Portfolio Assignment - Complete Case

Study and Incorporate Cloud-Based AI

for

Master of Science

Information Technology and Communication

Abhijeet Babar

University of Denver University College

November 20, 2020

Faculty: Dr. Steven Russell, PhD

Director: Michael Batty, PhD

Dean: Michael J. McGuire, MLS

 Babar-ii

Table of Contents

Introduction...................................................................................................................................1

TOGAF & ArchiMate……………….……………………………………………………………………….... 2

Archisurance Case Study using ArchiMate and TOGAF ADM........................................3

Phase A: Architecture Vision…….………………………………………………………………………… 4

Phase B: Business Architecture‌...............................................................................................4

Phase C: Information System Architectures........................................................................7

Phase D: Technology Architecture.........................................................................................8

Archisurance EA Layer View……………………………………………………………………………………………….9

Archisurance Case Study and Security………………………………………………………………………….11

Security at Each Architecture Layer………………………………………………………………………………….12

Impact of Global Data Privacy and Data Sovereignty Regulations …………………………..13

The Impact of Regulations on Enterprise Architecture………………………………………………..14

The Impact Of Agile in Enterprise Architecture ………………….…………………………………………16

Cloud, AI and IoT in Enterprise Architecture……………………….…………………………………………17

Summary........................................................................................................................................19

References……………………………………………………………………………………………………………………………....21
 Introduction
The TOGAF standard is an architecture framework for enterprise architecture. Architecture
framework is a set of methods, tools and a common language for assisting the creation, adoption
and maintenance of an enterprise architecture. An architecture framework often contains an
iterative process for creating architecture and with the TOGAF standard that is embodied in the
architecture development method or ADM. There are a couple of definitions for enterprise
architecture or for architecture. There is an international standards organization called
ISO/ICE/IEEE and they put together a joint standard called 42010:2011 version, they update this
standard from time to time. That standard says, ‘The fundamental concepts or properties of a
system in its environment embodied in its elements, relationships and in the principles of its
design and evolution’. This is a very generic definition of architecture having to do with properties
and elements and relationships etc. TOGAF 9.2 does contain that standard for architecture but it
also adds a sentence to it as well, the TOGAF 9.2 definition of architecture is the ISO definition
plus the structure of its components, their interrelationships and the principles and guidelines
governing their design and evolution over time. Now if you put those two statements together
side by side, you'll see that they're essentially saying around the same thing. So, an architecture is
both the components of a system and the relationship to each other so, the boxes and lines of a
system, plus the principles rules and guidelines governing their design and evolution over time.
TOGAF is helps in developing a proper architecture capability in the organization. TOGAF
has architecture governance, a standard meta model for storing, organizing your information
principles for the design of those documents and a standard process for evolving that architecture
in the months and years ahead. Architecture is not a static thing. It's actually how we do things.
this demonstrate the process with the example of Archi-insurance case study in this document.
 TOGAF & ArchiMate
ArchiMate: the ArchiMate is a language used for modeling and it used in TOGAF
framework to design enterprise architecture by the Architects. TOGAF: The TOGAF is a modeling
framework which used by many organizations for the development of enterprise architecture.
TOGAF and ArchiMate: By using ArchiMate modeling language with TOGAF architects can create
different views of different architecture viewpoints provided in TOGAF framework. ArchiMate
language was created and developed for providing compatibility with TOGAF framework so that
following TOGAF standard and guidelines would be easy for an architect while designing modeling
tasks.
The ArchiMate language and the TOGAF framework share many features and even
overlaps while using their concepts and viewpoints as they have very firm and common
foundation. These two complementing each other with development process of an enterprise
architecture definition and defining the modeling language for EA modeling. The Modeling of the
EA is supported by ArchiMate 3.0 standard in all phases of TOGAF development (ADM method).
Following diagram illustrate the mapping of ArchiMate and TOGAF ADM:

Figure 1.

