OGEA-103 TOGAF Enterprise Architecture Combined Part 1 and Part 2 Exam Questions and Answers

The Business Value Assessment Technique is a technique that can be used to estimate and compare the business value of the projects and project increments that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. The business value is the measure of the benefits or advantages that the project or project increment delivers to the business, such as increased revenue, reduced costs, improved quality, or enhanced customer satisfaction1

The steps for applying the Business Value Assessment Technique are:

Identify the criteria and factors that are relevant to the business value assessment, such as costs, benefits, risks, and opportunities. The criteria and factors should be aligned with the business goals and drivers that motivate the architecture work, and the stakeholder requirements and concerns that influence the architecture work.

Assign weights and scores to the criteria and factors, using various methods, such as expert judgment, historical data, or analytical models. The weights and scores should reflect the importance and performance of the criteria and factors, and the trade-offs and preferences of the stakeholders.

Calculate the business value for each project or project increment, using various techniques, such as net present value, return on investment, or balanced scorecard. The business value should indicate the expected or actual outcomes and impacts of the project or project increment on the business.

Prioritize the implementation projects and project increments, based on the business value and other considerations, such as dependencies, resources, or risks. The prioritization should determine the order or sequence of the projects and project increments, and the allocation and utilization of the resources.

Therefore, the best answer is C, because it describes the next steps for the migration planning, which are the activities that support the transition from the Baseline Architecture to the Target Architecture. The answer covers the Business Value Assessment Technique, which is relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 28: Business Value Assessment Technique : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

Architecture Partitioning is a technique supported by TOGAF to manage complexity and scale, especially in large enterprises.

Correct statements:

Statement 2 is correct: Partitioning enables parallel work by multiple teams on different parts of the architecture.

Statement 3 is correct: Partitioning supports architecture re-use by isolating common or shared components.

Why Statement 1 is incorrect:

TOGAF does not mandate a partitioning model. It supports and recommends partitioning where appropriate, but it is not a required element of the ADM.

============

Key aspects of the scenario:

Objective:

Integrating Artificial Intelligence (AI) into healthcare delivery, with a focus on improving patient care, enhancing workplace efficiency, and enabling seamless experiences.

Challenges:

Stakeholder concerns about risk management, adaptability to change, and ensuring alignment with regulations and policies.

Addressing the concerns of staff and top management about AI integration and achieving the desired goals.

CIO's Perspective:

Encouraging an agile approach to architecture development.

Addressing risks and ensuring stakeholder concerns are managed.

Areas for Evaluation:

AI usage by staff and impact on workflows.

Patient experience enhancement via AI.

New workplace platforms and tools powered by AI.

Option Analysis:

Option 1: Analysis of stakeholders and development of a Stakeholder Map

Pros:

Stakeholder analysis is critical for identifying concerns, viewpoints, and requirements.

TOGAF emphasizes stakeholder engagement early in the process to mitigate risks and align expectations.

Developing a Stakeholder Map ensures clear alignment with their interests and creates a foundation for regular feedback loops.

Cons:

Does not explicitly address the creation of architecture models or policies upfront.

Option 2: Creation of a Communications Plan

Pros:

A communications plan fosters effective stakeholder engagement by addressing their concerns and ensuring transparent reporting.

Risk mitigation as part of communication aligns with TOGAF’s stakeholder management practices.

Cons:

This focuses more on communication mechanics rather than advancing architectural development directly.

Option 3: Models for Draft Business, Data, Application, and Technology Architectures

Pros:

Aligns with the Architecture Development Method (ADM), ensuring compliance with requirements and regulations.

Helps formalize stakeholder feedback by verifying their concerns against tangible models.

Cons:

Developing detailed models early on may delay immediate resolution of stakeholder concerns and risk mitigation.

Option 4: Set of reusable business models for AI-related projects

Pros:

Standardized models ensure consistency and portability across the organization’s AI-related efforts.

Cons:

Too narrow in focus for the initial architecture development phase; does not address risk management or stakeholder concerns adequately.

Recommended Answer:

Option 1: You recommend that an analysis of the stakeholders is undertaken.

Reasoning:

The scenario highlights stakeholder concerns about risks, adaptability, and compliance. Addressing these concerns requires stakeholder analysis as the first step.

A Stakeholder Map aligns with TOGAF’s emphasis on stakeholder engagement, providing a structured way to manage their concerns and expectations.

Identifying concerns early and integrating feedback into the Architecture Vision document ensures alignment with goals and smooth progress.

Option 1 sets the foundation for collaboration and risk management, making it the best fit for the current phase.

In TOGAF, when an enterprise undergoes a significant strategic shift—particularly one initiated by executive leadership without a clearly defined scope, vision, or objectives—the correct starting point is always Phase A: Architecture Vision, and only after a formal Request for Architecture Work is created or updated. The scenario explicitly states that the CEO has approved a request for architecture change but has not defined scope, constraints, or direction. This aligns precisely with TOGAF guidance that Phase A must establish the high-level vision, stakeholder concerns, business drivers, and initial requirements before moving into the detailed architecture development phases (B, C, D).

Answer choice C reflects this: it requires producing a new Request for Architecture Work and developing a new Architecture Vision, which is the foundational step for any enterprise-wide transformational effort. TOGAF also requires application of the trade-off method to balance stakeholder needs in the Vision phase before detailed architectures are designed.

Choices A and D incorrectly assume architecture definition can begin without a clear approved vision. Choice B focuses solely on Technology Architecture, which contradicts TOGAF’s requirement that Business Architecture must lead the effort during major transformation.

Thus, the only answer compliant with TOGAF ADM is C.

The Chief Engineer is concerned that implementation across multiple plants and mixed teams (internal + contractors) may be inconsistent and of poor quality.

The question asks: How should Architecture Contracts be used to address this concern according to the TOGAF standard?

TOGAF states that an Architecture Contract must:

Define obligations of both architecture and implementation organizations

Specify metrics, measures, acceptance criteria, and success factors

Identify risks and mitigation

Support Architecture Governance through compliance reviews

Apply to BOTH internal teams and external suppliers (external contracts must be legally enforceable)

Option C is the only one that correctly reflects these TOGAF requirements.

✔ Why Option C is correct

1. Architecture Contracts must specify goals, measures, acceptance terms, and risks

TOGAF explicitly states that Architecture Contracts should include:

Statement of Architecture Work

Performance metrics and measures

Acceptance criteria

Risks and issues

Compliance and conformance requirements

Option C includes all of these.

2. Third-party contracts must be legally enforceable

True — TOGAF states that when external suppliers are involved, Architecture Contracts often take the form of legally binding contracts.

Option C:

“Third-party contracts must be legally enforceable.”

Correct.

3. Compliance reviews must be scheduled

TOGAF’s Architecture Governance Framework prescribes scheduled Architecture Compliance Reviews to ensure that implementation conforms to the Architecture Contract.

Option C:

“establish a schedule of compliance reviews at key points”

Correct — this directly addresses the Chief Engineer’s concern about consistency and quality.

4. Deviations must be reviewed by the Architecture Board and any dispensations should be time-bound

TOGAF allows dispensations but requires:

Formal review

Approval by the Architecture Board

Time-bound accommodations rather than permanent exceptions

Option C includes exactly this guidance.

In this scenario you are right at the start of an ADM cycle: a Request for Architecture Work has been approved to investigate AI, and there are strong stakeholder concerns and risk questions. According to the TOGAF standard, the correct place to start is Phase A: Architecture Vision, with a strong focus on stakeholder management and capturing their concerns and required views.

Option A is the only answer that correctly reflects this:

Stakeholder analysis & Stakeholder Map (Phase A core task)TOGAF explicitly states that in Phase A you must:

Identify stakeholders

Analyze and group them by common concerns

Use a Stakeholder Map to understand their influence, interest, and required engagement

Determine which views/viewpoints are needed to address their concerns in the architecture description coe.qualiware.com+1

Option A says:

“analysis of the stakeholders … define groups of stakeholders who have common concerns and include development of a Stakeholder Map. The concerns and relevant views should then be defined for each group and recorded in the Architecture Vision document.”

