Professional Documents
Culture Documents
Visit
your learning portal
QA.COM /login
TOGAF 9® Foundation and Certified
Contents
Introduction 1
Basic Concepts 4
Core Concepts and Reference Models 12
Introduction to the ADM 21
The Enterprise Continuum 27
Architecture Repository 31
Architecture Content Framework 35
Content Metamodel 38
Preliminary Phase 44
Governance 57
Business Scenarios 65
Architecture Views and Viewpoints 67
Stakeholder Management 70
Building Blocks 73
Phase A – Architecture Vision 76
Phase B – Business Architecture 87
Phase C – Information Systems Architecture 96
Phase C – Data Architecture 99
Phase C – Application Architecture 104
Phase D – Technology Architecture (and TRM/III-RM) 110
Technical Reference Model – TRM 115
Integrated Information Infrastructure Reference Model – III-RM 117
Phase E – Opportunities and Solutions 120
Phase F – Migration Planning 127
Phase G – Implementation Governance 135
Phase H – Change Management 140
Architecture Requirements Management 145
Architecture Partitioning 149
Adapting the ADM 152
Architecture Maturity Models 159
Architecture Skills Framework 162
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
TOGAF 9® Foundation and Certified
Introduction
General Information
Safety
Security
Course times
Breaks
Rooms
About You
Name
Company
Role and responsibilities
Architecture experience
Objectives for attending course
Other courses attended
Objectives
The key objective of this course is to introduce delegates to the TOGAF ® Framework, and to provide
sufficient information for them to gain Foundation and Certified status, by taking the necessary exams.
Note: Exams can be taken at the convenience of the delegate via Pearson VUE.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
1
TOGAF 9® Foundation and Certified
Topics to Cover
Course Introduction
Basic Concepts
Core Concepts and Reference Models
An Introduction to the ADM
The Enterprise Continuum
The Architecture Repository
The Architecture Content Framework
The Architecture Metamodel
The Preliminary Phase
Architecture Governance
Business Scenarios
Architecture View and Viewpoints
Stakeholder Management
Building Blocks and the ADM
Phase A: Architecture Vision
Phase B: Business Architecture
Phase C: Information System Architecture
Phase C – Data Architecture
Phase C – Application Architecture
Phase D: Technology Architecture
Phase E: Opportunities and Solutions
Phase F: Migration Planning
Phase G: Implementation Governance
Phase H: Architecture Change Management
Requirements Management
Architecture Partitioning
Adapting the ADM
Maturity Models
Skills Framework
Exam Preparation
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
2
TOGAF 9® Foundation and Certified
Course Material
The content of the course has been guided by a syllabus published by The Open Group
The material has been through, and passed, a formal accreditation process undertaken by The Open
Group
It consists of:
o Course Manual
o Reference Cards
o Selected Extracts from Framework
o Sample Foundation and Certified Exams
o Additional Sample Questions
o Case Study for use during course
o Sample Answer to Case Study
Exam Process
The Combined Exam is included as part of the course fee
The exams are managed by Pearson VUE
The exam consists of two parts – Foundation (Part 1) and Certified (Part 2)
Part 1 – duration 60 minutes consisting of 40 multiple choice questions (closed book). One point is awarded
for a correct answer, zero points for all other answers. Pass mark is 22
Part 2 – duration 90 minutes consisting of 8 complex scenario-based multiple choice questions (open
book). Each question has four possible answers. Five points are awarded for the correct answer, three
points for the next best answer, one point a barely correct answer, and zero points for the remaining
answer. Pass mark is 24
The booking process: please email TOGAFvoucher@qa.com, providing your Name and Booking Number
(information found in your joining instructions), when ready to take exam. You will receive a Voucher
Number as well as full instructions on how to book your exam.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
3
TOGAF 9® Foundation and Certified
Basic Concepts
Session Objectives
We will look at the following:
The Open Group and its evolution
The Enterprise, purpose and business benefits of Enterprise Architecture
What Architecture is, and its main types
What an Architecture Framework is, and why the TOGAF® Framework is so suitable
The TOGAF® Library
An overview of Certification Programme
The purpose of this module is to introduce the basic concepts of Enterprise Architecture and the TOGAF®
Framework.
This module covers Key Learning Points that are part of the Level 1 (Foundation) Certification.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
4
TOGAF 9® Foundation and Certified
What is an Enterprise?
An enterprise is a collection of organisations that share a common set of goals.
Enterprises come in many shapes and forms:
A whole corporation or a division of a corporation
A government agency or a single government department
A chain of geographically distant organisations linked together by common ownership
Chain of dispersed organisations linked by common ownership
Groups of countries or governments working together to create common or shareable deliverables or
infrastructures
Partnerships and alliances of businesses working together, such as a consortium or supply chain
And there is the Extended Enterprise that encompasses other organisations who do business with you.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
5
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
6
TOGAF 9® Foundation and Certified
You need the TOGAF® Framework to give you a “kick-start” in any architecting activities undertaken.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
7
TOGAF 9® Foundation and Certified
Part I – Introduction – overview and summary of the Standard, including key definitions
Part II – The Architecture Development Method: a process for undertaking Enterprise Architecture
Part III – ADM Guidelines and Techniques: this contains many established techniques. It is the most valuable
toolkit, addressing topics such as Governance (principles), Stakeholder Management, Business Scenarios, Gap
Analysis, Migration Planning Techniques, Risk Management, and more.
Part IV – Architecture Content Framework: puts structure into the sort of documents architects deal with, and more
importantly perhaps, a Metamodel that describes architectural entities and their relationships.
Part V – The Enterprise Continuum: despite its rather enigmatic title this area provides some fundamental and
substantial help on how to both visualise and organise both Architecture definitions (Building Blocks), and the
associated processes.
Part VI – Architecture Capability Framework: this final section has some important aspects, not least guidance on
Architecture Governance, and a Skills Framework.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
8
TOGAF 9® Foundation and Certified
TOGAF® Library
Organised into four sections (linked to the Enterprise Continuum):
1. Foundation Documents
2. Generic Guidance and Techniques
3. Industry-Specific Guidance and Techniques
4. Organisation-Specific Guidance and Techniques
Library resources further classified as:
Dependent: explicitly refer to “anchor points” in the Framework
Supporting: useful guides to using the Framework
EA General: general resources not linked to Framework
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
9
TOGAF 9® Foundation and Certified
Certification Program
Exam Paths
Note: This slide shows images of an optional Badges scheme that is available through The Open Group with the
badge-provider “Acclaim”. The top image shows the badge associated with a “Credential”, issued to show that the
delegate has updated their knowledge via a 3 hour course and passed a 20 question online exam. It is likely that in
time The Open Group may introduce other smaller-scale training options to achieve other Credentials.
The other images reflect the standard certification status achieved once the appropriate exam has been passed.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
10
TOGAF 9® Foundation and Certified
Summary
We have learnt that:
The Open Group is a well-established, vendor-neutral consortium
An enterprise is a collection of organisations that share the same goal
Enterprise Architecture’s purpose is to integrate and simplify corporate systems to better support long-term
business strategy
Enterprise Architecture Business Benefits are quicker, cheaper, more efficient systems
An “architecture” is a collection of related components (BBs) whose design and evolution needs governing
The main domains of architecture covered by the TOGAF® Framework are Business, Application, Data and
Technology – but don’t forget “Enterprise Architecture”
An Architecture Framework is best architecture practice
The TOGAF® Framework is so suitable because it provides advice on governing, doing, designing and
generally evolving systems
The structure of the TOGAF® Framework is in six parts
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
11
TOGAF 9® Foundation and Certified
The purpose of this module is to explain the core concepts of the TOGAF® Framework.
This module covers Key Learning Points that are part of the Level 1 (Foundation) certification.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
12
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
13
TOGAF 9® Foundation and Certified
What we’re getting here is some solid advice on the type of documents to produce and the information that goes in
them. All that is needed now is some idea of how people want this data to be represented – this is where Views
and Viewpoints come in. We’ll look at this later.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
14
TOGAF 9® Foundation and Certified
This term may be slightly arcane, but this whole concept is critical to describe how IS/IT “Architectures” are
composed. We will look at this in more detail later.
On its Y-axis, it addresses the need to initially describe architecture in a high-level way, which is then used to guide
and/or support the final detailed specification.
On its X-axis it plots the continuum itself which starts (if you look at the right-hand side first) with the very specific
architectures that are an intrinsic part of your organisation, and moves out eventually to a very general area that is
populated by Frameworks (TOGAF, etc.), Languages (ECMA-script, Java, etc.), Basic Patterns of Architecture
(MVC, Point-to-point, etc.).
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
15
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
16
TOGAF 9® Foundation and Certified
Architecture Capabilities
Enterprise architects live in a complex environment. They have to interrelate with the Business, Programme and
Project Managers.
From an operational perspective they may need to deal with the following:
Financial Management: dealing with numbers associated with the Architecture Practice (budgeting,
forecasting)
Performance Management: showing how the architecture function is performing
Service Management: of the architectural services provided, and the current project “pipeline”
Risk Management: of the threats that may impede realising goals/plans
Resource Management: of the people in the Architecture practice
Communications and Stakeholder Management: managing the needs of stakeholders, and ensuring
effective communication with them
Quality Management: the quality of the architecture practice, perhaps measured by plans, review
processes, documentation
Supplier Management: of the products and services provided to the practice
Configuration Management: of the baseline architecture specifications, and intellectual property
Environment Management: of the facilities, tools and equipment used by the practice
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
17
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
18
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
19
TOGAF 9® Foundation and Certified
Summary
We have seen that:
The Architecture Development Method is a set of architecture processes
The Architecture Content Framework suggests documents and entities that describe architecture
The Enterprise Continuum explores how to conceptualise and categorise architecture
The Architecture Repository is a place to store architecture assets
Architecture Capability describes relationships with others and core competencies of the Architecture
Practice
Using TOGAF with other frameworks is vital, to coordinate with PMO, PO and Governance
The TRM and III-RM are two Reference Models; part of the TOGAF® Series
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
20
TOGAF 9® Foundation and Certified
The purpose of this module is to help understand the ADM cycle, briefly explain the objective of each phase in the
cycle, and how to adapt and scope the ADM for use.
This module covers Key Learning Points that are part of the Level 1 (Foundation) certification.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
21
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
22
TOGAF 9® Foundation and Certified
ADM Relationships
Guidelines (not shown in diagram) are provided to enable different process styles, such as iteration between ADM
phases and architecture engagement, or adoption of specialist architectures such as SOA and Security. Also
addresses the different levels of granularity.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
23
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
24
TOGAF 9® Foundation and Certified
Architecture Scope
Architecture Integration
As organisations address common themes (such as Service-Oriented Architecture (SOA), and integrated
information infrastructure), and universal data models and standard data structures emerge, integration toward the
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
25
TOGAF 9® Foundation and Certified
high end of the spectrum will be facilitated. However, there will always be the need for effective standards
governance to reduce the need for manual coordination and conflict resolution.
Summary
We looked at the following:
What is the ADM, and its key points’ intuitive, generic use alongside...
Phases A – D, typical steps they contain and Document Versioning models, baseline, target, gaps,
timeframe, impact, checkpoint, finalisation, documentation
Relationships between the ADM and other parts of the framework highly integrated
Guidelines and techniques for use in the architects toolbox
Adapting the ADM to suit large and small, internal and external development, nature of the business
ADM Governance and Information is important, to control and audit documentation and processes
Scope, its limitations and dimensions many different influences on architectural activity
Architecture Integration in order to harmonise architectures to standards and reference architectures
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
26
TOGAF 9® Foundation and Certified
Definitions
Continuum: “a continuous sequence in which adjacent elements are not perceptibly different from each other, but
the extremes are quite distinct”
Imperceptible: “so slight, gradual, or subtle as not to be perceived”
Source: Oxford Dictionary
Reuse
Reference Models
Patterns
Building Blocks
Frameworks
Specifications
Existing Architecture Assets
BUT YOU NEED SOMEWHERE TO STORE AND ACCESS THIS INFORMATION – A “REPOSITORY”
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
27
TOGAF 9® Foundation and Certified
Main Constituents
Main Graphic
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
28
TOGAF 9® Foundation and Certified
Architecture Continuum
Solutions Continuum
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
29
TOGAF 9® Foundation and Certified
Summary
We have looked at:
The Enterprise Continuum – a classification system
The constituent parts of the Enterprise Continuum
Architecture and Solution Continuums
Explain how the Enterprise Continuum relates to other parts of the TOGAF® Framework – particularly
during definition phases
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
30
TOGAF 9® Foundation and Certified
Architecture Repository
Session Objectives
We will look at the following:
What is the Architecture Repository?
Describe the purpose of the main repository areas
The purpose of this module is to help understand the purpose of the Architecture Repository, its constituent parts,
and its relationship to other parts of the TOGAF® Framework.
