OGEA-103 TOGAF Enterprise Architecture Combined Part 1 and Part 2 Exam Questions and Answers

The question asks:

“What steps would you take to strengthen the current architecture to improve data protection?”

This requires understanding how TOGAF handles:

Business continuity requirements

Gap analysis in existing architecture

Architecture change requests

Triggering a new ADM cycle

Governance via the Architecture Board

Option C is the only answer that aligns correctly with TOGAF’s formal Architecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.

✅ Why Option C Is Correct

✔ 1. Starts with identifying business continuity requirements

TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.

✔ 2. Analyzes the current architecture for gaps

Gap analysis is a required step in:

Phase B (Business Architecture)

Phase C (Data/Application Architecture)

Phase D (Technology Architecture)

It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.

✔ 3. Creates a Change Request

In TOGAF, if gaps or new risks require architectural enhancements, a formal Change Request is submitted. This is a mandatory TOGAF mechanism.

✔ 4. Architecture Board evaluates the Change Request

The Architecture Board approves major changes before a new cycle starts — exactly as described in option C.

✔ 5. Initiates a new ADM cycle with a RfAW

TOGAF explicitly states:

A new or major architecture change requires a Request for Architecture Work before beginning a new ADM cycle.

Option C follows this sequencing precisely:

Identify requirements → analyze gaps → issue change request → Architecture Board approval → create RfAW → start new ADM cycle.

This is textbook TOGAF.

❌ Why the Other Options Are Incorrect

A – Too narrow and focuses only on Technology Architecture

The problem spans business continuity, data protection, and enterprise-wide readiness — not just infrastructure.

Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.

Incorrectly reduces ransomware mitigation to technology controls.

B – Architecture Compliance Review is inappropriate here

A Compliance Review is used to:

Ensure implementation conforms to architectureNot to:

Identify new risks

Strengthen the architecture

Conduct gap analysisThis option is misusing the review process.

D – Supplier-driven, not TOGAF-driven

Involves contacting suppliers prematurely — not aligned with TOGAF’s architecture-first methodology.

Does not involve Architecture Board approval before pursuing solutions.

Jumps into solutioning before architectural approval.

???? Relevant TOGAF References

Phase H: Architecture Change Management

Manage changes

Evaluate impacts

Generate change requests

Architecture Board Roles

Approves Change Requests

Governs new ADM cycles

Request for Architecture Work

Used to formally launch a new ADM cycle

In the context of the TOGAF standard, stakeholder management and addressing stakeholder concerns are critical components, especially for high-impact initiatives like adopting an AI-first approach. Here’s why the selected answer aligns best with TOGAF principles and the scenario:

Stakeholder Analysis and Engagement:Conducting a stakeholder analysis is essential as it helps identify and document the concerns, issues, and cultural factors influencing each stakeholder group. This aligns with TOGAF’s emphasis on understanding and managing stakeholder concerns, particularly in the Preliminary and Architecture Vision phases of the ADM (Architecture Development Method). Since the scenario highlights diverse concerns about AI, understanding each group's unique perspective will help the EA team tailor the architecture to address these effectively.

Architecture Vision Document:By documenting these concerns in the Architecture Vision document, the EA team can provide a clear, high-level representation of how AI will be adopted, its benefits, and how it addresses specific stakeholder concerns. This is critical for communicating the intent and value of the AI-first approach in a way that aligns with the agency's strategic goals, including addressing apprehensions about job security, skill development, and cyber resilience.

Risk Management and Architecture Requirements Specification:TOGAF highlights the importance of identifying and managing risks early in the process. By documenting the requirements related to risk in the Architecture Requirements Specification, the EA team ensures that these concerns are formally integrated into the architecture and addressed throughout the ADM phases. Regular assessments and feedback loops will provide a mechanism for continual risk monitoring and adjustment as the AI-first initiative progresses.

Alignment with TOGAF’s ADM Phases:The approach specified aligns with TOGAF’s guidance on managing risk and stakeholder concerns during the early ADM phases, specifically Architecture Vision and Requirements Management. In these phases, the framework emphasizes identifying and addressing risks associated with stakeholders' concerns to build a resilient and widely accepted architecture.

Reference to TOGAF Stakeholder Management Techniques:TOGAF’s stakeholder management techniques underscore the importance of understanding and addressing stakeholder needs as a foundational step. This involves assessing the influence and interest of various stakeholders and integrating their views into architectural development, ensuring that the architecture aligns with both business goals and operational realities.

In conclusion, by conducting a thorough stakeholder analysis and documenting concerns in both the Architecture Vision and Architecture Requirements Specification, the EA team can ensure that stakeholder concerns are addressed, that the architecture supports AI adoption effectively, and that potential risks are managed proactively. This approach will foster acceptance among stakeholders and ensure that the architecture aligns with the agency’s strategic goals and risk management requirements as recommended by TOGAF.

Context of the Scenario

The organization is currently in the Migration Planning phase, which corresponds to Phase F of the TOGAF ADM (Architecture Development Method). The key activities for this phase involve:

Evaluating dependencies and impacts on other organizational frameworks.

Aligning the roadmap and migration plan with strategic objectives and available resources.

Addressing the risks of transitioning from the current architecture to the target architecture using a phased approach.

The deliverables (Architecture Roadmap, Capability Assessment, etc.) and assessments (Gap Analysis, Risk Assessment, Transformation Readiness) have already been developed. The next step is to refine and finalize the migration planning.

Option Analysis

Option A:

While updating the Architecture Definition Document could ensure alignment, this step was completed in earlier phases (B, C, D). At this stage, further changes to the architecture must go through a formal governance review, and applying lessons learned without review contradicts TOGAF principles.

Producing an Implementation Governance Model is more relevant in Phase G (Implementation Governance), not in Phase F.

Conclusion: Incorrect, as it suggests revisiting earlier steps and does not align with the current phase.

Option B:

Conducting Compliance Assessments ensures the architecture is implemented correctly, but this is a task for Phase G (Implementation Governance) after migration planning has been finalized and implementation begins.

Deployment of monitoring tools is also part of implementation and governance activities, not migration planning.

Conclusion: Incorrect, as it focuses on tasks belonging to a later phase.

Option C:

Examining how the Implementation and Migration Plan affects other organizational frameworks is critical in Phase F, as TOGAF emphasizes alignment with business planning, project/portfolio management, and operations management.

