nullsys provides independent technical due diligence for M&A transactions and standalone IT revision for compliance purposes. No vendor relationships. No implementation work. Objective by design.
We do not consult on IT strategy, manage implementations, or sell software. We assess and report - independently, on a fixed timeline, with findings that hold up under scrutiny.
An independent assessment of the target company's IT infrastructure, security posture, licence compliance, and regulatory exposure - delivered within the transaction timeline.
A structured, independent review of IT controls, security, and regulatory compliance delivered as a formal report to board level - credible to investors and regulators in a way internal assessments cannot be.
In Croatian and SEE M&A transactions, IT infrastructure review is the last workstream - if it happens at all. These are the liabilities that surface after close.
Critical processes running on unmanaged infrastructure, invisible until operational disruption occurs post-close.
Microsoft, Oracle, and Adobe liabilities that transfer with the transaction as six-figure compliance obligations.
Unpatched systems and prior incidents that were never disclosed. These become the acquirer's liability on day one.
Inherited NIS2 and GDPR non-compliance that transfers with the acquisition and immediately becomes the acquirer's gap.
Without an independent baseline, post-acquisition IT costs are systematically underestimated in the deal model.
Systems maintained by one or two individuals. When they leave, institutional knowledge leaves with them.
Six phases from initial contact to delivery. Proactive communication throughout - no corrections or surprises at the end. We align to your transaction deadline, not the other way around.
Understanding the transaction context, target size, time window, and access level. NDA signed before any information about the target is shared.
Preparation of a Risk and Controls Matrix and initial document request list for the target. Interview schedule defined with key contacts.
On-site or remote interviews with CIO and IT leads. Direct observation of controls in operation - not just documentation review.
Testing whether controls function in practice. Vulnerability assessment, licence audit, NIS2 and GDPR gap analysis.
Risk classification, cost quantification, draft shared with the client before finalisation. No surprises at the end.
Findings presented to the acquirer and legal team. Rep and warranty input sheet delivered in a format the legal team can use directly.
nullsys has no commercial relationship with technology vendors, system integrators, or cloud providers. Our findings are objective by design - we have no incentive other than accuracy.
This is what makes our assessments credible to investors, acquirers, boards, and regulators in a way that internal IT team reports or vendor-affiliated consultants cannot be.
We put this in writing in every engagement agreement.
Law firms introduce nullsys when IT risk is material. We engage directly with the acquirer or target under a separate NDA. Project-based, no retainer required.
We run alongside legal and financial diligence simultaneously. We align our timeline to the transaction deadline.
Findings delivered in a format the legal team uses directly to draft IT-related representations and warranties in the SPA. No translation required.
The initial call is to understand your situation and establish whether nullsys is the right fit. No obligation, no pitch deck.
We work with law firms managing M&A transactions, acquirers preparing for close, and boards requiring independent IT revision.
nullsys has no commercial relationship with technology vendors, system integrators, or cloud providers. Engagement fee is not contingent on findings.
All engagements are governed by a mutual NDA prior to any information exchange. Findings are disclosed solely to the engaging party and are not shared with the target without written consent.
nullsys assessments are advisory in nature. Liability is limited to the engagement fee. Reports are prepared for the exclusive use of the engaging party and may not be relied upon by third parties without prior written agreement.
Engagements are governed by the laws of the Republic of Croatia. Any disputes are subject to the exclusive jurisdiction of the competent courts in Zagreb.