EA and TOGAF: how do they differ?

On TOGAF and its relationship to EA (and BA and security)

Copyright 2017 Graham Berrisford. One of about 300 papers at http://avancier.website. Last updated 17/08/2017 21:05


Many who talk about TOGAF don’t well enough understand where it comes from and what it is today.

Do your customers presume TOGAF training teaches people to be architects? Or assume that EA is “doing TOGAF”?

This paper may help you educate them.

What is Enterprise Architecture (EA)?

EA emerged in the 1980s out of business system planning rather than business planning, to which it has always been subordinate.

The purpose of mainstream EA has always been to optimise and improve core business processes.

“An EA establishes the Agency-wide roadmap to achieve an Agency’s mission through optimal performance of its core business processes within an efficient IT environment.” (FEAF, 1999 reference).

“Companies excel because they've [decided] which processes they must execute well, and have implemented the IT systems to digitise those processes." (Ross, Weill and Robertson, 2006 reference).

The purpose of EA is to optimize across the enterprise the often fragmented legacy of processes (both manual and automated) into an integrated environment.” (TOGAF 9.1, 2009 reference)


The Information Age brought new opportunities, but also new difficulties.

It turned out that designing, building, testing and rolling out a digital business system is exacting work.

And changing those systems can be just as difficult.

People worked to support/enable, speed/scale up, optimise/extend particular business systems.

They acted independently of each other – under the influence of competing information technology vendors.

Thus, the enterprise acquired an estate of systems that were not standardised, not integrated and did not share common services.

Some systems stored different version of the same data, some did not interoperate, and many were tied to particular technologies.

This led to problems in coordinating the business roles and processes that relied on these information systems.

For example, sales and billing systems, or social and health care systems, might be inconsistent and uncoordinated.


So how does EA differ from solution architecture?

A solution architect’s vision usually has a relatively short time frame and narrow scope.

The need to take more strategic and cross-organisational view of business processes and business data became clear.

The origins of EA can be traced back to IBM’s Business System Planning method, which Duane Walker reputedly started c1970.

By the 1980s, the cost and quality issues caused by “silo systems” led many to call for higher-level “enterprise architecture”.

Enterprise architects take the broadest possible view, look to standardise, integrate and coordinate business systems across an enterprise.

They respond to the outputs of business planning, align system changes with them, and may influence them.


Business Planning

Business mission, vision, drivers, strategies, goals and top-level business plans.

Mergers, acquisitions, divestments, internal organisation restructurings and rationalisations.

Enterprise Architecture 

(Business Systems Planning)



Business functions/capabilities, roles, processes/value streams and their interrelationships.

The services they provide to each other and to entities in the business environment.

Information System


Applications and their interrelationships

The services applications provide to each other and to business activities.

Data stores and data flows, the data structures they contain and the qualities of that data.



Platform technologies and their interrelationships

The services technologies provide to each other and to business applications.


EA is challenging politically as well as technically.

The idea is to take a cross-organisational and strategic perspective of the architecture domains in the table above. 

To do this, architects need not only appropriate knowledge, skills and resources, but also cross-organisational authority.

Some enterprises have never set up an EA practice; some have done so and struggled to make an impact.


Some enterprise architects work in a team called “strategy and architecture” or the like.

They act as a central design authority and risk management function.

They guide and govern lower level solution and technical architects working on specific programmes and projects.

What is The Open Group Architecture Framework (TOGAF?

The Open Group’s vision is: “to achieve Boundaryless Information Flow™ through global interoperability in a secure, reliable and timely manner.”

Their mission is: “enabling access to integrated information within and between enterprises, based on open standards and global interoperability.”

They look to realise their vision and mission through the development of IT standards that make information systems portable and interoperable.


EA had been discussed for about 20 years before The Open Group Architecture Framework (TOGAF) was published.

Yet to begin with, TOGAF owed little or nothing to that EA history.

In 1990s, the US “IT Management Reform Act” demanded that federal government CIOs maintain a “sound and integrated IT architecture repository”.

And from 1996 to 2001, TOG members developed TOGAF versions 1 to 7 as a framework for IT architecture.

Some might call TOGAF versions 1 to 7 EITA, rather than EA.


Version 8

This "Enterprise Edition" borrowed a great deal from the US government’s Federal EA Framework (1999).

FEAF declared its aims as: “common data and business processes”, “information sharing” and “new and improved processes”.

TOGAF also promotes the “business operating model” principle (from “EA as Strategy”, 2006) of standardising and integrating processes across the enterprise.

 “Operating model” for core business processes

High integration



Low integration




Low standardisation

High standardisation


TOGAF 8 also extended the service-oriented specification approach already used in TOGAF 1 to 7.

"TOGAF Version 8… uses the same underlying method for developing IT architectures that was evolved [in] TOGAF up to and including Version 7.