Assigning business value to each project ensures prioritization and optimal allocation of resources.

Updating the Architecture Roadmap and the Implementation and Migration Plan based on this analysis ensures strategic alignment and readiness for implementation.

Conclusion: Correct, as it addresses the key objectives of the Migration Planning phase comprehensively.

Option D:

Applying the Business Value Assessment Technique is valid for prioritizing initiatives but is a limited aspect of Migration Planning.

Planning Transition Architecture phases and documenting lessons learned are valid, but this does not address broader organizational impacts or dependencies as effectively as Option C.

Conclusion: Narrow focus; less comprehensive than Option C.

References to TOGAF

Phase F (Migration Planning): The focus is on aligning the migration plan with business objectives, considering organizational dependencies, and prioritizing projects (TOGAF 9.2, Chapter 12).

Architecture Roadmap and Implementation Plan: Updated to reflect changes in priorities and alignment with business frameworks (TOGAF 9.2, Section 12.4).

Framework Integration: Collaboration with other frameworks (e.g., business planning, portfolio management) ensures alignment across the organization (TOGAF 9.2, Section 6.5.2).

Business Value Assessment Technique: Used to prioritize initiatives based on return on investment and performance criteria (TOGAF 9.2, Section 24.4).

The best answer is C. You would hold a series of interviews at each of the manufacturing plants using the business scenarios technique. This will allow you to understand the systems and integrations with local partners. You would use stakeholder analysis to identify key players in the engagement, and to understand their concerns. You will then identify and document the key high-level stakeholder requirements for the architecture. You will then generate high level definitions of the baseline and target architectures.

This answer is based on the TOGAF standard, which recommends the following steps to initiate the architecture project1:

Establish the architecture project

Identify stakeholders, concerns, and business requirements

Confirm and elaborate business goals, business drivers, and constraints

Evaluate business capabilities

Assess readiness for business transformation

Define scope

Confirm and elaborate Architecture Principles, including business principles

Develop Architecture Vision

Define the Target Architecture value propositions and KPIs

Identify the business transformation risks and mitigation activities

Secure stakeholder and sponsor approval

The answer C covers most of these steps, by using the business scenarios technique to elicit and validate the business requirements, goals, drivers, and constraints, as well as the current and future states of the architecture2. The answer C also uses stakeholder analysis to identify and engage the key stakeholders, and to address their concerns and expectations3. The answer C also generates high level definitions of the baseline and target architectures, which can be used to develop the Architecture Vision and the value propositions4.

The other answers are not the best approach for architecture development, because:

Answer A focuses on researching vendor literature and conducting briefings with vendors, which is not the best way to understand the business needs and the current situation of the enterprise. Answer A also defines a preliminary Architecture Vision without involving the stakeholders or validating the requirements, which may lead to misalignment and lack of consensus.

Answer B conducts a pilot project that will enable vendors to demonstrate potential solutions, which is premature and costly at this stage of the architecture project. Answer B also does not address the stakeholder concerns or the current systems and integrations, which may result in gaps and risks. Answer B also develops the requirements after the pilot project, which may not reflect the actual business needs and goals.

Answer D develops baseline and target architectures for each of the manufacturing plants, which may not consider the enterprise-wide perspective and the potential benefits of a common ERP system. Answer D also does not involve the stakeholders or address their concerns, which may result in resistance and conflict. Answer D also does not define the business case or the performance metrics, which are essential for demonstrating the value and feasibility of the architecture.

1: The TOGAF Standard, Version 9.2 - Architecture Vision 2: The TOGAF Standard, Version 9.2 - Business Scenarios 3: [The TOGAF Standard, Version 9.2 - Stakeholder Management] 4: [The TOGAF Standard, Version 9.2 - Architecture Definition Document]

A set of architecture principles that cover every situation perceived meets the recommended criteria of completeness. Completeness is one of the six criteria that should be applied when developing or assessing architecture principles. Completeness means that there are no gaps or overlaps in the coverage of principles across all relevant aspects of the enterprise’s architecture. Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.7 Architecture Principles.

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

Architecture Partitioning is a technique supported by TOGAF to manage complexity and scale, especially in large enterprises.

Correct statements:

Statement 2 is correct: Partitioning enables parallel work by multiple teams on different parts of the architecture.

Statement 3 is correct: Partitioning supports architecture re-use by isolating common or shared components.

Why Statement 1 is incorrect:

TOGAF does not mandate a partitioning model. It supports and recommends partitioning where appropriate, but it is not a required element of the ADM.

============

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

TOGAF defines a structured template for Architecture Principles, typically including:

Name

Statement

Rationale

Implications

The Statement:

Clearly and succinctly expresses the fundamental rule or directive

Is normative and prescriptive

Guides decision-making and behavior

Why Option C is correct:

The Statement’s purpose is to communicate the fundamental rule of the principle.

Why the other options are incorrect:

A relates to naming, not the statement.

B describes implications, not the statement.

D describes the rationale, not the statement.

============

Architecture governance is the practice of ensuring compliance with the enterprise architecture and its principles, standards, and goals. Architecture governance provides the means to establish, monitor, and control the architecture development and implementation processes, and to resolve any issues or conflicts that may arise. Architecture governance also ensures that all stakeholders are represented and involved in the decision-making process, and that their interests and concerns are balanced and aligned. Statements 1 and 2 highlight the value and necessity for architecture governance to be adopted within organizations, as they emphasize the importance of responsibility, accountability, fairness, and transparency in the architectural activities. Statements 3 and 4 are more related to the benefits and outcomes of having a good enterprise architecture, rather than the governance aspect.

The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 29: Architecture Governance

The following activities are part of Risk Management:

Initial risk assessment

Risk mitigation and residual risk assessment

Risk monitoring

Risk Management is the process of identifying, assessing, and responding to risks that may affect the achievement of the enterprise’s objectives. Risk Management involves balancing positive andnegative outcomes resulting from the realization of either opportunities or threats. Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.3 Risk Management.

When scoping an architecture in TOGAF, three key axes (dimensions) are used to frame the extent of the architecture work. The first is time period (how far into the future or over what timeframe to plan). The second is depth—how detailed or granular the architecture models will be (e.g., high level, mid level, very detailed). The third is breadth, which refers to which parts (domains, business units, functions) of the enterprise will be included, and which architecture domains (business, data, application, technology) will be in scope. This triple‐dimension model helps architects, stakeholders, and governance bodies understand how wide, deep, and forwardlooking the architecture effort will be. Thus “breadth, architecture domains” is the correct third dimension.