Overview
An effective Architecture Practice will generate a large output of documents, diagrams, etc.
A structured framework for classifying this output
It should be regarded as part of an overall Enterprise IT Repository, consisting of
o Detailed design
o Deployment
o Service Management areas
Observation – the Enterprise Repository is seen by many newcomers to the TOGAF ® Framework as an “entry
point”.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
31
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
32
TOGAF 9® Foundation and Certified
Architecture Landscape
Strategic Architectures: provide a longer term (high-level) roadmap towards achieving strategic business goals.
Segment Architectures: are the next level down, represent major business domains or even systems/capabilities
(the classification is up to the organisation), but still at the higher level.
Capability Architectures: represent the “ground level” of architecting. They represent packages or projects that are
part of transitionary or incremental plans. This is where the Solution Building Blocks live.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
33
TOGAF 9® Foundation and Certified
Summary
We have looked at the following:
What is the Architecture Repository?
o A framework for classifying architecture output
How does it relate to the Enterprise IT Repository?
o It fits alongside other repositories for development, deployment and support
Describe the purpose of the main repository areas:
o The Architecture Metamodel organises an architectural framework and models content
o The Architecture Capability supports governance of the repository
o The Architecture Landscape contains views of the architecture at a particular point in time
o The Solutions Landscape contains Solution Building Blocks
o The Standards Information Base captures standards
o The Reference Library provide guidelines
o The Governance Log records enterprise governance activity
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
34
TOGAF 9® Foundation and Certified
The purpose of this module is to help understand the TOGAF Architecture Content Framework.
Overview
A significant new feature to Version 9
Like any classification system
o Aids consistency of terminology
o Mapping items to other frameworks, such as Zachman
Key parts are:
o Architecture Deliverables
o Architectural Artifacts
o Building Blocks
o Content Metamodel
Deliverable
Contractually specified, formally reviewed, agreed and signed-off by the stakeholders. At end of project it will either
be archived or transitioned into the Architecture Repository as a Reference Model, Standard or snapshot of the
Architecture Landscape at a point in time.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
35
TOGAF 9® Foundation and Certified
Key Relationships
Example Deliverable
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
36
TOGAF 9® Foundation and Certified
Summary
In this chapter we have:
Explained the purpose of the Content Framework which provides a consistent platform for describing
architecture
Described the main components of the Content Metamodel which are the work products and the
Metamodel
Described the relationship between the Content Metamodel and the ADM where the Metamodel is closely
mapped to main ADM phases
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
37
TOGAF 9® Foundation and Certified
Content Metamodel
Session Objectives
This chapter will:
Describe the core Metamodel concepts
Describe the key concepts related to the Core Part
Explain why the Metamodel is divided into Core and Extension Parts
Describe briefly the Extension Parts
The purpose of this module is to help understand the TOGAF Content Metamodel.
Core Concepts
Core and Extension Content
o Basic version with a set of extensions covering additional considerations
Core Metamodel Entities
o Showing the purpose of each entity
o Key relationships that support architectural traceability
Core and Extension Content provides an introduction to the way in which TOGAF employs a basic core metamodel
and then applies a number of extension modules to address specific architectural issues in more detail.
Core Metamodel Entities introduces the core TOGAF Metamodel entities, showing the purpose of each entity and
the key relationships that support architectural traceability.
Catalogue, Matrix, and Diagram Concept describes the concept of catalogues, matrices, and diagrams.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
38
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
39
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
40
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
41
TOGAF 9® Foundation and Certified
Associated Artifacts
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
42
TOGAF 9® Foundation and Certified
Summary
In this chapter we have:
Described the core Metamodel concepts to provide a formal and consistent set of terms for use in ADM
Described the key concepts related to the Core Part – Actor, Application Component, Business Service,
Data Entity, Function, Organisation, Platform Service, Process, Role, Technology Component
Explained why the Metamodel is divided into Core and Extension Parts – Core provides key basic
definitions, and the Extension looks at specific aspects in more detail
Described briefly the Extension Part which addresses Governance, Services, Process Modelling, Data,
Infrastructure Consolidation, Motivation
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
43
TOGAF 9® Foundation and Certified
Preliminary Phase
Session Objectives
This module focuses on the Preliminary Phase’s
Objectives
Approach
Main inputs
Steps
Outputs
The purpose of this module is to help understand how the Preliminary Phase contributes to the success of
Enterprise Architecture.
The order of the five objectives is significant (and this will be repeated in all phases). From an exam perspective,
“Objectives” and “Approach” relate to the Foundation (Level 1) exam and are therefore dealt with together as a unit.
An awareness of the remaining three items is assumed for the Certified (Level 2) exam. In the version 9.1
document this order of items was used. But for version 9.2, it was felt by the Architecture Forum that order of items
should be changed so the “Approach” is now the final item in each phase.
Phase Objectives
1. Determine the Architecture Capability desired by the organisation:
o Review the organisational context for conducting Enterprise Architecture
o Identify and scope the elements of the enterprise organisations affected by the Architecture
Capability
o Identify the established frameworks, methods, and processes that intersect with the Architecture
Capability
o Establish Capability Maturity target
2. Establish the Architecture Capability
o Define and establish the Organisational Model for Enterprise Architecture
o Define and establish the detailed process and resources for architecture governance
o Define the Architecture Principles
o Select and implement tools that support the Architecture Capability
Approach
Define the Enterprise inc. scope, stakeholders, extent
Identify key drivers and elements in the Organisational Context inc. commercial models/budgets,
stakeholders, intentions, management processes, baseline, skills, capabilities and corporate culture
Define the requirements for architecture work inc. business need, cultural aspiration, organisation intents,
strategic intent, financial forecasts
Define the architecture principles that guide the development of architecture, and cross-ref to business
principles, goals and drivers
Understand which management frameworks to be used inc. business capability, project and programme
management, operations and solution development
Define the relationships between management frameworks – see next slide
Evaluate the Enterprise Architecture maturity by means of capability maturity models such as NASCIO and
ACMM
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
44
TOGAF 9® Foundation and Certified
Inputs
Reference Materials External to the TOGAF® Framework
The TOGAF® Library
Other Architecture Framework(s) if required
Non-architectural
Board strategies, business plans, business strategy, IT strategy,
business principles, business goals, and business drivers
Major Frameworks operating in the business
Governance and Legal Frameworks
Architecture Capability
Partnerships and contract agreements
Architectural
Organisational Model
Existing Architecture Framework, if any
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
45
TOGAF 9® Foundation and Certified
Steps
1. Scope the enterprise organisations
impacted
2. Confirm governance and support
frameworks
3. Define and establish Enterprise
Architecture team and organisation
4. Identify and establish architecture
principles
5. Tailor TOGAF® and, if any, other selected
Architecture Frameworks
6. Implement architecture tools
Step Summary
1. Scope the Enterprise
Identify Core parts of the enterprise, those indirectly affected, the extended enterprise, stakeholders involved and
any associated governance.
2. Confirm Governance
Often Enterprise Architecture activity can have a profound effect on governance – and this should be ascertained
and acted upon when dealing with governance processes and documents.
3. Establish Team and Organisation
See future slide.
4. Establish Principles
See future slide.
5. Tailor Architecture Frameworks
See future slide.
6. Implement Architecture Tools
Reflects formality required by stakeholders. The stakeholders' articulation of requirements will enable more
effective and rapid decision-making by stakeholders. It should encompass management techniques, decision
management, workshop techniques, business modelling, detailed infrastructure modelling, office products,
languages and repository management as well as more formal architecture tools.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
46
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
47
TOGAF 9® Foundation and Certified
Identify Principles
Principles are enduring rules
They enable decision-making (management)
Enterprise Principles inform and help the organisation to fulfil its mission
Architecture principles...
o Govern the evolution of systems
o Govern the implementation of architecture
Defining Principles
An important process that should be handled by the Chief, or most senior [Enterprise] Architect
Other senior stakeholders should be closely involved:
o Architecture Board Members, that may well include:
o Other key stakeholders (business, operations, commercial, legal etc.)
o CIO, if applicable
Each principle must be related to some form of goal, or driver
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
48
TOGAF 9® Foundation and Certified
List of Principles
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
49
TOGAF 9® Foundation and Certified
Principle Template
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
50
TOGAF 9® Foundation and Certified
Rationale The only way we can provide a consistent and measurable level of quality
information to decision-makers is if all organisations abide by the principles.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
51
TOGAF 9® Foundation and Certified
Qualities of Principles
Understandable The underlying tenets can be quickly grasped and understood by individuals
throughout the organisation. The intention of the principle is clear and
unambiguous, so that violations, whether intentional or not, are minimised.
Robust Enable good quality decisions about architectures and plans to be made, and
enforceable policies and standards to be created. Each principle should be
sufficiently definitive and precise to support consistent decision-making in
complex, potentially controversial situations.
Consistent Strict adherence to one principle may require a loose interpretation of another
principle. The set of principles must be expressed in a way that allows a balance
of interpretations. Principles should not be contradictory to the point where
adhering to one principle would violate the spirit of another. Every word in a
principle statement should be carefully chosen to allow consistent yet flexible
interpretation.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
52
TOGAF 9® Foundation and Certified
Outputs
Organisational model for Enterprise Architecture
Tailored Architecture Framework, including architecture principles
o The final architecture processes and list of principles
Initial Architecture Repository
Restatement of, or reference to, business principles, business goals and
business drivers
Request for [Enterprise] Architecture Work
Architecture Governance Framework
o Established after taking into account the organisation and integration
with other frameworks
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
53
TOGAF 9® Foundation and Certified
This diagram will be discussed fully in the Security Section towards the end of the course. Suffice to say both
Security and Risk must be considered as an integral part of Enterprise Architecture in this and other phases.
Detailed extracts are provided from the TOGAF® Series Guide: Integrating Risk and Security within a TOGAF®
Enterprise Architecture.
Security
The Preliminary Phase establishes the security context required to guide the Security Architecture design. To build
the security context, the following security artifacts need to be determined during this phase. These artifacts can be
integrated into existing architecture documentation:
Business Drivers/Objectives
Security Principles
Risk Appetite
Key Risk Areas/Business Impact Analysis
Security Resource Plan
Identify required security resources
Establish role and mandate of security architect
Establish security governance process
Ensure security and risk embedded as an integral part of architecture in all domains
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
54
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
55
TOGAF 9® Foundation and Certified
Answering the following questions will assist in identifying the security and risk resources required in the team, and
on an architecture project:
• What are the common security or risk-related concerns?
• Do key and influential security or risk-related stakeholders exist who require specific security views?
• Does the architecture address high-risk areas, or is the risk appetite low?
• Can security support be requested on an as-needed basis from an existing security team or are dedicated
Security Architecture resources required as part of the overall architecture team?
During the Preliminary Phase it is decided which security artifacts are really needed in the Enterprise Architecture
and which will be created by whom. It might not be necessary to deliver all security artifacts in order to address
security properly. The reverse applies too: delivering all artifacts does not guarantee that security is taken care of
properly – more artifacts may be required.
For enterprise-level architectures, the artifacts need to be created based on discussions with key stakeholders;
preliminary assessments carried out by the architecture team; and assessing relevant statutes, applicable
jurisdictions, legislation, and regulations.
For capability-level architectures, existing sources might be available. For instance, an enterprise-level security
policy or risk assessment describes the security principles, risk appetite, and key risk areas for a particular context.
Summary
The Preliminary Phase prepares an organisation to undertake successful Enterprise Architecture projects.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
56
TOGAF 9® Foundation and Certified
Governance
Session Objectives
Explain the nature and concepts of Architecture Governance, and a Governance Framework
Describe the Architecture Board
Explain the need for and meaning of Architecture Compliance
Explain the purpose and describe Compliance Reviews
Explain the benefits and list Key Success Factors
Discuss the role, setting up and operating an Architecture Board
The purpose of this module is to help understand how to apply Architecture Governance in development of an
Enterprise Architecture.
Overview
Architecture Governance is the practice and orientation by which Enterprise Architectures and other architectures
are managed and controlled at an enterprise-wide level.
Operates within a hierarchy of governance structures typically made up (in larger organisations) of:
Corporate Governance
Technology Governance
IT Governance
Architecture Governance
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
57
TOGAF 9® Foundation and Certified
All architecture amendments, contracts, and supporting information must come under governance through a formal
process in order to register, validate, ratify, manage, and publish new or updated content. These processes will
ensure the orderly integration with existing governance content such that all relevant parties, documents, contracts,
and supporting information are managed and audited.
Compliance
Compliance assessments against Service-Level Agreements (SLAs), OLAs, standards, and regulatory
requirements will be implemented on an ongoing basis to ensure stability, conformance, and performance
monitoring. These assessments will be reviewed and either accepted or rejected depending on the criteria defined
within the governance framework.