This is exactly how TOGAF describes stakeholder management and views in Phase A:

Stakeholder Map to classify and prioritize stakeholders

Concerns and required views captured and traced

These elements feeding into the Architecture Vision deliverable Visual Paradigm TOGAF+1

Concerns, views, and Architecture VisionTOGAF emphasizes that architecture views are constructed to address specific stakeholder concerns; you do not just build generic models. opengroup.org+1

Option A explicitly links concerns → views → Architecture Vision, which aligns with TOGAF guidance for early phases.

Capturing this in the Architecture Vision provides a high-level, shared understanding of what the AI initiative is trying to achieve and how stakeholder issues (e.g., responsible AI, risk processes, change in way of working) will be addressed.

Risk management and “architecting with agility”In the scenario, the CIO has encouraged architecting with agility. TOGAF is compatible with incremental and iterative development of the target architecture, especially when there is high uncertainty and risk. conexiam.com

Option A includes:

“a requirement that there be progressive development of the target architecture to ensure there is regular feedback.”

This “progressive development” and frequent feedback loop is exactly how you mitigate risk in an AI-heavy, change-sensitive initiative:

Frequent stakeholder feedback

Early validation of assumptions

Ability to adjust scope, constraints, and principles as risk and understanding evolve

This directly addresses management’s worry about the change in the way of working and whether risk management and responsible AI policies are adequate: these become explicit stakeholder concerns and requirements that are iteratively refined.

Why the other options are weaker / not TOGAF-aligned as a starting point

Option B

Focuses mainly on a Communications Plan and powerful stakeholders.

While TOGAF does expect a stakeholder communications plan, it is derived from a proper stakeholder analysis and Stakeholder Map, not a substitute for it.

It also treats risk as a “component of the architecture” rather than something to be addressed early through stakeholder concerns, principles, and iteration.

Option C

Jumps straight to a solution concept diagram and benefits diagram and defers risk evaluation to when the Architecture Roadmap is defined (Phase E).

In TOGAF, risk and stakeholder concerns must be addressed already in Phase A and refined throughout, not postponed to roadmap development.

Option D

Proposes creating draft Business, Data, Application, and Technology models and putting them into the Architecture Vision.

This is too detailed for the starting point: Phase A is about high-level vision, not full draft core architecture models (those belong in Phases B, C, D).

It also doesn’t emphasize Stakeholder Mapping and grouping by concerns, which is central to resolving the worries about way of working, risk, and responsible AI.

In summary, Option A is the best and TOGAF-consistent way to begin:

Start in Phase A: Architecture Vision

Perform stakeholder analysis and create a Stakeholder Map

Define stakeholder concerns and relevant views

Record them in the Architecture Vision

Add an explicit requirement for progressive (iterative) development of the target architecture for continuous feedback and risk mitigation

A Request for Architecture Work is a document that describes the scope, approach, and expected outcomes of an architecture project. A Request for Architecture Work is usually initiated by the sponsor or client of the architecture work, and approved by the Architecture Board, which is a governance body that oversees the architecture work and ensures compliance with the architecture principles, standards, and goals. A Request for Architecture Work triggers a new cycle of the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture12

An Architecture Vision is a high-level description of the desired outcomes and benefits of the proposed architecture. An Architecture Vision is the output of Phase A: Architecture Vision of the ADM cycle, which is the first phase of the architecture development. An Architecture Vision defines the scope and approach of the architecture work, and establishes the business goals and drivers that motivate the architecture work. An Architecture Vision also involves obtaining the approval and commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance process3

A trade-off analysis is a technique that can be used to evaluate and compare different architecture alternatives and select the most suitable one. A trade-off analysis involves identifying the criteria and factors that are relevant to the decision, such as costs, benefits, risks, and opportunities, and assessing the strengths and weaknesses of each alternative. A trade-off analysis also involves balancing and reconciling the multiple, often conflicting, requirements and concerns of the stakeholders, and ensuring alignment with the Architecture Vision and the Architecture Principles.

Therefore, the best answer is D, because it proposes the best approach for architecture development to realize the CEO’s change in direction for the company. The answer covers the Request for Architecture Work, the Architecture Vision, and the trade-off analysis techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 7: Request for Architecture Work 2: The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance 3: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis

According to the TOGAF standard, the Target Architecture is the description of a future state of the architecture being developed for an organization. It should be aligned with the Architecture Vision, Principles, and Requirements that have been agreed with the stakeholders. To address the incompatibilities between key stakeholder preferences, the TOGAF standard recommends creating and evaluating multiple alternative Target Architectures that meet different sets of criteria. These criteria should reflect the value preferences and priorities of the stakeholders, as well as the business drivers and objectives. The alternative Target Architectures should be illustrated using a set of architecture views that show the impact of each alternative on the business, data, application, and technology domains. The impact on planned projects should also be identified and analyzed. The strengths and weaknesses of each alternative should be understood and documented. A formal stakeholder review should then be conducted to decide which alternative is the most fit for purpose and should be moved forward with. The funding required for implementing the chosen alternative should also be determined and secured. References:

The TOGAF Standard, Version 9.2 - Phase B: Business Architecture - The Open Group

The TOGAF Standard, Version 9.2 - Phase C: Information Systems Architectures - The Open Group

[The TOGAF Standard, Version 9.2 - Phase D: Technology Architecture - The Open Group]

[The TOGAF Standard, Version 9.2 - Phase E: Opportunities and Solutions - The Open Group]

[The TOGAF Standard, Version 9.2 - Phase F: Migration Planning - The Open Group]

According to the TOGAF Standard, Version 9.2, an Architecture Contract is a joint agreement between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture1. It defines the scope, responsibilities, and governance of the architecturework, and ensures the alignment and compliance of the architecture with the business goals and objectives1.

In the scenario, the Lead Enterprise Architect has asked you to review the draft Architecture Contracts and recommend the best approach to address the Chief Engineer’s concern about the consistency and quality of the deployment of the new processes for the battery pack production at each location.

The best answer is C, because it follows the guidelines and best practices for defining and using Architecture Contracts as described in the TOGAF Standard, Version 9.22. It ensures that the contracts cover the essential aspects of the project objectives, effectiveness metrics, acceptance criteria, and risk management, and that they are legally enforceable for third-party contractors. It also recommends a schedule of compliance reviews at key points in the implementation process, and a mechanism for handling any deviations from the Architecture Contract, involving the Architecture Board and the possibility of granting a dispensation to allow the process to be customized for local needs.

The other options are not correct because they either23:

A. For changes requested by an internal team, you recommend a memorandum of understanding between the Architecture Board and the implementation organization. For contracts issued to third-party contractors, you recommend that it is a fully enforceable legal contract. You recommend that the Architecture Board reviews all deviations from the Architecture Contract and considers whether to grant a dispensation to allow the implementation organization to customize the process to meet their local needs.: This option does not address the need to review the contracts to ensure that they address the project objectives, effectiveness metrics, acceptance criteria, and risk management. It also does not recommend a schedule of compliance reviews at key points in the implementation process. Moreover, it suggests that a memorandum of understanding is sufficient for internal teams, which may not be legally binding or enforceable.

B. For changes undertaken by internal teams, you recommend a memorandum of understanding between the Architecture Board and the implementation organization. If a contract is issued to a contractor, you recommend that it is a fully enforceable legal contract. If a deviation from the Architecture Contract is found, you recommend that the Architecture Board grant a dispensation to allow the implementation organization to customize the process to meet their local needs.: This option has the same problems as option A, and also implies that the Architecture Board should always grant a dispensation for any deviation, which may not be appropriate or desirable in some cases.

D. You recommend that the Architecture Contracts be used to manage the architecture governance processes across the locations. You recommend deployment of monitoring tools to assess the performance of each completed battery pack at each location and develop change requirements if necessary. If a deviation from the contract is detected, the Architecture Board should allow the Architecture Contract to be modified meet the local needs. In such cases they should issue a new Request for Architecture Work.: This option does not address the need to review the contracts to ensure that they address the project objectives, effectiveness metrics,acceptance criteria, and risk management. It also does not recommend a schedule of compliance reviews at key points in the implementation process. Moreover, it suggests that the Architecture Board should always allow the Architecture Contract to be modified for any deviation, which may not be appropriate or desirable in some cases. It also implies that a new Request for Architecture Work should be issued for each deviation, which may not be necessary or feasible.

