Enterprise Architecture Firm of the Year 2018

We are delighted to announce that, for the second year running, EAS has won top place in Corporate Live Wires’ Innovation & Excellence Awards.  Following on from receiving the award for Innovation in Enterprise Architecture 2017, this year we have been named as Enterprise Architecture Firm of the Year 2018 based on Essential and our consulting work around it.

The Innovation & Excellence Awards are judged by a panel of industry experts following nominations from the wider community.  The Essential Project, the world’s most popular open-source EA Tool, is now available as SaaS through Essential Cloud.  EAS, Essential’s founders, are all practising architects and we continue to extend and improve Essential by listening to our clients and our community and reacting to their needs.  We were first to exploit the connection between the information required for EA and GDPR and launch a GDPR support pack, bringing massive benefits to both the Compliance and EA Teams within an organisation.

We are continuing to develop Essential to support our customers and our community; look out for our innovative data capture and maintenance solution which will ease the burden of data management and revolutionise EA!

The EUs Gift to Enterprise Architects

Interesting article from John – ‘The EUs gift to Enterprise Architects‘ – discusses how EAs can make best use of the data that GDPR is forcing organisations to collect and keep updated, to increase credibility and value to the business.  Essential’s GDPR Monitoring pack uses this information to provide GDPR support, but also harnesses this data to allow analysis of more traditional EA fare, such as APM, Data Management and so on.  See a demo here, and our ‘5 Steps to Effective GDPR Monitoring‘ blog here.

 

Essential Version 6.1.1 Released

Essential v6.1.1 is now available from the downloads section of the website.

We’ve promoted some of the views that we’ve been trying out in the labs, including the NIST mapping and a couple of Business Capability to Technology views.  We’ve also enhanced some of the OOtB views, such as the Business Process Model, the Business Capability Model and the Technology Platform Model.  Meta Model extensions include a new class of ‘Business Process Family’ to make it easier to model and analyse standard and non-standard processes.

Full details of all the changes can be found in the release notes.

5 Steps to Effective GDPR Monitoring

Wherever you are on your GDPR journey, the 5 steps detailed below must be completed and can provide a useful checklist for progress.  This is based on several years’ experience we’ve had supporting the PII data requirements of global organisations.

  1. Assemble a Cross Business Team
    A successful GDPR initiative needs a number of different roles from across the Business and IT including, but not limited to, the following:
Role Purpose
Compliance The compliance team are responsible for defining the scope of the GDPR data for an organisation and also the allowed usages for GDPR data, i.e. defining the legal basis for use across the organisation. Compliance are also responsible for analysing the information returned and ensuring that remediation is put in place.
GDPR Coordinator The GDPR coordinator is responsible for ensuring that each business unit provides the detail of the data they process, the purpose and the applications used.  They should brief Business Units, coordinate and QA the information returned and manage queries.
Business Units The Business Units are responsible for providing the detail of the data they process, the purpose and the applications used for their business area, accurately and completely.
IT The IT teams are responsible for providing the detail of the applications and systems they are responsible for, accurately and completely.
Project Manager Create plan, coordinate resources, manage dates and deliverables and provide senior management reporting.
Analyst The analyst is responsible for analysing and modelling the data received from IT and the Business Units, for example, ensuring there are no duplicates, and providing this to compliance in a format that they can utilise to manage GDPR.
  1. Define the Data in Scope for GDPR and Define the Allowed Data Uses
    The data that is in scope for GDPR will vary from industry to industry, and organisation to organisation and each organisation must, therefore, define the data in scope for them. They must also define the data that is allowed to be used for each business purpose and whether or not consent is required.  We would recommend doing this before the fact-finding exercise as it provides a structure and minimises the possibility of duplication and data gaps.
  2. Get the Business Teams to Provide detailed GDPR Data
    The Business Teams will need to provide the data on their processes, purpose, data and applications used. Additionally, IT will need to provide information on the data held in databases, where the databases are stored and located and the security surrounding both the applications and the underlying technology.  There will need to be a standard means of capturing this detail to ensure consistency, so make sure the business have clarity on what they are doing – utilise your Data in Scope for this.  Once this data is provided, a central team should QA and analyse the data to ensure it provides an overall view of the business situation regarding GDPR.
  3. Gap Analysis and Action Plan
    A gap analysis and action plan should be created to work towards GDPR compliance. An ongoing process should be created to ensure this is an on-going exercise that continually demonstrates compliance.  Engage both the business and the IT teams in defining this process.
  4. Report to the Regulator
    The regulator will need to see evidence that you are on top of the new regulations; you will need to demonstrate that you have assessed your organisation against the new regulations, that you understand where you are compliant and that you have a plan in place to rectify any issues. They will also want you to demonstrate that you have a plan in place to manage GDPR as on-going commitment within your organisation, i.e. people, processes, technology, changes.

EAS have formed a partnership with UST Global and released the Essential GDPR pack, which enables organisations to understand their GDPR compliance adherence and risk from both a business and an IT perspective.  The objective of the tool is to demonstrate to both your CEO and the Regulator that the GDPR position is understood and under control; this is achieved through a series of interactive dashboards and detailed views that can be viewed online or printed out to suit the needs of both key stakeholders.