Dispensation
A Compliance Assessment can be rejected where the subject area (design, operational, service level, or
technology) are not compliant. In this case the subject area can:
1. Be adjusted or realigned in order to meet the compliance requirements
2. Request a dispensation
Where a Compliance Assessment is rejected, an alternate route to meeting interim conformance is provided
through dispensations. These are granted for a given time period and set of identified service and operational
criteria that must be enforced during the lifespan of the dispensation. Dispensations are not granted indefinitely, but
are used as a mechanism to ensure that service levels and operational levels are met while providing a level of
flexibility in their implementation and timing. The time-bound nature of dispensations ensures that they are a major
trigger in the compliance cycle.
Monitoring and Reporting
Performance management is required to ensure that both the operational and service elements are managed
against an agreed set of criteria. This will include monitoring against SLAs and OLAs, feedback for adjustment, and
reporting.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
58
TOGAF 9® Foundation and Certified
Business Control
Business Control relates to the processes invoked to ensure compliance with the organization’s business policies.
Environment Management
This identifies all the services required to ensure that the repository-based environment underpinning the
governance framework is effective and efficient. This includes the physical and logical repository management,
access, communication, training, and accreditation of all users.
All architecture artifacts, service agreements, contracts, and supporting information must come under governance
through a formal process in order to register, validate, ratify, manage, and publish new or updated content. These
processes will ensure the orderly integration with existing governance content such that all relevant parties,
documents, contracts, and supporting information are managed and audited.
The governance environment will have a number of administrative processes defined in order to effect a managed
service and process environment. These processes will include user management, internal SLAs (defined in order
to control its own processes), and management information reporting.
Organisation Structure
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
59
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
60
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
61
TOGAF 9® Foundation and Certified
Architecture Contracts
Are formal agreements between
o Architecture Design and Development Partners (who could be internal or external)
o Architecting Function and Business Users
A contract is a Governance Control that can be used to establish responsibility and test compliance
Can be used to ensure:
o A system of continuous monitoring
o Adherence to the principles, standards, and requirements
o Identification of risks
o A set of processes and practices that ensure accountability, responsibility and discipline related to
architecture artifacts
o A formal understanding of the governance organisation, its authority and scope of architecture
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
62
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
63
TOGAF 9® Foundation and Certified
Business Architecture of the architecture practice that will highlight the architecture governance, architecture
processes, architecture organisational structure, architecture information requirements, architecture products, etc.
Data Architecture that would define the structure of the organisation’s Enterprise Continuum and Architecture
Repository.
Application Architecture specifying the functionality and/or applications services required to enable the architecture
practice.
Technology Architecture that depicts the architecture practice’s infrastructure requirements and deployment in
support of the architecture applications and Enterprise Continuum.
Summary
Architecture Governance is the practice and orientation by which Enterprise Architectures and other architectures
are managed and controlled at an enterprise-wide level.
TOGAF provides guidance on aspects of Architecture Governance in the Architecture Capability Framework.
The Governance Board plays a critical role, especially at the operational level.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
64
TOGAF 9® Foundation and Certified
Business Scenarios
Session Objectives
We will look at the following:
Defining and describing the Business Scenario technique
Developing and validating Business Scenarios
Overview
A technique to validate, elaborate and/or change “the premise behind an architecture effort”
There is now a free-standing Series Guide on Business Scenarios in the TOGAF ® Library.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
65
TOGAF 9® Foundation and Certified
General Guidelines
The stakeholders (e.g. business managers, end users) will tell you what they want, but as an architect you must still
gain an understanding of the business, so you must know the most important actors in the system. If the
stakeholders do not know what they want:
• Take time, observe, and record how they are working today
• Structure information in such a way that it can be used later
• Uncover critical business rules from domain experts
• Stay focused on what needs to be accomplished, and how it is to be accomplished
This effort provides the anchor for a chain of reason from business requirements through to technical solutions. It
will pay off later to be diligent and critical at the start.
Goals
One of the first steps in the development of an architecture is to define the overall goals and objectives for the
development. The objectives should be derived from the business goals of the organisation, and the way in which
IT is seen to contribute to meeting those goals.
Every organisation behaves differently in this respect, some seeing IT as the driving force for the enterprise and
others seeing IT in a supporting role, simply automating the business processes which already exist. The essential
thing is that the architectural objectives should be very closely aligned with the business goals and objectives of the
organisation.
Summary
A technique to validate, elaborate and/or change “the premise behind an architecture effort”.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
66
TOGAF 9® Foundation and Certified
The purpose of this module is to help understand the concepts of views and viewpoints, and their role in
communicating with stakeholders as well as applying them to the Architecture Development Cycle. Also how to
apply the Stakeholder Management technique using Stakeholder Maps.
Overview
Views and Viewpoints are the crucial elements that determine how you represent Architecture.
ISO 42010:2011
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
67
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
68
TOGAF 9® Foundation and Certified
Creating Views
Excellent guidance available in ISO/IEC 42010: 2007, formerly ANSI/IEEE 1471 – 2000 (although neither is
mandated)
o Refer to existing Viewpoint Library (the TOGAF® Framework defines 66 “Artifacts”)
o Select Architecture Viewpoint based on stakeholder’s concerns
o Generate views
Develop new Viewpoints only when necessary
OR develop new views, then retro-fit it to a Viewpoint!
A View MUST have a Viewpoint
Summary
Views and Viewpoints are the crucial elements that determine how you represent Architecture.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
69
TOGAF 9® Foundation and Certified
Stakeholder Management
Session Objectives
Define and explain the terms Stakeholder and Concerns
Creating Views and their benefits
Stakeholder Maps
The purpose of this module is to help understand the concepts of views and viewpoints, and their role in
communicating with stakeholders as well as applying them to the Architecture Development Cycle. Also how to
apply the Stakeholder Management technique using Stakeholder Maps.
Overview
Stakeholders have concerns about architecture that can be addressed by these Views and Viewpoints.
Stakeholder Management
A critical part of being an Architect is to manage Stakeholders:
Early identification of the most powerful stakeholders means their input can help shape the architecture,
and attract their support
Support from powerful stakeholders can help win more resource thus increasing the chance of success
Early and frequent communication with stakeholders ensures full understanding of the benefits, and can
lead to greater support
Full awareness of stakeholders can help architects anticipate their reaction to the architecture. Action can
then be taken to capitalise on positive reaction, and avoid negative reaction
Stakeholders are initially identified in Phase A; however others will become apparent as the ADM process
continues.
Tailoring the views of the architecture to address the concerns of these stakeholders is what it’s all about!
Identifying Stakeholders
Investigate who will become a stakeholder and once identified, consider:
Who gains and who loses from this change?
Who controls change management of processes?
Who designs new systems?
Who will make the decisions?
Who procures IT systems and who decides what to buy?
Who controls resources?
Who has specialist skills the project needs?
Who has influence?
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
70
TOGAF 9® Foundation and Certified
Stakeholder Categories
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
71
TOGAF 9® Foundation and Certified
Creating Views
Excellent guidance available in ISO/IEC 42010: 2007, formerly ANSI/IEEE 1471 – 2000 (although neither is
mandated)
o Refer to existing Viewpoint Library (the TOGAF® Framework defines 66 “Artifacts”)
o Select Architecture Viewpoint based on stakeholder’s concerns
o Generate views
Develop new Viewpoints only when necessary
OR develop new views, then retro-fit it to a Viewpoint!
A View MUST have a Viewpoint
Stakeholder Map
Summary
Stakeholders have concerns about architecture that can be addressed by these Views and Viewpoints.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
72
TOGAF 9® Foundation and Certified
Building Blocks
Session Objectives
We will look at the following:
What is a Building Block and what makes a good one?
Architecture and Solution Building Blocks
Using Building Blocks with the ADM
Architecture Patterns
The purpose of this module is to help understand the concept of Building Blocks within TOGAF.
Overview
A Building Block is a package of functionality defined to meet the business needs across an organisation
A Building Block usually has a type that corresponds to the enterprise’s content Metamodel (such as actor,
business service, application, or data entity)
A Building Block has a defined boundary and is generally recognisable as "a thing" by domain experts
A Building Block may interoperate with other, interdependent Building Blocks
A good Building Block has the following characteristics:
o It considers implementation and usage, and evolves to exploit technology and standards
o It may be assembled from other Building Blocks
o It may be a subassembly of other Building Blocks
o Ideally a Building Block is reusable and replaceable, and well specified
The way in which assets and capabilities are assembled into Building Blocks will vary widely between individual
architectures. Every organisation must decide for itself what arrangement of Building Blocks works best for it.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
73
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
74
TOGAF 9® Foundation and Certified
Patterns
A pattern is a technique for putting Building Blocks into context; for example, to describe a reusable
solution to a problem. Building Blocks are what you use: patterns can tell you how you use them, when,
why, and what trade-offs you have to make in doing so
A pattern is ‘‘an idea that has been useful in one practical context and will probably be useful in others’’
[Analysis Patterns—Reusable Object Models]
Used to describe the context of how BBs could be used, i.e. “an e-commerce system”
Architecture Pattern: fundamental organisation of a software system
Design Pattern: describes the commonly recurring structure of communicating components
Idiom: low-level pattern specific to programming language
Summary
We have discovered that:
The concept of Building Blocks is central to the approach recommended for designing a system
architecture
A Building Block is a package of functionality
Comparing Baseline and Target Building Blocks allows identification of the gaps in architecture
Architecture BBs are used to describe concepts and logic. Solution BBs describe physical solutions
The way in which Building Blocks are assembled will vary widely between individual architectures. Every
organisation must decide for itself what arrangement of Building Blocks works best for it
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
75
TOGAF 9® Foundation and Certified
Phase Objectives
Develop a high-level aspirational vision of the capabilities and business value to be delivered as a result of
the proposed Enterprise Architecture
Obtain approval for a Statement of Architecture Work that defines a program of works to develop and
deploy the architecture outlined in the Architecture Vision
Approach
Creating the Architecture Vision
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
76
TOGAF 9® Foundation and Certified
Inputs
Reference Materials External to the Enterprise
Architecture Reference Material
Non-architectural
Request for Architecture Work
Business principles, goals, drivers
Architectural
Organisational Model
o Scope of organisations impacted
o Maturity assessment, gaps, and resolution approach
o Roles and responsibilities for architecture team(s)
o Constraints on architecture work
o Reuse requirements
o Budget requirements
o Requests for change
o Governance and support strategy
Tailored Architecture Framework (including tailored method, deliverables,
principles and tools)
Populated Architecture Repository
Architecture Repository
Consists of existing architectural documentation:
Framework description
Architectural descriptions
Baseline descriptions
Architectural Building Blocks
Solution Building Blocks
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
77
TOGAF 9® Foundation and Certified
Steps
1. Establish the architecture project
2. Identify stakeholders’ concerns and requirements
3. Confirm and elaborate business goals, business drivers and constraints
4. Evaluate business capabilities
5. Assess readiness for business transformation
6. Define scope
7. Confirm and elaborate architecture principles, including business principles
8. Develop Architecture Vision
9. Define the Target Architecture KPIs
10. Identify Business Transformation Risks and mitigation activities
11. Develop Enterprise Architecture plans and Statement of Architecture Work;
secure approval
Step Summary
1. Establish the project
Enterprise Architecture is a business capability; each cycle of the ADM should normally be handled as a project
using the project management framework of the enterprise. Architecture activity should be planned and managed
using accepted practices for the enterprise.
2. Identify stakeholders’ concerns, and business requirements
See future slide.
3. Confirm and elaborate business goals
Identify goals, drivers. If none exist go back to stakeholder and get them. Also gather information on constraints.
4. Evaluate capabilities
This includes a wide range of capabilities, as well as the ability of the enterprise to develop the Enterprise
Architecture itself.
5. Assess readiness
See future slide.
6. Define scope
Breadth or coverage, level of detail, partitioning characteristics, specific domains to be covered, time period,
existing architecture assets.
7. Confirm and elaborate principles
A process started in the preliminary phase.
8. Develop Architecture Vision
Create high-level view of baseline and target architecture. Business scenario useful for doing this. Should establish
scope. Policy development and strategic decisions need to be captured in this phase to enable the subsequent
work to be quantified; for example, rationalisation decisions and metrics, revenue generation, and targets which
meet the business strategy.
9. Define the Target Architecture Value Propositions and KPIs
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
78
TOGAF 9® Foundation and Certified
Develop a business case, produce review and agree value proposition for each stakeholder, define procurement
requirements, assess business risk.
10. Identify Business Transformation Risks
See future slide.