That method was to define a system or component, an architecture domain or layer, logically, by the services it provides.

Version 8 applies that… method to the other domains of an overall Enterprise Architecture - the Business Architecture, Data Architecture, and Application Architecture, as well” http://www.opengroup.org/architecture/togaf7/index7.htm


Version 9

TOGAF versions 1 to 7 were enterprise-wide, but infrastructure technology-oriented.

Versions 8 and 9 became more business-oriented, but also more akin to a project management method, with side bar references to EA.


TOGAF 9 introduced a content framework and meta model based on a service-oriented approach to system specification.

The table below shows the terms TOGAF uses when abstracting Services from Building Blocks.

Generic meta model

Generic entities




Required behaviors


Business Services

IS/Application Services

Platform/Technology Services


Building Blocks

Functions & Roles

Application Components

Technology Components

Observations on TOGAF today

Today, TOGAF is a management framework for what it calls "the architecture project"

That is, an architecture-intensive project to design, plan and govern changes to an enterprise's business system(s).

(Other people do the detailed design, building and testing.)

TOGAF can be used in a way that supports and enables the work of enterprise architects.

But since it is often used as management framework for architecture-intensive solution-level projects, using TOGAF does not make you an enterprise architect.


The seven parts of the current standard are discussed below.

1: Introduction

This first part of TOGAF introduces the context for TOGAF, and defines core concepts.



TOGAF is a general purpose architecture framework – which can be and often is decoupled from EA

It is probably more often used for solution architecture work than for EA.

It does not teach you how to do architecture.

It is a menu of things TOG architecture forum members have done on different projects.

It assumes you know how to do these things (though some TOGAF tutors may explain some of them).

See “Further Reading” for principles used in how TOGAF describes architectures.

2: The Architecture Development Method (ADM)

The ADM is the core of TOGAF; it is a process for architecture-intensive work to design, plan and govern business systems.

It presents a menu of phases and activities in a rational sequence – outlined below.

You are expected to tailor the ADM process and meld it into your PMO processes.


ADM phase

You might reasonably read as a project management framework thus


Establish the capability to follow the ADM from A to H (when a request for work arrives).

A: Architecture vision

Feasibility study, and stakeholder approval of work to be done.

B,C,D: Business, IS and Technology architectures

Logical design of business processes and roles, and supporting data, applications and infrastructure.

E: Opportunities and solutions

Supplier/technology selection and transition state planning.

F: Migration planning

Planning of projects to develop and deploy new/changed systems.

G: Implementation governance

Governance of development and deployment projects.

H: Architecture change management

Governance of system changes after deployment.



A cycle of ADM starts with a "request for architecture work" (say, to improve our care-in-the-home business operation).

If stakeholders don’t approve the initial “architecture vision” at the end of phase A, then it is not taken forward.

If they do approve it, then the next step is to study the human activity system in more detail.

And then, how IT can best be used to support and enable that by regularising behaviors, store and transmit information.


Architects must tailor TOGAF to the needs of those who request architecture work.

You don’t set out to eat everything on the TOGAF menu in one cycle.

You select items that will help you address a sponsor's particular "request for architecture work".

3: ADM guidelines and techniques

This part contains techniques used during the ADM, and guidelines for adapting the ADM.

Several of the 10 techniques are management-oriented (e.g. stakeholder management, risk management) rather than architecture-oriented.

Below are a few observations on the 4 guidelines for adapting the ADM.


Iterative ADM: You can iterate between ADM phases, within each phase, and perform activities iteratively and/or in parallel.

You are not expected to follow the process in a strictly sequential fashion.

You tailor it, in concert with other methods your organisation uses.


Fractal ADM: The whole process of ADM is as fractal as you choose it to be.

TOGAF defines three levels of architecture project:

1.      Enterprise Strategic Architecture

2.      Segment Architecture

3.      Capability (aka Solution) Architecture

Much TOGAF content, and perhaps most TOGAF use, is at level 3, rather than the enterprise architecture level.


Service-oriented ADM: TOGAF has always recommended service-oriented specification of systems at all levels.

The chapter on SOA adds little value to the main body of TOGAF.


Security-oriented ADM: The chapter on security maps security considerations (copied from NIST standards) to ADM phases.

TOGAF is not a security architecture framework.

The aim is to help you position security considerations in the ADM process.

UK architects would more likely map the ISO 27001 standard to ADM phases.


Again, TOGAF is a management framework for architects; it does not teach professional architects how to do architecting.

4: Content framework (documented products)

This part is an extensive menu of products that may be produced by architects during the phases of the ADM.

There is also a meta model indicating how the elements of these products are related.

See “Further Reading” for the principles used in how TOGAF describes architectures.