Our feedback indicates that whilst organisations have assembled teams and started data capture, many are proposing to manage GDPR compliance in a series of spreadsheets.  It is our experience that this is not sustainable; with such a large and constantly changing data set it is almost impossible to collect and structure the data in such a way as to answer all the regulators questions whilst keeping pace with change.  A GDPR tool with a comprehensive meta model, repository and adaptable viewer, allied to a very structured data capture process, makes this task achievable and, in fact, allows the data captured to be used to support other initiatives such as data management, application portfolio management and so on, enabling organisations to make use of the data that must be captured for GDPR.

EAS, in partnership with UST Global, can accelerate your GDPR initiative by bringing our combined experience and the Essential GDPR pack to:

  • Work with you to create a detailed plan to help you gear your organisation’s GDPR initiative for success, including the roles and responsibilities required across the business.
  • Work with your Compliance Team, or external organisations such as solicitors, to accelerate your initiative by providing quick starts based on our experience of the scope of GDPR data applicable to your organisation, and a business model that will aid understanding of allowed data usage.
  • Provide a set of pre-defined Questionnaires and Online Forms that direct the capture and analysis of the business and IT data required from your organisation.  Work with you to create a process to keep this data up to date.
  • UST Global, our partner, provides an automated data discovery tool that finds GDPR data in your databases and document stores, covering both structured and unstructured data such as PDFs. The results can be automatically loaded into Essential GDPR to supplement the manual data discovery carried out by business and IT teams to enable greater accuracy and accelerate the process.  The UST tool can also support the “Right to be Forgotten’ requirement, highlighting all the instances where a person exists across your organisation.
  • Essential GDPR provides powerful dashboards and visualisations to your GDPR data, allowing you to proactively manage your GDPR compliance and demonstrate to both your CEO and the Regulator that you are in control of your GDPR exposure, highlighting where you are compliant, where you have issues and where your risks lie.
  • Allow you to utilise the data that you have collected for GDPR to provide additional benefits across your organisation, such as identification of rationalisation opportunities, etc.

Find out more about the Essential GDPR pack or contact us.

 

EA Tools vs Modelling Tools

We’ve had a few questions recently about why Essential doesn’t provide a greater ability to draw pictures, which is part of the broader question regarding the difference between EA tools and Modelling tools.  Essential is primarily an EA tool and so is focused on supporting the objectives of CxOs and EAs/Chief Architects, with some support for Solution Architects; Diagram-driven, solution modelling tools, however, are focused on supporting Solution Architects in their design work, but do not provide visualisations that can support the key requirements of the EAs/Chief Architects or the CxO’s objectives.  Beyond an overall all systems wiring diagram to show complexity (and used for effect), it’s difficult to think of many more Visio-type diagrams you’d put in front of an CxO.

We’ve drawn up a slide that explains the objectives of the different roles and how Essential can support each, and we’ve also taken the opportunity to update the demo viewer to show the support for the different roles, so there is now a CxO portal, an EA portal and a Solution Architects portal*.

EA Tools vs Modelling Tools

We are aware that many organisations want a tool that supports all three roles and so we are working on the ability to import and export from Visio, which will extend Essential’s reach.  Added to this is Essential’s ability to support an organisation beyond the scope of just IT, for example with our GDPR or Strategic Resource Optimisation pack, and Essential provides an organisational support tool that is unique in its field.

Just one final point, we noted Mega’s press release on 3/10/2017, ‘MEGA is First EA Vendor with Unique GDPR Solution’.  That’s not strictly true, as the Essential GDPR Solution was launched on 28/7/2017!  And to be honest we’ve had clients using our PII solution, the foundation for GDPR, since 2013, something none of the other EA tools did.  If you want to see a proven GDPR tool, give us a call or drop us an e-mail.

*The Essential Viewer can be configured directly in Essential, so organisations can easily create and configure multiple portals to suit their needs.  Essential Cloud also gives the ability to control access to views, and even redact specific data in views, by role or individual.

 

Essential Cloud in General Availability

We are delighted to announce that Essential Cloud is now in General Availability

We’d like to thank all the clients that gave their feedback, allowing us to enhance Essential Cloud over the last six months.  We’ve updated the user interface, adding a journey history and improving collaboration capabilities through updated notifications, and we’ve extended the integration capabilities.  Importantly, we’ve had lots of positive feedback and no major issues, so we’re confident that Essential Cloud will prove to be as stable as Essential Open Source has been for the last eight years.

Find out more here

Essential GDPR Launched

Our GDPR pack is now ready for use.  Unique in the marketplace, it supports business questions such as ‘do I have a legal basis for using this data?’ and ‘have I captured the client’s consent?’ as well as technical access and security questions, such as ‘where is my data most at risk?’.  Most other tools are focused on one or other end of this spectrum.  High level dashboards show where the GDPR compliance issues exist, and drill down capabilities allow you to hone in on the exact process, application or technology that is the cause of the risk.

