Frameworks Adopted

ePatterns will adopt all client frameworks, both industry standard and locally developed. Our consultants understand the value we bring comes from contributing in your organisation’s languages.

Below are some of the key frameworks we have experience in –

Enterprise Architecture

Some of the frameworks that ePatterns particularly embraces are

Skills Framework For The Information Age (SFIA)

We use this framework to describe the skill levels of our consultants within the SFIA categories. Its topologies also inform the changing terminology for job roles, such as DevOps.

The Open Group Architectural Framework (TOGAF)

This Enterprise Architecture Framework informs the ePatterns approach to all enterprise architecture. All our consultants are educated in the TOGAF framework.

Information Technology Infrastructure Library (ITIL)

Our consultants have many years of experience working with ITIL in the operational environments of large corporations, particularly with IT Service Management (ITSM) and IT Asset Management (ITAM).

National Institute of Standards and Technology (NIST) Cybersecurity Framework

ePatterns considers this the most essential, widely accepted best practice standard for cyber security, mitigating cyber risks. It provides a valuable framework for data privacy and an overall cyber taxonomy.

IoTSI Framework

Internet of Things Security Institute (IoTSI) Framework for Smart Cities and Critical Infrastructure

This comprehensive set of facilitation guidelines and reference architecture for all supply chain participants provides the cyber and privacy principles from base delivery to completion. Our consultants use this to guide IoT cyber security delivery.

The IoTSI Enterprise Architecture Security Framework For IoT Blockchain Apps

This framework, co-authored by our consultants, provides an enterprise security framework to assess the cyber security risks posed by IoT blockchain apps.

Architecture Reference Models

U.S. Federal Reference Enterprise Architecture Framework (FEAF)

This reference model underpins and influences other reference models. It has found adoption worldwide.

Australian Government Architecture (AGA) Reference Models

These whole-of-government enterprise architecture sets of models, based on FEAF, provide a reference architecture within the states and federally in Australia.

Other Architectural Work Products

Zachman Ontology for Enterprise Architecture

This well-established ontology from Zachman/IBM has seen good service; legacy architecture documents are sometimes authored around this schema. Our consultants understand the Zachman framework.

COBIT Governance Focus Areas

COBIT has wide adoption. It is from ISACA, the folk behind the CMMI Institute. It has comprehensive, valuable resources and a particular focus on IT governance. Resources include IT Control Objectives for Sarbanes-Oxley, DevOps Audit Program, and Information and Technology Risk.

Gartner Enterprise Architecture Framework (GEAF) Process Delivery

Gartner is well known for providing market insights into products and services and has worked similarly for enterprise architecture (EA) frameworks and tools. Whereas other vendors publish a static framework of information, Gartner recognises EA as a process delivery and looks at how successful EA programs can be delivered within organisations.

The Gartner Enterprise Architecture (EA) Process Model represents the foundation on which Gartner EA research is described. This provides a visual basis for thinking about how successful EA programs are created and maintained. EA is a process discipline. Done well, it becomes an institutionalised part of how organisations make decisions to direct their investments so that the organisation’s strategy can be realised. The EA process bridges the gap that otherwise exists between business strategy and technology implementation. High-performing organisations are process-disciplined. In turn, every high-performing process must be defined and documented, have process owners and be closed-loop with governance in place. The Gartner EA Process Model has been synthesised from best-practice research to document the EA process as a high-level model.

Enterprise Architecture in a Box 2.0 is particularly useful in establishing a new EA practice at an organisation.

“Enterprise architecture (EA) is a discipline for proactively and holistically leading enterprise responses to disruptive forces by identifying and analysing the execution of change toward desired business vision and outcomes. EA delivers value by presenting business and IT leaders with signature-ready recommendations for adjusting policies and projects to achieve target business outcomes that capitalise on relevant business disruptions.” — Gartner.

Delivery Management Process

Again, understanding the value we bring comes from making our contribution in your organisation’s languages, ePatterns will adopt all client frameworks for delivery management, both industry standard and locally developed. Our consultants are experienced project managers and program managers of multi-million dollar programs.

ePatterns Establishing Your Practices

ePatterns experience in introducing and managing delivery processes within organisations has been highly regarded for decades. Choose ePatterns to introduce or renew your program management office, quality management office, risk management office or enterprise architecture management office. We are highly consultative and can tailor processes to your organisation’s needs.

Some delivery management frameworks we have used extensively.

