Stage 5. Technology Architecture and Cross-Cutting Design: phase summary
Stage 5 turns the business, information, and application decisions from earlier stages into platform, security, resilience, and sustainability choices the enterprise can govern. The thread that runs through every module is traceability: a technology choice that cannot be traced back to an upstream business outcome, information-authority decision, application boundary, or architecture principle is vendor preference with architecture language applied afterwards, not technology architecture. London Grid Distribution is the worked example throughout, where the connections reform business case, the LTDS publication obligation, and the OT/IT separation principle all feed directly into Phase D decisions.
Phase D is a translation layer, not a fresh start
Phase D translates earlier enterprise decisions into concrete technology services, infrastructure patterns, resilience postures, and integration foundations. C220 Part 1 defines two canonical objectives: develop the target Technology Architecture that supports the business, data, and application domains, and identify candidate roadmap components from the baseline-to-target gaps. The traceability test is the single sharpest quality check in the stage: if the technology target could have been written before the earlier stages existed, the traceability is too weak and the exercise has collapsed into procurement preference.
Coherence comes from controlled variance, not uniformity
Platform strategy decides how much the enterprise standardises and where it tolerates deliberate difference. Both rigid standardisation, which breeds shadow IT, and uncontrolled freedom, which destroys integration, are weak positions. Controlled variance is the stronger target: strong defaults with clear rationale, an explicit and governed exception process, and interoperability rules that apply to everything. The TOGAF interoperability framework gives four lenses to test each platform boundary against, operational, information, technical, and business interoperability, and G217 patterns (platform as capability, multi-speed architecture, guardrail governance) make controlled variance workable across teams that change at different speeds.
Security, restraint, and sustainability are structural, not decorative
Early security changes the architecture; late security mostly raises cost and exception volume. G152 integrates security into every ADM phase across six risk categories, and SABSA layers map onto TOGAF where critical infrastructure needs auditable traceability. Microservices are an enterprise decision, not a code-structure one: the four-dimension assessment (domain quality, deployment pressure, operating capability, team structure) should be recorded before committing, and a modular monolith is often stronger when boundaries are unclear or operating maturity is low. The G248 sustainability framework (measure before you manage, proportionality, lifecycle design, record where it changed the decision) gives concrete carbon-aware levers, but sustainability never overrides safety or operability.
Reference models and gap analysis prepare the roadmap
Reference models supply reusable structure positioned towards the generic end of the Enterprise Continuum, not a substitute for local architecture; the adopt, adapt, or resist framework forces a recorded position on each element. Technology gaps must be stated as missing capabilities or properties, not missing products. The C220 Part 3 baseline-target matrix enriched with consequence, constraints, and priority, plus G249 Architecture Decision Records (context, options, reasoning, consequences, rationale), turn comparison into defensible architecture reasoning that carries dependency and constraint information into Stage 6 roadmap sequencing.
The London walkthrough proves the whole stage
The closing module synthesises every Stage 5 concept against London Grid Distribution and shows that resilience risk usually lives in the joins between OT, telecoms, IT, data, and governance, not inside any single domain. A governance-ready view shows dependency chains, trust boundaries, recovery sequencing, and traceability together in one picture. The five priority London gaps (OT/IT separation, telecom diversification, publication pipeline independence, cross-domain observability, and identity separation) each carry enough consequence and constraint detail to feed roadmap work.
Watch out for
- Treating Phase D as the moment technology teams finally make independent decisions, rather than translating upstream enterprise reasoning into technology terms.
- Writing a target state that reads like a product catalogue, where removing vendor names leaves no coherent enterprise reasoning behind.
- Bolting security, resilience, and operability on as afterthoughts, producing a long list of exceptions instead of structural design changes.
- Stating gaps as missing products, listing benefits only, or copying a reference model so literally that compliant-looking architecture hides a gap in the enterprise's own thinking.
Key takeaways
- Phase D supports the business, data, and application domains; it does not operate independently. The word supports is the test of whether a technology target is genuine architecture.
- The traceability test: could this technology target have been written before the business, information, and application stages existed? If yes, the traceability is too weak.
- The TOGAF interoperability framework has four lenses (operational, information, technical, business) and all four should be assessed for every major platform boundary.
- Controlled variance beats both rigid standardisation and uncontrolled freedom: strong defaults, explicit governed exceptions, and interoperability rules that apply to both.
- Microservices need the four-dimension assessment first; a modular monolith is often stronger when domain boundaries are unclear or operating maturity is insufficient.
- G152 integrates security across six risk categories; in London the most dangerous risks sit between domains (OT to telecom, telecom to IT, IT to publication).
- Gaps are missing capabilities, not missing products; G249 ADRs record options, reasoning, consequences, and rationale so trade-offs survive Architecture Board review.
With the stage's eight modules consolidated, you are ready to apply Phase D translation, controlled variance, security integration, decomposition restraint, and gap reasoning together in the Technology Architecture scenario practice.
Start the scenario practice