According to the TOGAF Standard, 10th Edition, a transformation readiness assessment is a technique that evaluates the preparedness of the organization to undergo a change, and identifies the actions needed to increase the likelihood of a successful outcome. A transformation readiness assessment can be conducted in Phase E: Opportunities and Solutions, and the actions resulting from it can be dealt with in Phase F: Migration Planning 1. In Phase E, the transformation readiness assessment can help to identify the major implementation challenges and risks, and to define the critical success factors and key performance indicators for the architecture project. In Phase F, the actions resulting from the transformation readiness assessment can help to develop a detailed and realistic migration plan, and to address the gaps, issues, and dependencies that may affect the transition to the target architecture 1. References: 1: TOGAF Standard, 10th Edition, Part III: ADM Guidelines and Techniques, Chapter 29: Business Transformation Readiness Assessment.

According to the TOGAF standard, the deliverables that match the descriptions are as follows:

1 Architecture Principles: These are general rules and guidelines, intended to be enduring and seldom amended, that inform and support the way in which an organization sets about fulfilling its mission1. They reflect a level of consensus among the various elements of the enterprise, and form the basis for making future IT decisions1.

2 Architecture Contracts: These are the joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture2. They are used to ensure that the architecture is implemented and governed according to the agreed-upon specifications and standards2.

3 Request for Architecture Work: This is a document that is sent from the sponsoring organization to the architecture organization to trigger the start of an architecture development cycle3. It defines the scope, schedule, budget, deliverables, and stakeholders of the architecture project3.

4 Architecture Requirements Specification: This is a set of quantitative statements that outline what an implementation project must do in order to comply with the architecture4. It defines the requirements for each architecture domain, as well as the relationships and dependencies among them4.

 1: Architecture Principles 2: Architecture Contracts 3: Request for Architecture Work 4: Architecture Requirements Specification

The statement illustrates iteration and the ADM. Iteration is the technique of repeating a process or a phase with the aim of improving or refining the outcome. Iteration allows for feedback loops and adaptations at any point in the architecture development and transition process. Separate projects may operate their own ADM cycles concurrently, with relationships between the different projects, to address different aspects or levels of the architecture in an iterative manner. Reference: The TOGAF® Standard | The Open Group Website, Section 3.1 Introduction to the ADM.

A-Architecture Repository: This is a part of the Architecture Metamodel that contains artifacts structured according to the metamodel. It includes the Architecture Landscape which is adopted by the enterprise and governed by certain standards and practices.

B-Governing Board: The Governing Board ensures visibility and escalation, meaning it oversees and manages the capability of the architecture landscape. It plays a crucial role in governance.

C-Enterprise Capability: This refers to how well an enterprise can execute its mission, meet business objectives or satisfy its stakeholders’ needs and expectations. It’s influenced by both internal factors (like resources, processes) and external ones (like market trends).

TOGAF Version 9.1, Chapter 34: 1

Comprehensive and Detailed Explanation

In TOGAF, Architecture Contracts are agreements between development partners and sponsors that define:

The deliverables to be produced.

The quality expectations.

The fitness-for-purpose of the architecture.

The responsibilities of each party and the governance arrangements.

Architecture Contracts are a key part of Phase G: Implementation Governance, where they are used to manage and control architecture implementation. They help ensure that implementation projects remain aligned with the approved Target Architecture and business objectives.

They serve as the formal mechanism for:

Validating that architecture deliverables meet stakeholder expectations.

Providing a measurable basis for conformance assessment.

Supporting architecture governance by linking architectural intent with project execution.

Why the other options are incorrect

B. The Statement of Architecture Work: This defines the scope, approach, resources, and schedule for architecture work, but it is not a joint agreement on deliverables and fitness-for-purpose.

C. Service Level Agreements (SLAs): These are agreements about operational service levels (e.g., availability, performance), not architecture deliverables.

D. Non-disclosure Agreement (NDA): This protects confidentiality of information but does not address deliverables, quality, or fitness-for-purpose of an architecture.

References

The Open Group, TOGAF® Standard, Version 9.2, Part II: ADM — Phase G: Implementation Governance, Architecture Contracts.

The Open Group, TOGAF® 9 Certified Study Guide — explanation of Architecture Contracts as a governance tool.

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

In the TOGAF Architecture Development Method (ADM), the Preliminary Phase is a foundational phase whose primary purpose is to establish and prepare the Architecture Capability within the enterprise. This phase ensures that the organization is structurally, procedurally, and culturally ready to undertake architecture work in a consistent and governed manner.

A core outcome of this phase is the Organization Model for Enterprise Architecture, which defines:

Architecture roles and responsibilities (e.g., Chief Architect, Domain Architects)

Reporting and decision-making structures

Architecture governance bodies (such as Architecture Boards)

Interaction with other governance and management processes

Accountability and ownership for architecture activities

The Organization Model enables repeatable, controlled, and effective execution of the ADM across initiatives. Without this model, architecture work would lack authority, consistency, and governance alignment.

Why Option A is correct:

The Preliminary Phase explicitly focuses on defining and establishing the Organizational Model for Enterprise Architecture as part of building the enterprise’s Architecture Capability.

Why the other options are incorrect:

B. Architecture Roadmap: This is developed later in the ADM when solution options, work packages, and migration paths are defined, mainly in Phases E (Opportunities & Solutions) and F (Migration Planning).

C. Implementation Governance Model: This is primarily addressed in Phase G (Implementation Governance), where architecture compliance and realization are governed.

D. Architecture Vision for the project: The Architecture Vision is the main deliverable of Phase A (Architecture Vision), which follows the Preliminary Phase.

Authoritative References (TOGAF Standard):

TOGAF ADM – Preliminary Phase: Objectives and Key Activities

TOGAF Architecture Capability Framework

TOGAF Architecture Governance concepts

These sources clearly state that the Preliminary Phase exists to define and establish the Organizational Model for Enterprise Architecture, making Option A the correct and fully aligned answer.

In TOGAF, Phase E (Opportunities & Solutions) is the first phase that transitions from architecture models into actionable implementation. Within Phase E, architects identify candidate implementation projects or work packages, assess dependencies, cost/benefit, constraints, and derive a highlevel implementation and migration strategy and initial plans. That means the first planning around how to carry out the architecture begins in Phase E. Later phases refine and govern the implementation (e.g. in Phase F and G), but the initial planning belongs in Phase E. Thus Phase E includes the initial implementation planning.

