.
Kruso’s Umbraco end-of-life article is a useful reminder that platform support dates matter. When a system depends on unsupported software, the risk is not theoretical. It can affect security, compliance, compatibility and future development.
4. Deployment and environments
Many systems are hard to change because deployment is fragile. The review should check how releases happen, who can deploy, whether the process is documented, whether environments are consistent and whether rollback is possible.
Questions include:
- Is there CI/CD?
- Are secrets handled safely?
- Are deployment steps manual?
- Is there a staging environment?
- Is rollback tested?
- Is infrastructure documented?
5. Security and access control
A modernisation review should not claim to replace a formal security audit unless that is separately scoped. But it should identify practical software risks: authentication, permissions, dependency exposure, secrets handling, data access, backup assumptions and obvious configuration weaknesses.
This aligns with secure software development guidance such as NIST’s Secure Software Development Framework.
6. Integrations and data flow
Modernisation often fails when integrations are poorly understood. The review should identify APIs, scheduled jobs, imports, exports, third-party services and manual data movement.
It should answer:
- Which systems does this application depend on?
- Which systems depend on it?
- Where does data come from?
- Where does it go?
- Which integrations are unstable or undocumented?
7. Monitoring, logging and operation
A system that cannot be observed is difficult to operate. The review should check logging, monitoring, alerts, error handling, backup/recovery assumptions and incident follow-up.
OpenTelemetry’s observability model is relevant because modern operation depends on signals such as logs, metrics and traces. For smaller systems, the implementation may be simple, but the need for visibility remains.
8. Documentation and ownership
Documentation should describe enough for someone to operate and change the system responsibly. The review should identify missing runbooks, setup instructions, architecture notes, deployment guidance, integration documentation and ownership gaps.
9. Options and roadmap
The final output should not be a long list of problems. It should be a prioritised roadmap:
- immediate risks;
- quick stabilisation work;
- medium-term modernisation;
- rebuild or replacement considerations;
- dependencies between actions;
- recommended first phase.
Memory(One) perspective
A Technical Review & Roadmap is a useful first engagement because it reduces uncertainty. It helps companies decide whether to modernise, rebuild, automate, integrate, replace or maintain based on evidence.
Sources and inspiration
- Netcompany — AI-powered legacy transformation: https://netcompany.com/digitalisation-at-record-speed-netcompany-sets-a-new-standard-with-ai-powered-it-tool-for-legacy-transformation/
- NNIT — Modernize wisely: application modernization in the public sector: https://www.nnit.com/insights/white-papers/modernize-wisely-application-modernization-in-the-public-sector
- Kruso — Umbraco 8 and 10 nearing end of life: https://www.kruso.group/en-DK/updates/time-to-future-proof-your-website-umbraco-8-and-10-are-nearing-end-of-life
- NIST — Secure Software Development Framework: https://csrc.nist.gov/projects/ssdf
- OpenTelemetry: https://opentelemetry.io/