1: The TOGAF Standard, Version 9.2, Chapter 3: Definitions and Terminology, Section 3.1: Terms and Definitions

2: The TOGAF Standard, Version 9.2, Chapter 43: Architecture Contracts

3: The TOGAF Standard, Version 9.2, Chapter 44: Architecture Governance

In TOGAF, when customer needs are unclear or misaligned with the existing architectural direction, the correct approach is to return to the Business Architecture. The Business Architecture phase (ADM Phase B) is responsible for understanding stakeholders, customer segments, business processes, value streams, motivations, and expected outcomes. Since the scenario identifies low engagement, poor adoption, and missed revenue targets, the breakdown is not in technology or application capabilities—it is a business misalignment.

Option B correctly focuses on revisiting and refining the target Business Architecture, including identifying customer groups, their interests, costs to serve them, and expected revenue streams. This aligns with TOGAF guidance that Business Architecture must define value propositions and customer value streams before other architecture domains can be effectively adjusted. The use of value stream mapping is entirely appropriate within Business Architecture development, as it provides a structured way to analyze customer value and identify what changes are necessary to meet business goals.

Options A and D prematurely focus on application or baseline gap analysis, which would not resolve a fundamental misunderstanding of customer needs. Option C expands into a full ADM cycle, which is unnecessary at this stage because the primary issue is misalignment, not architectural completeness.

 According to the TOGAF template for Architecture Principles, the Rationale section should describe the relationship to other principles, as well as the business benefits and the intentions of adhering to the principle. The Rationale section should use business terminology and point to the similarity of information and technology principles to the principles governing business operations. The Rationale section should also explain how the principle supports the achievement of the business objectives and key architecture drivers. References:

Architecture Principles Template

The TOGAF Standard, Version 9.2 - Architecture Principles

The Open Group Exam OGEA-103 Topic 1 Question 4 Discussion

The purpose of the Preliminary Phase is to architect an Enterprise Architecture Capability that meets the needs and expectations of the enterprise’s stakeholders and supports and enables subsequent phases of architecture development and transition. This phase involves defining the scope, principles, framework, and governance for the Enterprise Architecture Capability. Reference: The TOGAF® Standard | The Open Group Website, Section 3.2 Preliminary Phase.

The best answer is C. You would hold a series of interviews at each of the manufacturing plants using the business scenarios technique. This will allow you to understand the systems and integrations with local partners. You would use stakeholder analysis to identify key players in the engagement, and to understand their concerns. You will then identify and document the key high-level stakeholder requirements for the architecture. You will then generate high level definitions of the baseline and target architectures.

This answer is based on the TOGAF standard, which recommends the following steps to initiate the architecture project1:

Establish the architecture project

Identify stakeholders, concerns, and business requirements

Confirm and elaborate business goals, business drivers, and constraints

Evaluate business capabilities

Assess readiness for business transformation

Define scope

Confirm and elaborate Architecture Principles, including business principles

Develop Architecture Vision

Define the Target Architecture value propositions and KPIs

Identify the business transformation risks and mitigation activities

Secure stakeholder and sponsor approval

The answer C covers most of these steps, by using the business scenarios technique to elicit and validate the business requirements, goals, drivers, and constraints, as well as the current and future states of the architecture2. The answer C also uses stakeholder analysis to identify and engage the key stakeholders, and to address their concerns and expectations3. The answer C also generates high level definitions of the baseline and target architectures, which can be used to develop the Architecture Vision and the value propositions4.

The other answers are not the best approach for architecture development, because:

Answer A focuses on researching vendor literature and conducting briefings with vendors, which is not the best way to understand the business needs and the current situation of the enterprise. Answer A also defines a preliminary Architecture Vision without involving the stakeholders or validating the requirements, which may lead to misalignment and lack of consensus.

Answer B conducts a pilot project that will enable vendors to demonstrate potential solutions, which is premature and costly at this stage of the architecture project. Answer B also does not address the stakeholder concerns or the current systems and integrations, which may result in gaps and risks. Answer B also develops the requirements after the pilot project, which may not reflect the actual business needs and goals.

Answer D develops baseline and target architectures for each of the manufacturing plants, which may not consider the enterprise-wide perspective and the potential benefits of a common ERP system. Answer D also does not involve the stakeholders or address their concerns, which may result in resistance and conflict. Answer D also does not define the business case or the performance metrics, which are essential for demonstrating the value and feasibility of the architecture.

1: The TOGAF Standard, Version 9.2 - Architecture Vision 2: The TOGAF Standard, Version 9.2 - Business Scenarios 3: [The TOGAF Standard, Version 9.2 - Stakeholder Management] 4: [The TOGAF Standard, Version 9.2 - Architecture Definition Document]

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The scenario highlights significant risks due to ransomware attacks and the need to strengthen the company’s Enterprise Architecture to improve data protection and resilience. TOGAF emphasizes the Architecture Compliance Review as a mechanism for ensuring the architecturemeets its objectives and addresses specific concerns such as security, resilience, and compliance with organizational goals.

The organization has already conducted a risk assessment but requires actionable steps to:

Address ransomware attack risks.

Increase the resilience of the Technology Architecture.

Ensure proper alignment with governance and compliance frameworks.

Option Analysis

Option A:

Strengths:

Highlights the need for up-to-date processes for managing changes in the Enterprise Architecture.

Recognizes the importance of governance through the Architecture Board and change management techniques.

Weaknesses:

The approach focuses solely on the Technology Architecture baseline but does not address the need for specific steps such as compliance review, gap analysis, or tailored resilience measures for ransomware risks.

It provides a broad and generic approach rather than a targeted plan for ransomware and data protection issues.

Conclusion: Incorrect. While it adheres to governance processes, it lacks specific actions to improve resilience and address the immediate security concerns.

Option B:

Strengths:

Proposes an Architecture Compliance Review, which is a core TOGAF process used to evaluate architecture implementation against defined objectives, ensuring it is fit for purpose.

Involves identifying stakeholders (departments) and tailoring checklists specific to ransomware resilience.

Emphasizes issue identification and resolution through structured review processes.

Weaknesses:

Does not explicitly address longer-term updates to the Enterprise Architecture, but this can be inferred as a next step following compliance recommendations.

Conclusion: Correct. This is the most suitable approach based on TOGAF principles, as it uses an established process to evaluate and improve the architecture's resilience.

Option C:

Strengths:

Includes monitoring for updates from suppliers to enhance detection and recovery capabilities, which is relevant to addressing ransomware risks.

Proposes a gap analysis to identify shortcomings in the current Enterprise Architecture and recommends addressing gaps through change requests.

Incorporates disaster recovery planning exercises, which are useful for testing resilience.

Weaknesses:

While thorough, the approach lacks the Architecture Compliance Review process, which is a more structured way to ensure the architecture meets resilience requirements.

Monitoring suppliers and running disaster recovery exercises are operational steps rather than strategic architectural improvements.

Conclusion: Incorrect. While it includes valid activities, it does not adhere to TOGAF’s structured approach for architecture assessment and compliance.

Option D:

Strengths:

Proposes analyzing business continuity requirements and assessing the architecture for gaps, which is relevant to the scenario.

Suggests initiating an ADM cycle to address gaps, which aligns with TOGAF principles.

Weaknesses:

Focusing on initiating a new ADM cycle may be premature, as the immediate priority is to evaluate the existing architecture and address specific resilience concerns.

Does not mention compliance review or tailored resilience measures for ransomware attacks, which are central to the scenario.

Conclusion: Incorrect. It proposes a broader approach that may not adequately address the immediate concerns highlighted by the CSO.

TOGAF References

Architecture Compliance Review: A structured process used to evaluate whether an architecture meets the stated goals, objectives, and requirements (TOGAF 9.2, Chapter 19). It is particularly useful for identifying and addressing resilience requirements in scenarios involving security risks.

Stakeholder Engagement: Identifying and involving stakeholders (e.g., departments) is a critical part of architecture governance and compliance review (TOGAF 9.2, Section 24.2).

Change Management: The Architecture Compliance Review supports identifying necessary changes, which are then managed through governance and change management processes (TOGAF 9.2, Section 21.6).

By choosing Option B, you align with TOGAF’s structured approach to compliance, resilience, and addressing security concerns.

The correct answer is C, as it aligns with the TOGAF ADM approach and best practices for organizing architecture work in a phased and structured manner.

Analysis of the Correct Answer (Option C):

Identifying Projects, Dependencies, and Synergies

The scenario describes a phased approach to vehicle development over five years.