As shown in diagram there are Five layers to the mapping Strategy and Motivation,
Business layer, Application layer, Technology layer and Implementation and migration layer. Out
of which Business layer Application layer and Technology layer are the core layers of the TOGAF
framework. We will learn about every layer by studying merger of three independent companies
who formed the ArchiSurance insurance. The ArchiSurance Case Study talks about the Baseline
Architecture of the ArchiSurance company and the change scenarios occur during merger. We
could apply this case study to different scenarios in our career in future.
 ArchiSurance Case Study using ArchiMate and TOGAF ADM
Each phase of the ADM after the preliminary phase takes inputs from the previous phase
and produces outputs to be used in the subsequent phase. Artifacts and documentation
accumulate in the center in requirements management. The preliminary phase identifies who will
do the work? It also defines essential architectural principals and scope, TOGAF is designed to be
adapted so the first step is to adapt it. Architects will decide exactly how to apply TOGAF in this
phase, tweaking it for best fit. The artifacts represent a piece of data that is used/produced in a
software development process and operation of an IT system. In ArchiSurance there are many
artifacts like user data, information technology capabilities, CEO-CTO level considerations,
business activities, software and hardware systems, databases environments, etc.
Phase A, architecture vision starts when the business formally requests architecture work,
in this case the point-of-sale system. The business expresses the request in terms of business
goals, in our example the new point-of-sale system should save the company money over time,
and perhaps be more accurate and efficient than the previous one. EA formally documents the
architectural principals and scope of the architectural effort, explicitly both what is and what is
out of scope. For example, our point-of-sale system is going to connect to a lot of other systems
so it would be easy to get pulled into discussions about upgrades and changes to those integrated
systems. To keep the focus on the point-of-sale system, the statement of work could state
explicitly that all changes to any other integrated system is out of scope, the output of phase A is
an architectural statement of work and final approval from executive management.
The ArchiSurance Case Study talks about merging of three companies into one greater
organization. The company now consists of three divisions with the same names and
headquarters as their independent predecessors.
 Home & Away, specializing in homeowners’ insurance and travel insurance
 PRO-FIT, specializing in auto insurance
 Legally Yours, specializing in legal expense insurance
 Figure 1. Merging Diagram

Phase A: Architecture Vision

In Architecture vision i.e. Phase A of TOGAF framework, the main concern was high level
vision establishment for the ArchiSurance architecture for all domains and subdomains in the
organization architecture. Establishing and modeling the strategy of business and solutionize the
implementation strategy are the important parts of this vison.

Figure 2. Implementation Strategy

Following is the stakeholder view which enables the architect to model the stakeholders,
their agitation and their power sources and weaknesses. Price and sales target

Figure 3. Stakeholder view

have positive impact on stakeholder and product portfolio which can improve profitability and
customer satisfaction. To achieve this goal the cost reduction in maintenance and personal
spending are important.
The Strategy viewpoint diagram which allows the Architect to model an overview of the
courses of action chosen or considered by the ArchiSurance, It also shows the capabilities and
resources supporting them, the envisaged outcomes, which help enterprise understand how
these contribute to the enterprise‘s goals and drivers.

Figure 4. Strategy viewpoint

The relationships between strategy, capabilities, envisaged outcome, and stakeholders’
drivers is shown in Figure above. The Digital Customer Intimacy strategy requires ArchiSurance to
develop a number of new capabilities and resources, including data analysis, acquisition data and
digital customer management.

Phase B: Business Architecture‌

Phase B, business architecture defines the current and target business architectures, when
the technology changes the business must also change. This includes a model of the business
functions that are impacted by the new system. The output of phase B is a plan for how the
business will need to adapt the way it works, to integrate the new point-of-sale system. A
practical example might include changes to the way inventory is ordered or distribution logistics
are handled.
 Figure 5. Business architecture diagram
In Phase B i.e. business architecture phase of the TOGAF, the ArchiMate modeling which
can be used to define and compensate ArchiSurance organizational goals. The main business
functions that ArchiSurance distinguishes are document processing, investment management,
sales, finance, claims, customer relations, marketing.

