TL;DR
Compliance reviews and compliance assessments are governance mechanisms used to check whether architecture and implementation work conform to the approved architecture. In Phase G, they validate that implementation projects and work packages follow the Architecture Requirements Specification and target architecture.
Why compliance matters in Phase G
In Phase G: Implementation Governance, the Enterprise Architect’s focus shifts toward governing implementation.
Two important ways to perform that governance function are:
- Architecture Compliance Reviews
- Architecture Compliance Assessments
Together, they help confirm that the realized design and implementation are aligned with strategic objectives, architecture objectives, and the Architecture Vision.
They also make sure implementation learning is fed back into the architecture process.
Compliance assessment
The Architecture Compliance Assessment is a deliverable that governs architecture through project implementation.
It records whether the implementation is conforming to the approved architecture and whether the realized design still supports the intended business and architecture outcomes.
Typical content includes:
- project progress overview
- project status
- architecture status
- design status
- compliance findings
- architecture checklists
- recommendations or required actions
The main elements are architecture checklists.
Common checklist areas include:
- hardware and operating system
- software services and middleware
- applications
- information management
ADM usage
The Architecture Compliance Assessment is used in two ADM phases.
| ADM phase | Usage |
|---|---|
| Phase G: Implementation Governance | validates whether the Architecture Requirements Specification has been followed by implementation projects and their work packages |
| Phase H: Architecture Change Management | assesses realized value against stakeholder requirements and constraints, and records findings |
In Phase G, the emphasis is conformance during project execution.
In Phase H, the emphasis shifts toward realized value and architecture change management.
Compliance review
The Architecture Compliance Review is the process of validating compliance of the architecture and implementation projects.
It takes place at specific milestones in the architecture and implementation project lifecycle.
There are two common review contexts.
| Review context | Focus |
|---|---|
| Architecture development | review the architecture for ADM compliance |
| Project implementation | review the realized solution for architecture compliance |
During architecture development, the review checks whether the architecture work is following the ADM properly.
During implementation, the review checks whether the solution being delivered conforms to the approved architecture.
Review checkpoints
Compliance reviews happen at planned checkpoints.
During architecture development, reviews usually require that:
- business requirements are reasonably firm
- the enterprise architecture is reasonably firm
- the target architecture can be assessed meaningfully
During project implementation, reviews occur at specific checkpoints within project execution.
These checkpoints allow the Enterprise Architect to assess conformance before implementation drift becomes too expensive to correct.
Checklists
TOGAF structures compliance reviews with checklists.
The target architecture checklist supports compliance assessment during architecture development.
In this context:
- the Enterprise Architect assesses the target architecture
- stakeholders approve the target architecture
- a negative response leads to reworking the target architecture or cancelling the architecture project
The implementation and other change checklist supports governance during the implementation phase.
In this context, the Enterprise Architect acts as:
- an auditor, through compliance assessments
- an architect, through recommendations
Recommendations after assessment
Recommendations are based on an impact assessment.
The recommendation may be to:
- enforce compliance
- provide temporary relief
- change the target architecture
This is important because non-compliance is not always handled the same way.
Sometimes the project must be brought back into compliance. Sometimes temporary relief is justified. Sometimes the implementation reveals that the target architecture itself needs to change.
Assessment vs review
The terms are related but not identical.
| Concept | Meaning |
|---|---|
| Architecture Compliance Review | the governance process of reviewing architecture or implementation compliance |
| Architecture Compliance Assessment | the deliverable that records progress, status, checklist results, findings, and recommendations |
In simple terms, the review is the activity, and the assessment is the documented output.
Exam note
- Compliance reviews and assessments are key Phase G governance tools.
- The Architecture Compliance Assessment governs architecture through project implementation.
- It checks whether realized design and implementation align with strategic objectives, architecture objectives, and the Architecture Vision.
- It helps feed implementation learning back into the architecture process.
- In Phase G, it validates implementation against the Architecture Requirements Specification and work packages.
- In Phase H, it helps assess realized value against stakeholder requirements and constraints.
- The Architecture Compliance Review is the process of validating compliance.
- Reviews happen at specific milestones and checkpoints.
- During implementation, the Enterprise Architect acts as auditor through assessments and architect through recommendations.
- Possible recommendations include enforcing compliance, granting temporary relief, or changing the target architecture.