Identifying dependencies ensures a logical and structured rollout of technology and business capabilities.

Developing High-Level Architecture Descriptions

Since Business Architecture is already defined, it is now time to develop high-level descriptions of Information Systems and Technology Architectures.

TOGAF emphasizes incremental and iterative refinement, meaning that starting with high-level descriptions is a logical first step.

Determining Workload and Resource Allocation

TOGAF ADM Phase B, C, and D involve creating architecture descriptions.

Understanding how much work is required ensures efficient resource planning and allocation.

Identifying Reference Architectures and Building Blocks

Using reference architectures and reusable architecture building blocks (ABBs) is a key best practice in TOGAF.

This enables efficiency and consistency in architecture development.

Evaluating Costs, Risks, and Feasibility

TOGAF emphasizes a risk-aware approach to enterprise architecture.

Documenting options, risks, and control measures ensures feasibility before execution.

Why Other Options Are Incorrect?

Option A: Initiating ADM Phase A Again

Incorrect because the scenario states that the Architecture Vision has already been completed.

Phase A is used for initial vision-setting, but at this point, the focus is on executing defined architectures.

Option B: Researching Data Companies for Target Architecture Development

Incorrect because the focus should be on defining internal architectures rather than external research.

While benchmarking best practices can be useful, it is not the primary activity at this stage.

Option D: Studying Other Companies and Performing Readiness Assessment

Incorrect because the focus should be on leveraging the organization's existing architecture and resources.

Solution provider readiness assessments are typically part of procurement, not enterprise architecture development.

In TOGAF, the process of breaking down an initiative into work packages must be grounded in a structured evaluation of gaps, solutions, dependencies, constraints, and implementation factors. Option B precisely follows this guidance. It begins by producing an Implementation Factor Catalog, which is a TOGAF artifact used to record business, technical, regulatory, organizational, and risk considerations that influence implementation. This is especially relevant in the scenario because clinical trials operate under strict regulatory controls, highly sensitive data, and complex coordination across multiple research sites.

Next, Option B calls for creating a gap matrix comparing baseline and target architectures across domains. For each gap, TOGAF requires classification of solution approaches: new development, purchased solution, or reuse of existing components. This aligns directly with the Solutions Continuum and the practice of forming Solution Building Blocks. Grouping similar activities into work packages is also textbook ADM practice, ensuring traceability from architecture gaps into actionable implementation components.

Furthermore, Option B incorporates dependencies analysis and restructures work packages into Capability Increments, which is the TOGAF-recommended method for incremental delivery and Transition Architectures. This matches the scenario's requirement for gradual rollout to minimize disruption to ongoing clinical trials.

Thus, Option B fully reflects the TOGAF standard for structured work package definition.

The scenario states that:

A strategic architecture and roadmap already exist.

Business Architecture is complete, so the work now shifts to Information Systems and Technology Architectures (ADM Phases B–D).

The CTO requires use of the purpose-based EA Capability model (from the TOGAF Series Guide: A Practitioner’s Approach to Developing Enterprise Architecture Following the TOGAF ADM).

The EA team has to plan, organize, and manage the next stage of architecture development, including re-use of existing hardware/software platform components, candidate solutions, feasibility, risks, and prioritization.

Under the purpose-based EA approach, when moving from strategy into defining the next layers of architecture, TOGAF emphasizes:

Using the superior (already-approved) architecture to guide the next ADM cycles– This corresponds to the strategic architecture that is already completed.

Analyzing project dependencies, overlaps, and sequencing

Defining high-level architecture descriptions for the next iteration

Identifying reference architectures and candidate building blocks (especially when reusing existing platform components)

Assessing feasibility, value, cost, and risk for each project

Preparing for stakeholder trade-offs before formalizing the roadmap

These tasks map directly to Option A.

Why Option A is correct

Option A includes exactly what the purpose-based EA approach prescribes at this stage:

“The superior architecture should be used to guide the approach.”✔ Correct — strategic architecture guides the work.

“Review the identified projects, dependencies, and potential overlaps, then decide the order…”✔ Correct — sequencing and dependency assessment are core early tasks in Phases B–D planning.

“Develop high-level architecture descriptions.”✔ Correct — Business Architecture is done; now high-level IS/Tech Architecture descriptions are needed.

“Identify reference architectures and candidate building blocks.”✔ Correct — aligns with TOGAF building-block approach, and specifically fits the scenario where existing platform components will be reused.

“Identify resource needs, considering cost and value.”✔ Correct — mandatory for feasibility and planning.

“Document options, risks, and ways to control them to enable feasibility analysis and trade-off with stakeholders.”✔ Correct — this matches ADM guidelines for preparing options and addressing complexity before deeper development.

This is precisely how TOGAF expects the architecture team to plan, organize, and manage an ADM cycle after strategy is set.

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The agency is initiating a strategic “AI-first” plan to transform processes using AI and improve efficiency while ensuring service improvements for citizens. Several stakeholder concerns have been raised, such as:

Job security for employees.

Skill development for adapting to new technologies.

Cybersecurity and resilience risks due to reliance on digital platforms.

TOGAF emphasizes the importance of stakeholder management, communication, and risk management to ensure successful adoption and implementation of new architecture. These concerns need to be addressed methodically by gathering requirements, analyzing stakeholder positions, and ensuring proper communication of risks and benefits.

Option Analysis

Option A:

Strengths:

Proposes creating an Organization Map to identify the links between different parts of the agency and the impact of the strategic change.

Suggests holding stakeholder meetings to address concerns.

Includes managing risks as part of Security Architecture development.

Weaknesses:

Focusing solely on creating business models and teaching stakeholders how to interpret them does not directly address cultural and positional concerns about job loss, skill development, and security.

Risk management is addressed as part of Security Architecture development but lacks broader integration into stakeholder requirements.

Conclusion: Incorrect, as it fails to systematically document stakeholder concerns and map them into requirements and architecture decisions.

Option B:

Strengths:

Highlights the importance of formal stakeholder identification and creating a Communication Plan.

Suggests addressing stakeholder concerns through communication and risk management.

Weaknesses:

Does not go into detail on analyzing stakeholder concerns, cultural positions, or specific requirements.

Lacks the inclusion of stakeholder feedback in architecture artifacts like the Architecture Vision or Requirements Specification, which are critical TOGAF outputs.

Conclusion: Incorrect, as it does not include a systematic and structured approach for stakeholder analysis and integration into architecture deliverables.

Option C:

Strengths:

Emphasizes conducting a thorough stakeholder analysis to document concerns, positions, and cultural factors, which aligns with TOGAF’s approach in Phase A (Architecture Vision).

Ensures stakeholder views and requirements are recorded in the Architecture Vision document and reflected in the Architecture Requirements Specification.

Includes continuous assessment and feedback, ensuring concerns are addressed and risks managed effectively.

Aligns with TOGAF's principle of involving stakeholders in architecture development to ensure alignment and success.

Weaknesses:

Could further detail how risk management is included across all phases, but this is implied through integration into the Architecture Requirements Specification.

Conclusion: Correct, as it provides a structured and detailed approach for addressing stakeholder concerns and managing risks within TOGAF’s framework.

Option D:

Strengths:

Suggests categorizing stakeholders into groups and creating models for each category.

Proposes arranging meetings to verify that concerns have been addressed.

Includes risk management as part of the process.

Weaknesses:

Dividing stakeholders into generic categories (e.g., corporate functions, project team) may not adequately capture specific cultural factors and concerns raised in the scenario.

Lacks integration of stakeholder feedback into architecture deliverables such as the Architecture Vision and Architecture Requirements Specification.

Conclusion: Incorrect, as it provides a generalized and less targeted approach to stakeholder concerns compared to Option C.

TOGAF References

Stakeholder Management (Phase A): TOGAF emphasizes analyzing stakeholders’ positions, concerns, and issues to shape architecture development and communication (TOGAF 9.2, Section 24.2).

Architecture Vision: Captures high-level requirements and stakeholder views to ensure alignment with business goals (TOGAF 9.2, Section 6.2).

Architecture Requirements Specification: Records detailed requirements, including those related to risk management, to guide the development of target architectures (TOGAF 9.2, Section 35.5).

Iterative Feedback: Regular assessments and feedback loops are critical to ensure stakeholder concerns are addressed effectively throughout the ADM cycle.

