Your objectives provide the focus for everything your organisation does. If you're doing things which aren't helping you achieve your objectives, you need to ask yourself why you're doing them in the first place.
Archistry helps you optimize your organisation to increase your business productivity and performance by being able to take the broad view of how your organisation's core elements – your people and organisational structures, the boundaries established by your risks and controls, the processes applied to reaching your goals and the underlying enabling technologies you employ – fit together and work with you to ensure all of them are fully aligned with your business objectives.
We bring new ideas and perspectives to help you avoid and overcome the issues and challenges facing your projects and initiatives or to help you get them off the ground. In most cases, these ideas help you innovate through creating new products, new services or new ways of doing things that will provide lasting value to your organisation. Our broad experience across many industries includes the Public Sector, Banking & Financial Services, Telecommunications, Manufacturing and Commercial Software Development and helps us to recognise many key organisational issues quickly and allows you to focus on these core topics rather than continually attempting to battle symptom after symptom with little lasting success.
Some of Our Past Engagements
Here are examples from some of our previous engagements to better illustrate the breadth and depth of how we have been able to help organisations in the past. While they illustrate many different types of outcomes, they share a common theme of ensuring the particular outcomes were squarely focused on achieving the organisation's stated business objectives. Maintaining this clear focus is Archistry's core value to our clients.
- Public Services Broker
- Enterprise Architecture Strategy
- MOD Risk Management Methodology
- Banking Due Diligence Audit
- Security Architecture for Inter-Bank Funds Transfer
Public Services Broker
Provided technology strategy, guidance and architectural authority to realign project implementation with strategic business goals for €35M Public Services Broker project.
Background
The Public Services Broker was a pioneering e-government project to provide a SOA-based messaging backbone and public facing customer portal to enable a single point of access to public services.
Key Issues
- Deteriorating relationships between the client and solution provider members
- Technology-focused implementation not aligned with original project vision
- Lack of strong technical leadership
Our Approach
Acting as the Technical Design Authority and Enterprise Architect for the project implementation, we set out to address the issues. Focusing first on establishing a strong technical leadership role to build credibility and respect with the client, we were able to address many of the fundamental trust issues present between the client and solution provider. Building on this success, we then revisited the original strategy and vision of the PSB in light of the current implementation and the current business climate to define a new technology strategy for the project.
Benefits
Increased productivity: by addressing the core issues of the complex, multi-vendor relationships, a new level of shared vision and understanding emerged, allowing the whole team to more efficiently do what needed to be done.
Renewed focus on business benefits: by revisiting the original programme objectives in light of both the current implementation and the current business climate, technical priorities were re-aligned to ensure they were delivering real business value to the intended customers of the PSB.
Reduced operational costs: the re-alignment with value-driven business objectives also allowed several complex areas of the implementation to be simplified, reducing the ongoing operational and licensing costs of the programme.
Enterprise Architecture Strategy
Conducted Enterprise Architectural reviews and provided guidance in technology strategy definition to help Public Sector agencies align their ICT strategies with their strategic business objectives.
Background
Two Public Sector agencies were struggling to effectively define and articulate their technology strategies to ensure they were supporting their strategic business objectives.
Key Issues
- Minimal communication between business and technology stakeholders
- Strong culture of technology strategy being defined by technology departments
- Misunderstanding the role of Enterprise Architecture in managing organisational execution
Our Approach
After reviewing existing architecture documentation, we realised that a better understanding of Enterprise Architecture's role as a management tool would be key to enabling better communication between business and technology stakeholders. Using the concept of a simplified “core diagram” view of how the organisation's core processes, information and technologies enabled key stakeholders as the basis for workshops including both business and technology team members.
Benefits
Revisited priorities of ongoing projects: by focusing the discussion around the core organisational mission and business objectives, it was clear that the priorities of several ongoing projects were not aligned with the business strategy
Identified gaps in draft strategy: by engaging relevant business leaders in the definition of how technology should be used to deliver the business strategy, we were able to identify gaps in the existing strategy where there were no current projects to support the core organisational mission.
Learning and knowledge transfer: the workshops helped the participants understand the role of Enterprise Architecture in developing and implementing technology strategy, giving them tools and techniques that they could use not only in defining the next technology strategy, but which would also help them ensure that new projects were directly linked to specific business imperatives.
MOD Risk Management Methodology
Developed a new Information Risk Management methodology for the UK Ministry of Defense intended for deployment across the entire military establishment.
Background
The UK Ministry of Defense is a very large and complex organisation with many national and international interactions. They wanted to develop a unified Information Risk Management framework that would be flexible enough to deploy across such a complex environment.
Key Issues
- Military-grade security requirements
- Thousands of years of existing military culture focused on 'secrecy' now needing to embrace the wider aspects of 'information assurance', including all aspects of integrity and availability
- Extended enterprise with many complex alliances, both permanent and ad hoc, that will never in future fight battles ‘alone’
- ‘Need to share’ and communicate information (as opposed to ‘need to know’) with other government organizations, vendors, service providers, allies, aid agencies, local warlords, national governments, other national armed forces and alliances, local governments, law-enforcement agencies, intelligence sources, etc.
