Architecture
"Architecture is the fundamental organization of a system embodied in its components, their relationships to each other, and to the environment, and the principles guiding its design and evolution." [IEEE 1471]
Process Overview
Principles
- Establish and maintain the system and stream architecture based on system epics and epics
- Define the static and dynamic architecture with components, interfaces, and interactions.
- Using modular design to ensure loosely coupled components with independent lifecycles, separation of concerns, and future-proof extensibility
- Evaluate aspects of architectural and design alternatives and propose implementations
- Establish architectural roadmap and communicate technical decisions to streams
- Include security aspects in the architecture, including the security context, threat modeling, criticality analysis, attack surface analysis and defense in depth.
- Continuously verify and align the architecture with the design proposed by streams and teams
- Support the teams in the breakdown of architectural requirements in backlogs
- Monitor lifecycle aspects of 3rd party components and decide on upgrades, updates, and patches
- Establish a long-term strategic vision of the architecture
- Defines, maintain and rule about System Interfaces (basically interfaces crossing the boundaries of a sub-system)
Activities
Artifacts
| Artifact | Description | RACI | Receiver | Comments |
|---|---|---|---|---|
| System Architecture Vision | A long-term description of the system architecture road map. | (R): Architect (A): Head of Architecture (C): Head of Technology (I): - | R&D | - |
| System Architecture | An architecture description of a system with different related products. | (R): Architect, Technical Coordinator (A): Architect (C): Head of Cyber Security, Technical Coordinator (I): Cyber Security Engineer, Development Team, Product Owner, Quality Control Manager, Release Owner, Stream Owner, Test Lead, Product Manager | R&D | - |
| Product/Stream Architecture | An architecture description of a system with different related components. | (R): Architect (A): Stream Owner (C): Cyber Security Engineer, Development Team (I): Product Owner, Quality Control Manager, Release Owner, Technical Coordinator, Test Lead, Safety Engineer, Product Manager | Dev. Stream | - |
| Product Architecture Roadmap | The high-level plan for product architecture. | (R): Architect (A): Head of Development (C): - (I): Product Manager, Product Owner, Dev Team | Dev. Stream | - |
| Product Capability | Description of what the product “can do” after implementation of epic(s) | (R): Product Owner (A): Product Owner (C): Architect, Development Team, Test Lead, Safety Engineer (I): Cyber Security Engineer, Quality Control Manager, Release Owner, Product Manager | Dev. Stream | - |
| Threat Model | A model to identify potential threats, document vulnerabilities, and suggest mitigations. | (R): Architect, Technical Coordinator (A): Product Owner (C): Cyber Security Engineer, Development Team, Technical Coordinator, Test Lead (I): Head of Cyber Security, Quality Control Manager, Release Owner, Product Manager | Dev. Stream | - |
| Criticality Analysis | Criticality rating of the components in a product according to their need of extra attention when minimizing the risk for vulnerabilities. | (R): Architect (A): Product Owner (C): Cyber Security Engineer, Development Team, Test Lead (I): Head of Cyber Security, Quality Control Manager, Release Owner, Product Manager | Dev. Stream | - |
| Attack Surface Analysis | The set of entry points that hackers can potentially use to attack the product. | (R): Architect (A): Product Owner (C): Cyber Security Engineer, Development Team, Test Lead (I): Head of Cyber Security, Quality Control Manager, Release Owner, Product Manager | Dev. Stream | - |
| Security Context | The security expected to be provided by the environment for a product or component. | (R): Architect (A): Product Owner (C): Cyber Security Engineer, Product Manager (I): Development Team, Quality Control Manager | Dev. Stream | - |
| System Interfaces | A set of interfaces defining the way different sub-systems part communicate each other. Their definition and lifecycle management need to be defined by Head of architects. | (R): Architect (A): Head of Architect (C): Cyber Security Engineer, Product Owner (I): Development Team, Release Owner, Test Lead | Dev. Stream | - |
Dependencies
References
- TBD
Related
- Architecture Dependency Tracking
- Architecture Document Structure
- Architecture Review Guideline
- How-to Perform Threat Modeling
- How-to Work with System Architecture Epics and Features
- Product Capabilities
- Refining Architecture
- System Interfaces
- Versioning Architecture Documents
- Architectural Security Best Practices
- Secure Design Best Practices
- Architecture
- Architecture Description
- Architecture Review Checklist
- Product Capability Template
Owner: Architecture Team