By selecting Option C, the approach adheres to TOGAF's principles of stakeholder analysis, communication, and integration of concerns into architecture development.

This question asks:

What needs to be done to make sure the company succeeds with the transformation and how should risks be managed?

The scenario involves:

Large-scale business transformation

Integration of acquired companies

Significant organizational change

Need to assess risk, readiness, and obstacles

This strongly aligns with TOGAF’s Business Transformation Readiness Assessment and Risk Management guidance (primarily in the Preliminary Phase, Phase A, and Phase F).

✅ Why Option D Is Correct

✔ Matches TOGAF’s Business Transformation Readiness Assessment

TOGAF explicitly states that before undertaking major business change, the architecture team must assess:

Readiness factors

Obstacles

Risks

Degree of organizational preparedness

Option D describes exactly this process:

“identify obstacles that could hinder the project … determine the readiness level … understand urgency, readiness, and degree of difficulty … evaluate initial risks and areas needing attention.”

That wording maps directly to the TOGAF Readiness Assessment steps, including:

Readiness Factor Evaluation

Risk Identification

Mitigation Strategy Development

✔ Addresses Success Factors of Transformation

TOGAF emphasizes that large transformations succeed when:

Readiness factors are understood

Organizational obstacles are identified early

Appropriate preparation is made for people, processes, and systems

Option D describes these success actions.

❌ Why the Other Options Are Incorrect

A – Implementation Factor Catalog

The catalog helps consider implementation constraints, but it is not the primary mechanism for evaluating overall transformation readiness.

It is more relevant later (Phase F), not at the strategic transformation level described in the scenario.

B – Business Scenarios

Business Scenarios help define requirements and validate the architecture.

They do NOT cover readiness assessment, organizational preparedness, or comprehensive transformation risk management.

Too narrow for the scale of change described.

C – Develop Business Architecture Views + Maturity Model

While views can expose stakeholder concerns, TOGAF does not prescribe evaluating transformation readiness via a “maturity model” in this context.

This is partially correct but not the TOGAFaligned method for ensuring change success.

???? Relevant TOGAF Sources

TOGAF 9.2 — Business Transformation Readiness Assessment

Includes evaluation of:

Organizational readiness

Barriers and obstacles

Culture and motivation

Dependencies and risks

Readiness factors scoring

TOGAF ADM Guidance

Readiness assessment is required when conducting large-scale transformation.

Helps ensure risks are identified, understood, and mitigated.

In the context of the TOGAF standard, stakeholder management and addressing stakeholder concerns are critical components, especially for high-impact initiatives like adopting an AI-first approach. Here’s why the selected answer aligns best with TOGAF principles and the scenario:

Stakeholder Analysis and Engagement:Conducting a stakeholder analysis is essential as it helps identify and document the concerns, issues, and cultural factors influencing each stakeholder group. This aligns with TOGAF’s emphasis on understanding and managing stakeholder concerns, particularly in the Preliminary and Architecture Vision phases of the ADM (Architecture Development Method). Since the scenario highlights diverse concerns about AI, understanding each group's unique perspective will help the EA team tailor the architecture to address these effectively.

Architecture Vision Document:By documenting these concerns in the Architecture Vision document, the EA team can provide a clear, high-level representation of how AI will be adopted, its benefits, and how it addresses specific stakeholder concerns. This is critical for communicating the intent and value of the AI-first approach in a way that aligns with the agency's strategic goals, including addressing apprehensions about job security, skill development, and cyber resilience.

Risk Management and Architecture Requirements Specification:TOGAF highlights the importance of identifying and managing risks early in the process. By documenting the requirements related to risk in the Architecture Requirements Specification, the EA team ensures that these concerns are formally integrated into the architecture and addressed throughout the ADM phases. Regular assessments and feedback loops will provide a mechanism for continual risk monitoring and adjustment as the AI-first initiative progresses.

Alignment with TOGAF’s ADM Phases:The approach specified aligns with TOGAF’s guidance on managing risk and stakeholder concerns during the early ADM phases, specifically Architecture Vision and Requirements Management. In these phases, the framework emphasizes identifying and addressing risks associated with stakeholders' concerns to build a resilient and widely accepted architecture.

Reference to TOGAF Stakeholder Management Techniques:TOGAF’s stakeholder management techniques underscore the importance of understanding and addressing stakeholder needs as a foundational step. This involves assessing the influence and interest of various stakeholders and integrating their views into architectural development, ensuring that the architecture aligns with both business goals and operational realities.

In conclusion, by conducting a thorough stakeholder analysis and documenting concerns in both the Architecture Vision and Architecture Requirements Specification, the EA team can ensure that stakeholder concerns are addressed, that the architecture supports AI adoption effectively, and that potential risks are managed proactively. This approach will foster acceptance among stakeholders and ensure that the architecture aligns with the agency’s strategic goals and risk management requirements as recommended by TOGAF.

A content metamodel is a formal structure that defines the types of entities and relationships that are used to capture, store, filter, query, and represent architectural information in a way that supports consistency, completeness, and traceability12.

A stakeholder map is a tool that identifies and analyzes the key stakeholders and their interests, influence, and expectations in relation to the architecture3. It is not used to structure architectural information, but rather to understand the stakeholder needs and concerns.

An architecture framework is a set of principles, guidelines, standards, and tools that provide a common structure and methodology for developing architectures4. It is not used to structure architectural information, but rather to guide the architecture development process and ensure alignment with the business strategy and objectives.

An EA library is a repository that stores and manages the architecture artifacts, deliverables, and other relevant information produced and consumed during the architecture development and governance. It is not used to structure architectural information, but rather to provide access, security, and version control for the architecture content.

 1: The TOGAF Standard, Version 9.2 - Content Metamodel 2: TOGAF 9.2 Content Metamodel Framework - A Quick Guide - KnowledgeHut 3: The TOGAF Standard, Version 9.2 - Stakeholder Management 4: The TOGAF Standard, Version 9.2 - Architecture Framework : The TOGAF Standard, Version 9.2 - Architecture Repository

The class of information known as the Reference Library within the Architecture Repository contains guidelines and templates used to create new architectures. The Reference Library provides a set of resources that can be leveraged or customized for specific architecture development purposes. It includes generic building blocks, patterns, models, standards,frameworks, methods, techniques, best practices, etc. Reference: The TOGAF® Standard | The Open Group Website, Section 2.4 Architecture Repository.

The objective of the ADM Implementation Governance Phase is to provide an architectural oversight of the implementation and to ensure conformance for the target architecture. This phase involves establishing procedures and processes to monitor and control the implementation projects and to verify that they comply with the defined architecture. Reference: The TOGAF® Standard | The Open Group Website, Section 3.2.7 Phase G: Implementation Governance.

The ability to develop, use, and sustain the architecture of a particular enterprise using architecture to govern change is an EA Capability. An EA Capability is a set of skills, processes, roles, responsibilities, tools, and techniques that enable an enterprise to successfully develop and maintain its Enterprise Architecture and achieve its desired outcomes. An EA Capability is part of an enterprise’s overall capability portfolio and should be aligned with its strategy and objectives. Reference: The TOGAF® Standard | The Open Group Website, Section 3.2 Preliminary Phase.

The planning horizon, depth, and breadth of an Architecture Project, along with the contents of the EA Repository, are typically framed by Strategy, Portfolio, Segment, and End-to-end Target Architecture. The 'Segment' refers to a part of the organization, typically addressed in a Segment Architecture, while 'End-to-end Target Architecture' encompasses the complete view of the planned architecture across the entire organization.

Business scenarios are a technique for capturing, clarifying, and communicating the functional and non-functional requirements of a system. Business scenarios describe the business environment, the actors involved, the desired outcomes, and the processes or rules that govern the behavior of the system. Business scenarios are useful for ensuring that the architecture addresses the real needs and concerns of the stakeholders, and for validating and testing the architecture against expected situations. Business scenarios are developed in Phase A: Architecture Vision of the ADM cycle, and refined and updated throughout the other phases3 References: 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 26: Business Scenarios : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision

 In Phase E of the ADM cycle, building block gaps become associated with work packages that will address the gaps. This phase involves creating an Implementation and Migration Plan that defines a set of work packages and Transition Architectures that will deliver the Target Architecture. Reference: The TOGAF® Standard | The Open Group Website, Section 3.2.5 Phase E: OpportunitiesandSolutions.