The ability to develop, use, and sustain the architecture of a particular enterprise using architecture to govern change is an EA Capability. An EA Capability is a set of skills, processes, roles, responsibilities, tools, and techniques that enable an enterprise to successfully develop and maintain its Enterprise Architecture and achieve its desired outcomes. An EA Capability is part of an enterprise’s overall capability portfolio and should be aligned with its strategy and objectives. Reference: The TOGAF® Standard | The Open Group Website, Section 3.2 Preliminary Phase.

The TOGAF standard covers the development of four architecture domains: Business, Data, Technology and Application. These domains represent different aspects of an enterprise’s architecture and provide a consistent way of describing, analyzing, and designing them. Reference: The TOGAF® Standard | The Open Group Website, Section 2.2 Architecture Development Method (ADM).

Phase A: Architecture Vision is the first phase of the Architecture Development Method (ADM) cycle, which is the core of the TOGAF standard. The main purpose of this phase is to define the scope and approach of the architecture development, and to create the Architecture Vision, which is a high-level description of the desired outcomes and benefits of the proposed architecture. To achieve this purpose, this phase focuses on defining the problem to be solved, identifying the stakeholders, their concerns, and requirements, and establishing the business goals and drivers that motivate the architecture work. This phase also involves obtaining the approval and commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance process.

The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 5: Introduction to the ADM : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18.3: Inputs : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18.4: Steps

An EA Capability is the ability of an organization to perform enterprise architecture effectively and efficiently. It involves establishing and maintaining the appropriate organization structures, roles, responsibilities, skills, processes, tools, and governance mechanisms to support the development and use of enterprise architecture. An EA Capability enables the organization to align its business and IT strategies, deliver value from its investments, manage change and complexity, and improve its performance and agility12 References: 1: The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 44: Introduction 2: TheTOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 45: Establishing and Maintaining an Enterprise Architecture Capability

In TOGAF, when customer needs are unclear or misaligned with the existing architectural direction, the correct approach is to return to the Business Architecture. The Business Architecture phase (ADM Phase B) is responsible for understanding stakeholders, customer segments, business processes, value streams, motivations, and expected outcomes. Since the scenario identifies low engagement, poor adoption, and missed revenue targets, the breakdown is not in technology or application capabilities—it is a business misalignment.

Option B correctly focuses on revisiting and refining the target Business Architecture, including identifying customer groups, their interests, costs to serve them, and expected revenue streams. This aligns with TOGAF guidance that Business Architecture must define value propositions and customer value streams before other architecture domains can be effectively adjusted. The use of value stream mapping is entirely appropriate within Business Architecture development, as it provides a structured way to analyze customer value and identify what changes are necessary to meet business goals.

Options A and D prematurely focus on application or baseline gap analysis, which would not resolve a fundamental misunderstanding of customer needs. Option C expands into a full ADM cycle, which is unnecessary at this stage because the primary issue is misalignment, not architectural completeness.

In TOGAF, the process of breaking down an initiative into work packages must be grounded in a structured evaluation of gaps, solutions, dependencies, constraints, and implementation factors. Option B precisely follows this guidance. It begins by producing an Implementation Factor Catalog, which is a TOGAF artifact used to record business, technical, regulatory, organizational, and risk considerations that influence implementation. This is especially relevant in the scenario because clinical trials operate under strict regulatory controls, highly sensitive data, and complex coordination across multiple research sites.

Next, Option B calls for creating a gap matrix comparing baseline and target architectures across domains. For each gap, TOGAF requires classification of solution approaches: new development, purchased solution, or reuse of existing components. This aligns directly with the Solutions Continuum and the practice of forming Solution Building Blocks. Grouping similar activities into work packages is also textbook ADM practice, ensuring traceability from architecture gaps into actionable implementation components.

Furthermore, Option B incorporates dependencies analysis and restructures work packages into Capability Increments, which is the TOGAF-recommended method for incremental delivery and Transition Architectures. This matches the scenario's requirement for gradual rollout to minimize disruption to ongoing clinical trials.

Thus, Option B fully reflects the TOGAF standard for structured work package definition.

The scenario clearly states that:

The overall objective is known,

BUT the EA team is expected to define the scope, shared vision, and requirements,

The company uses an iterative approach,

The CEO wants repurpose and reuse rather than replace,

This is a major strategic shift (new markets, new products, new crop mix).

According to the TOGAF standard, when the problem must be understood, and scope, vision, and requirements are not yet defined, the correct starting point is Phase A: Architecture Vision, using an iteration cycle.

This is also consistent with the “baseline-first” approach recommended in the TOGAF Series Guides for situations where:

the business direction is known but high-level,

detailed impacts must be discovered,

and the organization wants to reuse existing capabilities rather than replace them.

Option B is the only answer that:

Begins by understanding the problem,

Defines the structure of the change,

Uses iteration cycles starting with a baseline-first approach,

Leads into transition planning,

Supports clarification of the shared vision and requirements,

Fits the CIO’s instruction to “define the scope, shared vision, and requirements.”

This matches exactly what TOGAF prescribes in early-cycle Architecture Vision and initial iterations.

The correct answer is B, as it aligns with TOGAF's stakeholder management approach, ensuring that stakeholder concerns are captured and addressed iteratively throughout the architecture development process.

Analysis of the Correct Answer (Option B):

Stakeholder Analysis and Mapping

The scenario highlights that top managers and staff are worried about the changes AI will bring.

TOGAF recommends stakeholder analysis early in the ADM process to ensure that concerns, expectations, and risks are documented.

Creating a Stakeholder Map groups stakeholders by common concerns, allowing architects to develop tailored viewpoints.

Recording Concerns in the Architecture Vision Document

The Architecture Vision (ADM Phase A) serves as a high-level guiding document.

Capturing stakeholder concerns in the Vision document ensures alignment between business goals and technology implementation.

Iterative Development and Regular Feedback

The scenario describes an AI-powered system with major business impacts, so incremental validation is necessary.

TOGAF emphasizes progressive development to manage risk and validate requirements continuously.

Regular feedback loops help mitigate resistance from top managers and staff.

Why Other Options Are Incorrect?

