A business unit of this european based organization had started a strategic program to rebuild the consumer market facing application estate (Salesforce and SAP heavy with significant custom development). This enabled commercial operations in over 10 markets across all EMEA, Americas and Asia Pacific. Both B2B and B2C functions were in scope. A startup mindset was promoted for applications and technology capabilities. In parallel, the discovery phase of the transformation was progressing to enable alignment of the business capabilities (processes and data models).
Customer identities for millions of users were being managed in a range of heavily customized systems, including Salesforce, SAP Gigya and legacy technologies which used a range of products with various global and regional brands. The marketed products and services were of a personally sensitive nature and so it was imperative for the solution to meet high requirements around cybersecurity, operational resilience and data privacy.
The objective was to design a global platform (based on SaaS and COTs components with little customization) and that could meet current and anticipated regulatory needs across all global markets.
Solution components
This included CIDM and integrations with:
- Legacy digital analytics platform
- Marketing websites
- CRM
- Master Data Management
A number of cross cutting requirements:
- CICD
- Data lifecycle management
- Federated identity management
Technologies involved Gigya, Salesforce, Mulesoft and SAP ERP.
Client contribution
The client was also doing a strategic review of consulting suppliers, which included Cap Gemini, Accenture, Atos, Tech Mahindra and various software providers.
The client engaged project management and business analyst resource that helped identify the key use cases and manage the delivery of prototypes of components and the first pilot. A small marketing consulting company was also engaged to work on user experience, define the user stories and prototype the new marketing application suite.
Finally the client managed the definition of the target processes and confirmed regulatory requirements.
Outline
The approach for delivery of the cidm platform was structured, with elements of agile (e.g. when prototyping). Once the system went live, iterative management based on devops was used.
The core customer identity management platform was piloted in the South Korea market.
Subsequently, parallel deployments were planned for the Americas and in European markets.
Preliminaries
The client provided a summary of the findings from various regulatory and compliance audits.
An enterprise architecture function had also been established mapping all the solutions and data stores in the landscape, as well as a catalogue of high level integrations.
Finally, documentation on the solution architecture of the key systems had been updated to be ready for sharing.
Requirements
The client wanted a centralized platform to meet:
- current and anticipated regulatory needs across all global markets
- managing the lifecycle of consumer consents including time spans exceeding a decade
- meet Schrems II requirements namely management of information flows
- other requirements included in the organization´s Security Standard (based on the CIS Center for Internet Security)
The sourcing principles favoured SaaS and COTS software.
Our engagement was under enterprise architecture. Beyond assessing the architectures of various programs, it included authoring the solution architecture documentation for the CIDM solution and also working with project and program managers to ensure solution delivery aligned to the design.
Deliverables and outcomes
The business analysis to definition of use cases and specifically non functional requirements including:
SAP CDC Design Specification, Data Protection Impact Assessments, Data Classification Reports, Solution Architecture Documents, Proposed approach and plan to migrate customer identities from legacy solutions.
Next steps
Once the pilot was completed, the client started a process for harmonization of consent management and terms of service across most european markets.
Notes
One key finding was that some of the Intellectual Property rights from a legacy platform had not been transferred to the client by some of the strategic consulting partners.
There was limited experience available to maintain resilient application platform infrastructure.
In some of the key applications, devops was not embedded in SDLC processes (delivery and operation was handled by distinct teams. Completing an information architecture framework that could enable continuous componentized development and testing was also challenging and delays were causing frustration to the developers, particularly the ones in the marketing consulting team.
Marketing and data privacy requirements included some unique aspects that SaaS and packaged solutions from leading vendors could not handle, leading to over customisation of the data model.
Multi cultural requirements, as the client covered markets across US and Europe were successfully addressed by agreeing and establishing global policies.
Feedback
The client was very pleased, particularly with our contribution to information security. They asked us to propose an approach to handle customers with multiple IDs across various marketplaces which was ultimately incorporated in the future consent management model.
Notes: Key factors for fast engagement include appropriate detail of planning including availability of key resources, prior identification of relevant accelerators and our flexibility to adapt to your ways of working.
Our use case descriptions may combine outputs and benefits from discrete engagements, even if typically in the same client.