The Preliminary Phase is the preparatory phase of the Architecture Development Method (ADM) cycle, which sets the context and direction for the architecture work. One of the objectives of this phase is to select and implement tools to support the Architecture Capability, which is the ability of an organization to perform enterprise architecture effectively and efficiently. Tools can include software applications, methods, techniques, standards, and frameworks that assist the architecture development and governance processes. The selection and implementation of tools should be based on the requirements and constraints of the organization, and the alignment with the Architecture Principles and the Architecture Vision3 References: 3: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 6: Preliminary Phase : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 45: Establishing and Maintaining an Enterprise Architecture Capability : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 46: Tools for Architecture Development

Strategy Portfolio Project Solution Delivery are the four purposes that typically frame the planning horizon, depth and breadth of an Architecture Project, and the contents of the EA Repository. They correspond to different levels of abstraction and granularity in the architecture development process. Reference: The TOGAF® Standard, Version 9.2 - The Open Group, Section 2.4 Architecture Repository.

Risk Management is the process of identifying, assessing, and responding to risks that may affect the achievement of the enterprise’s objectives. Risk Management involves balancing positive and negative outcomes resulting from the realization of either opportunities or threats. Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.3 Risk Management.

Architecture governance is the practice of ensuring compliance with the enterprise architecture and its principles, standards, and goals. Architecture governance provides the means to establish, monitor, and control the architecture development and implementation processes, and to resolve any issues or conflicts that may arise. Architecture governance also ensures that all stakeholders are represented and involved in the decision-making process, and that their interests and concerns are balanced and aligned. Statements 1 and 2 highlight the value and necessity for architecture governance to be adopted within organizations, as they emphasize the importance of responsibility, accountability, fairness, and transparency in the architectural activities. Statements 3 and 4 are more related to the benefits and outcomes of having a good enterprise architecture, rather than the governance aspect.

The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 29: Architecture Governance

•Phase A: Architecture Vision

oDevelop a high-level aspirational vision of the capabilities and business value to be delivered as a result of the proposed Enterprise Architecture

oDefine the scope and boundaries of the architecture engagement

oIdentify the key stakeholders and their concerns and expectations

oDefine the Architecture Vision statement and the Architecture Definition Document

oObtain approval and commitment from the sponsors and stakeholders

•Phase B: Business Architecture

oDevelop the Target Business Architecture that describes how the enterprise needs to operate to achieve the business goals

oDefine the Baseline Business Architecture, if not available

oPerform a gap analysis between the Baseline and Target Business Architectures

oDefine candidate roadmap components for the Business Architecture

oResolve impacts across the Architecture Landscape

•Phase C: Information Systems Architecture

oDevelop the Target Data Architecture that enables the Business Architecture and the Architecture Vision

oDevelop the Target Application Architecture that supports the Business Architecture and the Architecture Vision

oDefine the Baseline Data and Application Architectures, if not available

oPerform a gap analysis between the Baseline and Target Data and Application Architectures

oDefine candidate roadmap components for the Information Systems Architecture

oResolve impacts across the Architecture Landscape

•Phase D: Technology Architecture

oDevelop the Target Technology Architecture that enables the Information Systems Architecture and the Architecture Vision

oDefine the Baseline Technology Architecture, if not available

oPerform a gap analysis between the Baseline and Target Technology Architectures

oIdentify candidate Architecture Roadmap components based upon gaps between the Baseline and Target Technology Architectures

oResolve impacts across the Architecture Landscape

Therefore, the correct matching of the objectives and the phases is:

•1C: Develop the Target Data Architecture that enables the Business Architecture and the Architecture Vision

•2B: Develop the Target Business Architecture that describes how the enterprise needs to operate to achieve the business goals

•3A: Develop a high-level aspirational vision of the capabilities and business value to be delivered as a result of the proposed Enterprise Architecture

•4D: Identify candidate Architecture Roadmap components based upon gaps between the Baseline and Target Technology Architectures

The Enterprise Continuum provides a classification mechanism for artifacts, showing how they evolve from generic Foundation Architectures and Reference Models to organization-specific architectures.

Option A is about tools, not the Continuum.

Option B describes the Architecture Principles.

Option C describes the Architecture Repository.

The purpose of the Architecture Roadmap is to provide a high-level view of how the Baseline Architecture will transition to the Target Architecture over time. It lists work packages on a timeline showing progress towards the Target Architecture, as well as dependencies, risks, and benefits. The Architecture Roadmap forms part of the Implementation and Migration Plan and guides the execution of the architecture projects. References: https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap20.html

Based on the web search results, architecture partitioning is a technique that divides the Enterprise Architecture into smaller and manageable segments or groups, based on various classification criteria, such as subject matter, time, maturity, volatility, etc.12 Architecture partitioning is used to simplify the development and management of the Enterprise Architecture, by reducing complexity, improving governance, enhancing reusability, and increasing alignment and agility12. Therefore, the statement that partitions are used to simplify the management of the Enterprise Architecture is correct.

The other statements are incorrect because:

•Partitions are not equivalent to architecture levels. Architecture levels are different layers of abstraction that describe the Enterprise Architecture from different perspectives, such as strategic, segment, and capability3. Partitions are subsets of architectures that are defined within or across the levels, based on specific criteria1.

•Partitions do not necessarily reflect the organization’s structure. The organization’s structure is one possible criterion for partitioning the architecture, but it is not the only one. Other criteria, such as business function, product, service, geography, etc., can also be used to partition the architecture12.

•Partitions are not defined and assigned to agile Enterprise Architecture teams. Agile Enterprise Architecture is an approach that applies agile principles and practices to the architecture work, such as iterative development, frequent feedback, adaptive planning, and continuous delivery4. Partitions are not a specific feature of agile Enterprise Architecture, but a general technique that can be applied to any architecture method or framework, including TOGAF12.

EA applies architecture principles and practices to analyze, design, plan, and implement enterprise analysis that supports digital transformation, IT growth, and the modernization of IT2. EA also helps organizations improve the efficiency, timeliness, and reliability of business information, as well as the alignment, agility, and adaptability of the architecture to the changing needs and requirements3. Therefore, the best summary of the purpose of EA is to guide effective change.

The Implications section describes the impact of adhering to the principle on the organization, the processes, the information systems, and the technology23. It also identifies the changes, costs, and risks that may result from applying the principle23. The Implications section helps to communicate the benefits and consequences of the principle to the stakeholders and to guide the implementation and governance of the architecture23.

The other sections of the TOGAF template for Architecture Principles are1:

•Name: This section provides a short and memorable name for the principle that represents its essence and purpose23. The name should not mention any specific technology or solution23.

•Statement: This section provides a concise and formal definition of the principle that expresses the fundamental rule or constraint that the principle imposes23. The statement should be clear, unambiguous, and testable23.

•Rationale: This section provides the reasoning and justification for the principle, explaining why it is important and how it supports the business goals and drivers23. The rationale should also link the principle to the higher-level enterprise or IT principles that it elaborates on23.

This statement best describes iteration and the ADM. The ADM is iterative over the whole process between phases and within phases because it allows for feedback loops and refinements at any point in the architecture development and transition process. Iteration enables architects to address changing requirements, assumptions, constraints, and environments; to validate and improve architectures; to manage risks and issues; and to ensure stakeholder satisfaction and value realization. Reference: The TOGAF® Standard | The Open Group Website, Section 3.1 Introduction to the ADM.

Risk management is a generic technique that can be applied across all phases of the Architecture Development Method (ADM), as well as in the Preliminary Phase and the Requirements Management Phase2. Risk management involves the following steps1:

•Risk identification: This step involves identifying the potential risks that may affect the architecture project, such as technical, business, organizational, environmental, or legal risks. The risks can be identified through various sources, such as stakeholder interviews, workshops, surveys, checklists, historical data, or expert judgment.

•Risk classification: This step involves categorizing the risks based on their nature, source, impact, and priority. The risks can be classified according to different criteria, such as time, cost, scope, quality, security, or compliance. The classification helps in prioritizing the risks and allocating resources and efforts to address them effectively.