We have partnered with UST to, optionally, incorporate the use of their ground-breaking data discovery tool which can identify structured and unstructured GDPR data in databases and document stores across the organisation. This not only eases the burden of data capture but also provides an invaluable cross-check of information provided through more traditional means.

A sample of the dashboards are shown below, or you can read further information, access the GDPR demo viewer, or sign up  here.

Essential Labs

The team behind Essential are all practising architects and during our client engagements we are always having ideas on new views or improvements to existing views that can provide additional benefit.  We thought we’d make our labs available to our users so you can see what’s in development and make use of the updates immediately.

Often all (or if not all then most) of the data is already present in a repository, so these updates are really quick and easy to deploy and start using.  Feel free to download and use them with your own data if they look like they will help you.

Currently we have a new NIST compliance view, with a view loader, that enables you to monitor your NIST controls and assessments and some small updates to the Principles and Business Capability views.

The only thing we ask is that you tell us if you have suggestions for improvements or find any bugs.

GDPR – The One Year Countdown Starts Now – How to use Essential to support GDPR

I’m sure that most organisations will be very aware that the new GDPR regulations will apply from 25/5/2018 –one year to go.  I’m not sure, however, that most organisations are confident that they will have the processes and tools in place to ensure that they will be compliant from this date.

A recent survey by IASME Consortium found that, of the business that responded:

  • 6% felt that implementation of GDPR would take a year or more
  • 2% said they hadn’t considered allocating resource yet
  • 21% of businesses acknowledged that they understood what GDPR is

So, what solutions are out there to help you solve your GDPR problems?  From what we see, there are a number of tools in the marketplace that take a very IT security driven approach to GDPR, e.g. which applications/databases hold GDPR data, lock them down, control user access, etc., which is obviously important and a good place to start to avoid any initial ‘fires’.  But, this is a very bottom up approach to the problem.  The new regulations put an emphasis on the business understanding – why is the data being collected in the first place, are you getting consent, and so on – check out the excellent 12 steps document from the ICO at https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf for more information.    As a starting point then, organisations need to define the data they use that falls under GDPR, understand which processes collect and use this data, capture what the legal basis for use is, how consent was gained from the client and where this consent is stored.  So, whilst the tools focusing on the IT side of GDPR are absolutely crucial, they do not address these business requirements.

So how do I use Essential to support GDPR? 

Essential has the means to support these business requirements using the existing process definitions within the meta model, which are already linked to information, applications and legal obligations – which we use to capture the legal basis for use and consent.

The out of the box views cover a number of the questions you need to answer, and we are finalising a complete pack with a GDPR partner that will support organisations in understanding the situation from top to bottom in one tool:

From the business questions:

  • What personal data do you hold? ​
  • Where did it come from? ​
  • What is the legal basis for the data being held?​
  • How was consent received?​
  • Who do we share it with? ​
  • How long do we retain the data for?​

To the technical questions:

  • Where do you hold it?  ​
  • Where is my technology risk greatest?
  • How do we dispose of the data?​

For those not already embarked on the GDPR journey we would recommend starting to capture your processes now – whilst not rocket science this will take some time and produce a level of detail that will not be easily managed in a spreadsheet.  This initial step is crucial in meeting the 25/5/2018 deadline.

The Essential Project: An explanation for those new to Essential

Know Your Organisation, Make Informed Decisions

The strategic decisions any executive makes for their organisation defines how successful they are.  Get the decisions right and you are a hero, get them wrong and your credibility takes a hit, and in the worst case it costs you your job.  In the ideal world, we’d have perfect information and be able to make perfect decisions, however, in reality we don’t have that situation.  The challenge is how we can reduce the chances of making bad decisions by having access to better information, and this is where the Essential Project comes into play.

Essential is an ontology based tool with a structured meta-model that collates information about your organisation through facts and relationships between those facts, and then renders the output in visualisations.  For example, you can collate disparate information about your business capabilities, business processes, applications, and let Essential make sense of it and show you where you have inefficiencies.  As you begin to overlay more information you can get increased oversight of of your business, for example if we overlay databases, location and data classifications on top of the information in the first example, we can now understand our data privacy position.  Importantly, it’s all data driven, so you can push the data capture out to the people who know their portion of the organisation and let Essential join it all up – the support people know the servers, their locations and what applications run on them, the application teams know what databases their applications use, the business teams know their processes and which application they use, and so on.  We don’t rely on one person knowing the end to end, or having to join it all up.

For the architects, they can move away from data collation and now focus the majority of their time on the much more interesting job of identifying opportunities, inefficiencies, etc. and knowing that the basis for their recommendations is valid.  

For the executive, they now have access to the information that allows them to make those informed decisions, removing the element of guesswork that executives typically have to use when determining strategy.  Questions such as ‘What is the impact if I outsource this part of the business?’, ‘Where can I make savings if I acquire Company X?’, ‘Where do operational inefficiencies exist?’, ‘Am I compliant with regulatory needs?’, become answerable based on fact rather than assumption.  For the teams working on behalf of the executives, they have the tool and structures to allow them to deliver real value and gain the insight that their senior management are looking for from them.