Agile Methods

Our consultants are experienced in Agile project delivery and coaching agile. As a collection of methods, organisations adopt and tailor the methods to their needs, so the experience tends to differ for each client.

Our consultants are experts at business analysis using INVEST user stories.

Agile is very prevalent in our client industries. We find it is used as a delivery method alongside other processes adopted by the organisation. Correctly administered, its preference for direct communication over documentation assists in identifying issues early.

We have found the Scrum I-N-V-E-S-T criteria for business analysis particularly effective for authoring useful user stories.

PRINCE2 – Version 7

Our consultants are experienced in delivering programs to the Projects IN Controlled Environments (PRINCE2) methodology.

Project Management Professional (PMP)

Wherever required, we adopt the PMBOK processes for PM professionals.

Capability Maturity Model Integrated (CMMI)

This excellent framework for assessing the process maturity of an organisation was initially developed at the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) and is now maintained by its institute. Our consultants have been instrumental in establishing QA departments in global engineering companies based on this model. Its initial popularity was in software engineering of mission-critical products, but it can be used to improve any organisation’s process maturity.

The framework assesses the maturity of processes from (1) initial, (2) managed, (3) defined, (4) quantitively managed, to (5) optimised. A key point of maturity is (3) defined, where all processes have been written down and are accessible to everyone in the organisation. Once this has been established, higher maturity levels can be achieved.

It has been noted that CMMI is not compatible with some other processes, such as extreme programming (XP), which prefers spoken requirements to written ones. However, LeanCMMI has been successfully developed, combining agile methods with CMMI to achieve lower-level maturity ratings (2 or 3).

Risk Management

ePatterns consultants are experienced engineering risk managers at the project, program and enterprise levels. We deliver risk management, have established risk offices, and institutionalised risk management by training and coaching managers. We recognise the need to tailor risk categorisations at the start of projects and programs and continually monitor and manage risk throughout delivery.

ePatterns recognises multiple risk management frameworks and can choose and tailor frameworks to your requirements.

Risk Management frameworks that ePatterns particularly embraces are

Failure Mode and Effects Analysis (FMEA)

Design FMEA is more an engineering practice than a modern risk management organisational discipline, though it is a very valuable discipline in engineering product development. Its strength lies in analysing the effects of failures before they occur, particularly in a cross-functional context. This way, a product can be developed with known effects of failures, however unlikely their occurrence. This is particularly important in mission-critical systems.

Engineering Risk Analysis and Management (AS/NZS ISO 31000:2018)

This is a core engineering management discipline. It principally focuses on engineering failure and managing that risk. It forms the basis of ePatterns Consultants’ enterprise risk management.

NIST Risk Management Framework (RMF)

This RMF focuses on IT rather than engineering and prefers dedicated risk managers. It is qualitative and has a strong cybersecurity focus.

Open Group’s FAIR Body of Knowledge (O-RA 2.0.1)

The quantitative risk management framework from the Factor Analysis of Information Risk (FAIR™) Institute that The Open Group has adopted.

Risk is analysed and quantified in financial (dollar) terms. This is the leading methodology for quantifying information risk. It is best as a complement to qualitative methods.

The Open Group standards,

  1. O-RT, Risk Taxonomy Standard, and
  2. O-RA, Risk Analysis Standard,

fully embrace FAIR.  ePatterns Consultants have a high regard for this approach to risk management.

Other Risk Management Approaches

Standards such as the Information Technology Infrastructure Library (ITIL) help manage IT operations risk even though they may not explicitly reference risk. Without adopting ITIL, we could not imagine managing IT operations in a mission-critical environment.

Similarly, Control Objectives for Information and Related Technology (COBIT 5), from ISACA, the framework for IT management and governance, includes a set of generic processes for the management of IT, including risk management.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a comprehensive private-sector approach that has found good adoption.

Carnegie Mellon University’s Software Engineering Institute (SEI)

  1. Their Capability Maturity Model – Integrated (CMM-I) framework covers risk management (RSKM) as a key (project management) practice and provides excellent guidelines to manage the process of risk management.
  2. CERT’s Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) ALLEGRO is an excellent operational risk assessment method, particularly for those just getting started with risk management, say with a single practitioner new to risk management,
  3. CERT’s Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) FORTE is cybersecurity-aligned, scalable and easily used by large RM teams.

In the Australian Federal Government, the  Australian National Audit Office  (ANAO) has defined a comprehensive prescriptive Risk Management Policy and Framework with a collection of Risk Analysis tools.

Whichever risk approach you wish to adopt, ePatterns can help establish and institutionalise the discipline.