11. Develop Enterprise Architecture Plans and SOW
Establish performance metrics for required work. Then identify new work products, provide direction, identify
impact, determine level of detail, consider resources and build roadmap, build a communications plan, review and
get agreement for plan.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
79
TOGAF 9® Foundation and Certified
Governance
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
80
TOGAF 9® Foundation and Certified
Risk Management
Initiated in Phase A, reviewed during definition and critical to the Planning Phases E/F
Full Process involves:
Identifying risk
Assessing Initial Risk, considering
o Effects – Catastrophic, Critical, Marginal, Negligible
o Frequency – Frequent, Likely, Occasional, Seldom, Unlikely
o End risk – Extremely High (E), High (H), Moderate (M), Low (L)
Risk Mitigation and Residual Risk Assessment
Risk Monitoring
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
81
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
82
TOGAF 9® Foundation and Certified
Outputs
Approved Statement of Architecture Work defines scope and approach used to
complete an architecture development cycle. The SOW is typically the document
against which successful execution of the architecture project will be measured and
may form the basis for a contractual agreement between the supplier and consumer
of architecture services
Refined statements of business principles, business goals,
and business drivers
Architecture principles
Capability assessment – of the Enterprise, IT Function, Architecture Function; what
gaps exist
Tailored Architecture Framework
Architecture Vision to provide key stakeholders with a formally agreed outcome
Draft Architecture Definition Document including:
o Baseline Business Architecture (v0.1) o Target Business Architecture (v0.1)
o Baseline Data Architecture (v0.1) o Target Data Architecture (v0.1)
o Baseline Application Architecture (v0.1) o Target Application Architecture (v0.1)
o Baseline Technology Architecture (v0.1) o Target Technology Architecture (v0.1)
Communications Plan – effective communication of targeted information to the right stakeholders at the
right time is a Critical Success Factor (CSF) for Enterprise Architecture. Developing a Communications
Plan for architecture allows this communication to be carried out within a planned and managed
process
Additional content populating the Architecture Repository
Matrices Diagrams
Stakeholder Map Matrix Business Model Diagram
Business Capability Map
Value Stream Map
Value Chain Diagram
Solution Concept Diagram
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
83
TOGAF 9® Foundation and Certified
Capability-based Planning
Capability-based Planning focuses on Business Outcomes and the delivery of strategic business
capabilities to the Enterprise
Increase focus on shared capabilities
Capabilities are concerned with:
o Skills
o Resources
o Training and
o Maturity-measured capability/processes
The Business Scenario can be used to discover and refine these capabilities
Capabilities
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
84
TOGAF 9® Foundation and Certified
Capability-based Planning
Relationship Between Capabilities, Enterprise Architecture, and Projects
Interoperability
The ability to share information and services:
Phase A: the nature and security considerations of the information and service exchanges are first revealed
within the business scenarios
Phase B: the information and service exchanges are further defined in business terms
Phase C – Data: the content of the information exchanges are detailed using the corporate data and/or
information exchange model
Phase C – Applications: the way that the various applications are to share the information and services is
specified
Phase D: the appropriate technical mechanisms to permit the information and service exchanges are
specified
Phase E: the actual solutions (e.g. Commercial Off-The-Shelf (COTS) packages) are selected
Phase F: the interoperability is logically implemented
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
85
TOGAF 9® Foundation and Certified
Security
Ensure sufficient security-specific design is carried out to:
Satisfy the security stakeholders that the end-state does not represent any unknown or unacceptable risk
and aligns with corporate policies, standards, and principles
Satisfy business stakeholders – in particular those who control the budget – that the Security Architecture
is instrumental in enabling and supporting the overall architecture required to deliver the business
opportunities and benefits identified with the right balance between risk, compliance, and business benefits
Summary
The Architecture Vision phase is about project establishment and initiates an iteration of the architecture
development cycle, setting the scope, constraints, and expectations for the iteration. It is required in order to
validate the business context and to create the approved Statement of Architecture Work.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
86
TOGAF 9® Foundation and Certified
Phase Objectives
Develop the Target Business Architecture that describes how the enterprise needs to operate to achieve
the business goals, and respond to the strategic drivers set out in the Architecture Vision, in a way that
addresses the Statement of Architecture Work and stakeholder concerns
Identify candidate Architecture Roadmap components based upon gaps between the Baseline and Target
Business Architectures
Approach
General – pre-req for other domains, demonstrate business value, utilise existing business strategies or
create new ones, Business Scenarios useful (now a free-standing guide), scope determined by architecture
vision
Developing the Baseline Description – may have been used in Phase A. If no descriptions exist a baseline
model should be developed
Applying Business Capabilities – utilise business capability maps developed in Vision; other heat maps
based on maturity, effectiveness, performance, value
Applying Value Streams – base on Vision; map value streams to capabilities
Applying the Organisation Map – show how business units map to capabilities and value streams
Applying Modelling Techniques – Activities, Use Cases, Class models; used to expand models mentioned
above
Architecture Repository – Industry Reference Models (see OMG, TmF), Enterprise-specific Business
Architecture views, Enterprise-specific Building Blocks, standards
Business Architecture is a representation of holistic, multi-dimensional business views of capabilities, end-to-end
value delivery, information, and organisational structure; and the relationships among these business views and
strategies, products, policies, initiatives, and stakeholders.
Business Architecture relates business elements to business goals and elements of other domains.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
87
TOGAF 9® Foundation and Certified
Inputs
Reference Materials External to the Enterprise
Architecture Reference Material
Non-Architectural
Request for Architecture Work
Business principles, goals, drivers
Capability Assessment
Communications Plan
Architectural
Organisational Model
Tailored Architecture Framework
Approved Statement of Architectural Work
Architecture Principles
Enterprise Continuum
Architecture Repository
Architecture Vision
Draft Architecture Definition Document
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
88
TOGAF 9® Foundation and Certified
Steps
1. Select reference models, viewpoints, and tools
2. Develop Baseline Business Architecture Description
3. Develop Target Business Architecture Description
4. Perform Gap Analysis
5. Define Candidate Roadmap Components
6. Resolve impacts across the Architecture Landscape
7. Conduct formal stakeholder review
8. Finalise the Business Architecture
9. Create Architecture Definition Document
The level of detail addressed in Phase B will depend on the scope and goals of the
overall architecture effort.
New models characterising the needs of the business will need to be defined in
detail during Phase B. Existing business artifacts to be carried over and supported
in the target environment may already have been adequately defined in previous
architectural work, but, if not, they too will need to be defined in Phase B.
Step Summary
1. Select reference models, viewpoints, and tools
Business modelling and strategy assessments are effective techniques for framing the target state. Identify
Services, Business Building Blocks, Matrices, Diagrams, Requirements
See future slides.
2. Develop Baseline Architecture Description
See future slides.
3. Develop Target Architecture Description
Repeat step 2, this time focusing on the Target Architecture.
4. Perform Gap Analysis
See future slides.
5. Define Candidate Roadmap Components
This is built up during the definition period. It is initially a general estimate on timing, but which can be used later
when formulating detailed implementation plans during Phase E (and then F).
6. Resolve impacts across the Architecture Landscape
Impacts could be on pre-existing architecture and/or other projects.
7. Conduct formal stakeholder review
Critical to keep stakeholders fully up to speed.
8. Finalise the Architecture
This includes selecting standards, documenting Building Blocks, cross-checking architecture against business
goals and requirement (traceability), map with the Architecture Repository, finalise all work products.
9. Create Architecture Definition Document
See future slides.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
89
TOGAF 9® Foundation and Certified
Modelling Techniques
Business Capability Mapping: identifies, categorises, and decomposes the business
capabilities required for the business to be able to deliver value to one or more
stakeholders.
Organisation Mapping: a representation of the organisational structure of the business
(including third-party domains), depicting business units, the decomposition of those units
into lower-level functions, and organisational relationships (unit-to-unit and mapping to
business capabilities, locations, and other attributes).
Value Stream Mapping: the breakdown of activities that an organisation performs to create
the value being exchanged with stakeholders. Value stream maps illustrate how an
organisation delivers value and are in the context of a specific set of stakeholders, and
leverage business capabilities in order to create stakeholder value and align to other
aspects of the Target Business Architecture.
Structured Analysis: identifies the key business functions within the scope of the
architecture, and maps those functions onto the organisational units within the business.
Use Case Analysis: the breakdown of business-level functions across actors and
organisations allows the actors in a function to be identified and permits a breakdown into
services supporting/delivering that functional capability.
Process Modelling: the breakdown of a function or business service through process
modelling allows the elements of the process to be identified, and permits the identification
of lower-level business services or functions.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
90
TOGAF 9® Foundation and Certified
UML
ArchiMate®
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
91
TOGAF 9® Foundation and Certified
Gap Analysis
Technique compares Baseline and Target Building Blocks. Suggested gap types are:
Business domain gaps:
o People gaps (e.g. cross-training requirements)
o Process gaps (e.g. process inefficiencies)
o Tools gaps (e.g. duplicate or missing tool functionality)
o Information gaps
o Measurement gaps
o Financial gaps
o Facilities gaps (buildings, office space, etc.)
Data domain gaps:
o Data not of sufficient currency
o Data not located where it is needed
o Not the data that is needed
o Data not available when needed
o Data not created
o Data not consumed
o Data relationship gaps
Applications impacted, eliminated or created
Technologies impacted, eliminated or created
The matrix diagram is a slight adaptation of the framework example. The Building Blocks used here are based on
the TRM Network Services definitions.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
92
TOGAF 9® Foundation and Certified
Building Blocks
Building Blocks are packages of functionality
Suggested Building Blocks at the Business level (based on Content Metamodel) are:
Organisations
Actors
Drivers, Goals and Objectives
Roles
Business Services
Business Functions
Locations
Processes/Events/Controls/Products
Contracts and measures
Outputs
Refined and updated versions of the Architecture Vision phase
deliverables, where applicable, including:
o Statement of Architecture Work; Validated context;
Principles
Draft Architecture Definition Document, including:
o Baseline Architecture
o Target Architecture including:
Organisation Structure, Business – Goals,
Functions, Services, Processes, Roles, Data
Model, Organisation/Function correlation
Draft Architecture Requirements Specification, including:
o Gap Analysis Results, Technical Requirements, updated
Business Requirements
Business Architecture components of an Architecture Roadmap
May include some or all of the following artifacts:
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
93
TOGAF 9® Foundation and Certified
Extract from TOGAF® Series Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture
5.3.1 Security Policy Architecture
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
The Security Policy Architecture (or Framework) contains a set of security policies that express the security
strategy. It assigns ownership and accountability for security and risk management. It also addresses the linkage
and hierarchy of operational risk management in general with the various security aspects such as business
continuity, information security, system security, and physical security.
5.3.2 Security Domain Model
Location in the Architecture Framework: TOGAF 9.1 §A.40 (Information Domain). Complete text: “Grouping of
information (or data entities) by a set of criteria such as security classification, ownership, location, etc. In the
context of security, information domains are defined as a set of users, their information objects, and a security
policy.”
Note: The concept of information domain corresponds with the definition of a security domain below. A security
domain represents a set of assets that could be described by a similar set of business attributes. In other words,
the security domain groups the assets with the same security level that fall under the jurisdiction of one security
policy. In addition, the security domain model helps in defining responsibility areas where responsibility is
exchanged with external parties. It can also be used to distinguish between areas of different security or trust
levels. A security policy authority is responsible for setting and implementing the security policy within the domain.
If the business model of the organisation does encompass federation with other organisations, the extent of the
security federation should be established at this point in the process. This is the case when organisations have
data objects or activities in common. Contractual federation agreements should be examined for their security
implications and agreements. It may be necessary to establish joint architecture meetings with other members of a
federation if they belong to the same security domain.
5.3.3 Trust Framework
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Trust relationships are the basis for doing business with other parties. The trust framework describes trust
relationships between various entities in the architecture domain and on what basis this trust exists. Trust
relationships can be unidirectional, bidirectional, or non-existent. The onus for assessing trust is the responsibility
of those choosing to enter into the contracts and their legal counsel. It is important to note that technology (e.g.
digital certificates) cannot create trust, but can only convey in the electronic world the trust that already exists in the
real world through business relationships, legal agreements, and security policy consistencies.
5.3.4 Risk Assessment
Location in the Architecture Framework: Enterprise Security Architecture: ERM.
Although TOGAF 9.1 §31.4 (Initial Risk Assessment) describes one method of administrating the result of a risk
assessment, the actual act of assessing risk and the ways to do that are not described. Therefore, this concept is
augmented by this document for use with the TOGAF 9.1 standard.
A risk assessment is the activity of determining the risks that are relevant to an asset or objective. A qualitative risk
assessment delivers a listing of relevant risk scenarios with a high-level prioritisation (high-medium-low), whereas a
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
94
TOGAF 9® Foundation and Certified
quantitative approach seeks for numeric determination of the risk. This is commonly based on identified threats,
their likelihood of materialising, and the impact of an incident. A deliverable of a risk assessment is the Business
Risk Model.
5.3.5 Business Risk Model/Risk Register
Location in the Architecture Framework: Enterprise Security Architecture: ERM.