•Initial risk assessment: This step involves assessing the likelihood and impact of each risk, and determining the initial level of risk. The likelihood is the probability of the risk occurring, and the impact is the severity of the consequences if the risk occurs. The initial level of risk is the product of the likelihood and impact, and it indicates the urgency and importance of the risk. The initial risk assessment helps in identifying the most critical risks that need immediate attention and mitigation.

The TOGAF standard divides Enterprise Architecture into four primary architecture domains: business, data, application, and technology. These domains represent different aspects of an enterprise and how they relate to each other. The business domain defines the business strategy, governance, organization, and key business processes. The data domain describes the structure of the logical and physical data assets and data management resources. The application domain provides a blueprint for the individual applications to be deployed, their interactions, and their relationships to the core business processes. The technology domain describes the logical software and hardware capabilities that are required to support the deployment of business, data, and application services. Other domains, such as motivation, security, or governance, may span across these four primary domains. References:

The TOGAF Standard, Version 9.2 - Core Concepts

Domains - The Open Group

TOGAF® Standard — Introduction - Definitions - The Open Group

The TOGAF Standard, Version 9.2 - Definitions - The Open Group

TOGAF and the history of enterprise architecture | Enable Architect

According to the TOGAF Standard, 10th Edition, architecture governance is “the practice by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level” 1. Architecture governance ensures that the architecture development and implementation are aligned with the strategic objectives, principles, standards, and requirements of the enterprise, and that they deliver the expected value and outcomes. Architecture governance also involves establishing and maintaining the architecture framework, repository, board, contracts, and compliance reviews 1. The other options are not correct, as they are not the term used by the TOGAF Standard to describe the practice by which the enterprise architecture is managed and controlled at an enterprise-wide level. Corporate governance is “the system by which an organization is directed and controlled” 2, and it covers aspects such as leadership, strategy, performance, accountability, and ethics. IT governance is “the system by which the current and future use of IT is directed and controlled” 2, and it covers aspects such as IT strategy, policies, standards, and services. Technology governance is “the system by which the technology decisions and investments are directed and controlled” 3, and it covers aspects such as technology selection, acquisition, deployment, and maintenance. References: 1: TOGAF Standard, 10th Edition, Part VI: Architecture Governance, Chapter 44: Introduction. 2: TOGAF Standard, 10th Edition, Part I: Introduction, Chapter 3: Definitions. 3: TOGAF Series Guide: Using the TOGAF Framework to Define and Govern Service-Oriented Architectures, Part II: Using the TOGAF Framework to Define and Govern Service-Oriented Architectures, Chapter 5: Technology Governance.

Comprehensive and Detailed Explanation

In the TOGAF ADM, deliverables go through a lifecycle of development, review, approval, and usage. TOGAF distinguishes between draft deliverables (work-in-progress) and final deliverables (those that have been formally reviewed and signed off).

Draft deliverables are produced as working versions of the required outputs in each ADM phase. These may carry version labels such as 0.1, 0.5, 0.9, etc., and are subject to stakeholder review and refinement.

Once the document has been reviewed and approved by the relevant stakeholders (e.g., Architecture Board, governance bodies), it becomes a final deliverable.

Final deliverables are baseline-controlled items and are formally stored in the Architecture Repository as an approved architecture artifact.

Thus, the correct term for a deliverable that has completed review and is approved is “final”.

Why the other options are incorrect

B. Approved: While true in general language, TOGAF uses the formal term “final deliverable”, not “approved deliverable.”

C. Ratified: This term is not used in TOGAF to describe the state of a deliverable.

D. Version 0.9: This is a draft numbering convention, not the status of an approved deliverable.

References

The Open Group, TOGAF® Standard, Version 9.2, Part II: ADM — description of deliverables, artifacts, and building blocks.

The Open Group, TOGAF® 9 Certified Study Guide — explanation of draft vs. final deliverables in the ADM lifecycle.

In TOGAF, when defining an architecture principle, one part of the standard template is the “Statement.” The purpose of the Statement is to convey clearly and unambiguously the principle itself — not its rationale, implications, or how to apply it. The Statement should be phrased such that stakeholders can read it and immediately understand the core rule or guiding intent. It is not intended to describe the implementation or benefits or constraints, nor to be a mnemonic. Thus the Statement must clearly communicate the fundamental rule. The rationale, implications, and further explanation belong in other parts of the principle documentation, not in the Statement. This division helps maintain clarity, separation of concerns, and consistency in how principles are documented and governed.

Option A best aligns with TOGAF Phase A: Architecture Vision, which is the starting phase for an architecture development cycle in TOGAF. This phase sets the foundation for the architecture engagement and ensures alignment with stakeholders and their concerns, especially when evaluating a major transformation like moving to a cloud-based planning and scheduling system.

???? Key TOGAF Concepts Supporting Option A:

1. Phase A: Architecture Vision Objectives

Establish the high-level scope, constraints, and expectations.

Identify stakeholders and define their concerns and business requirements.

Create the Architecture Vision, which includes:

Summary-level Baseline and Target Architecture views (business, data, application, and technology).

Initial requirements and key concerns.

Stakeholder buy-in and approval for moving forward.

2. Engagement with Stakeholders

In this case, the plant managers and local supply chain partners have concerns regarding safety and dependability.

TOGAF emphasizes early engagement with business stakeholders to ensure concerns are identified and incorporated into the vision.

3. Creating Architecture Vision Document

A deliverable of Phase A.

Includes high-level descriptions of the baseline and target architectures, initial business goals, and stakeholder viewpoints.

Used to build agreement and obtain formal approval to proceed with detailed architecture work in later phases (B–D).

❌ Why Other Options Are Incorrect:

B: Focuses on suppliers and not the actual stakeholders impacted by the architecture — i.e., plant managers and internal operations. This diverts from TOGAF’s stakeholder-driven approach in Phase A.

C: This reflects Phases B–D of the ADM (Business, Information Systems, and Technology Architecture). It is too detailed and premature for the start of the project. In Phase A, you don’t yet develop full baseline and target architectures or conduct a consolidated gap analysis.

D: While interviewing stakeholders is valid in Phase A, this option lacks a holistic view of the Architecture Vision development, and skips the TOGAF requirement to produce summary views of the baseline and target architectures and to use them to drive stakeholder buy-in. It is tactically correct, but strategically incomplete.

???? TOGAF Source References:

TOGAF 9.2 – Section 6.2 (Phase A: Architecture Vision)

"The Architecture Vision describes how the proposed architecture support the business goals, and the strategic direction. It also provides a high-level description of the baseline and target architectures and identifies key stakeholders and concerns."

TOGAF 9.2 – Part IV, Architecture Content Framework

"The Architecture Vision includes the scope, constraints, and expectations. It forms the basis for approval to proceed with further architecture development."

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked “to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:

Start with the risk/continuity concern

Use the formal TOGAF change management process

Lead to a Request for Architecture Work

Initiate a new ADM cycle to update the architecture properly

Ensure Architecture Board governance

Option B is the only answer that matches TOGAF’s required process.

✔ Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’s Architecture Change Management (Phase H) process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore, Option B is the correct and TOGAF-compliant answer.

✘ Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review is not the correct first step for addressing new threats.

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

Context of the Scenario

The organization is currently in the Migration Planning phase, which corresponds to Phase F of the TOGAF ADM (Architecture Development Method). The key activities for this phase involve:

Evaluating dependencies and impacts on other organizational frameworks.

Aligning the roadmap and migration plan with strategic objectives and available resources.

Addressing the risks of transitioning from the current architecture to the target architecture using a phased approach.

The deliverables (Architecture Roadmap, Capability Assessment, etc.) and assessments (Gap Analysis, Risk Assessment, Transformation Readiness) have already been developed. The next step is to refine and finalize the migration planning.

Option Analysis

Option A:

While updating the Architecture Definition Document could ensure alignment, this step was completed in earlier phases (B, C, D). At this stage, further changes to the architecture must go through a formal governance review, and applying lessons learned without review contradicts TOGAF principles.

Producing an Implementation Governance Model is more relevant in Phase G (Implementation Governance), not in Phase F.

Conclusion: Incorrect, as it suggests revisiting earlier steps and does not align with the current phase.

Option B:

Conducting Compliance Assessments ensures the architecture is implemented correctly, but this is a task for Phase G (Implementation Governance) after migration planning has been finalized and implementation begins.

Deployment of monitoring tools is also part of implementation and governance activities, not migration planning.

