TOGAF (The Open Group Architecture Framework) is the most widely used enterprise architecture framework. It provides a method and a set of tools for developing, governing and maintaining enterprise architecture across business, data, application and technology domains.
The four architecture domains
| Domain | Focus |
|---|---|
| Business architecture | Strategy, governance, organisation and key processes |
| Data architecture | Logical and physical data assets and management |
| Application architecture | Applications, their interactions and relationship to processes |
| Technology architecture | Infrastructure, platforms and standards |
The Architecture Development Method (ADM)
- Preliminary — establish the architecture capability.
- Phase A: Architecture Vision.
- Phases B/C/D: Business, Information Systems (Data & Application), and Technology architectures.
- Phase E: Opportunities & Solutions; Phase F: Migration Planning.
- Phase G: Implementation Governance; Phase H: Architecture Change Management.
- Requirements Management runs throughout.
TOGAF and security architecture (SABSA)
TOGAF is general-purpose; SABSA adds the security dimension and integrates directly with the ADM, so many organisations use TOGAF for enterprise architecture and SABSA for security architecture together.
How CyberSigma helps
We align your security architecture to your TOGAF enterprise architecture using SABSA — so security services trace to business and architecture requirements, not bolted on afterwards.
Frequently asked questions
Is TOGAF a security framework?
No — TOGAF is a general enterprise-architecture framework. Security architecture is typically layered on using SABSA, which integrates with the TOGAF ADM.
Official documents
CyberSigma resources
Need help with TOGAF?
CERT-In empanelled, PCI QSA senior auditors can take you from reading about it to compliant — with a scoped, guided programme.