The Business Risk Model is a Risk Register. It determines the cost (both qualitative and quantitative) of asset
loss/impact in failure cases. It is the result of a risk assessment, based on identified threats, likelihood of
materialising, and impact of an incident. Business impact should be aligned with the definitions in the Business
Attribute Profile, which act as pseudo-assets. Security classification should be carried out at this stage based on
the risks identified. The business risk model is a detailing of the risk strategy of an organisation. The classification
of the information determines the maximum risk the business is willing to accept, and the owner of the information
decides what mitigation is enough for his/her information.
5.3.6 Applicable Law and Regulation Register
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
The Applicable Law and Regulation Register contains the specific laws and regulations that apply within the scope
of the Enterprise Architecture engagement, based on the business function inventory. It is kept up-to-date,
following legal and regulatory changes. This register is important for compliance purposes.
Whether the business function is subject to regulation depends upon the functionality of the system as a whole and
the data collected or maintained. In addition, the jurisdiction where the supporting systems or services are
deployed, where the users reside, etc. is relevant information. It may be wise to obtain legal counsel regarding
these obligations at the outset of activities.
5.3.7 Applicable Control Framework Register
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
The Applicable Control Framework Register contains the suitable set of control frameworks that best satisfy the
requirements and address the risks related to the engagement scope and context. Control frameworks contain
requirements and/or mandatory security measures. Examples of control frameworks are ISO/IEC 27001:2013 [4],
ISO/IEC 27002:2013 [5], COBIT [10], PCI-DSS, Common Criteria, etc.
Factors that drive the selection of control frameworks are:
• Mandatory certifications, due to the nature of the business process or the industry
• Way of working of the internal ISM process – this is often inspired by ISO/IEC 27001:2013 but might
mandate additional control frameworks as well
• Marketing objectives – customers may ask for specific control framework certifications
• Support for security audits
Summary
Business Architecture documents the fundamental organisation of a business, embodied in its business processes
and people, their relationships to each other and the environment, and the principles governing its design and
evolution.
It should show how the organisation meets its business goals.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
95
TOGAF 9® Foundation and Certified
Phase Objectives
The purpose of this composite phase is to:
Develop the Target Information Systems (Data and Application) Architecture, describing how the
enterprise’s Information Systems Architecture will enable the Business Architecture and the Architecture
Vision, in a way that addresses the Request for Architecture Work and stakeholder concerns
Identify candidate Architecture Roadmap components based upon gaps between the Baseline and Target
Information Systems (Data and Application) Architectures
Approach
To develop the Data and/or Applications Architectures in either order.
Although advocates exist for a:
Data-driven approach, such as Steven Spewak’s Enterprise Architecture Planning
Application-driven approach, when introducing a new Package (particularly one of major importance such
as an ERP Application), it is sometimes preferred to focus on the implementation and integration issues
first
Detailed descriptions for Phase C are given separately for each architecture domain:
Phase C: Information Systems Architectures — Data Architecture
Phase C: Information Systems Architectures — Application Architecture
Architecture Repository
Assets residing in the repository should be considered:
Data Application
ARTS (retail) TeleManagement Forum
Energistics (energy industry) (telecomms)
OMG software models, and MDA
(Model-driven Architecture)
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
96
TOGAF 9® Foundation and Certified
Security
The security elements of Phase C: Information Systems Architectures comprise functional security services and
their security classification. The artifacts are:
Security Services Catalogue
Security Classification
Data Quality
Extract from TOGAF® Series Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture
5.4.1 Security Services Catalogue
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Note: The TOGAF standard has a Business Services Catalogue that is a list of the enterprise's business services
and their functional and non-functional requirements. It is used to analyse the functional and non-functional
requirements. The Security Services Catalogue stores and provides more kinds of information about each service,
so this needs to be introduced.
The Security Services catalogue is a list of services that provide security-specific functionality as part of the overall
architecture. Unlike control frameworks that contain requirements, the Security Services catalogue describes
security Building Blocks that actually realise the security goals. It provides a common terminology and reference
framework for the domain of security management. The Security Services catalogue contains conceptual
definitions of the services, as well as operational information about implementation and usage.
Examples of security services are:
• Identity & Access Management
• Continuity Management
• Security Intelligence
• Digital Forensics
• Security Analytics
• Audit, Network Monitoring
• Compliance Management
• Training & Awareness Programs, etc.
This is the area of security that most security practitioners will recognise. One of the main advantages of the
Security Services catalogue is that it is a common terminology and reference framework for the domain of security
management allowing better cooperation between the parties concerned.
5.4.2 Security Classification
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Security classification is a label attached to an asset, according to a classification scheme. In most cases, this
scheme is defined and described in the corporate information security policy and the classification is based on one
or more characteristics of the asset.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
97
TOGAF 9® Foundation and Certified
Keep in mind that the asset can be any relevant component of the architecture. Assets include business service, a
capability, information, an information system service, physical data component, or physical technology
component. The security classification determines the security requirements that apply to the asset; for example,
regarding access control, confidentiality, or availability. It is a means to implement the security policy.
5.4.3 Data Quality
Note: From an Enterprise Security Architecture perspective, data quality requirements are an integral part of the
security requirements and so are the related risk assessment and selection of measures.
Data quality is a key factor in operational risk management. Some of the key attributes that contribute to data
quality are accuracy, relevance, timeliness, currency, completeness, consistency, availability, and accessibility.
Safeguarding data quality starts with a clear overview on the datasets in question. For each dataset, ownership and
responsibility for the quality of data needs to be assigned. The owner authorises people or processes that are
trusted for a certain activity on the data under certain circumstances. It might also be necessary to change
information systems in order to handle the data properly. Finally, each of the key attributes should be measured
based on log and performance data.
Summary
The purpose of this composite phase is to:
Define the types and sources of data needed to support the business, and do so in a way that can be
understood by stakeholders
Define the kinds of application systems necessary to process the data, and what they do to support the
business
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
98
TOGAF 9® Foundation and Certified
Phase Objectives
Develop the Target Data Architecture that enables the Business Architecture and the Architecture Vision,
while addressing the Statement of Architecture Work and stakeholder concerns
Identify candidate Architecture Roadmap components based upon gaps between the Baseline and
Target Data Architectures
Approach
Key considerations are:
Data Management
Data Migration
Data Governance
Data Management
Definition of which application components in the landscape will serve as the system of record/reference for
enterprise master data
Will there be an enterprise-wide standard that all application components, including software packages,
need to adopt (in the main packages can be prescriptive about the data models and may not be flexible)?
Understand how data entities are utilised by business functions, processes and services – data
dissemination
Understand how and where enterprise data entities are created, stored, transported, and reported
Level and complexity of data transformations required to support the information exchange needs between
applications?
Requirement for software in supporting data integration with the enterprise’s customers and suppliers (e.g.
use of ETL tools during the data migration, data profiling tools to evaluate data quality, etc.)?
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
99
TOGAF 9® Foundation and Certified
Data Migration
When migrating data:
Identify affected data items
Consider how much transformation, weeding and cleansing may be required
Ensure an enterprise-wide common data definition is established
Data Governance
The key areas are:
Structure and standards within the organisation to manage data
Management Systems and data-related programmes that govern data throughout its lifecycle
People, in the form of appropriately skilled Data Architects and formal data roles
Inputs
Reference Materials External to the Enterprise
Architecture Reference Material
Non-architectural
Request for Architecture Work
Capability Assessment
Communications Plan
Architectural
Organisational Model
Tailored Architecture Framework
Data Principles
Statement of Architectural Work
Architecture Principles
Architecture Vision
Architecture Repository
Draft Architecture Definition Document
Draft Architecture Requirement Specification
Business Architecture Components of an Architecture Roadmap
Data Principles
Data is an asset
Data is shared
Data is accessible
Data trustee
Common vocabulary and data definitions
Data security
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
100
TOGAF 9® Foundation and Certified
Steps
1. Select reference models, viewpoints, and tools
2. Develop Baseline Data Architecture description
3. Develop Target Data Architecture description
4. Perform Gap Analysis
5. Define candidate roadmap components
6. Resolve impacts across the Architecture Landscape
7. Conduct formal stakeholder review
8. Finalise the Data Architecture
9. Create Architecture Definition Document
Step Summary
1. Select reference models, viewpoints, and tools
See future slides.
2. Develop Baseline Architecture Description
Bearing in mind the scope and level or detail, identify baseline Data Building Blocks.
3. Develop Target Architecture Description
Repeat Step 2 focusing on the Target Architecture Building Blocks.
4. Perform Gap Analysis
Using the Gap Analysis technique, identify gaps between Baseline and Target.
5. Define Candidate Roadmap Components
This is built up during the definition period. It is initially a general estimate on timing, but which can be used later
when formulating detailed implementation plans during Phase E (and then F).
6. Resolve impacts across the Architecture Landscape
Impacts could be on pre-existing architecture and/or other projects.
7. Conduct formal stakeholder review
Critical to keep stakeholders fully up to speed.
8. Finalise the Architecture
This includes selecting standards, documenting Building Blocks, cross-checking architecture against business
goals and requirement (traceability), map with the Architecture Repository, finalise all work products.
9. Create Architecture Definition Document
See future slides.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
101
TOGAF 9® Foundation and Certified
Outputs
Refined and updated Statement of Architecture Work and
Principles
Draft Architecture Definition Document, containing:
o Baseline Data Architecture
o Target Data Architecture
o Data Architecture views of key stakeholder concerns
Draft Architecture Requirements Specification, including:
o Gap Analysis results
o Data interoperability requirements
o Relevant technical requirements
o Constraints on the Technology Architecture
o Updated business (and application) requirements
Data Architecture components of an Architecture Roadmap
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
102
TOGAF 9® Foundation and Certified
Summary
The Data Architecture phase defines the types and sources of data needed to support the business, and does so in
a way that can be understood by stakeholders.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
103
TOGAF 9® Foundation and Certified
Phase Objectives
Develop the Target Application Architecture that enables the Business Architecture and the Architecture
Vision, while addressing the Statement of Architecture Work and stakeholder concerns
Identify candidate Architecture Roadmap components based upon gaps between the Baseline and Target
Application Architectures
Approach
Application Repository
TeleManagement Forum (telecomms), which includes:
o TeleManagement Forum – a set of application models in Telecomms sector (TAM)
OMG software models, and MDA (Model-driven Architecture)
IT4IT, a detailed application architecture reference model for the IT Segment of organisations
Integrated Information Infrastructure Reference Model (III-RM), now a Series Guide in the TOGAF® Library
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
104
TOGAF 9® Foundation and Certified
Inputs
Reference Materials External to the Enterprise
Architecture Reference Material
Non-architectural
Request for Architecture Work
Capability Assessment
Communications Plan
Architectural
Organisational Model
Tailored Architecture Framework
Application Principles
Statement of Architectural Work
Architecture Principles
Architecture Vision
Architecture Repository
Draft Architecture Definition Document
Draft Architecture Requirement Specification
Business and Data Architecture Components of an Architecture Roadmap
Application Principles
Technology Independence
Ease-of-Use
Steps
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
105
TOGAF 9® Foundation and Certified
Step Summary
1. Select reference models, viewpoints, and tools
See future slides.
2. Develop Baseline Architecture Description
Bearing in mind the scope and level or detail, identify baseline Application Building Blocks.
3. Develop Target Architecture Description
Repeat Step 2 focusing on the Target Architecture Building Blocks.
4. Perform Gap Analysis
Using the Gap Analysis technique, identify gaps between Baseline and Target.
5. Define Candidate Roadmap Components
This is built up during the definition period. It is initially a general estimate on timing, but which can be used later
when formulating detailed implementation plans during Phase E (and then F).
6. Resolve impacts across the Architecture Landscape
Impacts could be on pre-existing architecture and/or other projects.
7. Conduct formal stakeholder review
Critical to keep stakeholders fully up to speed.
8. Finalise the Architecture
This includes selecting standards, documenting Building Blocks, cross-checking architecture against business
goals and requirement (traceability), map with the Architecture Repository, finalise all work products.