Figure 6. High-level business structure and integration

Above diagram shows the high-level business structure and integration of one or more
business processes. The phase B provides inputs to Phase C i.e. information system, and the
inputs can be used to visualize the technology architecture.
 Phase C: Information System Architectures
Phase C, information systems architectures models the changes that will need to be made
in the data and application architecture domains, the output of phase C will be a generalized
model of the changes that are needed to plug in our new point-of-sale to the rest of the
enterprise. The model will need to account for all kinds of changes, at headquarters and at retail
stores. The back-office component of our sales system may require data we don't currently have,
or data that is difficult to access. The retail stores may have existing integrations between their
local point-of-sale installation and other systems like security, or timekeeping. All these changes
must be documented, and solutions must be accounted for in the target model.

Figure 7. Information structure diagram

Like every information models the information structure viewpoint shows enterprise
specific data utilization within that organization. This information data in the form of data type or
object/class structure. Above figure shows the information structure view of main business
objects.

Figure 8. Data dissemination diagram

 The Data Dissemination diagram above, is to show the relationship between data entity,
business service, and application components. The diagram shows how the logical entities are to
be physically realized by application components.

Phase D: Technology Architecture

Phase D technology architecture is where things start getting specific, all the work that has
been done so far is general modeling. The technical architecture gets to the real technical detail.
The outputs of phase D include a comprehensive technical architecture, with technical principals,
constraints, and a draft technology architecture model. The technology architecture model may
include specific implementation details such as the choice of database platform, the specific
protocol to be used for a systems integration and blueprints for the physical and logical
implementation of architectures of the point-of-sale. These artifacts will be used to guide the
implementation and should be updated with additional details during the engineering effort.
The following figure shows the Infrastructure viewpoint, it contains major components for
building ArchiSurance ecosystem. Most of the software and hardware require to create
application layer which contains physical devices like LAN, WAN devices, infrastructure elements
like web server, CRM server, back office cluster, etc. It also has software required for application
layer, such as OS, DB, etc.

Figure 9. Technical infrastructure view

These components are grouped by department like backend office, legal office, front
office, etc. also they can be grouped by location. Above figure also shows the network connection
for internal infrastructure LAN and for accessing remote services with WAN.
 ArchiSurance EA Layer View
Archi and ArchiMate assistance in planning and visualizing a business transformation is
very vital. Following is the layered diagram of ArchiSurance enterprise architecture, which consists

Figure 10. ArchiSurance layered view

of External Roles and Actors, External Business Services, Business processes and internal actors /
roles, External Application Services, Application Components and Services, and Infrastructure.
ArchiMate provides a visual model of the Enterprise architecture and its relationship with the
department. This visual assistance gives stakeholders to visualize the enterprise and plan roadmap
for development process with timeline. Above diagram shows the output of ArchiMate, which is
layered diagram of ArchiSurance enterprise architecture.

The Open Group (2018) state that “security concerns are pervasive throughout the
architecture domains and in all phases of the architecture development. Security is called out
separately because it is infrastructure that is rarely visible to the business function”. The
enterprise security architecture is an enterprise architecture applied to security domain which
mainly deals with information technology security, encryptions of sensitive data, security of
physical access, etc. Security architecture provides similar architecture views to stakeholders in
order to understand gaps and risks in every level.

Archisurance Case Study and Security

A Security Architecture is a structure of organizational, conceptual, logical, and physical
components that interact in a coherent fashion in order to achieve and maintain a state of
managed risk and security (or information security). In order to expand insurance business and
drive market value, three different insurance companies merged to form the Archisurance.
Regardless of their similarities when they visualize merger, it was very challenging and complex to
assure meaningful union. From a security perspective, the understanding and predictability of the
security posture established in each phase is greatly disrupted, the introduction of new risks at
worst. In this paper we will be covering the security practices of Archisurance merger. This merger
involves three insurance companies, the Archisurance case study deals with combining these
companies in a way that the legal and operational entities cease to exist. This process has a
combine effort and a shared burden in defining and modifying business model, customer
experiences, launching strategy, etc. The merging comes with the risk and different clearances
and support from stakeholders in order to be a successful merger. It also hampers on resource
allocations, day to day decisions and handling business priorities in a typical business operation.
All merging companies share same interest in articulating the enterprise structure and
functionalities from a operational, financial and regulatory prospective.
Security Architecture components always have a relationship with other elements in the
architecture. Let’s discuss the risks associated with each layer and discuss Security architecture
surrounding every phase. Following diagram shows Enterprise Security Architecture with respect
to each phase in TOGAF ADM framework. The Enterprise Security Architecture can be further
divided into Information Security Management and Enterprise Risk Management.