Observations on business architecture

TOGAF catalogues more artifacts for documenting a business architecture than any other architecture domain.

It starts with analysis of required business goals, business services and the business scenarios required to deliver them.

The business architecture approach is based on universal system modelling principles.


The universal presumption is that activities can be modelled in:

·         sequences (called processes, scenarios)

·         cohesive clusters (called nodes, functions, roles)

·         collaborations (networks of nodes with flows between them).


The flows between nodes may be of energy, materials and/or information.

Flows may be interpreted as of value to senders and/or receivers.


TOGAF’s business architecture artifacts might be renamed in the current fashion.

·         Scenarios and processes might be called value streams.

·         Functional decomposition hierarchies might be called capability maps.

·         Node connectivity diagrams might be called value networks.

Renaming them doesn’t change the general principles.


Activities can be modelled at several levels of abstraction, and the granularity of the atomic activity is up to you.

5: The enterprise continuum and repository

The enterprise continuum is a structure for classifying architecture definition products.

The enterprise repository is a data store that contains architecture definition products (and other things).

Read TOGAF core concepts for a graphic of the enterprise continuum.



Implicit in TOGAF is a rejection of how the Zachman Framework was used in the 1990s.

You never “do TOGAF”, or attempt to fill the architecture repository for its own sake.

You use TOGAF as checklist for architecture work to be done in response to a sponsor’s request for work.

You populate the repository as a side effect of sponsored work.

It is questionable how many TOGAF users maintain a coherent enterprise repository.

6: The two reference models

A reference model is a general structure or pattern for use in different situations.

Today, the two reference models in TOGAF are inherited from earlier versions.


Technical Reference Model (TRM)

TOGAF versions 1 to 7 were designed help IT service managers deduplicate (rationalise) their enterprise’s infrastructure technology estate.

The TRM is used in this process, to classify and analyse the platform services provided by platform technologies.

(TOGAF 7 was squeezed into one of ten phases in TOGAF 8, and later compressed to only a few paragraphs in TOGAF 9).


Information Infrastructure Reference Model (III-RM)

TOGAF version 8 (called “the enterprise edition”) shifted focus towards higher level business and applications architectures.

The III-RM  was introducced with a view to supporting the TOG vision of Boundaryless Information Flow.

The III-RM is a design pattern for application integration (but only one of many design patterns that may be used for this purpose).

7: Architecture capability (including governance)

This last part is about the roles of architects in an enterprise, especially in governance.



Effective EA implies and requires governance of architects and by architects.

TOGAF refers to governance of architects by an architecture board.

The architecture board publish generic principles, standards, road maps etc. to which architects are expected to conform.

Architecture Governance

Architecture Practice

Principles, standards etc.

<publish>                        <used by>

Architecture board  <monitor and guide> Architects

Architecture definitions

<create and use>        <realised by>

Architects  <observe and envisage>  Systems


Architects create architecture definitions in response to requests for work that meet some aim(s) of the business.

TOGAF assumes governance by architects of system development/implementation and system change (in TOGAF phases G and H).

It is presumed that architecture and management roles are performed by different people.

Project managers manage projects to implement systems designed by architects.

A change advisory board governs work to change live systems.

Architects ensure projects and changes accord with architecture principles, standards and whatever architecture definition has been developed.

How TOGAF is written

It is difficult to get to grips with TOGAF just by reading it.

Or by attending a course presented by a tutor who qualified by passed the TOGAF exams.

Passing the exams is the least of what you need to know.


It helps to understand the context for TOGAF and its evolution to date:

·         US legislation that directed CIOs to maintain an IT architecture repository.

·         US federal government guidance on what EA means.

·         The broad methodology history that TOGAF draws from.

·         Various systems analysis and design methods and architecture frameworks.

·         The Open Group, its mission, vision and service-oriented specification principles.

·         The processes by which TOGAF content is developed.


Nobody is employed to write TOGAF; you might say it is crowd-sourced.

Any architecture forum member can request a change or draft a contribution.

From that point to publication in TOGAF is a long and democratic process.


There is no director or editor you can press to address your special concern.

TOGAF’s scope is determined by what forum members choose to write about.

If you want to contribute, then join the forum.


TOGAF tends to lag behind the times; it does not anticipate trends or publish speculative practices.

It contains only what has been approved by enough forum members

As things stand, the refresh cycle takes several years (remember training courses and examinations have to be updated).


TOGAF is free to read!

The astonishing thing is not that TOGAF is flawed; it is that it is reasonably coherent and consistent.

Further reading

Premises of EA in general and TOGAF in particular

TOGAF core concepts

Enterprise and Solution Architecture: How do they differ?


All free-to-read materials at http://avancier.website are paid for out of income from Avancier’s training courses and methods licences.

If you find the web site helpful, please spread the word and link to avancier.website in whichever social media you use.