- Huge deployment of information technology for both peace-time and battlefield purposes, for both information gathering and communicating with others at all levels, including front-line commanders in remote mountains or sub-marine where communications may be intermittent
- Changed cultural environment where ‘security at any cost’ has been replaced by ‘value for money’ and ‘risk balance cases’
- Huge effort required to bring about the necessary cultural change from ‘security based’ to ‘risk based’ information assurance, where decisions are made by military commanders and business managers, rather than by ‘security experts’
Our Approach
As co-author of the SABSA® framework for Risk-based, Business-driven Security Architecture, we were confident that SABSA was flexible and robust enough to be used as the basis for a new, unified Information Risk Management framework. An assessment by an independent 3rd party of all available methodologies placed SABSA as being the number one choice on every single one of the evaluation criteria, which led to its official adoption as the methodology of choice by the MOD. Working closely with the MOD, we refined and expanded portions of the framework to meet the demanding needs of the MOD, creating a framework suitable for effective deployment across diverse military organisations.
Benefits
Enabling risk-based security and information assurance: by creating a method and a framework that embraces the wider military and business requirements for information assurance, including all aspects of information and systems integrity and service availability, and by enabling those empowered to take risks to do so with good quality decision support tools.
Creating an information assurance performance measurement framework: Using a SABSA Business Attributes Profile to create a tiered scorecard for measuring information assurance, integrated at the highest level into the Defence Management Board scorecard, providing visibility at all management levels as to current performance against objectives
Providing a MOD-wide Information Risk Management framework and method: Unifying a hitherto fragmented and somewhat outdated approach to information assurance into a single extended-enterprise-wide framework, providing consistency, robustness, repeatability, improved efficiency and good cost-effectiveness.
Banking Due Diligence Audit
Carried out a due-diligence audit of a high-value, same-day settlement, payment system for a large Irish bank.
Background
The bank had a business process for handling high-value payments for large corporate customers. The high-value transactions and the same-day settlement environment meant that the process and its supporting systems were classified as ‘high risk’ with regard to fraud and/or accidental loss. The bank had decided to replace some manually operated parts of the process with new systems to achieve several objectives: improved security and reduced risk; more highly automated access for customers; end-to-end integration of the information systems to improve operational efficiency and reduce operational costs.
Key Issues
- High risk of fraud in the existing environment
- Requirement to improve security levels and reduce risk levels
- Customer service focus on remote automated access
- Senior management needing assurance that the technical design and implementation would meet the business requirements.
Our Approach
As with Case Study 3 we applied the SABSA methodology to develop overarching conceptual and logical security architectures, in this case for the new payments system. By assisting the bank to synthesise a SABSA Business Attributes Profile, including a risk assessment using the attributes as proxy-assets, we were able to articulate the precise business requirements on behalf of senior management. The design team used this as the basis for their systems and process design programme, and we assisted by independently auditing the functional specifications and technical designs against the requirements, providing a final formal report to assure senior management that the design was in line with its expectations and that all risks were being managed adequately.
Benefits
Avoiding costly re-work whilst providing a stringent audit and evaluation: by working alongside the design team in a consultative role and reviewing their work progressively, making them aware of issues and helping them to identify solutions to emerging problems.
Preventing show-stopping mistakes from being made: by ensuring that the bank was aware of the need to comply with a wide range of regulatory matters, including money laundering monitoring and reporting and the use of cryptographic technology.
Providing senior management with independent assurance: the new system design was in all ways ‘fit for purpose’ and that it met the stringent business requirements for security and risk management in a high-risk payments system.
Security Architecture for Inter-bank Funds Transfer
Acted as Security Architects to the world’s largest, global inter-bank funds-transfer company during the development of a completely new network and portfolio of distributed application services.
Background
The company moves several trillions of dollars per day between the largest of the world’s banks. In terms of value transfer this is far and away the largest banking payments network in the world. The company was moving from a traditional X.25 based network to a modern IP based service. Security is central to the reputation, mission and brand of this company and so security and risk management were seen as critical to the success of the new programme.
Key Issues
- Security is at the heart of the brand
- New technology base, therefore new threats and vulnerabilities
- Major change management programme, requiring migration of live business services for customers
- Planned eventual outsourcing of the network infrastructure itself, requiring separate and independent security within the network, the middleware and the application layers
- Open standards compliance required to maximize multi-vendor opportunities
Our Approach
As with Case Studies 3 and 4 we applied the SABSA methodology to develop an overarching conceptual and logical architecture. This began with the collection and collation of business requirements, analysis of the risks, and development of a security architecture that would meet the business requirements for security and risk management and at the same time fit comfortably within the overall architecture of the new infrastructure and services. This involved us working closely within an overall architecture team numbering in excess of 70 people.
Benefits
Brand protection: by ensuring that the new security architecture was at least as solid and dependable as the legacy one that it replaced and in many cases better – certainly more flexible for new business applications.
Fraud prevention: by ensuring that extremely high levels of cryptographic security are used to protect the value transfer services.
Protecting continuity of service: by ensuring that system resilience is at the highest economically available level
Providing senior management with assurance: that the new network and system design was in all ways ‘fit for purpose’ and that it met the stringent business requirements for security and risk management in the highest-risk payments system in the world.