Option A: Creating Models for Business, Application, and Technology Architectures

Incorrect because while compliance is important, it does not address stakeholder concerns directly.

The scenario is about ensuring buy-in from top managers and employees, not just regulatory compliance.

Option C: Using Uniform Business Models Across AI Projects

Incorrect because a one-size-fits-all model does not allow for regional and functional differences within the company.

The scenario emphasizes the need to address specific concerns of top managers and different locations, which requires stakeholder-specific customization.

Option D: Creating a Communications Plan

Incorrect because communication alone does not resolve stakeholder concerns.

While communication is useful, the architecture development process should include stakeholder engagement and progressive validation, not just reporting.

A Stakeholder Map is a technique that can be used to identify and classify the stakeholders of the architecture work, and to document their key interests, requirements, and concerns. A stakeholder is any person, group, or organization that has a stake in the outcome of the architecture work, such as the sponsor, the client, the users, the suppliers, the regulators, or the competitors. A Stakeholder Map can help to understand the needs and expectations of the stakeholders, and to communicate and engage with them effectively1

The steps for creating a Stakeholder Map are:

Identify the stakeholders of the architecture work, using various sources and methods, such as interviews, surveys, workshops, or existing documents.

Classify the stakeholders according to their roles, responsibilities, and relationships, using various criteria and dimensions, such as power, influence, interest, attitude, or impact.

Define the concerns and relevant views for each stakeholder group, using various techniques, such as business scenarios, use cases, or value propositions. A concern is a key interest or issue that is relevant to the stakeholder, such as a goal, a problem, a need, or a risk. A view is a representation of the system of interest from the perspective of one or more stakeholders and their concerns.

Record the stakeholders and their concerns in a Stakeholder Map, which shows the mapping between the stakeholder groups, the concerns, and the views. The Stakeholder Map also shows the dependencies, assumptions, and issues related to each stakeholder and concern.

Therefore, the best answer is B, because it recommends the approach that would enable the development of an architecture that addresses the concerns of the CIO and the partners, using the Stakeholder Map technique. The answer covers the following aspects:

An analysis of the stakeholders is undertaken, which involves identifying, classifying, and defining the stakeholders and their concerns.

The stakeholders and their concerns are documented in a Stakeholder Map, which provides a clear and comprehensive picture of the stakeholder landscape and their interests.

The concerns and relevant views are recorded in the Architecture Vision document, which is the output of Phase A: Architecture Vision of the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture. The Architecture Vision defines the scope and approach of the architecture work, and establishes the business goals and drivers that motivate the architecture work. The Architecture Vision also involves obtaining the approval and commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance process2

The requirements include risk mitigation through regular assessments, which involves identifying, analyzing, and evaluating the risks that may affect the architecture, and determining the appropriate measures or actions to prevent, reduce, or mitigate the risks. Risk mitigation can also involve monitoring and reviewing the risk situation, and communicating and reporting the risk status and actions3

This approach also allows a supervised agile implementation of the continuous Machine Learning, which involves applying agile principles and practices to the architecture development and implementation, such as iterative and incremental delivery, frequent feedback, collaboration, and adaptation. A supervised agile implementation can help to ensure the quality, value, and alignment of the architecture, and to respond to the changing needs and expectations of the stakeholders.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 24: Stakeholder Management 2: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 29: Applying Iteration to the ADM

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The scenario highlights significant risks due to ransomware attacks and the need to strengthen the company’s Enterprise Architecture to improve data protection and resilience. TOGAF emphasizes the Architecture Compliance Review as a mechanism for ensuring the architecturemeets its objectives and addresses specific concerns such as security, resilience, and compliance with organizational goals.

The organization has already conducted a risk assessment but requires actionable steps to:

Address ransomware attack risks.

Increase the resilience of the Technology Architecture.

Ensure proper alignment with governance and compliance frameworks.

Option Analysis

Option A:

Strengths:

Highlights the need for up-to-date processes for managing changes in the Enterprise Architecture.

Recognizes the importance of governance through the Architecture Board and change management techniques.

Weaknesses:

The approach focuses solely on the Technology Architecture baseline but does not address the need for specific steps such as compliance review, gap analysis, or tailored resilience measures for ransomware risks.

It provides a broad and generic approach rather than a targeted plan for ransomware and data protection issues.

Conclusion: Incorrect. While it adheres to governance processes, it lacks specific actions to improve resilience and address the immediate security concerns.

Option B:

Strengths:

Proposes an Architecture Compliance Review, which is a core TOGAF process used to evaluate architecture implementation against defined objectives, ensuring it is fit for purpose.

Involves identifying stakeholders (departments) and tailoring checklists specific to ransomware resilience.

Emphasizes issue identification and resolution through structured review processes.

Weaknesses:

Does not explicitly address longer-term updates to the Enterprise Architecture, but this can be inferred as a next step following compliance recommendations.

Conclusion: Correct. This is the most suitable approach based on TOGAF principles, as it uses an established process to evaluate and improve the architecture's resilience.

Option C:

Strengths:

Includes monitoring for updates from suppliers to enhance detection and recovery capabilities, which is relevant to addressing ransomware risks.

Proposes a gap analysis to identify shortcomings in the current Enterprise Architecture and recommends addressing gaps through change requests.

Incorporates disaster recovery planning exercises, which are useful for testing resilience.

Weaknesses:

While thorough, the approach lacks the Architecture Compliance Review process, which is a more structured way to ensure the architecture meets resilience requirements.

Monitoring suppliers and running disaster recovery exercises are operational steps rather than strategic architectural improvements.

Conclusion: Incorrect. While it includes valid activities, it does not adhere to TOGAF’s structured approach for architecture assessment and compliance.

Option D:

Strengths:

Proposes analyzing business continuity requirements and assessing the architecture for gaps, which is relevant to the scenario.

Suggests initiating an ADM cycle to address gaps, which aligns with TOGAF principles.

Weaknesses:

Focusing on initiating a new ADM cycle may be premature, as the immediate priority is to evaluate the existing architecture and address specific resilience concerns.

Does not mention compliance review or tailored resilience measures for ransomware attacks, which are central to the scenario.

Conclusion: Incorrect. It proposes a broader approach that may not adequately address the immediate concerns highlighted by the CSO.

TOGAF References

Architecture Compliance Review: A structured process used to evaluate whether an architecture meets the stated goals, objectives, and requirements (TOGAF 9.2, Chapter 19). It is particularly useful for identifying and addressing resilience requirements in scenarios involving security risks.

