2. Stakeholders & Concerns
Purpose
Section titled “Purpose”ISO/IEC/IEEE 42010 requires that an architecture description identify stakeholders and their concerns. This section ensures the SAD addresses the needs of all relevant parties and documents the compliance and regulatory context.
2.1 Stakeholder Register
Section titled “2.1 Stakeholder Register”Identify all stakeholders with an interest in the solution’s architecture:
| Stakeholder | Role / Group | Key Concerns | Relevant Views |
|---|---|---|---|
| Business Owner | Business | Business value, cost, timeline | Executive Summary, Cost |
| Solution Architect | Architecture | Design integrity, standards compliance | All views |
| Security Architect | Security | Threat model, access control, data protection | Security View |
| Infrastructure Engineer | Operations | Deployment, scaling, networking | Physical View |
| Data Architect | Data Management | Data storage, classification, privacy | Data View |
| Development Lead | Development | Component design, integration patterns | Logical View, Integration & Data Flow View |
| Operations / SRE | Operations | Observability, incident response, reliability | Quality Attributes |
| Compliance Officer | Compliance | Regulatory adherence, audit evidence | Governance |
| [additional stakeholders] | [role] | [concerns] | [views] |
Guidance
Consider stakeholders from:
- Business - sponsors, product owners, end users
- Technology - architects, engineers, developers, DBAs
- Operations - SRE, support teams, NOC
- Security & Compliance - CISO office, risk, audit
- External - vendors, customers, regulators, partners
2.2 Concerns Matrix
Section titled “2.2 Concerns Matrix”Map stakeholder concerns to the views and sections that address them:
| Concern | Stakeholder(s) | Addressed In |
|---|---|---|
| Solution meets business requirements | Business Owner | 1. Executive Summary, 3.6 Scenarios |
| Solution is secure and compliant | Security Architect, Compliance | 3.5 Security View, 6. Governance |
| Solution is reliable and recoverable | Operations, Business | 4.2 Reliability & Resilience |
| Solution is cost-effective | Business Owner, Finance | 4.4 Cost Optimisation |
| Solution can be operated and monitored | Operations / SRE | 4.1 Operational Excellence |
| Data is properly managed and protected | Data Architect, Compliance | 3.4 Data View |
| Solution can scale to meet demand | Infrastructure Engineer | 4.2 Reliability, 3.3 Physical View |
| [additional concerns] | [stakeholders] | [sections] |
Guidance
The concerns matrix ensures every stakeholder’s key concerns are traceable to specific sections of the SAD. This helps reviewers verify that the architecture addresses all stakeholder needs and helps authors understand which sections matter most to which audience.
2.3 Compliance & Regulatory Context
Section titled “2.3 Compliance & Regulatory Context”Document the regulatory and compliance landscape that applies to this solution:
Regulatory Requirements
Section titled “Regulatory Requirements”| Regulation / Standard | Applicability | Impact on Design |
|---|---|---|
| [e.g., UK GDPR, PCI-DSS, US SOX, UK FCA] | [how it applies] | [design implications] |
Regulated Activities
Section titled “Regulated Activities”Does the solution support any regulated activities?
- Yes - [describe which regulated activities and entities]
- No
Compliance Standards
Section titled “Compliance Standards”List any internal or external standards that the design must conform to:
| Standard | Version | Applicability |
|---|---|---|
| [e.g., internal security standard] | [version] | [which sections] |
Guidance
Identifying the compliance landscape early shapes the entire design. Common regulations to consider:
- Data protection — UK GDPR, EU GDPR, UK Data Protection Act, US CCPA
- Financial services — PCI-DSS, US SOX, UK FCA rules, EU PSD2
- Healthcare — NHS DSPT (UK), US HIPAA, HL7/FHIR standards
- Security — ISO 27001, NIST CSF (US), Cyber Essentials (UK), SOC 2
- Internal — organisational security policies, cloud platform standards, data classification policies