As I mentioned in the first part of this post, Part 2 of my book, “A Navigator to Business Analysis”, is dedicated to things which aren’t part of business analysis:

Module 7: Enterprise Architecture 
Module 8: Project Management 
Module 9: Service Management 
Module 10: Security Management 
Module 11: Compliance & Regulation 
Module 12: SDLC 

I’ve already talked about the importance of being conversant in enterprise architecture, project management and service management. Let’s now consider security management, compliance & regulation, and SDLC.

Security Management

Security is a hot topic in all business and technology news these days. Recent research in New Zealand indicates that NZ$257 million was lost by private customers alone in the last year. Losses on the business side are even higher.

Security holes can be hugely embarrassing and very costly to fix, so it’s essential to specify security requirements properly. This falls under the purview of the business analyst.

Security is a hugely complicated issue, especially in the present time where an enterprise is supported by a complicated network of interconnected IT services, and on-premise systems coexist with software in the cloud, creating different sets of security requirements.

This is why I’ve included an overview of the Sherwood Applied Business Security Architecture framework (SABSA) in the book.

Compliance, Regulation

Compliance requirements come into play immediately as you start talking about cloud-based solutions. Privacy (personal data), encryption, data in transit and data at rest, retention, e-Discovery (litigation), and data disposal are just a few examples of requirements you need to be equipped to deal with.

Can a business analyst help prevent security breaches and incurred losses? Can a business analyst reduce the organisation’s exposure to risks (compliance, financial, etc)? Absolutely! The book equips you with the right questions about different aspects of security in business solutions.

The regulatory compliance (external) projects are challenging for business analysts. It happens because the new requirements are often initially given in a “drafted” form, firming up close to the “go-live” date. It impacts the initial phase of the compliance projects due to high uncertainty around the solution design.

So your job is to specify the requirements in a way that protects the organisation from compliance and operational viewpoints, and minimises re-work of the solution components.

Another area of challenges is internal regulation - called organisational governance - that imposes certain requirements on the proposed solutions. The requirements are scattered across multiple policies, guidelines and procedures. And yet, all these documents are not explicitly mapped to business processes. So you need to know how to read these documents to capture the requirements.

I felt it was important to include these subjects in the book as many people have to deal with them in their work.


It’s tempting to say that once the project reached the stage where the Software Development Life Cycle is relevant, it’s out of the business analyst’s hands. However, the reality is different, and business analysts have to collaborate with solution architects and software developers. There is an even higher degree of collaboration in organisations employing the agile approach.

SDLC defines the principles of development, testing and implementation of software. It is important to know what is inside SDLC to ensure your effective communication and collaboration with solution architects and software developers.

SDLC covers such aspects as solution concept, requirements, solution design, testing and assessment before handing over to the actual users. It can be difficult to draw the boundary between the requirements and their implementation. For example, user experience can be something that a business analyst makes significant contribution to, but it’s also definitely a part of the software development process.

To conclude…

I hope I managed to convince you that you would benefit from a better understanding of these subjects. To make things easier for you, I cover them in my new book. You can find out more about it on its page.

Until next time!