9. Create Architecture Definition Document
See future slides.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
106
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
107
TOGAF 9® Foundation and Certified
Outputs
Refined and updated Statement of Architecture Work and
Principles
Draft Architecture Definition Document, containing:
o Baseline Application Architecture
o Target Application Architecture
o Application Architecture views of key stakeholder
concerns
Draft Architecture Requirements Specification, including:
o Gap Analysis results
o Application interoperability requirements
o Relevant technical requirements
o Constraints on the Technology Architecture
o Updated business and data requirements
Application Architecture components of an Architecture
Roadmap
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
108
TOGAF 9® Foundation and Certified
Summary
In this section we have looked at how to develop a Target Application Architecture that enables the Business
Architecture and the Architecture Vision, while addressing the Request for Architecture Work and stakeholder
concerns.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
109
TOGAF 9® Foundation and Certified
Phase Objectives
Develop the Target Technology Architecture that enables the logical and physical application and data
components and the Architecture Vision, addressing the Statement of Architecture Work and stakeholder
concerns
Identify candidate Architecture Roadmap components based upon gaps between the Baseline and Target
Technology Architectures
Approach
Emerging Technologies
Evolution of Technology, a major driver for change
Digital innovations must be embraced
Solution development methods are evolving
ADM flexibility allows technology change to become a strategic resource. Thus Technology
Architecture may drive business capabilities and simultaneously respond to Information System
requirements
Using the Architecture Repository consider:
Existing IT services as documented in the IT repository or IT service catalogue
Technical Reference Model (TRM) (now a Series Guide in TOGAF ® Library)
Generic technology models relevant to the organisation’s industry “vertical” sector
Technology models relevant to Common Systems Architectures
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
110
TOGAF 9® Foundation and Certified
Inputs
Reference Materials External to the Enterprise
Architecture Reference Material
Product information on candidate products
Non-architectural
Request for Architecture Work
Capability Assessment
Communications Plan
Architectural
Organisational Model
Tailored Architecture Framework
Technology Principles
Statement of Architectural Work
Architecture Principles
Architecture Vision
Architecture Repository
Draft Architecture Definition Document
Draft Architecture Requirement Specification
Business, Data and Application Architecture
Components of an Architecture Roadmap
Technology Principles
Requirements-based Change
Responsive Change Management
Control Technical Diversity
Interoperability
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
111
TOGAF 9® Foundation and Certified
Steps
Step Summary
1. Select reference models, viewpoints, and tools
See future slides.
2. Develop Baseline Architecture Description
Bearing in mind the scope and level or detail, identify baseline Technology Building Blocks.
3. Develop Target Architecture Description
Repeat Step 2 focusing on the Target Architecture Building Blocks.
4. Perform Gap Analysis
Using the Gap Analysis technique, identify gaps between Baseline and Target.
5. Define Candidate Roadmap Components
This is built up during the definition period. It is initially a general estimate on timing, but which can be used later
when formulating detailed implementation plans during Phase E (and then F).
6. Resolve impacts across the Architecture Landscape
Impacts could be on pre-existing architecture and/or other projects.
7. Conduct formal stakeholder review
Critical to keep stakeholders fully up to speed.
8. Finalise the Architecture
This includes selecting standards, documenting Building Blocks, cross-checking architecture against business
goals and requirement (traceability), map with the Architecture Repository, finalise all work products.
9. Create Architecture Definition Document
See future slides.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
112
TOGAF 9® Foundation and Certified
Outputs
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
113
TOGAF 9® Foundation and Certified
Security
In most cases, the development of specific Technology Architecture security artifacts is not necessary, as long as it
incorporates the relevant security controls and mechanisms defined in earlier phases. The Security Architect must
ensure that the required controls are included in the Technology Architecture and verify whether the controls are
used in an effective and efficient way. This includes the technology for the provision and regulation of system
resources, such as electric power, processing capacity, network bandwidth, and memory.
Summary
Develop the Target Technology Architecture that enables the logical and physical application and data components
and the Architecture Vision, addressing the Request for Architecture Work and stakeholder concerns.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
114
TOGAF 9® Foundation and Certified
TRM Views
Main Categories
Application Software
o Business Applications (customer facing, “front office”)
o Infrastructure Applications (utilities, usually COTS-based, i.e. transfers services, mail clients,
groupware, “office packages”, software engineering)
Application Platform Interface promotes application portability especially for those sharing a programmatic
interface, protocol and data structure
Application Platform a single generic concept of a platform providing all possible services to the software.
Particularly provides support to Infrastructure Software
Communications Infrastructure Interface
Communications Infrastructure provides the basic services to interconnect systems and provide the basic
mechanisms for the opaque transfer of data
Qualities such as manageability, security and general non-functional based performance
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
115
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
116
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
117
TOGAF 9® Foundation and Certified
Components
Business Applications
o Information Provider Applications – that are connected to the data or servers
o Information Consumer Applications – that deliver content to the user
o Brokering Applications – that manage link between requestor (consumer) and responder (provider)
Infrastructure Applications
o Development Tools to model, design and construct the apps above
o Management Utilities to understand, operate, tune and manage run-time systems
Application Platform supply supporting services (see TRM)
Interfaces: APIs, formats, protocols
Qualities: see TRM
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
118
TOGAF 9® Foundation and Certified
Summary
Develop the Target Technology Architecture that enables the logical and physical application and data components
and the Architecture Vision, addressing the Request for Architecture Work and stakeholder concerns.
We have also looked at the TRM and III-RM. Together they look at the concept of a Foundation Architecture,
and the way Applications communicate with each other.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
119
TOGAF 9® Foundation and Certified
Phase Objectives
Generate the initial complete version of the Architecture Roadmap, based upon the Gap Analysis and
candidate Architecture Roadmap components from Phases B, C, and D
Determine whether an incremental approach is required, and if so identify Transition Architectures that will
deliver continuous business value
Define the overall solution Building Blocks to finalise the Target Architecture based on the Architecture
Building Blocks (ABBs)
Approach
Based on the gaps identified in previous phases, and a review of requirements, readiness and constraints, consider
how to develop the target architecture by documenting:
An architecture listing individual work packages in a timeline that will realise the Target Architecture
Work packages identifying logical groups of changes necessary to realise the Target Architecture
A Transition Architecture describing the enterprise at an architecturally significant state between the
Baseline and Target Architectures. Transition Architectures provide interim Target Architectures upon
which the organisation can converge
An Implementation and Migration Plan providing a schedule of the projects that will realise the Target
Architecture
The Architecture Roadmap will also refer to all stakeholders that have contributed requirements.
Phase E concentrates on how to deliver the architecture. It takes into account the complete set of gaps between
the Target and Baseline Architectures in all architecture domains, and logically groups changes into work packages
within the enterprise’s portfolios. This is an effort to build a best-fit roadmap that is based upon the stakeholder
requirements, the enterprise’s business transformation readiness, identified opportunities and solutions, and
identified implementation constraints. The key is to focus on the final target while realizing incremental business
value.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
120
TOGAF 9® Foundation and Certified
Inputs
Non-architectural
Request for Architecture Work
Capability Assessment
Communications Plan
Planning Methodologies
Architectural
Organisational Model
Governance Model
Tailored Architecture Framework
Statement of Architectural Work
Architecture Vision
Architecture Repository
Draft Architecture Definition Document
Draft Architecture Requirement Specification
Change Requests for existing business programs and projects
Candidate Architecture Roadmap components from Phases B, C, and D
Steps
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
121
TOGAF 9® Foundation and Certified
Step Summary
1. Determine/Confirm key corporate change attributes
Use Implementation Factor Assessment and Deduction matrix to assess change.
2. Determine business constraints for implementation
Constraints include drivers, plans, and a review of Enterprise Architecture Maturity.
3. Review and consolidate Gap Analysis results from Phases B to D
See future slide.
4. Review IT requirements from a functional perspective
Look to rationalise and simplify Functional Requirements with a view to providing shared services.
5. Consolidate and reconcile interoperability requirements
Interoperability considerations are initiated in Phase A. Pay particular attention to Business Process
interoperability, where differences in process can sometimes run counter to principles such as reuse.
6. Refine and validate dependencies
This includes Business, Information, Workflow, IT and Foundation dependencies.
7. Confirm readiness and risk for business transformation
Return to the Business Transformation Readiness and Risk Assessment techniques initiated in Phase A.
8. Formulate high-level Implementation and Migration Strategy
See future slide.
9. Identify and group major work packages
See future slide.
10. Identify Transition Architectures
See future slide.
11. Create Architecture Roadmap and Implementation/Migration Plan
A project/portfolio charter consists of capabilities delivered, included work packages, business value, RAID (risk,
assumptions, issues, dependencies) – i.e. outcomes delivered, their value and risk. From this create the transition
architecture and update overall architecture. The narrower the scope, the more definitive the list of targeted
capabilities should be.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
122
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
123
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
124
TOGAF 9® Foundation and Certified
Transition Architectures
Use the Architecture Definition Increments Table:
Outputs
Statement of Architecture Work, updated if necessary
Architecture Vision, updated if necessary
Draft Architecture Definition Document, including content updates for:
o Transition Architecture, number and scope, if any
Draft Architecture Requirements Specification, updated if necessary
Capability Assessment, including content updates for:
o Business and IT Capability
Architecture Roadmap, including
o Work Package Portfolio
o Identification of Transition Architectures, if any
o Implementation recommendations
Outline Implementation and Migration Plan and strategy
May include some or all of the following artifacts:
o Project Context Diagram
o Benefits Diagram
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
125
TOGAF 9® Foundation and Certified
Security
Ensure the stakeholders’ security and risk concerns are addressed in the analysis.
Confirm that risk owners are consulted. The value expected to be delivered by work packages should include
measures related to security and risk value to ensure the roadmap addresses the complete set of business goals
and drivers.
The security Building Blocks defined in the previous phases become SBBs in this phase so that more specific
implementation-oriented requirements and specifications are defined. A whole solution design might be needed at
this stage.
The Security Services Catalogue of the Baseline Security Architecture probably contains existing security services
or security Building Blocks that meet the requirements.
The efficacy of existing security services and controls earmarked for reuse must be verified to ensure that the end-
state contains security measures, which work and integrate well.
Extract from TOGAF® Series Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture
Location in the Architecture Framework: Enterprise Security Architecture: ERM.
Note: In TOGAF 9.1, risk mitigation is done for transition risks, but it is not explained how this should be created
or what possible risk mitigation strategies there are, so this Guide provides additional guidance about this issue.
The Risk Mitigation Plan contains activities to mitigate risks. It is the implementation of the risk mitigation strategy
which could aim to increase the level of control, transfer the risk to another party, avoid the risk by changing the
business activity, delay the risk, compensate for the risk, etc.
The broader sense of risk is addressed by the ERM process in this phase. The scope includes the latest
information security risks as identified during the risk assessments that are done earlier in the ADM (in Phase B).
This is where the risks get “solutioned” or “treated”. The Risk Mitigation Plan should also consider risks that appear
as a result of the new architecture.
Summary
Generate the initial complete version of the Architecture Roadmap, based upon the Gap Analysis and candidate
Architecture Roadmap components from Phases B, C, and D.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
126
TOGAF 9® Foundation and Certified
Phase Objectives
Finalise the Architecture Roadmap and the supporting Implementation and Migration Plan
Ensure that the Implementation and Migration Plan is coordinated with the enterprise's approach to
managing and implementing change in the enterprise's overall change portfolio
Ensure that the business value and cost of work packages and Transition Architectures is understood by
key stakeholders
Approach
This is the place where detailed planning is needed, particularly focusing on:
o Dependencies
o Costs and Benefits
o Risks
This will inevitably require coordination with management activities such as:
o Project
o Programme
Phase E provides an incomplete Architecture Roadmap and Implementation and Migration Plan that address the
Statement of Architecture Work. In Phase F this Roadmap and the Implementation and Migration Plan are
integrated with the enterprise’s other change activity.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
127
TOGAF 9® Foundation and Certified
Inputs
Non-architectural
Request for Architecture Work
Capability Assessment
Communications Plan
Architectural
Organisational Model
Governance Model
Tailored Architecture Framework
Statement of Architectural Work
Architecture Vision
Architecture Repository
Draft Architecture Definition Document
Draft Architecture Requirement Specification
Change Requests for existing business programs and projects
Architecture Roadmap
Steps
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
128
TOGAF 9® Foundation and Certified
Step Summary
1. Confirm management framework interactions for Implementation and Migration Plan
See future slide.
2. Assign a business value to each project
See future slide.
3. Estimate resource requirements, project timings, and availability/delivery vehicle
Resources/Costs include people, office/IT infrastructure, training, operations, and maintenance. Project timings
should take account of each SBB timing (set in step 5 of phases B-D). Delivery vehicle could be provided internally,
externally by contract, or a mixture.
4. Prioritise the migration projects through the conduct of a cost/benefit assessment and risk validation
See future slide.
5. Confirm Architecture Roadmap and update Architecture Definition Document
See future slide.
6. Complete Implementation and Migration Plan
Confirm Enterprise Architecture evolution and state; create the detailed Implementation and Migration plan.
7. Complete development cycle and document lessons learnt
Lessons learnt will be used in connection with influencing Architecture Capability.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
129
TOGAF 9® Foundation and Certified
Business Value
Consider criteria for establishing business value:
o Performance Evaluation Criteria used to approve and monitor progress of
architecture transformation
o Return on Investment
o Business Value
o Critical Success Factors
o Measures of effectiveness which can be expressed as performance criteria
o Strategic fit based on overall Enterprise Architecture
Use Business Value Assessment Technique
o Create a value-index (compliance to principles, value as above) and a risk
index (size, complexity, technology, organisational capacity and impact of
failure). Then perform a Business Value and Risk Assessment...