Stakeholder Engagement: Identifying and involving stakeholders (e.g., departments) is a critical part of architecture governance and compliance review (TOGAF 9.2, Section 24.2).

Change Management: The Architecture Compliance Review supports identifying necessary changes, which are then managed through governance and change management processes (TOGAF 9.2, Section 21.6).

By choosing Option B, you align with TOGAF’s structured approach to compliance, resilience, and addressing security concerns.

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The agency is initiating a strategic “AI-first” plan to transform processes using AI and improve efficiency while ensuring service improvements for citizens. Several stakeholder concerns have been raised, such as:

Job security for employees.

Skill development for adapting to new technologies.

Cybersecurity and resilience risks due to reliance on digital platforms.

TOGAF emphasizes the importance of stakeholder management, communication, and risk management to ensure successful adoption and implementation of new architecture. These concerns need to be addressed methodically by gathering requirements, analyzing stakeholder positions, and ensuring proper communication of risks and benefits.

Option Analysis

Option A:

Strengths:

Proposes creating an Organization Map to identify the links between different parts of the agency and the impact of the strategic change.

Suggests holding stakeholder meetings to address concerns.

Includes managing risks as part of Security Architecture development.

Weaknesses:

Focusing solely on creating business models and teaching stakeholders how to interpret them does not directly address cultural and positional concerns about job loss, skill development, and security.

Risk management is addressed as part of Security Architecture development but lacks broader integration into stakeholder requirements.

Conclusion: Incorrect, as it fails to systematically document stakeholder concerns and map them into requirements and architecture decisions.

Option B:

Strengths:

Highlights the importance of formal stakeholder identification and creating a Communication Plan.

Suggests addressing stakeholder concerns through communication and risk management.

Weaknesses:

Does not go into detail on analyzing stakeholder concerns, cultural positions, or specific requirements.

Lacks the inclusion of stakeholder feedback in architecture artifacts like the Architecture Vision or Requirements Specification, which are critical TOGAF outputs.

Conclusion: Incorrect, as it does not include a systematic and structured approach for stakeholder analysis and integration into architecture deliverables.

Option C:

Strengths:

Emphasizes conducting a thorough stakeholder analysis to document concerns, positions, and cultural factors, which aligns with TOGAF’s approach in Phase A (Architecture Vision).

Ensures stakeholder views and requirements are recorded in the Architecture Vision document and reflected in the Architecture Requirements Specification.

Includes continuous assessment and feedback, ensuring concerns are addressed and risks managed effectively.

Aligns with TOGAF's principle of involving stakeholders in architecture development to ensure alignment and success.

Weaknesses:

Could further detail how risk management is included across all phases, but this is implied through integration into the Architecture Requirements Specification.

Conclusion: Correct, as it provides a structured and detailed approach for addressing stakeholder concerns and managing risks within TOGAF’s framework.

Option D:

Strengths:

Suggests categorizing stakeholders into groups and creating models for each category.

Proposes arranging meetings to verify that concerns have been addressed.

Includes risk management as part of the process.

Weaknesses:

Dividing stakeholders into generic categories (e.g., corporate functions, project team) may not adequately capture specific cultural factors and concerns raised in the scenario.

Lacks integration of stakeholder feedback into architecture deliverables such as the Architecture Vision and Architecture Requirements Specification.

Conclusion: Incorrect, as it provides a generalized and less targeted approach to stakeholder concerns compared to Option C.

TOGAF References

Stakeholder Management (Phase A): TOGAF emphasizes analyzing stakeholders’ positions, concerns, and issues to shape architecture development and communication (TOGAF 9.2, Section 24.2).

Architecture Vision: Captures high-level requirements and stakeholder views to ensure alignment with business goals (TOGAF 9.2, Section 6.2).

Architecture Requirements Specification: Records detailed requirements, including those related to risk management, to guide the development of target architectures (TOGAF 9.2, Section 35.5).

Iterative Feedback: Regular assessments and feedback loops are critical to ensure stakeholder concerns are addressed effectively throughout the ADM cycle.

By selecting Option C, the approach adheres to TOGAF's principles of stakeholder analysis, communication, and integration of concerns into architecture development.

In TOGAF, creating a Business Scenario is a foundational step in defining and understanding the business problem, especially for complex transformations involving multiple stakeholders andsystems, such as in this scenario. This method aligns with Phase A (Architecture Vision) of the TOGAF Architecture Development Method (ADM). Here’s why this approach is the most effective:

Understanding Business Requirements:A Business Scenario provides a structured way to capture and analyze the business requirements, stakeholder concerns, and the contextual elements related to the problem. In this scenario, the company faces challenges in integrating newly acquired companies with existing operations, which includes complex stakeholder concerns across different functional areas. Developing a Business Scenario allows the EA team to break down these complexities into identifiable and manageable parts.

Risk Evaluation and Management:By using the Business Scenario approach, the EA team can not only define the requirements but also assess associated risks systematically. TOGAF emphasizes the importance of risk management through identifying potential risks, evaluating their impact, and defining strategies for handling these risks. The process includes assessing how risks can be avoided, transferred, or reduced—a necessary step in large-scale transformations to ensure that risks are proactively managed.

Residual Risks and Governance:Any risks that cannot be fully resolved should be identified as residual risks and escalated to the Architecture Board, which is aligned with TOGAF’s governance approach. The Architecture Board’s role in TOGAF is to provide oversight and make critical decisions on risks that exceed the control of the EA team. This ensures that unresolved risks are managed at the appropriate level of the organization.

Alignment with TOGAF ADM Phases:The Business Scenario approach directly aligns with the Preliminary and Architecture Vision phases of the TOGAF ADM, which focuses on establishing a baseline understanding of the business context and the strategic transformation required. The detailed understanding of requirements, stakeholder concerns, and risks identified here will guide the subsequent phases of the ADM, including Business Architecture and Information Systems Architecture.

TOGAF Reference (Section 2.6, ADM Techniques):TOGAF provides guidelines on the creation of Business Scenarios as part of ADM Techniques, highlighting the importance of defining a business problem comprehensively to ensure successful transformation. This method includes identification of stakeholders, business requirements, and associated risks, which aligns well with the company's need for strategic and systematic integration of new business units.

