NMI LLC — Enterprise, Technology & Security Architecture

RAPID is a process for enterprise (EA), technology (EITA), and security (SA and ESA) architecture. RAPID produces the maximum improvement in the target architectures with the least possible time and effort. Improvements include:

• Business process efficiency
• Technology utilization
• Information management
• Security
• Governance
• Risk Management
• Compliance

Flexibility

While many architecture processes depend on a top-down approach, RAPID may be integrated at any level within an organizational structure—and will produce almost immediate improvements in process efficiency, technology utilization, and SGRC.

The scope of RAPID (the target architecture or target architectures) may be the entire enterprise or business, a business unit, the information technology function, the entire SGRC program, or individual elements of the SGRC program.

The flexibility of RAPID is why RAPID is the basis for so many NMI LLC services, including security, governance, risk management, and compliance services. This same flexibility allows you to integrate RAPID in a limited context, and then expand that footprint as other business functions see the value of the RAPID process.

Enterprise Architecture (EA & EITA) with RAPID

RAPID was originally designed to integrate and harmonize security, governance, risk management, and compliance principles with technology and business needs in large, highly regulated industries. RAPID is lightweight process based on rapid application design (RAD) principles. RAPID can be integrated with one or more existing enterprise architecture (EA) and enterprise information technology architecture (EITA) processes, models, frameworks, and taxonomies, including TOGAF, FEAF, PEAF, DODAF, Zachman.

Security Architecture (SA & ESA) with RAPID

RAPID in the security architecture (SA or ESA) context is a business process for developing and maintaining a comprehensive security, governance, risk management, and compliance (SGRC) program. Your SGRC program contains the policies, practices, guidelines, baselines, and procedures for governing enterprise information technology, managing risk to your organization, and assuring compliance with applicable laws, regulations, and standards.

Continuous change is a way of life in the the Internet age. RAPID is designed specifically to manage the risks associated with those changes:

• Changes in the legal and regulatory environment
• Changes in business goals and requirements
• Changes in information technology
• Changes in the risk environment (new assets, threats, and vulnerabilities)

Alignment with Business Needs, Goals, and Vision

Poor alignment of your enterprise, technology, or security architecture and your business requirements and goals can be fatal in today's rapidly changing business and technology environment. RAPID supports the development of a comprehensive architecture that is closely aligned with your business goals and able to adapt quickly to changes in the business, technological, compliance, and risk environments.

RAPID is particularly effective in regulated industries that must periodically assess compliance and work to meet emerging law and regulation. Whether your organization needs to comply with GLBA, SOX, HIPAA, NERC CIP, ISO 27001, COBIT, COSO, or ITIL, RAPID quickly identifies problems and provides to tools to correct them.

A relevant, adaptable, and continuously validated SGRC program is more critical to your business goals than any technology you can buy. Your SGRC program defines your SGRC strategy and tactics by integrating policies, practices, and specific implementation details.

Scalability

RAPID is designed to scale from small businesses to the world's largest and most complex organizations. RAPID achieves this scalability by following these principles:

• Reduction of Complexity. RAPID divides the target architecture into manageable elements:
  • Functional elements (security, governance, risk management & compliance)
  • Structural elements (management hierarchy & business function organization)
  • Priority (criticality of a functional or structural element to the SGRC program)

• Continuous improvement. By using frequent, lightweight architecture development cycles, RAPID avoids architecture team fatigue, ensures rapid adaptation to new business, technology, and SGRC needs, maintains focus on critical issues, and provides continuous validation and adaptation of your architecture.

• Vital perspectives. RAPID turns your employees into a force-multiplier for the target architecture. RAPID ensures Board, management, employee, and customer buy-in by including vital perspectives in the architecture process. Vital perspectives may include corporate, legal, financial, information technology, public relations, line employees, and customers.

Components of the RAPID Process

The key components of a RAPID engagement include the following assessment, development, and support activities:

• Risk Assessment. RAPID development is based on risk assessment and risk management principles. The risk assessment identifies critical assets, identifies threats to and vulnerabilities in those assets, and prioritizes further actions based on the likelihood and impact of loss events.

• Architecture Review. NMI reviews the existing target architecture, including, processes, policies, practices, procedures, standards, guidelines, and baselines, organizes them into an architecture document (AD), and provides a gap analysis that identifies areas where the target architecture can be improved.

• Awareness Review. To evaluate awareness and conformance to the target architecture, NMI interviews key personnel ranging from line employees to Board members. This process identifies gaps between the target architecture and actual processes and practices, and captures undocumented processes and practices that contribute to the target architecture.

• Architecture Development. Through a series of RAPID architecture development cycles, an NMI expert will act as your RAPID facilitator. No one knows your business better than you: the purpose of the NMI facilitator to guide your architecture team through the RAPID process of defining, understanding the impact of architecture decisions on SGRC and the business, and implementing policies, procedures, and practices that align the target architecture with business goals.

• Architecture Support. After the mentored architecture phase is complete, your organization assumes the leadership role in directing the ongoing RAPID process. NMI transitions into a support and maintenance role, allowing your organization to benefit from NMI's architecture, technology, and SGRC expertise on demand.

RAPID, RSK, STORM, and TrustPath are trademarks of NMI LLC.