Figure 11. Essential Security and Risk Concepts and their Position in the TOGAF ADM

Information Security Management: “ISO/IEC 27001:2013 is a standard that specifies the

requirements for establishing, implementing, maintaining, and continually improving an
information security management system within the context of the organization. This
International Standard also includes requirements for the assessment and treatment of
information security risks tailored to the needs of the organization.” ISO/IEC 27001:2013 explains
the information security management process and it help the stakeholders understand the basic
logic and fundamental concepts that are required by the TOGAF ADM framework.
Enterprise Risk Management: “ISO 31000:2009 sets out principles, a framework, and a
process for the management of risk that are applicable to any type of organization in the public or
private sector. It does not mandate a “one size fits all” approach, but rather emphasizes the fact
that the management of risk must be tailored to the specific needs and structure of the particular
organization.”
 Security at Each Architecture Layer
Phase A: Two main stakeholders i.e. customers and board members are would have their
concerns during this merger. This merger will require new approval considering the three
organizations now sharing each other’s data in newly formed Archisurance enterprise. There are
also associated banks, insurance agents and lastly the legal department will have to provide their
concerns and associated requirements for security approval. Following diagrams shows the
customer’s data and information flow within the Archisurance enterprise architecture.

Figure 12. Stakeholder Customer

Figure 13. Stakeholder Customer’s Bank

The Phase B: The Security elements of Business layer include Security Policy Architecture,
Security Domain Model, Trust Framework, Risk Assessment, Risk Model Applicable Law and
Regulation. The Security Policy Architecture deals with security strategy policies which assigns
sense of accountability and ownership for risk management. A security domain model provides
assets to business attributes meaning, it combines the assets with similar security level which fall
under the jurisdiction of that security policy. Trust framework is nothing but the trust bonds
between many entities in the architecture domain, it also describes on what grounds that trust is
based. A risk assessment is the process of identifying the risks that are related to assets and or
processes.
The Phase C: The security element in Information Systems Architectures consists of
classification of functional security services and functional security services itself. The artifacts are
as follows:
o The Security Services Catalog is a list of services that provide security-specific functionality
as part of the overall architecture. Example of these services are training & awareness
programs, continuity, security analytics, audit, security intelligence, identity & access
management, digital forensics, network monitoring, etc.
o Security classification is a label attached to an asset, according to a classification scheme.
In most cases, this scheme is defined and described in the corporate information security
policy and the classification is based on one or more characteristics of the asset.
o Data quality is a key factor in operational risk management. Some of the key attributes
that contribute to data quality are accuracy, relevance, timeliness, currency,
completeness, consistency, availability, and accessibility.
Phase D: Technology Architecture artifacts, in most of the scenarios these artifacts are not
that important if in the development stage all relevant security concerns and functionalities are
defined. Security manager may add specific Architecture security view for particular technology
and how they affect each other in a bigger picture. This view provides how that technology
mitigate the business risk with justification.

Impact of Global Data Privacy and Data Sovereignty Regulations

On the 25th of May 2018 the new general data protection regulation became directly
applicable in all European Member States. The regulation not only applies to organizations which
process personal data and established in the European Union but also applies to any organizations
which process personal data of data subjects are in the Union. In order to offer them goods or
services or to monitor their behavior building on the foundations of previous data protection laws
the GDPR introduces a number of game-changing principles in the areas of privacy and data
protection. While CCPA has a narrower geography and focus than GDPR, compliance is still a
serious effort for organizations under its scope.
 The basic principles of it are the privacy by design, privacy is the default as we start to
build systems and collect and manage and distribute them. It's embedded to the design and
architecture of all the IT systems so, it is more than just data protection. It needs to be fully
functional and has to go through all of the design aspects and certainly of all the applications. The
security needs to be end-to-end rather than just at the very end, which is typically application
level security and to prove the point. The visibility and transparency are part of the regulations of
the Act for the data controllers(us), so we will be providing that notion of visibility and
transparency.