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
130
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
131
TOGAF 9® Foundation and Certified
This technique looks at the evolution of the Solution Building Blocks, mapped to
the TRM
Use in conjunction with Architecture Definition Increments Table
Outputs
Implementation and Migration Plan (detailed) including
o Implementation and Migration Strategy
o Project and Portfolio Breakdown
o Project Charters (optional)
Finalised Architecture Definition Document and Transition Architectures if any (see
Deliverables for detailed headings of document)
Finalised Architecture Requirements Specification
Finalised Architecture RoadmapReusable Architecture Building Blocks
Requests for Architecture Work for the architecture aspects of implementation
projects (if any)
Implementation Governance Model
Change Requests for Architecture Capability arising from lessons learnt
There are no artifacts included in these outputs.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
132
TOGAF 9® Foundation and Certified
Security
Migration is itself a business process that needs to be secured. The migration strategy should include a risk
assessment and a Risk Mitigation Plan
In Phase F, the Risk Mitigation Plan is limited to the transition. These concepts have already been
mentioned in earlier phases of the ADM. Migration of live environments should always include regression
planning so that there is a way to reverse out a failed migration. This is an essential part of risk
management
In addition, migration planning should include a security impact analysis to understand any security impacts
of the target state of the change
Extract from TOGAF® Series Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture
5.8.1 Security Audit
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Security audit includes security reviews of implemented processes, technical designs, developed code, and
configurations against policies and requirements. It also includes security testing, comprising functional security
testing, performance testing, and penetration testing.
5.8.2 Security Training and Awareness
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Security training and awareness means that sufficient training is provided to ensure correct deployment,
configuration, and operations of security-relevant subsystems and components, including awareness training of all
users and non-privileged operators of the system and/or its components. It is critical for a proper, continuous, and
secure performance.
In many control frameworks, security training must be followed and results documented to demonstrate due
diligence. Substantiated corrective actions or sanctions are needed in cases where exploits or errors compromise
security objectives.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
133
TOGAF 9® Foundation and Certified
Summary
The Migration Planning Phase addresses migration planning; that is, how to move from the Baseline to the Target
Architectures. It includes creating the finalised Architecture Definition Document and the detailed Implementation
and Migration Plan. After completion of this phase the preparation for implementation has been completed.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
134
TOGAF 9® Foundation and Certified
Phase Objectives
Ensure conformance with the Target Architecture by implementation projects
Perform appropriate Architecture Governance functions for the solution and any implementation-driven
architecture Change Requests
Approach
This is where the plans have to be put into action – an Implementation Programme is likely to involve transitions,
each delivering their own benefits. The overall approach includes:
Delivery of Transition Architectures
Business priorities
Organisational standards
Existing Programme or Project Management approach
Operational considerations
A vital link between implementing organisation and architecture is established through an overall Architecture
Contract. Project details are recorded:
Name, description, and objectives
Scope, deliverables, and constraints
Measures of effectiveness
Acceptance criteria
Risks and issues
Ensuring compliance with defined architecture(s) by both implementation projects and other ongoing projects.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
135
TOGAF 9® Foundation and Certified
Inputs
Non-architectural
Request for Architecture Work
Capability Assessment
Architectural
Organisational Model
Tailored Architecture Framework
Statement of Architectural Work
Architecture Vision
Architecture Repository
Architecture Definition Document
Architecture Requirement Specification
Architecture Roadmap
Implementation Governance Model
Architecture Contract
Request for Architecture Work
Implementation and Migration Plan
Steps
1. Confirm scope and priorities for deployment with development management
2. Identify deployment resources and skills
3. Guide development of solutions deployment
4. Perform Enterprise Architecture compliance reviews
5. Implement business and IT operations
6. Perform post-implementation review and close the implementation and Migration
Plan
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
136
TOGAF 9® Foundation and Certified
Step Summary
1. Confirm scope and priorities for deployment with development management
Review migration planning outputs and produce deployment recommendations, identify Enterprise Architecture
priorities, recommend on deployment issues, identify BBs for replacement/update, etc., identify gaps in Enterprise
Solution Framework (current enterprise SBBs) and specific BBs that fill those gaps, produce Gap Analysis report.
2. Identify deployment resources and skills
Consider system development methods (i.e. developers, languages used), ensure development feedback can be
given to the architects.
3. Guide development of solutions deployment
Formulate project recommendations, document Architecture Contract, update repository, guide development of
business and IT Operating models, derive service requirements, guide definitions of business and IT operational
requirements, do Gap Analysis between Solution Architecture and operations, produce implementation plan.
4. Perform Enterprise Architecture compliance reviews
See Governance chapter.
5. Implement business and IT operations
Carry out deployment projects such as IT or Business Service Delivery implementation; communications document
publication.
6. Perform post-implementation review and close the implementation
Closure takes place when solutions are fully deployed once.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
137
TOGAF 9® Foundation and Certified
Outputs
Contract between Architecture Design and Contract between Architecting Function and
Development Partners Business Users
o Introduction and background o Introduction and background
o The nature of the agreement o The nature of the agreement
o Scope of the architecture o Scope
o Architecture and strategic principles and o Strategic requirements
requirements o Architecture deliverables that meet the
o Conformance requirements business requirements
o Architecture development and management o Conformance requirements
process and roles o Architecture adopters
o Target architecture measures o Time window
o Defined phases of deliverables o Architecture business metrics
o Prioritised joint work plan o Service architecture (includes Service
o Time window(s) Level Agreement (SLA))
o Architecture delivery and business metrics
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
138
TOGAF 9® Foundation and Certified
Security
Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful
implementation of the findings
Implement methods and procedures to review evidence produced by the system that reflects operational
stability and adherence to security policies
Implement necessary training to ensure correct deployment, configuration, and operations of security-
relevant subsystems and components; ensure awareness training of all users and non-privileged operators
of the system and/or its components
Determine “what has gone wrong?”
Extract from TOGAF® Series Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture
5.8.1 Security Audit
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Security audit includes security reviews of implemented processes, technical designs, developed code, and
configurations against policies and requirements. It also includes security testing, comprising functional security
testing, performance testing, and penetration testing.
5.8.2 Security Training and Awareness
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Security training and awareness means that sufficient training is provided to ensure correct deployment,
configuration, and operations of security-relevant subsystems and components, including awareness training of all
users and non-privileged operators of the system and/or its components. It is critical for a proper, continuous, and
secure performance.
In many control frameworks, security training must be followed and results documented to demonstrate due
diligence. Substantiated corrective actions or sanctions are needed in cases where exploits or errors compromise
security objectives.
Risk Monitoring
The residual risk has to be accepted and approved
Mitigation measures need to be monitored
Sometimes risks can be identified in this phase that require another partial or full circuit of the ADM
Summary
The Implementation Governance Phase defines architecture constraints on the implementation projects and
obtains signatures on an Architecture Contract. The contract, along with all the documentation, is then delivered to
the implementation team. This phase includes governing the architecture through implementation by conducting
compliance reviews, and by risk monitoring as well as post-implementation reviews.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
139
TOGAF 9® Foundation and Certified
Phase Objectives
Ensure that the architecture lifecycle is maintained
Ensure that the Architecture Governance Framework is executed
Ensure that the Enterprise Architecture Capability meets current requirements
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
140
TOGAF 9® Foundation and Certified
Re-architecting – If the impact is significant for the business strategy, then there may be a need to redo the
whole enterprise
Incremental Change – If new technology or standards emerge, then there may be a need to refresh the
Technology Architecture, but not the whole Enterprise Architecture
Change management techniques – If the change is at an infrastructure level – for example, ten systems
reduced or changed to one system – this may not change the architecture above the physical layer, but it
will change the Baseline Description of the Technology Architecture. This would be a simplification change
handled via change management techniques
Inputs
Reference Materials External to the Enterprise
Architecture Reference Material
Non-architectural
Request for Architecture Work
Architectural
Organisation Model
Tailored Architecture Framework
Statement of Architecture Work
Architecture Vision
Architecture Repository
Architecture Definition Document
Architecture Requirements Specification
Architecture Roadmap
Change Requests (technology change, business change, lessons learnt)
Implementation Governance Model
Architecture Contract
Compliance Assessments
Implementation and Migration Plan
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
141
TOGAF 9® Foundation and Certified
Change Requests
Changes can arise because:
o During implementation circumstances may give rise to deviation from plan, or a change in the
scope
o At any time, changes (i.e. business, technology) may require revision of architecture
A Change Request would typically contain:
o Description of the proposed change
o Rationale for the proposed change
o Impact assessment of the proposed change, including:
Reference to specific requirements
Stakeholder priority of the requirements to date
Phases to be revisited
Phase to lead on requirements prioritisation
Results of phase investigations and revised priorities
Recommendations on management of requirements
o Repository reference number
Steps
1. Establish Value Realisation process
2. Deploy Monitoring Tools
3. Manage Risks
4. Provide Analysis for Architecture Change Management
5. Develop Change Requirements to meet Performance Targets
6. Manage Governance Process
7. Activate the process to implement change
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
142
TOGAF 9® Foundation and Certified
Step Summary
1. Establish Value Realisation process
Exploit Enterprise Architecture in order to realise value (benefit/outcome) to the business.
2. Deploy Monitoring Tools
Monitor business, technology, on-going business value, architecture capability maturity, asset management
programs, QoS, business continuity.
3. Manage Risks
Use risk assessment to provide recommendations for IT strategy.
4. Provide Analysis for Architecture Change Management
Analyse and review performance – especially with Service Management, assess change requests to ensure value
is realised and service level expectation met, identify gaps in performance of Enterprise Architecture, ensure
change management requests adhere to architecture governance.
5. Develop Change Requirements to meet Performance Targets
From the above, make recommendations on change requirements.
6. Manage Governance Process
Arrange and then hold Governance Board meetings to discuss changes and dispensations, and make decisions.
7. Activate the process to implement change
Produce a new Request for Architecture Work; capture implemented changes and document in architecture
repository.
Outputs
Architecture updates
Changes to architecture framework and principles
New Request for Architecture Work, to initiate another cycle of the ADM in
response to change
Statement of Architecture Work, updated if necessary
Architecture Contract, updated if necessary
Compliance Assessments, updated if necessary
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
143
TOGAF 9® Foundation and Certified
Security
Phase H does not produce tangible security outputs but defines two processes essential for continued alignment
between the business requirements and the architecture: risk management and architecture governance. Even
though they are not formal artifacts, they are added here to emphasise their importance.
ERM is the process in which the existing architecture is continuously evaluated regarding changes to
business opportunity and security threat. Based on the results of this process, the current architecture
might deem it unsuitable to mitigate changed or new risks, or it might constrain the business too much in
exploiting new opportunities. In that case, a decision on architecture change must be made
Architecture governance is the process in which decisions are made on changes to the existing
architecture, either by minor changes in the current iteration or by means of a completely new iteration.
This is explained in the TOGAF® Architecture Governance Framework (TOGAF 9.1 §50.2). Changes
related to risk and security should be an explicit part of that framework. Large changes to the architecture
should include a security impact analysis.
Summary
The Change Management Phase ensures that changes to the architecture are managed in a cohesive and
controlled manner in line with the Architecture Governance processes.
It also establishes and supports the Enterprise Architecture to provide flexibility to evolve the architecture rapidly in
response to changes in the technology or business environment.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
144
TOGAF 9® Foundation and Certified
Phase Objectives
Ensure that the Requirements Management process is sustained and operates for all relevant ADM
phases. Crucial to this process is the recording of all requirements, impact analysis of changed
requirements, and adjustment of any gaps
Manage architecture requirements identified during any execution of the ADM cycle or a phase
Ensure that relevant architecture requirements are available for use by each phase as the phase is
executed
Approach
Generally, the ADM must be able to respond to the dynamic environment
At all phases of architecture requirements must be considered, as well as constraints, principles, policies
and standards
Useful resources
o Business Scenarios
o Requirements tools (see volere.co.uk/tools.htm)
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
145
TOGAF 9® Foundation and Certified
Inputs
Reference Materials External to the Enterprise.
Non-architectural.
Architectural:
Architecture Repository
Organisational Model
Tailored Architecture Framework
Statement of Architectural Work
Architecture Vision
Architecture Requirements
Requirements Impact Statement
1. Identify/Document requirements.
2. Baseline requirements – determine priorities, confirm stakeholder buy-in, record
priorities.
3. Monitor baseline requirements.
4. Identify changed requirements – remove, add, modify, and re-assess
priorities.
5. Identify changed requirements and record priorities – identify and resolve
conflicts, generate requirements impact statements.
6. Assess impact of changed requirements on current and previous ADM
phases, decide whether to do something now or later, issue requirements
impact statement.
7. Implement requirements arising from Phase H (catches changes from
Phase H and ensures proper consideration).