Conclusion: Incorrect, as it focuses on tasks belonging to a later phase.

Option C:

Examining how the Implementation and Migration Plan affects other organizational frameworks is critical in Phase F, as TOGAF emphasizes alignment with business planning, project/portfolio management, and operations management.

Assigning business value to each project ensures prioritization and optimal allocation of resources.

Updating the Architecture Roadmap and the Implementation and Migration Plan based on this analysis ensures strategic alignment and readiness for implementation.

Conclusion: Correct, as it addresses the key objectives of the Migration Planning phase comprehensively.

Option D:

Applying the Business Value Assessment Technique is valid for prioritizing initiatives but is a limited aspect of Migration Planning.

Planning Transition Architecture phases and documenting lessons learned are valid, but this does not address broader organizational impacts or dependencies as effectively as Option C.

Conclusion: Narrow focus; less comprehensive than Option C.

References to TOGAF

Phase F (Migration Planning): The focus is on aligning the migration plan with business objectives, considering organizational dependencies, and prioritizing projects (TOGAF 9.2, Chapter 12).

Architecture Roadmap and Implementation Plan: Updated to reflect changes in priorities and alignment with business frameworks (TOGAF 9.2, Section 12.4).

Framework Integration: Collaboration with other frameworks (e.g., business planning, portfolio management) ensures alignment across the organization (TOGAF 9.2, Section 6.5.2).

Business Value Assessment Technique: Used to prioritize initiatives based on return on investment and performance criteria (TOGAF 9.2, Section 24.4).

You are asked to identify the most relevant Architecture Principles, besides Business Continuity, that apply to a rapid merger, where:

Back-office and store management systems will be consolidated

Duplicate applications will be eliminated

Innovation must remain fast

Customer experience must remain uninterrupted

Combined enterprise value is the priority

TOGAF’s example Architecture Principles include four main categories:

Business Principles

Data Principles

Application Principles

Technology Principles

Option D contains the principles that best support the specific needs of the merger as described.

✔ Why Option D is correct

1. Service Orientation (Business Principle)

This principle states that architecture should be organized around services, enabling flexibility, loose coupling, and ease of integration.

For the merger:

Integrating two companies’ store systems, mobile apps, and inventory platforms requires modular, interoperable services.

Service orientation directly supports the requirement that innovation must not slow down.

It allows systems to be merged with minimal disruption.

This principle supports fast integration + ongoing innovation — exactly what stakeholders demand.

2. Maximize Benefit to the Enterprise (Business Principle)

This principle ensures decisions are made from an enterprise-wide (not departmental or local) perspective.

In the scenario:

Two companies are merging.

Decisions must prioritize combined enterprise value, not local optimizations by either company.

System consolidation and elimination of duplicates requires an enterprise-first mindset.

This principle aligns perfectly with a merger that aims to unify operations and reduce redundancy.

3. Common Use Applications (Application Principle)

This is one of the MOST relevant principles in any merger.

TOGAF defines this principle as:

“Applications should be shared across the enterprise and not duplicated.”

In the scenario:

Back-office systems and store management tools must be consolidated.

Duplicate applications are explicitly to be reduced.

One main system will be used across stores.

This principle directly matches the merger's objectives.

✔ Summary

Option D contains the three principles that best support:

A major merger

System consolidation

Reduction of duplication

Enterprise-wide benefit

Flexible, service-oriented integration

Continued innovation

Therefore, Option D is the most appropriate selection according to TOGAF’s example Architecture Principles.

The question asks:

“What steps would you take to strengthen the current architecture to improve data protection?”

This requires understanding how TOGAF handles:

Business continuity requirements

Gap analysis in existing architecture

Architecture change requests

Triggering a new ADM cycle

Governance via the Architecture Board

Option C is the only answer that aligns correctly with TOGAF’s formal Architecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.

✅ Why Option C Is Correct

✔ 1. Starts with identifying business continuity requirements

TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.

✔ 2. Analyzes the current architecture for gaps

Gap analysis is a required step in:

Phase B (Business Architecture)

Phase C (Data/Application Architecture)

Phase D (Technology Architecture)

It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.

✔ 3. Creates a Change Request

In TOGAF, if gaps or new risks require architectural enhancements, a formal Change Request is submitted. This is a mandatory TOGAF mechanism.

✔ 4. Architecture Board evaluates the Change Request

The Architecture Board approves major changes before a new cycle starts — exactly as described in option C.

✔ 5. Initiates a new ADM cycle with a RfAW

TOGAF explicitly states:

A new or major architecture change requires a Request for Architecture Work before beginning a new ADM cycle.

Option C follows this sequencing precisely:

Identify requirements → analyze gaps → issue change request → Architecture Board approval → create RfAW → start new ADM cycle.

This is textbook TOGAF.

❌ Why the Other Options Are Incorrect

A – Too narrow and focuses only on Technology Architecture

The problem spans business continuity, data protection, and enterprise-wide readiness — not just infrastructure.

Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.

Incorrectly reduces ransomware mitigation to technology controls.

B – Architecture Compliance Review is inappropriate here

A Compliance Review is used to:

Ensure implementation conforms to architectureNot to:

Identify new risks

Strengthen the architecture

Conduct gap analysisThis option is misusing the review process.

D – Supplier-driven, not TOGAF-driven

Involves contacting suppliers prematurely — not aligned with TOGAF’s architecture-first methodology.

Does not involve Architecture Board approval before pursuing solutions.

Jumps into solutioning before architectural approval.

???? Relevant TOGAF References

Phase H: Architecture Change Management

Manage changes

Evaluate impacts

Generate change requests

Architecture Board Roles

Approves Change Requests

Governs new ADM cycles

Request for Architecture Work

Used to formally launch a new ADM cycle

In the TOGAF framework, understanding and addressing stakeholder concerns is crucial, particularly for complex projects with high stakes like the AI-first initiative described in the scenario. This approach aligns well with TOGAF’s ADM (Architecture Development Method) and its emphasis on effective stakeholder management and risk assessment. Here’s why this is the best course of action:

Stakeholder Analysis and Documentation:Conducting a stakeholder analysis is foundational in the early stages of any TOGAF project, particularly during the Preliminary and Architecture Vision phases. This process involves identifying the different stakeholders, understanding their positions, documenting their concerns, and considering any cultural factors that might influence their perspective on the AI-first initiative. Given the diverse concerns raised (such as job security, skill requirements, and cybersecurity), it’s essential to have a clear understanding of each stakeholder group’s priorities and fears.

Recording Concerns in the Architecture Vision Document:The Architecture Vision phase in TOGAF focuses on defining the high-level scope and objectives of the architecture project. By documenting stakeholder concerns and the corresponding views in the Architecture Vision document, the EA team ensures that these concerns are transparently acknowledged and addressed as part of the strategic direction. This step not only aligns with TOGAF best practices but also helps in building stakeholder buy-in and trust.

Architecture Requirements Specification and Risk Management:Risk management is a key aspect of TOGAF’s ADM, particularly in the Requirements Management and Implementation Governance phases. Documenting the requirements for addressing specific risks in the Architecture Requirements Specification provides a structured way to ensure that identified risks are acknowledged and managed throughout the transformation. Regular assessments and feedback loops ensure ongoing alignment and adaptability to emerging risks, which is particularly important given the dynamic nature of AI and its associated challenges.

Alignment with TOGAF ADM Phases:This approach follows the prescribed flow of TOGAF’s ADM, starting with stakeholder engagement in the Preliminary and Architecture Vision phases and progressing to risk assessment in the Requirements Management phase. By maintaining afocus on stakeholder needs and formalizing these into architecture requirements, the EA team can ensure that the architecture not only meets business objectives but also mitigates stakeholder concerns.

TOGAF Reference on Stakeholder Management Techniques:TOGAF places significant emphasis on managing stakeholder concerns through its stakeholder management techniques, which highlight the need to systematically identify, analyze, and address the concerns of all involved parties. This practice helps ensure that the architecture is viable and accepted across the organization.

By conducting a thorough stakeholder analysis and integrating the findings into both the Architecture Vision and the Architecture Requirements Specification, the EA team can proactively address stakeholder concerns, manage risks, and align the AI-first initiative with the agency’s strategic objectives. This approach is consistent with TOGAF’s guidance and provides a structured framework for addressing both business and technical challenges in the context of an AI-first transformation.