The Impact of Regulations on Enterprise Architecture

Data protection impact assessment establishes the need for certain organizations to assess
the level of risk they are exposing data subjects to data protection by design and by default. It
introduces the need to ensure privacy at every step of the services development lifecycle,
whenever you are developing a solution. This includes configuring the service to minimize the
amount of personal data that organization is collecting. Following are the impacts of regulation on
Archisurance’s plans.
o As the Archisurance wants to outsource its claims processing function and all supporting
technology to another company, based in Australia, we should make sure that company
which we choose to process client’s data is having high standards of data security in place.
o Also, to support its global reach and reduce risk of business interruptions due to
technology failures, Archisurance will move all of its remaining information systems and
the technologies which support them to the cloud to leverage the power of Infrastructure
as a Service (IaaS), so there are two main questions. On the one hand, companies need to
know which cloud providers they can trust. On the other hand, companies need to know
which technical and organizational measures they must take in order to be “GDPR-
compliant”.

Following are the recommendations to address issues or risks that the current plans
present.
o Contracts with Archisurance’s data processing providers i.e. outsourcing company based in
Australia and cloud service provider company should reflect respective CCPA and GDPR
responsibilities.
o The GDPR Article 30 compliance: Every data related to customer which company uses for
processing should be accurate and up to date, and we should have a legal right to retain it.
There should be a process in place which would make sure that data that Archisurance
using is compliant with GDPR article 30.
o We should ensure the Archisurance has a legal purpose for retention policy also ensure
that organization and the outsourcing partners are respecting these laws on data retention
in all measures.
o The Privacy regulations introduces new rights around data portability and data erasure.
Personal data erasure is not an absolute right should the insurance company have a legal
requirement to retain the data it would be retained. This means merging all three
companies will share a machine-readable data between themselves which is beneficial as
Archisurance will handle all data processing centrally.
o Organization level training require in area of data security and data breaches, also
employees should be trained in reporting such crimes to authorities.
o Data minimization and privacy by default and design must be a core principle of any data
processing.
o General training and awareness around data protection is critical for organizations as
incorrect data disclosure is the greatest reason for data protection breaches.
o Leadership should ensure that the company’s privacy policy is updated and communicated
to data subjects.
o Stakeholders of the organization are legally entitled to process personal data, that it has an
applicable legal basis be that contract, legal obligation or where consent based that any
required consent is in place. Where processing is based on consent ensure that there are
proper records of that consent. Consent is not likely to be the core legal basis in the
insurance industry.
o Demonstrating compliance is a key area under the accountability requirement of these
regulation, organizations must be able to demonstrate compliance with the regulation by
means of a paper trail.
o Appoint a DPO (Data Protection officer), The European Data protection working group
WP29 has identified the Insurance industry as an industry which should consider
appointing a DPO.
 Archisurance should conduct a risk assessment and based on results it should create and
maintain a cybersecurity program which will deal with the risks identified in assessment. The
Archisurance should also create and maintain disaster recovery and response plan, organization
should provide these guidelines to cloud service providers and outsourcing company based in
Australia. Certify compliance with the respective law/model regulation. Archisurance need a strict
policy execution plan for staying on top of new regulations. These laws should be obeyed without
fail while operating in states like California, New York or other eight states and EU. I think having
cyber security and cyber law department dedicated to focused on these new regulations would be
the crucial during merging of three insurance companies.