8. Update the requirements repository.
9. Implement change in the current phase.
10. Assess and revise Gap Analysis for past phases, using Gap Analysis
technique.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
146
TOGAF 9® Foundation and Certified
Outputs
Requirements Impact Specification
Requirements Impact Assessment, which identifies the phases of the ADM that
need to be revisited to address any changes. The final version must include the
full implications of the requirements (e.g. costs, timescales, and business
metrics)
When new requirements arise, or existing ones are changed, a Requirements Impact Statement is generated,
which identifies the phases of the ADM that need to be revisited to address the changes. The statement goes
through various iterations until the final version, which includes the full implications of the requirements (e.g. costs,
timescales, and business metrics) on the architecture development. Once requirements for the current ADM cycle
have been finalised then the Architecture Requirements Specification should be updated.
Security
Requirements Management is central to architecture work. Its purpose is to identify, store, maintain, and
communicate business requirements through the different phases of architecture development by means of
a controlled and repeatable process. Also, operational performance is monitored against target
requirements. This is not explicitly addressed in the ADM but lies within Phase H: Architecture Change
Management, and the continual validation of Requirements Management.
The ADM method validates and updates business requirements in every stage of an architecture
development project. However, the TOGAF® standard does not provide a required technique for describing
or documenting requirements. Such a technique is present in SABSA, which presents its unique Business
Attribute Profiling technique as a means to describe requirements effectively.
Extract from TOGAF® Series Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture
5.10.1 Business Attribute Profile
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
Business Attribute Profiling is a SABSA requirements engineering technique that translates business goals and
drivers into requirements using a risk-based approach. Some important advantages of this technique are:
Executive communication in non-IT terms
Traceability mapping between business drivers and requirements
Performance measurement against business-defined targets
Grouping and structuring of requirements, which facilitates understanding and oversight by architects
The SABSA Business Attribute Profile is at the heart of the SABSA methodology. It is this requirements
engineering technique that makes SABSA truly unique and provides the linkage between business requirements
and technology/process design. See the SABSA® Blue Book [2]. © The SABSA Institute
Figure 6: Example of a SABSA Business Attribute Taxonomy
Each SABSA Business Attribute in the example taxonomy of © The SABSA Institute
Figure 6 has a detailed generic definition and some suggested guidelines for applying metrics to that attribute, not
included in this overview. A Business Attribute Profile is built by the architects, using the taxonomy as a guideline.
The objective is to document the relevant attributes for the business case in hand, redefining each selected
attribute in terms of the business case, developing a measurement approach, specific metrics, and performance
targets, again related to the business case. The model is flexible and adaptive. When needed, new attributes and
new definitions should be added to fulfil the business requirements. Thus, although the method is well defined, the
Business Attribute taxonomy can be extended as much as is appropriate and each Business Attribute Profile is
highly customised according to the business case being considered by the architecture team.
An integral part of the SABSA Business Attribute Profile is the selection of metrics to set targets, so that
performance can be measured in the operational phase (“did you hit the target?”). The business analyst can
choose to either use the suggested metrics in the detailed examples, or create new metrics if that seems more
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
147
TOGAF 9® Foundation and Certified
appropriate. Eventually, the creation of a real-time operational risk dashboard is possible that monitors
performance of operational capabilities against the predetermined performance targets, and provides early
warnings of upcoming risk events that may require management intervention.
In O-ISM3, performance targets are called “security targets”. As well as expressing security objectives in terms of
what matters to the business, O-ISM3 defines the tolerable deviations. All O-ISM3 objectives (business and
security) must include their security target. This is the maximum deviation from the desired outcome that
management tolerates before taking corrective action. O-ISM3 can support any specified variance. This enables
the O-ISM3 program to support and manage both aspirational objectives (whose allowable deviations may be very
high) and critical objectives (where there is usually a very narrow compliance range).
Security targets are normally defined in terms of frequency of occurrence and threshold cost. The allowable
business impact of missing objectives reflects the trade-off against other priorities and objectives. Security targets
show what the organisation expects from its information security investment. In a way, management’s act of
defining security targets also specifies its risk appetite.
5.10.2 Control Objectives/Security Objectives
Location in the Architecture Framework: Enterprise Security Architecture: ISM.
A control objective (sometimes called a security objective) is a desired state of security for a given process, person,
activity, system, or dataset. It differs from a security requirement since an objective is a goal that the ISM process
aims to fulfil. This control objective might not exactly match the security requirement. Control objectives are linked
to business attributes.
O-ISM3 documents the contribution of information security towards meeting business objectives through using a
dependency analysis. The output of the dependency analysis is a list of security objectives that form the basis for
design, implementation, and monitoring of the ISMS. They also form the business objectives for the security
component when planning Enterprise Architecture. Security objectives, derived from business objectives, state
explicitly how information security contributes to business objectives.
Some examples of security objectives derived from the business objective “Invoicing all products and services
provided” are:
Invoices are accessible only to the accountancy and collection teams
Paid invoices are kept for three years and destroyed after no more than four years
5.10.3 Security Standards
Location in the Architecture Framework: TOGAF 9.1 §41.4 (Standards Information Base) provides a repository area
to hold a set of specifications to which architectures must conform. The standards can apply at every architecture
domain in the TOGAF standard. Security standards can be added to this existing catalogue as well.
The Security Architecture provides guidance on which security standards to use in which situation. Whether a
security standard applies is decided by the business owner or business analyst. If so, the standard is applied to the
architecture work through the Requirements Management process. The standard can dictate security controls for
the Business, Data, Application, or Technology Architecture.
Standards are needed to ensure that many different components can be integrated to form a larger system.
Different types of standards exist, such as regulatory standards, technical standards, etc. An example is the PCI-
DSS standard that applies for businesses in the payment card industry, the ETSI standards that apply in the
telecomms industry, etc. It is also worth noting that security standards may be externally imposed, or they may be
internally developed.
Summary
Requirements Management is an ongoing activity of the ADM. The requirements repository contains the current
requirements for the Target Architecture.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
148
TOGAF 9® Foundation and Certified
Architecture Partitioning
Objectives
We will look at the following:
Describe the purpose of Partitioning
Consider Architecture and Solutions in the context of partitioning
Employing Architecture Partitioning
Overview
In a complex enterprise there can be many architectures, at different stages and describing different levels of detail
(architectures and solutions). Partitioning is a way of dealing with this complexity because...
Architecture is complex
Different architectures conflict with one another
Different teams need to work on different elements of architecture at the same time
Effective architecture reuse requires modular architecture segments
Characteristics of Solutions
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
149
TOGAF 9® Foundation and Certified
Characteristics of Architectures
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
150
TOGAF 9® Foundation and Certified
Summary
In a complex enterprise there can be many architectures, at different stages and describing different levels of detail
(architectures and solutions). Partitioning is a way of dealing with this complexity.
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
151
TOGAF 9® Foundation and Certified
Iterations
The ADM is not a sequential process – it can take many iterations, and cycles through the phases.
Iteration can be used:
Each cycle through the ADM is bound to a Request for Architecture Work, intended to either extend or
change the Architecture Landscape
Separate projects may give rise to concurrent operation of ADM cycles
One project may trigger another, causing the instantiation of a further ADM cycle. This is particularly so
where strategy architectures give rise to segment architecture, which eventually give rise to capability
architectures
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
152
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
153
TOGAF 9® Foundation and Certified
Target First
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
154
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
155
TOGAF 9® Foundation and Certified
Levels of Architecture
Levels of the Architecture Landscape
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
156
TOGAF 9® Foundation and Certified
Security Architecture
Aligns Business and supporting Information Systems to realise goals
A structure of organisational, conceptual, logical and physical components that coherently act to provide
security
Close integration is needed between Security and Enterprise Architecture
A common language needs to be used
ISM – Information Security Management
ERM – Enterprise Risk Management
The way in which these concepts have been integrated with the framework is shown diagrammatically later
Security is Cross-cutting
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
157
TOGAF 9® Foundation and Certified
Concepts with an underscore are additions to the TOGAF® Framework and brought in by ISM or ERM.
Summary
Iterations and Levels of Architecture are both ways of organising how/what the ADM processes are dealt
with
Security is a distinct but integrated part of architecture
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
158
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
159
TOGAF 9® Foundation and Certified
Levels: Elements:
0. – None Architecture Process
1. – Initial Architecture Development
2. – Under Development Business Linkage
3. – Defined Management Team Participation
4. – Managed Operating Unit Participation
5. – Measured Architecture communication
IT Security
Architecture Governance
IT Investment and Acquisition Strategy
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
160
TOGAF 9® Foundation and Certified
Maturity Assessments
If desired an organisation can go through a formal assessment called SCAMPI (Standard CMMI Appraisal
Method for Process Improvement)
Used to measure Capability and Maturity
Three types of assessment
o Class A: Formal and Official
o Class B: Interim assessment (semi-informal)
o Class C: Self-assessments (totally informal)
Summary
In this chapter we looked at:
The role of Maturity Models to describe best practice and define how to assess your maturity level
The CMMI Approach integrates a variety of models
The ACMM is a model that focuses on Enterprise Architecture
Maturity Assessments are performed using the SCAMPI system
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
161
TOGAF 9® Foundation and Certified
Reduced time, cost, and risk in training, hiring, and managing architecture pros, both internal and external
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
162
TOGAF 9® Foundation and Certified
Summary
In this chapter we looked at:
The purpose and need for an Architecture Skills Framework – to provide a consistent and uniform structure
Benefits of using the framework – reduced cost, time and risk because the right people are being used in
the right way
Structure of the Skills Framework – consists of Roles, Skills and Proficiencies
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
163
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
164
TOGAF 9® Foundation and Certified
Capabilities, 64 Approach, 96
Compliance Review Inputs, Outputs and Steps, 97
Processes, 63 Objectives, 96
Purpose, 63 Repository Items, 96
Governance Framework Structure, 58 Security, 97
Key Success Factors, 60
Phase C – Applications
Need for Architecture Board, 60
Approach, 104
Need for Architecture Compliance, 62
Architecture Definition Doc, 109
Organisation Structure, 59
Architecture Requirements Spec, 109
Overview, 57
Inputs, 105
Specifics, 60
Objectives, 104
Integrated Information Infrastructure RM Outputs, 108
Boundaryless Information Flow, 117 Principles, 105
Components, 118 Selecting Ref.Models/Viewpoints/Tools, 107
Detailed Structure, 119 Step Summary, 106
High-level Structure, 118 Steps, 105
Introduction to the ADM Phase C – Data
Adapting the ADM, 24 Achitecture Requirements Spec, 103
Architecture Integration, 25 Approach, 99
Architecture Scope, 25 Architecture Definition Doc, 103
Governance and Information, 24 Governance, 100
Guidelines and Techniques Inputs, 100
Introduction, 23 Management, 99
Phases A-D, 22 Migration, 100
Relationships, 23 Objectives, 99
Outputs, 102
Phase A
Principles, 100
Approach, 76
Reference Models, 102
Architecture Repository, 77
Step Summary, 101
Business Transformation Readiness, 80
Steps, 101
Capabilities Example, 84
Capability-based Planning, 84, 85 Phase D – Security, 114
Creating an Architecture Vision, 76
Phase D – Technology
Inputs, 77
Approach, 110
Interoperability
Architecture Definition Doc, 114
Business, 85
Architecture Requirements Spec, 114
Phase level, 85
Inputs, 111
Objectives, 76
Outputs, 113
Outputs, 83
Phase Objectives, 110
Risk Impact Classification Scheme, 82
Principles, 111
Risk Management, 81
Step Summary, 112
Security, 86
Steps, 112
Stakeholders Concerns and Requirements, 79
Step Summary, 78 Phase E – Opportunities and Solutions
Steps, 78 Approach, 120
Suggested Readiness Factors, 80 Confirm Change, 123
Identify Work Packages, 124
Phase B
Illustrate, 121
Approach, 87
Implementation and Migration Strategy, 124
Building Blocks, 93
Objectives, 120
Business Modelling, 90
Outputs, 125
Gap Analysis, 92
Review Gaps, 123
Gap Analysis Matrix, 92
Security, 126
Inputs, 88
Step Summary, 122
Objectives, 87
Steps, 121
Outputs, 93
Transition Architectures, 125
Principles, Goals, Drivers, 88
Security, 94 Phase F – Migration Planning
Step Summary, 89 Approach, 127
Steps, 89 Business Value, 130
Business Value Assessment Technique, 130
Phase C
Confirm Architecture Roadmap, 131
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
165
TOGAF 9® Foundation and Certified
Includes extracts from the TOGAF® Framework, Version 9.2 copyright © 2018 The Open Group
TOGAF® is the registered trademark of The Open Group in the United States and other countries
166
To continue your learning journey, visit
QA.COM
Professionally social.
#SkillsfortheDigitalAge
V1.9