How Enterprise Architecture and Regulatory Compliance can create Mutual Success
Successful enterprise architecture (EA) initiatives usually share a key theme: they provide tangible business value. This success hinges on identifying opportunities where EA can contribute meaningfully to the business, especially in collaboration with other parts of the organisation in need of enterprise architecture insights for their change initiatives. If the necessary enterprise architecture information pre-exists, the EA team can utilise and enhance it. Conversely, if it doesn’t exist, then EA faces the chance to acquire this information and enrich the current enterprise architecture. (This remains true even if the EA team is not directly involved in the information gathering process).
GDPR as an Example
The European GDPR initiative from a few years ago was a great example. Considering GDPR’s focus on sensitive data management, including processing and storage, it necessitated a deep understanding of an organisation’s people, processes, systems and data. This involved addressing questions such as who was handling the data, what were the processes using that data, what were the applications used, and what were the storage locations of the impacted data. Typically, such information is either known to the EA team or is something they would seek to access for better decision-making.
GDPR presented an excellent chance for EA teams to collaborate closely with Legal and Compliance departments, to help them deliver but also to utilise the data captured – if you are hiring an army of Business Analysts to document for GDPR then let’s reuse that knowledge rather than drop it post-project. Proactive EA teams engaged early in the GDPR process with Legal, Compliance, and Change Management teams, aiding them in devising an effective GDPR implementation plan. These collaborations allowed them to gather valuable enterprise architecture information while helping the business meet a crucial regulatory requirement. The extensive data needs for GDPR compliance were a real opportunity for enlightened EA teams to boost their EA knowledge by piggy-backing on another project’s work.
What are the next opportunities to look out for?
GDPR was a real golden goose for EA, so how do we spot future ones? There are always new regulations and initiatives coming down the line and offering an opportunity for EA to work closely with teams within the organisation to deliver mutual benefit, i.e. solving an organisational problem whilst gathering EA information from the project team. The key to this is spotting these opportunities early enough so the EA team can take an active role in defining and scoping the change with the change management teams. ESG (Environmental, Social, and Governance) serves as a good example, particularly in light of upcoming regulations, such as those from the EU and California.
Is ESG the next Golden Goose for EAs?
ESG regulations will require Enterprise Architecture relevant data on key business aspects to deepen understanding of ESG factors. This includes:
- Analysing how business processes align with and support ESG goals.
- Identifying and refining processes to boost sustainability performance, such as pinpointing areas of inefficient resource use and waste.
- Gaining a comprehensive understanding of the supply chain, including identifying risks and assessing the ESG impacts of indirect suppliers, especially in cases involving intermediaries, where the suppliers are hidden from the end organisation.
- Understanding the extent of technology usage and its environmental impact, including factors like emissions.
These data sets are invaluable for enterprise architecture, not only to support ESG initiatives but also for other projects. In fact, if EA teams have already worked on GDPR and maintained that data, they are likely to possess a significant amount of the required information for ESG compliance as well.
Other Regulatory Examples
There are several areas of regulation that offer opportunities for EA to engage and benefit, a couple of examples are:
- Similar to California’s CCPA, several US states are bringing in stronger data protection laws – these will need similar data to GDPR
- SECs cybersecurity rules will require understanding of the impact of cyber threats on supply chains and enhancing organisational cyber maturity – understanding the supply chain and the interdependencies within the organisation. (If system X is hacked what critical processes and data are at risk, etc.)
Such scenarios provide EAs with opportunities to collaborate with the business in delivering tangible benefits and at the same time developing the architecture. Although these initiatives will proceed regardless of EA involvement, proactive EAs will seize these opportunities early. By participating in shaping the supporting projects, they can ensure efficient delivery and maximize the benefits derived from their enterprise architecture expertise.
To discuss how you can take advantage and create collective wins for your organisations, contact us here.