The Benefits of Agile in Enterprise Architecture

Every organization needs to be Agile in order to handle all kind of forces and developments
inside and outside the organization. Equally, organizations also need the structure and
overarching view of an organization that is provided by Enterprise Architecture. and in particular,
The TOGAF® standard, a standard of The Open Group. Both Lean and EA can make organizations
more Agile, but work from a different, complementary perspective. By synergizing both EA and
Lean knowledge, techniques, and people, many organizations are exploiting the strengths of both
approaches.
An enterprise is more than just a bunch of local developments by small teams. The pieces
of the puzzle that these teams work on must fit together somehow. And hopefully there is a vision
of the future, aligned with organization strategy, a set of goals that the organization aims for. EA
without agile may lead to slow and bureaucratic organizations that does not respond fast enough
to changes and trends, and only having a horde of scrum teams without some integrative,
overarching approach may lead to a disconnected landscape consisting of agile.
By weaving agility through your business efforts, companies can create environments that
stay focused on where the current need is within the industry and allow for quick pivots to
respond to demands. Successful agile practices require some big, but manageable, changes to
implement including a mentality of collaboration and cooperation across the company,
accounting for and encouraging calculated risk taking, and creating the bonds and working
relationships across development and IT Ops. Those that focus on these key areas ultimately
become “masters” of the Modern Software Factory and lead the way for organizations to come.
 Cloud, AI and IoT in Enterprise Architecture
Cloud computing is having a huge impact on the insurance industry, with benefits for
internal processes, new customer acquisition, and policyholder loyalty. Cloud Computing has had
a huge impact on all sectors, in terms of business processes, production dynamics, and in the
relationship with customers, users, employees, and suppliers.
To assess the impact of various technologies along the insurance value chain, Bain and
Google identified and analyzed more than 100 digital use cases and focused on the 30 most likely
to be disruptive within the next three to five years. Technologies that fall outside of that time
frame, even potentially transformative ones like self-driving cars, biosensors and smart contact
lenses, were excluded. The 30 use cases were grouped into seven broad categories and evaluated
for the effect they would have on the revenues and profits of a prototypical insurer—and by
extension on the global insurance industry (See Figure): Heat map shows the maximum impact on
revenue and cost for each technology in each business area, assuming a typical structure Sources:
Bain & Company; Google

Figure 14. Heat map of the maximum impact on revenue and cost for each technology

o Infrastructure and productivity: A modern IT architecture are critical for digital innovation.
Many insurers consider the cloud the best option for processing, computation and storage.
They can also use productivity tools such as coauthoring and video calling, and they can
connect with their customers through a seamless, omnichannel approach.
o Online sales technologies: Insurers can use cutting-edge techniques for targeting
customers, identifying user groups and analyzing consumption patterns.
o Advanced analytics (AA): With AA, insurers can gain extensive insights into customer needs
and preferences. Insurers can also draw on it to help fight fraud.
o Machine learning: With machine learning, insurers’ information systems can quickly adapt
to new data, without the need for reprogramming. Insurers can use machine learning to
shape underwriting, price products and manage claims.
o The Internet of Things: Networked devices in cars and buildings can protect people and
property and facilitate proactive, preventive maintenance, thus reducing accidents—and
claims. By analyzing data from sensors embedded in vehicles and other equipment,
insurers can gain insights into customer behavior.
o Distributed ledger technology: By arranging and documenting claims on distributed
ledgers, insurers can greatly reduce processing time. A whole new field is opening up for
smart contracts—that is, policies that are fully automated and updated based on a
blockchain’s entire database.
o Virtual reality (VR): The global fascination with the smartphone game Pokémon Go shows
VR’s popularity, but this technology also has the potential to transform the way
information for underwriting is gathered, as well as the way claims are settled. For
example, an insurer could use VR to create a three-dimensional image of a room or to
reconstruct an accident in minute detail.
 Summary
Case Study:
Enterprise architecture is a practice and a collection of skills that is used to align
technology strategy with business strategy. Business leaders rely on enterprise architects as
trusted technology advisors. An entity comprised of people working collectively toward a goal is
an enterprise. The technical definition of the term architecture in this context, the manner in
which the components of a computer or computer system are organized and integrated. So, EA
deals with the complex relationships between an enterprise organization, its people, the business
processes they support, and systems that automate those process.
An enterprise architect is an individual that works with senior executives to move an
organization through change. Their job is to focus on ensuring business goals and objectives are
met. Risk and liability vulnerabilities are reduced. Projects are aligned and the organize it is the
organization's ability to respond to change is increased. The high level the goal is to identify
components that must be achieved in order to tie everything together and make sure that those
critical success factors are met.
The ArchiMate and the TOGAF ADM provide enterprise architectures the tools and
framework/guidelines for defining and designing the formation steps for enterprise in order to
increase profitability and streamlining all the business processes. After studying Archisurance we
can reliably say that TOGAF is a proven method for creating and developing enterprise
architecture as per the business requirements. It helps stakeholders to understand and visualize
organization change in order to achieve organization goals.