By utilizing a Business Scenario, the EA team ensures that all aspects of the transformation are well understood, risks are identified early, and residual risks are managed effectively, aligning with the company's strategic objectives and the TOGAF framework’s guidance on risk management and stakeholder alignment.

The Implementation Governance Model is a framework that defines the roles, responsibilities, processes, and standards for governing the implementation of the target architecture. It ensuresthat a project transitioning into implementation also smoothly transitions into appropriate Architecture Governance, which is the practice of ensuring compliance with the enterprise architecture and its principles, standards, and goals. The Implementation Governance Model is part of the Implementation and Migration Plan, which is the output of Phase F: Migration Planning of the Architecture Development Method (ADM)12 References: 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning 2: The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance

Phase A: Architecture Vision identifies stakeholders, their concerns, and defines the scope and objectives of the architecture engagement.

Defining enterprise strategy is outside ADM (it is a business planning activity).

Describing the target architecture happens in Phases B, C, and D.

Developing an EA Capability is done in the Preliminary Phase, not Phase A.

The chart shown is a Gantt chart, which is commonly used for project management to illustrate a project schedule. In the context of TOGAF (The Open Group Architecture Framework), which is a framework for enterprise architecture, this Gantt chart is demonstrating the sequenced approach to the Architecture Development Method (ADM). The ADM is the core process of TOGAF which provides a tested and repeatable process for developing architectures. The ADM is described as being iterative, over the whole process, between phases, and within phases. For each iteration of the ADM, a fresh decision must be taken about each of the parameters (scope, granularity, time period, and architecture assets).

The ADM consists of a number of phases that have to be followed in sequence:

Preliminary Phase: Framework and principles

Phase A: Architecture Vision

Phase B: Business Architecture

Phase C: Information Systems Architectures, including Data and Application Architectures

Phase D: Technology Architecture

Phase E: Opportunities and Solutions

Phase F: Migration Planning

Phase G: Implementation Governance

Phase H: Architecture Change Management

Requirements Management

Each phase is dependent on the outputs of the previous phase and the Requirements Management phase runs throughout. The Gantt chart clearly shows the dependency and sequence in which these phases occur, implying that a structured approach is followed to produce the enterprise architecture.

The TOGAF Standard, Version 9.2, a standard of The Open Group

The TOGAF documentation available at https://publications.opengroup.org/standards/architecture and https://publications.opengroup.org/guides/architecture

Comprehensive and Detailed Explanation

Let’s examine each statement against the TOGAF ADM principles:

All ADM activities are carried out within an iterative cycle of continuous architecture definition and realization

Correct. The ADM is iterative in three dimensions: across the cycle, between levels (enterprise, segment, capability), and within phases. This means architecture development is never linear but part of a continuous cycle of definition and realization.

The Requirements Management phase is a continuous phase

Correct. Requirements Management is central to the ADM cycle. It operates continuously, ensuring requirements are identified, stored, and addressed throughout all phases, not only in a single step.

Output from an early phase may be modified in a later phase

Correct. The ADM is iterative and allows feedback between phases. For example, new requirements identified in later phases may lead to modifications of deliverables from earlier phases.

When a phase starts, the previous phase closes

Incorrect. The ADM is not strictly sequential. Phases can overlap, iterate, and provide feedback loops. One phase starting does not imply that the previous phase is closed; instead, phases interact dynamically.

Correct Mapping

Statements 1, 2, and 3 are correct.

Statement 4 is incorrect.

Correct answer is B (1, 2 & 3).

Why the other options are incorrect

A (2, 3 & 4): Includes statement 4, which is incorrect.

C (1, 2 & 4): Includes statement 4, which is incorrect.

D (1, 3 & 4): Includes statement 4, which is incorrect.

References

The Open Group, TOGAF® Standard, Version 9.2, Part II: ADM — overview of ADM iterations, Requirements Management, and feedback between phases.

The Open Group, TOGAF® 9 Certified Study Guide — emphasizes ADM as iterative and requirements-driven.

The TOGAF standard divides Enterprise Architecture into four primary architecture domains: business, data, application, and technology. These domains represent different aspects of an enterprise and how they relate to each other. The business domain defines the business strategy, governance, organization, and key business processes. The data domain describes the structure of the logical and physical data assets and data management resources. The application domain provides a blueprint for the individual applications to be deployed, their interactions, and their relationships to the core business processes. The technology domain describes the logical software and hardware capabilities that are required to support the deployment of business, data, and application services. Other domains, such as motivation, security, or governance, may span across these four primary domains. References:

The TOGAF Standard, Version 9.2 - Core Concepts

Domains - The Open Group

TOGAF® Standard — Introduction - Definitions - The Open Group

The TOGAF Standard, Version 9.2 - Definitions - The Open Group

TOGAF and the history of enterprise architecture | Enable Architect

An Enterprise Architecture Capability is the ability of the organization to perform effective and efficient architecture work, including the definition, governance, and management of its architectures2. The Preliminary Phase involves the following activities1:

•Reviewing the organizational context, scope, and drivers for conducting Enterprise Architecture

•Establishing the Architecture Capability desired by the organization, including the maturity level, roles, responsibilities, processes, and tools

•Defining and establishing the Organizational Model for Enterprise Architecture, which describes how the architecture function is organized and integrated within the enterprise

•Defining and establishing the Architecture Governance framework, which provides the mechanisms for ensuring the quality, consistency, and compliance of the architecture work

•Selecting and implementing the tools that support the Architecture Capability, such as repositories, modeling tools, and communication tools

•Defining the Architecture Principles that will guide and constrain the architecture work, based on the business principles, goals, and drivers of the organization

•Defining the Organization-Specific Architecture Framework, which is an adaptation of the generic TOGAF ADM to suit the specific requirements, standards, and practices of the organization

The Preliminary Phase is essential for preparing the organization for the successful development and implementation of its architectures, as well as for ensuring the alignment of the architecture work with the business strategy and objectives1.

In TOGAF’s treatment of risk within architecture governance and ADM Guidelines & Techniques, risk management is seen as a continuous process including several phases. First one classifies potential risk types. Then one identifies specific risks. After identification comes assessment (evaluating likelihood and impact), monitoring (tracking over time), mitigation (taking actions to reduce the risk), and related response or treatment options to decide what to do with residual risk. That sequence—classification, identification, assessment, monitoring, mitigation, and response—completes the risk management life cycle. It does not stop at evaluation or reporting; it includes active monitoring, control, and reaction to risks over time.

