Ensure that the Requirements Management process is sustained and Determine the Architecture Capability desired by the organization:

operates for all relevant ADM phases Establish the Architecture Capability:
Manage architecture requirements identified during any execution of
the ADM cycle or a phase
Ensure that relevant architecture requirements are available for use by
each phase as the phase is executed
 It includes information about defining the scope, identifying the stakeholders, creating the Architecture Vision,
and obtaining approvals
Ensure that the architecture lifecycle is maintained
Ensure that the Architecture Governance Framework is
executed
Business Architecture describes the product and/or service strategy, and the organizational,
Ensure that the enterprise Architecture Capability
functional, process, information, and geographic aspects of the business environment.
meets current requirements

Develop the Target Information Systems (Data and Application) Architecture,

describing how the enterprise's Information Systems Architecture will enable
Ensure conformance with the Target Architecture by
the Business Architecture and the Architecture Vision, in a way that addresses
Implementation projects
the Request for Architecture Work and stakeholder concerns
Perform appropriate Architecture Governance
Identify candidate Architecture Roadmap components based upon gaps
functions for the solution and any implementation-
between the Baseline and Target Information Systems (Data and Application) Architectures
driven architecture Change Requests

The focus of Phase F is the creation of an

Develop the Target Technology Architecture that enables the logical and physical
Implementation and Migration Plan in co-operation
application and data components and the Architecture Vision, addressing the Request
with the portfolio and project managers
for Architecture Work and stakeholder concerns.
In Phase F this Roadmap and the Implementation and
Identify candidate Architecture Roadmap components based upon gaps between the
Migration Plan are integrated with the enterprise's
Baseline and Target Technology Architectures
other change activity.

Phase E concentrates on how to deliver the architecture. It takes

into account the complete set of gaps between the Target
and Baseline Architectures in all architecture domains, and
logically groups changes into work packages within the
enterprise's portfolios.
 Scope the enterprise organizations impacted by the security architecture
Define and document applicable regulatory and security policy requirements
Define the required security capability as part of Architecture Capabilit
Implement security architecture tool
Obtain management support for security measures
Define necessary security-related management sign-off milestones of this architecture development cycle
Determine and document applicable disaster recovery or business continuity plans/requirements
Identify and document the anticipated physical/business/regulatory environment(s) in which the system(s) will be
deployed.
Ensure that the architecture lifecyc
Determine and document the criticality of the system: safety-critical/mission-critical/non-critical

Determine who are the legitimate actors who will interact with the product/service/process
Assess and baseline current security-specific business processes (enhancement of existing
objective)
Determine whom/how much it is acceptable to inconvenience in utilizing security measures
Establish architecture artifact, design, and code Identify and document interconnecting systems beyond project control
reviews and define acceptance criteria for the Determine the cost (both qualitative and quantitative) of asset loss/impact in failure cases
successful implementation of the findings Identify and document the ownership of assets
Implement methods and procedures to review
evidence produced by the system that reflects
operational stability and adherence to security
policies Assess and baseline current security-specific architecture elements (enhancement of
existing objective)
Identify and evaluate applicable recognized guidelines and standards
Revisit assumptions regarding interconnecting systems beyond project control
Assess the impact of new security measures upon other Determine and document the sensitivity or classification level of information
new components or existing leveraged systems stored/created/used
Implement assurance methods by which the efficacy of Identify and document custody of assets
security measures will be measured and communicated Determine approaches to address identified risks:
on an ongoing basis
Identify correct secure installation parameters, initial
conditions, and configurations
Implement disaster recovery and business continuity Assess and baseline current security-specific technologies (enhancement of existing
plans or modification objective)
Identify existing security services available for re-use Revisit assumptions regarding interconnecting systems beyond project control
Engineer mitigation measures addressing identified risks Identify and evaluate applicable recognized guidelines and standards
Evaluate tested and re-usable security software and security Identify methods to regulate consumption of resources
system resources Identify minimal privileges required for any entity to achieve a technical or business
Identify new code/resources/assets that are appropriate for re-use objectiv
Identify mitigating security measures, where justified by risk assessment
 Sales

250,000
200,000
150,000
100,000

Oct Nov Dec Jan