AI and Cloud scope:

Introducing AI to the Archisurance will help improving the speed at which tasks can be
carried out, with Robotic Process Automation being used to take away simple, repeatable tasks
from Operational teams, and more complex actions now either being informed or carried out by
trained AI models. AI and cloud services will help us optimizing the service, or ‘next best action’,
insurers can provide to customers, brokers, and other external third parties, based on their
relationships, preferences, and past interactions, which also provide new insights that can be used
to adjust, and eventually optimize, the way insurers price and distribute their products and
services and manage risk.
 As alluded to above, successfully leveraging this technology requires new code
frameworks, change methodologies and, ultimately, a cultural shift for insurers. However, if
applied successfully, AI stands to benefit everyone; from the call center handler, to the
underwriter, to the customer.

.
 References
Henk Jonkers, Iver Band, Dick Quartel. 2012. “Case Study: Using ArchiMate with TOGAF", The Open Group,

Published January 2012, Accessed October 10, 2020.

https://www.ucipfg.com/Repositorio/MATI/MATI-04/BLOQUE-INICIAL/Caso_de_Estudio.pdf

Visual Paradigm. 2020. “Case Study: Using ArchiMate with TOGAF", Visual paradigm, Accessed October 20,

2020. https://www.visual-paradigm.com/guide/togaf/togaf-case-study-using-archimate-with-

togaf/

Visual Paradigm. 2020. “Chapter 31. TOGAF ADM Guide-Through", Visual Paradigm Community Circle, Last

Updated January 7, 2020, Accessed October 12, 2020. https://circle.visual-

paradigm.com/docs/togaf-adm-guide-through/

The Open Group. 2016. “Integrating Risk and Security within a TOGAF® Enterprise Architecture", The Open

Group, Published January 2016, Revised March 2019, Accessed October 30, 2020.

https://publications.opengroup.org/g152

The Open Group. 2018. "THE TOGAF® STANDARD, VERSION 9.2", The Open Group, Published April 2018,

Revised March 2019, Accessed October 30, 2020. https://publications.opengroup.org/c182

ISO/IEC 27001:2013: Information Security Management; refer to:

www.iso.org/iso/home/standards/management-standards/iso27001.html

ISO 31000:2009: Risk Management – Principles and Guidelines; refer to:

www.iso.org/iso/home/standards/iso31000.htm.

Laura Jehl, Jaime Petenko. 2020. “Privacy and Data Security: 2020 Considerations for The Insurance

Industry", McDermott Will & Emery, Published February 7, Accessed November 12, 2020.

https://www.ofdigitalinterest.com/2020/02/privacy-and-data-security-2020-considerations-for-

the-insurance-industry/?

utm_source=Mondaq&utm_medium=syndication&utm_campaign=LinkedIn-integration

Laura Jehl, Jaime Petenko. 2017. “GDPR and Cloud Computing – Challenges and Opportunities",

CloudSigma Holding AG, Published February, Accessed November 12, 2020.

 https://www.cloudsigma.com/gdpr-and-cloud-computing-challenges-and-opportunities/

Henrik Naujoks, Florian Mueller and Nikos Kotalakidis, 2017. "Digitalization in Insurance: The Multibillion

Dollar Opportunity", Bain & Company, Inc., Published March 20, Accessed November 18, 2020.

https://www.bain.com/insights/digitalization-in-insurance

Lambert, Daniel. 2018. "Tackling artificial intelligence using architecture", IDG Media Private Ltd., Published

December 20, Accessed November 18, 2020. https://www.cio.com/article/3328495/tackling-

artificial-intelligence-using-architecture.html