These domains provide a consistent way to describe and understand the architecture from different perspectives, such as business, information, and technology12. Each domain has its own set of concepts, models, views, and artifacts that define the structure and behavior of the architecture within that domain12.

The other options are incorrect because:

•Logical and Physical are not architecture domains, but rather levels of abstraction that can be applied to any domain. Logical architecture describes the functionality and behavior of the system, while physical architecture describes the implementation and deployment of the system3.

•Information and Data are not distinct architecture domains, but rather aspects of the same domain. Information architecture describes the meaning and context of the data, while data architecture describes the structure and format of the data4.

•Capability and Segment are not architecture domains, but rather levels of granularity that can be applied to any domain. Capability architecture describes the current and desired states of a specific business capability, while segment architecture describes a subdivision of the enterprise that has a clear business focus5.

Based on the web search results, architecture partitioning is a technique that divides the Enterprise Architecture into smaller and manageable segments or groups, based on various classification criteria, such as subject matter, time, maturity, volatility, etc.12 Architecture partitioning is used to simplify the development and management of the Enterprise Architecture, by reducing complexity, improving governance, enhancing reusability, and increasing alignment and agility12. Therefore, the statement that partitions are used to simplify the management of the Enterprise Architecture is correct.

The other statements are incorrect because:

•Partitions are not equivalent to architecture levels. Architecture levels are different layers of abstraction that describe the Enterprise Architecture from different perspectives, such as strategic, segment, and capability3. Partitions are subsets of architectures that are defined within or across the levels, based on specific criteria1.

•Partitions do not necessarily reflect the organization’s structure. The organization’s structure is one possible criterion for partitioning the architecture, but it is not the only one. Other criteria, such as business function, product, service, geography, etc., can also be used to partition the architecture12.

•Partitions are not defined and assigned to agile Enterprise Architecture teams. Agile Enterprise Architecture is an approach that applies agile principles and practices to the architecture work, such as iterative development, frequent feedback, adaptive planning, and continuous delivery4. Partitions are not a specific feature of agile Enterprise Architecture, but a general technique that can be applied to any architecture method or framework, including TOGAF12.

The Request for Architecture Work is a deliverable that is sent from the sponsor and triggers the start of an architecture development cycle. It defines the scope, budget, schedule, and deliverables for a specific architecture project. The Statement of Architecture Work is a deliverable that is produced by the architect and defines the approach and resources needed to complete an architecture project. It forms the basis of a contractual agreement between the sponsor and the architecture organization. The Architecture Principles are a deliverable that is produced by the architect and defines the general rules and guidelines for the architecture work. They reflect the business principles, business goals, and business drivers of the organization. The Architecture Requirements Specification is a deliverable that is produced by the architect and defines the requirements that govern the architecture work. It covers both functional and non-functional requirements as well as constraints and assumptions. 

At this stage in the scenario:

A strategic architecture has been completed.

All divisions have completed their Architecture Definition Documents.

Work packages have been defined.

Transition Architectures between Baseline and Target are already identified.

A draft roadmap exists for a multi-year phased migration.

You are now asked to plan the next steps for the migration, which aligns exactly with TOGAF ADM Phase F: Implementation and Migration Planning.

In Phase F, TOGAF prescribes the following key activities:

Evaluate and prioritize projects and work packages

Determine business value, cost, risk, dependencies

Confirm Transition Architectures and sequencing

Update and finalize the Implementation & Migration Plan

Option B is the ONLY answer that correctly follows these required TOGAF steps.

✔ Why Option B is correct

Option B states:

“Estimate the business value for each project by applying the Business Value Assessment Technique … to prioritize the migration projects.”✔ This is a TOGAF-recommended technique specifically for Phase F to evaluate and prioritize transformations using value, risk, and ROI.

“Confirm and plan a series of Transition Architecture phases … using a table of Architecture Definition Increments.”✔ Exactly aligned with TOGAF:

Transition Architectures were identified earlier.

In Phase F, they must be confirmed, sequenced, and documented.

“Update the Implementation and Migration Plan.”✔ This is the required output of ADM Phase F.✔ At this point, the plan must be validated and finalized based on value and prioritization.

Thus, Option B directly matches TOGAF’s prescribed migration planning process.

✘ Why the other options are incorrect

A – Incorrect

Suggests finalizing Architecture Definition documentation—this was already completed by each division.

Introduces an “Implementation Governance Model,” which is not a TOGAF artifact at this stage.

Focuses on lessons learned BEFORE execution, which is not appropriate for migration planning.

C – Incorrect

Focuses only on project selection and resource assignment.

Does not use TOGAF techniques for value/risk evaluation.

Does not reference Transition Architectures, which are central in the scenario.

Oversimplifies Implementation & Migration Planning to resource scheduling.

D – Incorrect

Compliance Assessments occur DURING execution, not before migration planning.

At this stage, no implementation has started, so compliance reviews are premature.

Adjusting performance requirements now has no alignment with TOGAF’s ADM sequence.

The Business Value Assessment Technique is a technique that can be used to estimate and compare the business value of the projects and project increments that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. The business value is the measure of the benefits or advantages that the project or project increment delivers to the business, such as increased revenue, reduced costs, improved quality, or enhanced customer satisfaction1

The steps for applying the Business Value Assessment Technique are:

Identify the criteria and factors that are relevant to the business value assessment, such as costs, benefits, risks, and opportunities. The criteria and factors should be aligned with the business goals and drivers that motivate the architecture work, and the stakeholder requirements and concerns that influence the architecture work.

Assign weights and scores to the criteria and factors, using various methods, such as expert judgment, historical data, or analytical models. The weights and scores should reflect the importance and performance of the criteria and factors, and the trade-offs and preferences of the stakeholders.

Calculate the business value for each project or project increment, using various techniques, such as net present value, return on investment, or balanced scorecard. The business value should indicate the expected or actual outcomes and impacts of the project or project increment on the business.

Prioritize the implementation projects and project increments, based on the business value and other considerations, such as dependencies, resources, or risks. The prioritization should determine the order or sequence of the projects and project increments, and the allocation and utilization of the resources.

Therefore, the best answer is C, because it describes the next steps for the migration planning, which are the activities that support the transition from the Baseline Architecture to the Target Architecture. The answer covers the Business Value Assessment Technique, which is relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 28: Business Value Assessment Technique : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks