{"pack_id":"bootminds.it","pack_name":"Bootminds IT Workstream Pack","pack_version":"1.0.0","priority":100,"license":"proprietary","registry_version_hash":"69cac88368a9645f5c629806508f3f3ef5d3ccaa460919bccbf197813bde0490","function":"IT","authored_by":"Bootminds","description":"Discovery + decision scaffolding for IT operating model standardisation, federated GCC builds, and shared services migration. Generated from Alghiaz IT discovery questionnaire 2026-05-13.","required_runtime_capabilities":["multi_step_approval","programme_memory","raid_register","ai_auto_draft"],"workstream_templates":[{"workstream_template_id":"it.operating_model","name":"IT Operating Model & Governance","description":"Federated boundaries, decision rights, compliance backbone, and change-management readiness. Anchored in the 'no ticket, no service' principle.","priority_tier":"P0","display_order":1,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.os_endpoint_user","name":"OS, Endpoint & User Operating Model","description":"Closes the 'Windows-only assumption' gap. Captures Mac/Linux footprint, endpoint mgmt tooling, EDR coverage, and the real distribution of in-office / roaming / WFH users.","priority_tier":"P1","display_order":2,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.cloud_on_prem","name":"Cloud & On-Prem Posture","description":"Explicit hosting questions. Captures provider mix, datacentre/colo footprint, virtualisation, storage and DR.","priority_tier":"P1","display_order":3,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.network_topology","name":"Network & Topology","description":"Asset-level counts per location (switches, routers, firewalls, APs), interconnect model, ISPs, SD-WAN posture, OT segmentation. Builds the global topology view.","priority_tier":"P1","display_order":4,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.identity_security","name":"Identity & Security","description":"IAM, MFA, SSO, EDR/XDR, SIEM/SOC, PAM, DLP/CASB, OT security, IR. Federation pivots largely on identity-tenant decisions taken here.","priority_tier":"P0","display_order":5,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.applications_data","name":"Applications & Data","description":"ERP, HRMS, ITSM, engineering software, back-office, analytics, master data, integrations, document & knowledge mgmt, plus business-critical EUC apps.","priority_tier":"P1","display_order":6,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.hardware_standard","name":"Hardware Inventory Standard & Asset Register","description":"Define the group-wide asset register standard and capture per-subsidiary inventory. Geography of purchase tracked explicitly to flag cross-border support issues.","priority_tier":"P2","display_order":7,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.itsm_service","name":"ITSM & Service Delivery","description":"Current ticketing state, future tooling, service catalogue, SLAs, change/incident/problem maturity, and the 'no ticket no service' rollout plan.","priority_tier":"P1","display_order":8,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.vendors_contracts","name":"Vendors & Contracts","description":"Move from opportunistic vendor use to strategic, multi-year, tower-based partnerships. Captures contracts, support geography, and outsourcing posture.","priority_tier":"P2","display_order":9,"default_owner_role":"ProgrammeLead"},{"workstream_template_id":"it.gcc_context","name":"GCC Context — Chennai Build & Transition","description":"GCC-specific questions: identity tenancy, M365 SKU, engineering offshore-use, data residency, cutover plan, federated service integration.","priority_tier":"P1","display_order":10,"default_owner_role":"ProgrammeLead"}],"capability_templates":[],"question_templates":[{"question_template_id":"it.operating_model.q01","prompt":"Confirm the target IT operating model is federated (group standards + subsidiary autonomy) and not full centralisation. Document explicit boundaries.","rationale_skeleton":"Anchors every downstream design choice; client said federated explicitly.","scope":"G","category":"Federated Model","priority":"P0","artefact_type":"checklist","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.operating_model.q02","prompt":"Which decisions belong at GROUP level (e.g., identity, security policy, ITSM, EDR)? Which remain SUBSIDIARY level (e.g., engineering software, OT, local hardware)?","rationale_skeleton":"Decision-rights matrix is the core artefact of the federated design.","scope":"G","category":"Federated Model","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.operating_model.q03","prompt":"What is the group's economy-of-scale ambition — naming and standardising 3–5 services (e.g., endpoint mgmt, ITSM, EDR, M365, SOC) versus broader coverage?","rationale_skeleton":"Bounds the Phase 1 scope.","scope":"G","category":"Federated Model","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.operating_model.q04","prompt":"Joint IT Steerco — proposed members, cadence, decision authority, quorum, voting. Existing forum or net-new?","rationale_skeleton":"Single accountable forum for federated rollout.","scope":"G","category":"Governance","priority":"P0","artefact_type":"entity-row","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q05","prompt":"Group IT policies that exist today (acceptable use, data classification, access control, BYOD, incident response). Provide latest versions.","rationale_skeleton":"Foundation to gap-assess and renew.","scope":"G","category":"Governance","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q06","prompt":"Compliance / regulatory drivers in-scope (SAMA / PDPL KSA · NIST / ISO 27001 · sector-specific OT)? Audit cadence and last findings?","rationale_skeleton":"Drives controls baseline and SOC sizing.","scope":"G","category":"Governance","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q07","prompt":"Data classification scheme — does one exist? Are cross-border transfer rules (e.g., KSA→India for GCC) documented?","rationale_skeleton":"Impacts cloud residency and GCC data access.","scope":"G","category":"Governance","priority":"P0","artefact_type":"checklist","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q08","prompt":"Standards adoption monitoring — how will group measure subsidiary compliance with shared policies (KPIs, dashboards, audit cadence)?","rationale_skeleton":"Federated needs a teeth mechanism or it drifts back to fragmented.","scope":"G","category":"Federated Model","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q09","prompt":"Each subsidiary: list the top 3 IT pain points today with a recent concrete example.","rationale_skeleton":"Anchors the 'why' for change; surfaces quick wins.","scope":"S","category":"Current State","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q10","prompt":"Outsourcing posture — which towers are open to outsource (e.g., L1/L2 helpdesk, network ops, endpoint mgmt, EDR mgmt, SOC)? Which stay in-house?","rationale_skeleton":"Defines our proposal scope and pricing.","scope":"G","category":"Service Strategy","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.operating_model.q11","prompt":"Existing strategic vendor relationships (incl. ours). Multi-year contracts, expansion clauses, exclusivity.","rationale_skeleton":"Affects bid posture and timeline.","scope":"G","category":"Service Strategy","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q12","prompt":"Leadership backing for the operating-model shift — who is the executive sponsor? How will mandate be communicated?","rationale_skeleton":"Federated rollout fails without exec-level enforcement.","scope":"G","category":"Change & Adoption","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.operating_model.q13","prompt":"HR involvement in compliance reinforcement — performance KPIs tied to ITSM usage? Disciplinary path for repeat non-compliance?","rationale_skeleton":"Critical for 'no ticket, no service' to stick.","scope":"G","category":"Change & Adoption","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.operating_model.q14","prompt":"Communication channels for IT change-management (town halls, email, intranet, WhatsApp, Teams)? Localisation needs (language, time-zone)?","rationale_skeleton":"Adoption is a comms problem, not a tooling problem.","scope":"G","category":"Change & Adoption","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q15","prompt":"Confirm GCC absorbs only MATURE capabilities. List capabilities considered mature enough to migrate now vs. those that must stabilise centrally first.","rationale_skeleton":"Client principle: do not invent operating models in GCC.","scope":"GCC","category":"Maturity Boundary","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.operating_model.q16","prompt":"How are technology decisions currently made across subsidiaries? Walk through 2–3 recent examples (who proposed, who approved, time taken).","rationale_skeleton":"Reveals real decision flow vs. the org chart.","scope":"S","category":"Governance & Decision Making","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q17","prompt":"Is there any existing coordination between subsidiary IT teams (formal forum, informal channel, ad-hoc)? Cadence and effectiveness.","rationale_skeleton":"Starting point for the Joint IT Steerco design.","scope":"G","category":"Governance & Decision Making","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.operating_model.q18","prompt":"How are exceptions to technology standards currently handled — approval path, frequency, top 3 exception themes?","rationale_skeleton":"Indicates where standards are or aren't sticking today.","scope":"G","category":"Governance & Decision Making","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q19","prompt":"How are disagreements between local IT and Group IT typically resolved? Who decides; what is the escalation path?","rationale_skeleton":"Federated model needs a clear conflict-resolution mechanism.","scope":"G","category":"Governance & Decision Making","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.operating_model.q20","prompt":"Are there areas where centralised governance may be beneficial today (security, identity, ITSM, vendor mgmt, BCP, data)? Rank by perceived value.","rationale_skeleton":"Builds the federated standards backlog.","scope":"G","category":"Governance & Decision Making","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.operating_model.q21","prompt":"Which IT decisions are typically made locally vs. centrally? Provide top 5 each per subsidiary.","rationale_skeleton":"Anchor data for the decision-rights matrix.","scope":"S","category":"Governance & Decision Making","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientExecutive","ClientStakeholder"]},{"question_template_id":"it.operating_model.q22","prompt":"Are there business units with unique operational requirements that justify autonomy (e.g., plant OT, project sites, regulated business)?","rationale_skeleton":"Defines legitimate exceptions to the federated standard.","scope":"S","category":"Governance & Decision Making","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q23","prompt":"Are there challenges caused by decentralised IT operations today? One-paragraph summary per subsidiary, with 1–2 concrete examples.","rationale_skeleton":"Anchors the 'why now' narrative for the proposal.","scope":"S","category":"Governance & Decision Making","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q24","prompt":"How are operational responsibilities currently distributed between teams (subsidiary IT vs Group IT vs vendor vs business)?","rationale_skeleton":"Foundation for the federated RACI.","scope":"S","category":"Operational Ownership","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.operating_model.q25","prompt":"Are there areas where responsibilities are unclear or overlapping (top 3 grey zones per subsidiary)?","rationale_skeleton":"Where work falls through the cracks or duplicates.","scope":"S","category":"Operational Ownership","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q26","prompt":"Are there dependencies on specific individuals for critical operations (key-person risk)? Name them and the capability at risk.","rationale_skeleton":"Catches single-points-of-failure pre-transition.","scope":"S","category":"Operational Ownership","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q27","prompt":"Are operational processes formally documented anywhere today — SOPs, runbooks, wiki, tribal knowledge? Estimate documentation coverage %.","rationale_skeleton":"Tied to 'no ticket, no service' rollout and KT readiness.","scope":"S","category":"Operational Ownership","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q28","prompt":"How are after-hours / weekend / emergency support responsibilities managed today — on-call rota, vendor, ad-hoc?","rationale_skeleton":"Mature-ops baseline; identifies coverage gaps.","scope":"S","category":"Operational Ownership","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q29","prompt":"How are escalations currently handled across teams or subsidiaries — path, SLA, owner, last invocation?","rationale_skeleton":"Escalation-path is part of the federated governance design.","scope":"S","category":"Operational Ownership","priority":"P0","artefact_type":"date","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.operating_model.q30","prompt":"Are there areas where ownership clarification would immediately improve operations? Top 3 candidates with expected impact.","rationale_skeleton":"Quick-win backlog for Phase 1.","scope":"G","category":"Operational Ownership","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.operating_model.q31","prompt":"Which systems or services are considered most critical to business operations? Top 5 per subsidiary with impact-of-outage rating.","rationale_skeleton":"Defines criticality tiers for SLA design and DR sequencing.","scope":"S","category":"Business Risk","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q32","prompt":"Are there areas where outages or downtime have had significant operational impact? Cite recent incidents (timeline, impact, root cause).","rationale_skeleton":"Real-world evidence of current operating-model gaps.","scope":"S","category":"Business Risk","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.operating_model.q33","prompt":"Are there recurring operational challenges affecting productivity? Top 3 with frequency and user-impact estimate.","rationale_skeleton":"Problem-management starting list.","scope":"S","category":"Business Risk","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q34","prompt":"Are there locations or subsidiaries experiencing repeated technology issues? Identify by geography or entity.","rationale_skeleton":"Helps prioritise field interventions.","scope":"S","category":"Business Risk","priority":"P1","artefact_type":"entity-row","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q35","prompt":"Are there dependencies on legacy systems or unsupported platforms? List vendor, version, end-of-support date, business owner.","rationale_skeleton":"Risk register; modernisation backlog.","scope":"S","category":"Business Risk","priority":"P0","artefact_type":"date","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q36","prompt":"Are there operational processes currently dependent on manual activities that should be automated? Top 5 candidates.","rationale_skeleton":"RPA / workflow backlog input.","scope":"S","category":"Business Risk","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.operating_model.q37","prompt":"Are there concerns around scalability of the current IT operating model (specific bottlenecks — people, tooling, vendor, process)?","rationale_skeleton":"Why the federated reset is needed; sizing for Phase 1.","scope":"G","category":"Business Risk","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.operating_model.q38","prompt":"Are management teams receiving sufficient visibility into operational issues across subsidiaries? Identify gaps and blind-spots.","rationale_skeleton":"Federated model's reporting backbone starts here.","scope":"G","category":"Reporting & Visibility","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.operating_model.q39","prompt":"Are there challenges in consolidating information across subsidiaries — data definitions, tools, refresh cadence? Examples.","rationale_skeleton":"Data-fragmentation hurdle for federated KPIs.","scope":"G","category":"Reporting & Visibility","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.operating_model","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.os_endpoint_user.q01","prompt":"Endpoint OS counts per subsidiary — Windows / macOS / Linux (and ChromeOS if any). Counts, not %. Include both employees and contractors.","rationale_skeleton":"Drives endpoint-mgmt tool choice (Intune / Jamf), EDR/XDR coverage, image standardisation. Current questionnaire reads Windows-only — likely incorrect.","scope":"S","category":"OS Mix","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q02","prompt":"By role/function within each subsidiary, where do Macs concentrate (e.g., design, creative, exec)? Linux (e.g., dev, OT engineers)?","rationale_skeleton":"Drives targeted mgmt strategy and software-asset planning.","scope":"S","category":"OS Mix","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q03","prompt":"Mobile OS — iOS / Android counts per subsidiary; BYOD vs corporate-issued.","rationale_skeleton":"MDM scope and policy.","scope":"S","category":"OS Mix","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q04","prompt":"Current endpoint management tooling per subsidiary (Intune, Jamf, SCCM/MECM, Workspace ONE, none). Adoption % of devices enrolled.","rationale_skeleton":"Baseline before standardisation.","scope":"G","category":"Endpoint Mgmt","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q05","prompt":"Image / golden build standards — do they exist? Last refresh date.","rationale_skeleton":"Provisioning speed and consistency.","scope":"G","category":"Endpoint Mgmt","priority":"P1","artefact_type":"date","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.os_endpoint_user.q06","prompt":"Patch cadence and tooling — auto-patch coverage % for Windows / macOS / Linux. Out-of-date device count.","rationale_skeleton":"Vulnerability exposure baseline.","scope":"G","category":"Endpoint Mgmt","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.os_endpoint_user.q07","prompt":"Current EDR / AV deployed (CrowdStrike, Defender, SentinelOne, etc.) and the coverage % across the OS mix above. Specifically — is Linux covered?","rationale_skeleton":"Linux presence narrows EDR options; coverage gap = open risk.","scope":"G","category":"EDR / XDR","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.os_endpoint_user.q08","prompt":"User counts split by working pattern PER SITE: In-office / Roaming (field, multi-site, client-onsite) / Work-from-home. Avoid the generic 'hybrid' answer.","rationale_skeleton":"Drives VPN / ZTNA sizing, conferencing room density, helpdesk channel mix.","scope":"S","category":"User Operating Model","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q09","prompt":"Persona counts — Knowledge workers · Engineers (CAD/BIM/heavy compute) · Field/plant workers · Executives · Contractors. Approximate per subsidiary.","rationale_skeleton":"Persona drives spec, software, mobility posture.","scope":"S","category":"User Operating Model","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q10","prompt":"Remote-access tooling today — VPN (which client?), ZTNA (any?), RDS/Citrix, web-only? Concurrent peak users.","rationale_skeleton":"Cutover path from VPN to ZTNA; sizing for federated standard.","scope":"G","category":"User Operating Model","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.os_endpoint_user.q11","prompt":"Conferencing rooms — count per site, AV stack, booking system. Standardisation across subsidiaries?","rationale_skeleton":"Hybrid-work enablement; Teams Rooms / Zoom Rooms scope.","scope":"G","category":"User Operating Model","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.os_endpoint_user.q12","prompt":"M365 / Google Workspace footprint — tenants per holding, SKU mix (E3/E5/Business), license counts. Any subsidiary on Google?","rationale_skeleton":"Federation strategy for identity + collaboration.","scope":"G","category":"Productivity Suite","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.os_endpoint_user","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.cloud_on_prem.q01","prompt":"Per subsidiary: workload split between on-prem servers / colo / public cloud (rough %).","rationale_skeleton":"Closes the 'cloud yes/no' gap; sizing for migration / shared services.","scope":"S","category":"Hosting Model","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.cloud_on_prem.q02","prompt":"Cloud providers in use across the group — Azure, AWS, GCP, Oracle Cloud, others. Active tenants and ownership per provider.","rationale_skeleton":"Strategy alignment; avoid further fragmentation; identify volume discount opportunity.","scope":"G","category":"Cloud Providers","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.cloud_on_prem.q03","prompt":"Cloud strategy intent — single-provider preference vs multi-cloud (workloads remain separate)? Decision basis (cost, parent-KSA alignment, data residency).","rationale_skeleton":"Big architectural lever; affects all downstream design.","scope":"G","category":"Cloud Providers","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["BootmindsStaff","ClientExecutive","ClientAdmin"]},{"question_template_id":"it.cloud_on_prem.q04","prompt":"Per site: datacentre/colo footprint — racks, power, cooling, generator/UPS, physical security. Operating cost per year.","rationale_skeleton":"Sweat-vs-divest decision; capacity for federation.","scope":"S","category":"Datacentre / Colo","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.cloud_on_prem.q05","prompt":"Physical and virtual server count per site. Top 10 workloads by criticality and OS. Virtualisation platform (VMware vSphere, Hyper-V, Nutanix, KVM, etc.).","rationale_skeleton":"Migration scoping and licensing.","scope":"S","category":"Server Inventory","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.cloud_on_prem.q06","prompt":"End-of-life / end-of-support hardware count and projected refresh cost (next 24 months).","rationale_skeleton":"Forces hand on cloud migration or refresh capex.","scope":"S","category":"Server Inventory","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.cloud_on_prem.q07","prompt":"Per subsidiary: storage footprint (TB), tier mix (block/file/object), backup tooling, RPO/RTO targets, last successful DR test.","rationale_skeleton":"Resilience posture; ransomware readiness.","scope":"S","category":"Storage & Backup","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.cloud_on_prem.q08","prompt":"Group-level backup standard — does one exist? M365 backup tool (Veeam/Druva/none — native retention is not backup).","rationale_skeleton":"Common gap; 'no backup of M365' is a frequent finding.","scope":"G","category":"Backup Strategy","priority":"P0","artefact_type":"checklist","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.cloud_on_prem.q09","prompt":"DR sites, replication targets (RPO/RTO), DR runbook owner, last invocation. Per-subsidiary capability.","rationale_skeleton":"Continuity posture differs hugely by entity.","scope":"G","category":"DR / BCP","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.cloud_on_prem.q10","prompt":"Chennai GCC hosting model — primarily SaaS-first, parent-KSA cloud tenant, India-region cloud (Azure Central India), or hybrid?","rationale_skeleton":"Tenant model for the GCC; integration to parent.","scope":"GCC","category":"GCC Hosting","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.cloud_on_prem","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.network_topology.q01","prompt":"Per subsidiary: complete site list (HQ, branches, yards, plants, project sites). For each: country, city, headcount, square footage, business criticality.","rationale_skeleton":"Foundation for the topology view.","scope":"S","category":"Sites","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q02","prompt":"Per site: count of switches, routers, firewalls, wireless APs, IP phones. Vendor and model where known.","rationale_skeleton":"Direct ask from workshop. Maps inter-office connectivity globally.","scope":"S","category":"Asset Counts","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q03","prompt":"Per site: end-of-life / end-of-support network hardware. Refresh schedule and budget.","rationale_skeleton":"Refresh capex and security exposure.","scope":"S","category":"Asset Counts","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q04","prompt":"Per site: ISP, bandwidth, contract end date, redundancy (dual ILL / 4G/5G failover / none).","rationale_skeleton":"Reliability assessment; consolidation opportunity.","scope":"S","category":"Internet / ILL","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.network_topology.q05","prompt":"Inter-office connectivity — MPLS / SD-WAN / IPSec VPN / public internet. Vendor and topology diagram if available.","rationale_skeleton":"Federated network design starts here.","scope":"S","category":"Interconnect","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q06","prompt":"Group-level SD-WAN posture — does one exist? If yes, vendor (Cisco/Versa/Fortinet/Cato/Aruba). If no, intent to adopt?","rationale_skeleton":"Net-new opportunity vs. extension of existing.","scope":"G","category":"WAN Strategy","priority":"P0","artefact_type":"checklist","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.network_topology.q07","prompt":"Per site: Wi-Fi vendor (Cisco Meraki / Aruba / Ubiquiti / Mist / other), generation (Wi-Fi 5/6/6E), coverage % of building, guest network model.","rationale_skeleton":"Standards baseline and refresh scope.","scope":"S","category":"Wi-Fi & LAN","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q08","prompt":"Voice platform — on-prem PBX (Avaya/Cisco), cloud telephony (Teams Phone / Zoom Phone / Webex), or none. DID counts per site.","rationale_skeleton":"Modernisation candidate.","scope":"S","category":"Voice","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q09","prompt":"For industrial / plant-heavy entities: OT network segmentation status, SCADA/DCS systems, IT-OT boundary controls, Purdue model adherence.","rationale_skeleton":"Distinct architecture overlay; security risk if missing.","scope":"S","category":"OT / Plant Networks","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.network_topology.q10","prompt":"Does a current network topology diagram exist at group level? Last updated when? Discovery/mapping tooling in use (e.g., Lansweeper, Auvik, SolarWinds)?","rationale_skeleton":"If no diagram, build one during discovery.","scope":"G","category":"Topology Visibility","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.network_topology.q11","prompt":"How are temporary or project sites typically onboarded from an IT perspective today? Process, lead time, owner, last example.","rationale_skeleton":"Workshop: today this is ad-hoc and vendor-led. Standardising it is a quick win.","scope":"S","category":"Field / Project Sites","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q12","prompt":"How is connectivity managed at remote or temporary locations — cellular, microwave, VSAT, public Wi-Fi, fibre, leased line? Typical mix.","rationale_skeleton":"Defines field-site connectivity standard.","scope":"S","category":"Field / Project Sites","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q13","prompt":"Are there operational challenges related to remote-site support (latency, reliability, response time, OT integration)? Recent examples.","rationale_skeleton":"Surface gaps before they become commitment.","scope":"S","category":"Field / Project Sites","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q14","prompt":"How are field devices and endpoints managed today — MDM enrolment, ruggedised hardware standard, BYOD posture, lifecycle?","rationale_skeleton":"Endpoint mgmt for field workers differs from office.","scope":"S","category":"Field / Project Sites","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q15","prompt":"Are remote / project locations included in centralised monitoring or support processes? Coverage % and known blind-spots.","rationale_skeleton":"Visibility gap; tied to ITSM/monitoring footprint.","scope":"S","category":"Field / Project Sites","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.network_topology.q16","prompt":"Are there bandwidth or connectivity limitations affecting operations? Per-site bandwidth and the apps most affected.","rationale_skeleton":"Sizing input for WAN strategy.","scope":"S","category":"Field / Project Sites","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.network_topology.q17","prompt":"How are contractors or temporary users typically granted access — provisioning workflow, MFA, time-bound, deprovisioning trigger?","rationale_skeleton":"Top audit-finding category; sunset-controls baseline.","scope":"S","category":"Field / Project Sites","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.network_topology","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.identity_security.q01","prompt":"Identity provider(s) in use across the group — Entra ID (Azure AD), Okta, on-prem AD, Google. Tenant model: one tenant for everything, per-holding, per-subsidiary?","rationale_skeleton":"Federation strategy; SSO scope.","scope":"G","category":"Identity","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q02","prompt":"Confirm preferred identity model: extend KSA Entra ID tenant to subsidiaries (and to India GCC) vs. B2B federation across separate tenants. Driver: compliance / license / blast radius.","rationale_skeleton":"Largest architectural lever for federated IT.","scope":"G","category":"Identity","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.identity_security.q03","prompt":"MFA coverage % across the group, per subsidiary. Method (authenticator app, FIDO2, SMS — discouraged). Conditional access policies in force?","rationale_skeleton":"Baseline security gap to close fast.","scope":"G","category":"MFA","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q04","prompt":"SSO coverage — top 20 SaaS apps; which use SSO today, which use local credentials. List the unmanaged ones (security exposure).","rationale_skeleton":"Shadow-SaaS exposure.","scope":"G","category":"SSO","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q05","prompt":"Privileged access management tool in use (CyberArk, Entra PIM, BeyondTrust, none). Admin account count and JIT posture.","rationale_skeleton":"Top-quartile control if missing.","scope":"G","category":"PAM","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q06","prompt":"EDR/XDR vendor + coverage % across Windows / macOS / Linux / servers. Managed in-house or via MSSP?","rationale_skeleton":"Same question as 03; cross-check here for SOC fit.","scope":"G","category":"EDR / XDR","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q07","prompt":"SIEM platform (Sentinel, Splunk, QRadar, Chronicle, none). SOC — in-house, MSSP, hybrid. Log sources connected. Avg time-to-detect / time-to-respond if known.","rationale_skeleton":"Federation lever; KSA SOC may extend to group.","scope":"G","category":"SIEM / SOC","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q08","prompt":"DLP / CASB tooling (Purview, Netskope, Forcepoint, none). Coverage scope (email, endpoint, SaaS, cloud).","rationale_skeleton":"Data-leak posture; ties to data classification.","scope":"G","category":"DLP / CASB","priority":"P1","artefact_type":"checklist","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q09","prompt":"Email security stack — secure email gateway (Mimecast, Proofpoint, Defender for O365), anti-phishing, banner policy, training cadence.","rationale_skeleton":"Top attack vector.","scope":"G","category":"Email Security","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q10","prompt":"Vulnerability scanning tool (Qualys, Tenable, Rapid7, none). Scan cadence. Critical vulnerability backlog. Remediation SLA.","rationale_skeleton":"Continuous hygiene baseline.","scope":"G","category":"Vulnerability Mgmt","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q11","prompt":"For OT/plant entities: dedicated OT-security stack (Claroty, Nozomi, Dragos, Tenable OT)? Air-gap or controlled DMZ? Last OT pentest.","rationale_skeleton":"Plant-heavy entities differ materially.","scope":"S","category":"OT Security","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.identity_security.q12","prompt":"IR runbook and on-call rotation. Last incident (description, impact, lessons-learned). Cyber insurance — carrier and coverage.","rationale_skeleton":"Response readiness vs. theoretical posture.","scope":"G","category":"Incident Response","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q13","prompt":"Are there any cybersecurity frameworks currently followed by the organisation (NIST CSF, ISO 27001, CIS Controls, SAMA-CSF, sector-specific)? Maturity assessment performed?","rationale_skeleton":"Anchors the controls baseline and audit posture.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q14","prompt":"Are there customer-specific security requirements applicable to operations (specific clients, contract clauses, customer audits)? Top 3 examples.","rationale_skeleton":"Drives subsidiary-specific overlays.","scope":"S","category":"Security & Compliance","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.identity_security.q15","prompt":"Are there regulatory or compliance obligations applicable to any subsidiaries — PDPL (KSA), India DPDP, GDPR, SAMA-CSF, sector OT regs? Per-subsidiary applicability.","rationale_skeleton":"Compliance map is foundational to architecture.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q16","prompt":"How are cybersecurity responsibilities currently managed — dedicated CISO, fractional, MSSP, none? Per-subsidiary or group?","rationale_skeleton":"Federated security operating model starting point.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q17","prompt":"Are there existing processes for handling security incidents? IR runbook, last invocation, lessons learned, current SLA.","rationale_skeleton":"Response maturity.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"file","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q18","prompt":"Are backups and recovery procedures documented today — per subsidiary? When was the last successful DR test (date, scope, outcome)?","rationale_skeleton":"Resilience reality vs. paper plan.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q19","prompt":"Are there challenges related to user access management or privileged access — joiner/mover/leaver workflow, recertification cadence, orphan accounts?","rationale_skeleton":"Top audit-finding category.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.identity_security.q20","prompt":"Are there areas where cybersecurity visibility is currently limited — log coverage gaps, unmonitored assets, no SOC for some subsidiaries?","rationale_skeleton":"Federated SIEM/SOC scope.","scope":"G","category":"Security & Compliance","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.identity_security.q21","prompt":"Are there operational environments requiring additional isolation or protection — plant networks, project sites, OT systems, regulated data zones?","rationale_skeleton":"Plant-heavy entities differ materially.","scope":"S","category":"Security & Compliance","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.identity_security","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.applications_data.q01","prompt":"ERP platform(s) in use across subsidiaries — SAP S/4HANA, Oracle Fusion, D365 F&SCM, Tally, none. Modules in scope (FI, MM, SD, PP, etc.).","rationale_skeleton":"Largest application landscape question; intercompany & TP baked in.","scope":"G","category":"ERP","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.applications_data.q02","prompt":"Confirm group ERP strategy — consolidate to one parent platform, or coexist (subsidiary keeps local ERP). Migration roadmap if applicable.","rationale_skeleton":"Strategic decision affecting Phase 2 implementation.","scope":"G","category":"ERP","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["BootmindsStaff","ClientExecutive","ClientAdmin"]},{"question_template_id":"it.applications_data.q03","prompt":"HRMS in use per holding — Darwinbox / SAP SuccessFactors / Oracle HCM / Workday / Zoho People. India payroll partner if separate.","rationale_skeleton":"G.O.34 subsidy reporting touch; SuccessFactors common in KSA.","scope":"G","category":"HRMS / Payroll","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.applications_data.q04","prompt":"Current ITSM tooling — Zoho Desk (licensed but underused), Freshservice, ServiceNow, Jira Service Mgmt, none. License count vs active users.","rationale_skeleton":"Captured in workshop: Zoho licensed, barely used. Tooling open for review.","scope":"G","category":"ITSM Tool","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q05","prompt":"Engineering software per subsidiary — CAD (AutoCAD/Inventor/Revit), BIM (Revit/Navisworks), MicroStation, SolidWorks, Aconex, Primavera. Seat counts and license model (named / network).","rationale_skeleton":"Cost line; offshore-use rights per scope memo (KSA carries these).","scope":"S","category":"Engineering Software","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.applications_data.q06","prompt":"License-compliance check — offshore use rights for the GCC delivery centre. Per scope memo, KSA carries these. Confirm.","rationale_skeleton":"Risk: non-compliance halts engineering work.","scope":"S","category":"Engineering Software","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q07","prompt":"Procurement / S2P (Coupa / Ariba / Tally / none) · Expense (Concur / Zoho Expense / manual) · Travel · CLM · Treasury platforms.","rationale_skeleton":"Inventory and integration scope.","scope":"G","category":"Back-Office Apps","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.applications_data.q08","prompt":"BI / reporting stack — Power BI, OAC, Tableau, Looker, Excel-only. Data warehouse (Snowflake, BigQuery, Synapse, Redshift, on-prem)?","rationale_skeleton":"Reporting consistency across subsidiaries.","scope":"G","category":"Data & Analytics","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q09","prompt":"Data residency for HR/finance data — KSA, India, EU, multi-region? Cross-border-transfer permissibility documented?","rationale_skeleton":"Compliance and GCC data-access design.","scope":"G","category":"Data & Analytics","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q10","prompt":"Master-data owners across the group — vendor, customer, employee, chart of accounts. Change-control workflow and dedup posture.","rationale_skeleton":"Foundation for clean cross-entity reporting.","scope":"G","category":"Master Data","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.applications_data.q11","prompt":"Integration platform — Boomi, MuleSoft, Workato, native APIs, point-to-point. Critical interfaces (bank, payroll, EDI, HRMS) and failure recovery.","rationale_skeleton":"Hidden failure points during transition.","scope":"G","category":"Integrations","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.applications_data.q12","prompt":"Where do working files live — SharePoint, OneDrive, Box, Google Drive, network file shares? Retention policy. Records management for legal/audit.","rationale_skeleton":"Audit & legal hold readiness.","scope":"G","category":"Document Mgmt","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q13","prompt":"Knowledge base / wiki — Confluence, SharePoint, Notion, none. Coverage and adoption.","rationale_skeleton":"Foundation for SOPs and runbooks under 'no ticket, no service'.","scope":"G","category":"Knowledge / Wiki","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q14","prompt":"Per subsidiary: top business-critical apps not on the standard list (legacy custom apps, Access DBs, Excel macros, single-vendor tools).","rationale_skeleton":"Hidden migration risk.","scope":"S","category":"EUC Apps","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.applications_data.q15","prompt":"Are business teams independently adopting software or cloud services without IT involvement? Top 5 examples per subsidiary.","rationale_skeleton":"Surfaces unmanaged risk and spend.","scope":"S","category":"Shadow IT","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.applications_data.q16","prompt":"Are there tools or platforms currently managed outside formal IT involvement? Name them, estimate annual spend, owner.","rationale_skeleton":"Foundation for SaaS rationalisation.","scope":"S","category":"Shadow IT","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.applications_data.q17","prompt":"Are personal devices used for operational or project-related activities (BYOD posture, prevalence, MDM enrolment status)?","rationale_skeleton":"BYOD risk and policy gap.","scope":"S","category":"Shadow IT","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.applications_data.q18","prompt":"Are there business-critical processes dependent on locally maintained tools or spreadsheets? Top 5 risks with single-owner identification.","rationale_skeleton":"Key-person + tribal-knowledge risk.","scope":"S","category":"Shadow IT","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.applications_data.q19","prompt":"Are there challenges in maintaining visibility into all technology platforms currently in use (SaaS discovery tooling, expense-data triangulation)?","rationale_skeleton":"CASB / SaaS-discovery scoping.","scope":"G","category":"Shadow IT","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.applications_data.q20","prompt":"Are there subsidiaries or departments operating largely independently from Group IT? Which, and how independently (tech stack, budget, vendor mgmt)?","rationale_skeleton":"Federated boundaries vs. genuine independence.","scope":"S","category":"Shadow IT","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.applications_data","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.hardware_standard.q01","prompt":"Is there a standardised IT asset register at group level? Tool (ServiceNow CMDB, Snipe-IT, Lansweeper, spreadsheets)? Per-subsidiary or per-group?","rationale_skeleton":"Federated standard starts here.","scope":"G","category":"Inventory Standard","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.hardware_standard.q02","prompt":"REQUIRED FIELDS PER ASSET (target standard): make, model, configuration, serial, asset tag, assigned-user, location/site, purchase source/vendor, purchase date, warranty / Smartnet expiry, support geography. Confirm or amend.","rationale_skeleton":"Direct ask from workshop. Catches geography-vs-warranty issues (Cisco Smartnet India ≠ UAE-claimable).","scope":"G","category":"Inventory Standard","priority":"P0","artefact_type":"checklist","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.hardware_standard.q03","prompt":"Per subsidiary: laptop and desktop count by make/model, age band (<2y / 2–4y / >4y), warranty status, refresh budget for next 24 months.","rationale_skeleton":"Refresh capex; standardisation candidate.","scope":"S","category":"Laptop / Desktop","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.hardware_standard.q04","prompt":"Per subsidiary: physical server count (rack U), storage arrays (vendor/model/TB), HCI/SAN, EoSL list.","rationale_skeleton":"Refresh capex and cloud-migration candidate count.","scope":"S","category":"Server / Storage","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.hardware_standard.q05","prompt":"Per subsidiary: switch / router / firewall / WAP inventory by vendor/model with Smartnet/support coverage expiry. Geography of original purchase.","rationale_skeleton":"Cross-border support claimability.","scope":"S","category":"Network HW","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.hardware_standard.q06","prompt":"Per subsidiary: MFD/printer fleet (vendor, count, lease/owned), monitors, AV equipment, IP phones. Managed-print contract details.","rationale_skeleton":"Per-page cost vs capex; consolidation candidate.","scope":"S","category":"Peripherals","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.hardware_standard.q07","prompt":"Corporate mobile device count by OS (iOS/Android), MDM-enrolled %, plan type, telco vendor and contract end.","rationale_skeleton":"Telecom consolidation opportunity.","scope":"S","category":"Mobile Devices","priority":"P2","artefact_type":"table","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.hardware_standard.q08","prompt":"Software license register — tool used, true-up cadence, last reconciliation. Top 10 spend by vendor.","rationale_skeleton":"Compliance and savings.","scope":"G","category":"Software Asset Mgmt","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.hardware_standard.q09","prompt":"Standard SKUs per persona (knowledge worker / engineer / exec / field) — exist today or proposed? Procurement frame agreements?","rationale_skeleton":"Provisioning speed and TCO.","scope":"G","category":"Hardware Standards","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.hardware_standard","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q01","prompt":"Today's intake channels — email, phone, walk-up, ticketing, WhatsApp, direct calls to vendors. Approximate volume split.","rationale_skeleton":"Captured in workshop: email-driven, Zoho Desk barely used.","scope":"G","category":"Current State","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.itsm_service.q02","prompt":"Zoho Desk — current adoption: licensed seats, active users monthly, tickets/month, abandonment to email. Top reasons users bypass.","rationale_skeleton":"Adoption is the issue, not the tool.","scope":"G","category":"Current State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q03","prompt":"Future ITSM tooling decision — keep Zoho Desk, move to Freshservice / ServiceNow / Jira SM. Driver: cost, federation, parent-KSA alignment.","rationale_skeleton":"Open decision per workshop.","scope":"G","category":"Future Tooling","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q04","prompt":"Documented service catalogue today? Per-tower offerings (network, endpoint, identity, app support). Standardised request types?","rationale_skeleton":"Federated standard ties to this.","scope":"G","category":"Service Catalogue","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q05","prompt":"SLAs in effect today by ticket category (incident severity, request type). Measured? Reported? Service credits or symbolic only?","rationale_skeleton":"Most clients have nothing here.","scope":"G","category":"SLAs / KPIs","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q06","prompt":"Proposed target SLAs per category (P1 incident, P2 incident, request, change, problem). To be agreed in Phase 1 design workshops.","rationale_skeleton":"Sets baseline for Phase 2 ops.","scope":"G","category":"SLAs / KPIs","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q07","prompt":"Change management — process exists? CAB cadence? Emergency change path? Adoption?","rationale_skeleton":"Federated change-control essential pre-rollout.","scope":"G","category":"ITSM Process","priority":"P0","artefact_type":"checklist","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q08","prompt":"Incident, problem, knowledge, asset modules — which exist today? Documented playbooks? Major-incident escalation path?","rationale_skeleton":"Process maturity baseline.","scope":"G","category":"ITSM Process","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q09","prompt":"Runbook / SOP coverage — % of tier-1/tier-2 procedures documented today. Where stored (Confluence/SharePoint/Notion)? Last review.","rationale_skeleton":"Foundation for handover and federation.","scope":"G","category":"Knowledge Mgmt","priority":"P1","artefact_type":"file","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q10","prompt":"'No ticket, no service' rollout — leadership communication plan, HR enforcement hooks, exception path (e.g., true emergencies). Target adoption KPI and date.","rationale_skeleton":"Captured in workshop as core operating principle. Rollout depends on org backing, not IT alone.","scope":"G","category":"Adoption / Policy","priority":"P0","artefact_type":"date","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["BootmindsStaff","ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.itsm_service.q11","prompt":"Self-service portal coverage — password reset, common requests, knowledge search. Adoption %.","rationale_skeleton":"Deflection rate is the proof point of ITSM maturity.","scope":"G","category":"User Self-Service","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q12","prompt":"ITSM reporting / dashboards — who consumes them today? Group-level view vs per-subsidiary?","rationale_skeleton":"Visibility is the precondition for accountability.","scope":"G","category":"Reporting","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q13","prompt":"How do users typically request IT support today — email, phone, walk-up, ticketing, WhatsApp, direct call to vendor? Volume split.","rationale_skeleton":"Real intake mix before standardisation.","scope":"S","category":"Support Behavior","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.itsm_service.q14","prompt":"Which communication channels are most commonly used for support? Rank by volume; cite recent shifts.","rationale_skeleton":"Reveals where 'no ticket no service' must intercept.","scope":"S","category":"Support Behavior","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q15","prompt":"What challenges are preventing wider adoption of the ticketing platform (Zoho Desk specifically)? Top 3 user objections.","rationale_skeleton":"Adoption is the issue, not the tool.","scope":"G","category":"Support Behavior","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q16","prompt":"Are users comfortable using the current ticketing process — sentiment, training history, recent feedback?","rationale_skeleton":"Drives change-management plan.","scope":"S","category":"Support Behavior","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.itsm_service.q17","prompt":"Are support requests linked to user devices or assets today (CMDB integration)? Or recorded standalone?","rationale_skeleton":"Asset-incident linkage = problem mgmt prerequisite.","scope":"G","category":"Support Behavior","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q18","prompt":"How are repeat issues or recurring incidents currently tracked — problem-mgmt records, root-cause artefacts, none?","rationale_skeleton":"Problem-management maturity baseline.","scope":"G","category":"Support Behavior","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q19","prompt":"Are there opportunities to improve visibility into support activities — dashboards, leadership view, real-time queue?","rationale_skeleton":"Reporting quick-win.","scope":"G","category":"Support Behavior","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q20","prompt":"Would automated ticket creation from email or messaging platforms be useful (M365 Outlook integration, WhatsApp gateway, Teams)?","rationale_skeleton":"Lowers user-friction; supports 'no ticket no service' in transition.","scope":"G","category":"Support Behavior","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q21","prompt":"Are there situations where support activities occur without formal tracking — walk-up fixes, vendor-direct calls, exec exceptions? Approximate volume.","rationale_skeleton":"Tracking gap; policy enforcement scope.","scope":"S","category":"Support Behavior","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.itsm_service.q22","prompt":"How is operational performance currently measured — KPIs, dashboards, ad-hoc reports, none? Per subsidiary and group-level.","rationale_skeleton":"Establishes the measurement baseline.","scope":"G","category":"Reporting & Visibility","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q23","prompt":"Are there existing reporting mechanisms for IT operations or incidents — cadence, audience, content, channels?","rationale_skeleton":"Reporting model to extend or replace.","scope":"G","category":"Reporting & Visibility","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q24","prompt":"Are support trends or recurring issues currently analysed — trend reports, problem-mgmt artefacts, ticket-mining?","rationale_skeleton":"Surfaces continuous-improvement pipeline.","scope":"G","category":"Reporting & Visibility","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.itsm_service.q25","prompt":"Are there areas where improved reporting would support decision-making? Top 3 asks from leadership.","rationale_skeleton":"Phase 1 quick-win backlog.","scope":"G","category":"Reporting & Visibility","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.itsm_service","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q01","prompt":"Strategic vendor assignment by tower (network, endpoint, EDR, M365, ITSM, SOC, helpdesk) — exists today? Or opportunistic engagement?","rationale_skeleton":"Workshop: today is opportunistic. Strategic partnerships are the desired future state.","scope":"G","category":"Tower Strategy","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q02","prompt":"Existing MSAs / framework agreements at group level (incl. ours). Duration remaining, renewal options, scope expansion clauses, exclusivity.","rationale_skeleton":"Affects bid posture and Phase 2 sizing.","scope":"G","category":"Strategic Vendors","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q03","prompt":"Microsoft / Oracle / Cisco / AWS volume agreements — which holding holds the master EA? Co-term implications across subsidiaries.","rationale_skeleton":"License consolidation opportunity.","scope":"G","category":"Strategic Vendors","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q04","prompt":"Per subsidiary: top 10 IT vendors by spend, contract end date, support tier purchased, geographic coverage of support contract.","rationale_skeleton":"Workshop ask: Cisco Smartnet India vs UAE example.","scope":"S","category":"Subsidiary Vendors","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.vendors_contracts.q05","prompt":"Per subsidiary: who delivers new office setup today (network, server, cabling, AV)? Named partner or ad-hoc? Knowledge-continuity gap evidence.","rationale_skeleton":"Workshop: new office setup is ad-hoc; new vendor each time = no continuity.","scope":"S","category":"Subsidiary Vendors","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.vendors_contracts.q06","prompt":"Telecom carrier contracts per country — ISP, ILL, mobile. Volume commitments, end-of-contract dates.","rationale_skeleton":"Negotiation lever and federation opportunity.","scope":"G","category":"Telecom","priority":"P1","artefact_type":"table","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q07","prompt":"Across the asset base: where support contracts can/cannot be claimed (e.g., support purchased in India, asset deployed in UAE). Audit gaps.","rationale_skeleton":"Risk of un-supported assets in production.","scope":"G","category":"Support Geography","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q08","prompt":"Towers already outsourced today and to whom (helpdesk, NOC, SOC, MDR, infra mgmt). Term and performance vs SLA.","rationale_skeleton":"Where to extend vs. replace.","scope":"G","category":"Outsourcing Today","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q09","prompt":"Towers under consideration for outsourcing in this engagement — confirm list per holding/subsidiary. Capability vs. capacity scoping.","rationale_skeleton":"Defines our proposal scope.","scope":"G","category":"Outsourcing Scope","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.vendors_contracts.q10","prompt":"Vendor performance reviews — cadence, KPIs, scorecard format. Joint ops calls. Exit / transition clauses adequate?","rationale_skeleton":"Federated governance lever.","scope":"G","category":"Vendor Governance","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.vendors_contracts","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q01","prompt":"Confirm GCC sizing — Y1/Y2/Y3 user count by pillar (Engineering / Finance-HR-Procurement / IT shared services). Source: Alcent VC base case (180 → 540 → 720).","rationale_skeleton":"Drives BoM and infrastructure sizing.","scope":"GCC","category":"Scope & Sizing","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q02","prompt":"Confirm capability list to migrate into GCC in Phase 1 (mature only): which sub-functions, which services, which technical capabilities.","rationale_skeleton":"Client principle: GCC operates mature, doesn't invent.","scope":"GCC","category":"Scope & Sizing","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.gcc_context.q03","prompt":"Identity tenancy decision — extend KSA Entra ID to India, or separate India tenant with B2B federation?","rationale_skeleton":"Largest single decision in the GCC build.","scope":"GCC","category":"Identity Tenant","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q04","prompt":"M365 SKU strategy for GCC — E3 + targeted E5 add-ons, or full E5? Aligned to parent or India-specific?","rationale_skeleton":"BoM lever; security-tool consolidation.","scope":"GCC","category":"M365 SKU","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q05","prompt":"Engineering software for GCC — license offshore-use rights confirmed via KSA. Aconex per-project vs owner-operator model.","rationale_skeleton":"License compliance for engineering delivery from India.","scope":"GCC","category":"Engineering","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.gcc_context.q06","prompt":"Snowflake (or DW) residency — Azure Central India / Mumbai / Singapore for GCC analytics? Cross-border transfer rules.","rationale_skeleton":"Compliance and latency.","scope":"GCC","category":"Data Residency","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q07","prompt":"Capability cutover sequencing into GCC — wave plan, parallel-run windows, go/no-go gates per capability.","rationale_skeleton":"Mirrors AMC AP transition pattern.","scope":"GCC","category":"Cutover","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q08","prompt":"How will GCC services plug into the federated group ITSM (single instance? separate?), identity, EDR, SOC.","rationale_skeleton":"Avoids creating an isolated GCC stack.","scope":"GCC","category":"Service Integration","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q09","prompt":"India-specific items: G.O.34 payroll subsidy reporting, STPI/SEZ compliance, India-region cloud preferences, local helpdesk hours.","rationale_skeleton":"Operational reality of running the GCC.","scope":"GCC","category":"Local Reality","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.gcc_context.q10","prompt":"Chennai seat/rack capacity plan — phase 1, phase 2. AV/conferencing density. Hardware refresh cadence.","rationale_skeleton":"Lift from existing Tech Stack workbook; preserve here.","scope":"GCC","category":"Capacity & Refresh","priority":"P1","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.gcc_context.q11","prompt":"What are the primary expectations from the proposed GCC initiative — cost reduction, capability lift, governance maturity, all three? Rank.","rationale_skeleton":"Anchors the success criteria for Phase 1.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["BootmindsStaff","ClientExecutive","ClientAdmin"]},{"question_template_id":"it.gcc_context.q12","prompt":"Which services or capabilities would benefit most from standardisation? Top 5 in priority order, with rationale.","rationale_skeleton":"Phase 1 design scope.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"table","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.gcc_context.q13","prompt":"Which operational areas would benefit from improved visibility or reporting? Specific KPIs or dashboards leadership wants.","rationale_skeleton":"Reporting backbone scope.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientExecutive","ClientAdmin"]},{"question_template_id":"it.gcc_context.q14","prompt":"Are there functions that may benefit from centralised governance (security, identity, ITSM, vendor mgmt, BCP)? Confirm priority order.","rationale_skeleton":"Defines the federated standards list.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin"]},{"question_template_id":"it.gcc_context.q15","prompt":"Are there concerns around balancing standardisation with local flexibility (federated boundaries)? Top objections to address.","rationale_skeleton":"Surfaces objection-handling for the proposal.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientStakeholder"]},{"question_template_id":"it.gcc_context.q16","prompt":"Which improvements would provide the highest immediate business value (quick wins for first 90 days)?","rationale_skeleton":"Phase 1 sequencing.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["BootmindsStaff","ClientAdmin"]},{"question_template_id":"it.gcc_context.q17","prompt":"Are there subsidiaries more prepared for transformation initiatives than others? Readiness ranking with rationale (people, process, tech).","rationale_skeleton":"Pilot/wave-plan input.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["ClientAdmin","ClientStakeholder"]},{"question_template_id":"it.gcc_context.q18","prompt":"What are the biggest concerns regarding centralised governance or shared services? Objections to surface and address explicitly in the proposal.","rationale_skeleton":"Prevents late-stage proposal pushback.","scope":"GCC","category":"Future State","priority":"P0","artefact_type":"text","workstream_template_id_ref":"it.gcc_context","default_raci_contributors":["BootmindsStaff","ClientExecutive","ClientAdmin"]}],"decision_templates":[{"decision_template_id":"it.decisions.d01","title":"Confirm federated as the target operating model (not centralised).","summary":"Anchor decision for all design choices.\n\nDecision owner (sheet): IT Head + KC.\nSheet target: Wk 1.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Anchor decision for all design choices.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"federated","label":"Federated (target)","description":"Group-level standards/policies/governance + subsidiary autonomy where business reality demands.","default_pros":["Aligns with stated client intent","Preserves subsidiary speed","Enables economies of scale on a named set of services"],"default_cons":["Needs a teeth mechanism or drifts to fragmented","Steerco discipline required"]},{"option_id":"centralised","label":"Fully centralised","description":"Group IT runs all IT services across subsidiaries.","default_pros":["Maximum consistency","Simpler vendor leverage"],"default_cons":["Conflicts with client signal","Sacrifices subsidiary speed for plant/OT/regulated work"]},{"option_id":"decentralised","label":"Status quo (decentralised)","description":"Continue with subsidiary-owned IT, no group standards.","default_pros":["Zero change management"],"default_cons":["Re-creates the problem this engagement exists to solve"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.operating_model.q01","it.operating_model.q02","it.operating_model.q03","it.operating_model.q15","it.operating_model.q19","it.operating_model.q20","it.operating_model.q37"]},{"decision_template_id":"it.decisions.d02","title":"Group identity tenancy — extend KSA Entra ID vs separate India tenant with B2B federation.","summary":"Drives every SSO integration and license model.\n\nDecision owner (sheet): IT Head + CISO.\nSheet target: Wk 2.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Drives every SSO integration and license model.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"extend_ksa_tenant","label":"Extend KSA Entra ID tenant","description":"Single Entra ID tenant rooted in KSA; subsidiaries (incl. India GCC) added as domains/branches.","default_pros":["Single SSO surface","Easier conditional access","Lower licensing total"],"default_cons":["Single blast radius","Cross-border data implications","Compliance review needed (PDPL / India DPDP)"]},{"option_id":"b2b_federation","label":"B2B federation across separate tenants","description":"Each holding/subsidiary keeps its own tenant; cross-tenant guest / B2B trust for shared apps.","default_pros":["Smaller per-tenant blast radius","Cleaner residency posture"],"default_cons":["More SSO surfaces to maintain","Conditional access fragmentation","Higher operational toil"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.identity_security.q01","it.identity_security.q02","it.gcc_context.q03"]},{"decision_template_id":"it.decisions.d03","title":"M365 SKU strategy — E3 + targeted E5 add-ons, or full E5 across the group.","summary":"E5 collapses Defender, Purview, Entra P2.\n\nDecision owner (sheet): IT Head.\nSheet target: Wk 2.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"E5 collapses Defender, Purview, Entra P2.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"e3_plus_targeted_e5","label":"E3 + targeted E5 add-ons","description":"Bulk on E3; selective E5 add-ons (Defender, Purview, Entra P2) for security-critical personas.","default_pros":["Lower per-seat cost on the majority","Right-sized security spend"],"default_cons":["Add-on SKU complexity","Some E5 features locked to full-E5 users"]},{"option_id":"full_e5","label":"Full E5 across the group","description":"Standardise on E5 everywhere; collapse Defender / Purview / Entra P2 into the suite.","default_pros":["Tool consolidation (Defender, Purview, Entra P2)","Simpler license admin"],"default_cons":["Materially higher cost","Pays for features many personas won't use"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.os_endpoint_user.q12","it.identity_security.q03","it.identity_security.q06","it.identity_security.q08","it.gcc_context.q04"]},{"decision_template_id":"it.decisions.d04","title":"ERP consolidation intent — single parent platform or coexist? Decision and roadmap.","summary":"Largest application-line decision.\n\nDecision owner (sheet): CFO + IT Head + KC.\nSheet target: Wk 3.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Largest application-line decision.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"consolidate_to_parent","label":"Consolidate to parent ERP","description":"All subsidiaries migrate to a single parent platform (S/4HANA / Oracle Fusion / D365 F&SCM).","default_pros":["Single source of truth","Easier intercompany + TP","Standardised reporting"],"default_cons":["Multi-year programme","Heavy change management"]},{"option_id":"coexist","label":"Coexist (federated ERP)","description":"Subsidiaries keep local ERP; integrate via group reporting layer.","default_pros":["Faster","Less disruption to operating units"],"default_cons":["Intercompany complexity stays","Reporting consolidation cost recurring"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.applications_data.q01","it.applications_data.q02","it.applications_data.q09","it.applications_data.q11"]},{"decision_template_id":"it.decisions.d05","title":"ITSM platform — Zoho Desk (re-launch with policy), Freshservice, or ServiceNow.","summary":"Tool plus policy; 'no ticket no service' rollout.\n\nDecision owner (sheet): IT Head.\nSheet target: Wk 2.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Tool plus policy; 'no ticket no service' rollout.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"relaunch_zoho","label":"Re-launch Zoho Desk with policy","description":"Keep the existing Zoho Desk licenses; tighten policy + comms + HR backing under 'no ticket, no service'.","default_pros":["Sunk-cost recovered","Fastest to value"],"default_cons":["Adoption issue is org-cultural, not tooling — won't shift if policy fails"]},{"option_id":"freshservice","label":"Move to Freshservice","description":"Mid-market ITSM with strong service catalogue and lower TCO than ServiceNow.","default_pros":["Balanced features vs cost","Faster implementation than ServiceNow"],"default_cons":["Net-new license + migration","Smaller ecosystem than ServiceNow"]},{"option_id":"servicenow","label":"Move to ServiceNow","description":"Enterprise ITSM; aligns with global tier-1 standard.","default_pros":["Most mature platform","Aligns with parent-KSA if KSA is on ServiceNow"],"default_cons":["Highest TCO","Heaviest implementation"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.applications_data.q04","it.itsm_service.q01","it.itsm_service.q02","it.itsm_service.q03","it.itsm_service.q10"]},{"decision_template_id":"it.decisions.d06","title":"Outsourcing tower list — which towers go out of house in Phase 1.","summary":"Defines our proposal scope.\n\nDecision owner (sheet): IT Head + KC.\nSheet target: Wk 1.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Defines our proposal scope.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"l1_l2_helpdesk","label":"L1/L2 helpdesk","description":"Tier-1/2 user support outsourced.","default_pros":[],"default_cons":[]},{"option_id":"network_ops","label":"Network operations","description":"WAN / LAN / SD-WAN operate.","default_pros":[],"default_cons":[]},{"option_id":"endpoint_mgmt","label":"Endpoint management","description":"MDM / patching / image build.","default_pros":[],"default_cons":[]},{"option_id":"edr_mgmt","label":"EDR/XDR managed","description":"Managed detection of endpoint events.","default_pros":[],"default_cons":[]},{"option_id":"soc","label":"SOC (24x7)","description":"Security operations centre.","default_pros":[],"default_cons":[]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.operating_model.q10","it.operating_model.q11","it.vendors_contracts.q08","it.vendors_contracts.q09"]},{"decision_template_id":"it.decisions.d07","title":"Vendor strategy — confirm strategic-partner-by-tower as future-state.","summary":"Replaces opportunistic engagement model.\n\nDecision owner (sheet): IT Head + Procurement.\nSheet target: Wk 2.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Replaces opportunistic engagement model.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"strategic_by_tower","label":"Strategic partner per tower (target)","description":"Single named vendor per tower (network, endpoint, EDR, M365, ITSM, SOC, helpdesk) with multi-year commercials.","default_pros":["Volume leverage","Knowledge continuity","Faster new-site setup"],"default_cons":["Concentration risk","Exit cost"]},{"option_id":"opportunistic","label":"Opportunistic engagement (status quo)","description":"Vendor selected per project; no group-level partnership.","default_pros":["Project-by-project flexibility"],"default_cons":["No continuity","No volume leverage","Repeat onboarding cost"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.vendors_contracts.q01","it.vendors_contracts.q02","it.vendors_contracts.q05","it.vendors_contracts.q07"]},{"decision_template_id":"it.decisions.d08","title":"Group SOC model — extend KSA SOC, MSSP, or net-new India SOC.","summary":"Critical security capability decision.\n\nDecision owner (sheet): CISO + IT Head.\nSheet target: Wk 3.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Critical security capability decision.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"extend_ksa_soc","label":"Extend KSA SOC to group","description":"KSA SOC absorbs India + other subsidiaries.","default_pros":["Single pane","Reuse existing investment"],"default_cons":["Capacity to scale","Cross-tenant residency review"]},{"option_id":"mssp","label":"MSSP-led","description":"Third-party managed SOC across the group.","default_pros":["No capex","24x7 by design"],"default_cons":["Vendor lock-in","Less context on internal env"]},{"option_id":"net_new_india_soc","label":"Net-new India SOC","description":"Build a dedicated India SOC inside the GCC.","default_pros":["Sovereign capability","Closer to GCC ops"],"default_cons":["Heaviest investment","Slowest to stand up"]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.identity_security.q07","it.identity_security.q12","it.identity_security.q16","it.identity_security.q20"]},{"decision_template_id":"it.decisions.d09","title":"Backup standard for M365 — Veeam, Druva, alternative.","summary":"Native retention is not backup.\n\nDecision owner (sheet): CISO + IT Head.\nSheet target: Wk 2.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Native retention is not backup.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"veeam_m365","label":"Veeam Backup for M365","description":"Veeam's M365 backup product.","default_pros":["Mature product","Strong restore semantics"],"default_cons":["License cost","On-prem storage sizing"]},{"option_id":"druva","label":"Druva inSync","description":"SaaS-native M365 backup.","default_pros":["No infra to manage"],"default_cons":["Vendor lock-in","Subscription cost"]},{"option_id":"other","label":"Alternative (Barracuda, AvePoint, etc.)","description":"Other M365 backup vendor evaluated case by case.","default_pros":[],"default_cons":[]}],"scope":"G","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.cloud_on_prem.q07","it.cloud_on_prem.q08"]},{"decision_template_id":"it.decisions.d10","title":"Confirm full subsidiary list and autonomy status per holding.","summary":"Foundation for federated scope.\n\nDecision owner (sheet): IT Head + Holding CEOs.\nSheet target: Wk 1.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Foundation for federated scope.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"to_be_authored","label":"Option to be authored at decision time","description":"No pack-default options; tenant authors options against rationale + evidence.","default_pros":[],"default_cons":[]}],"scope":"S","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.operating_model.q22","it.operating_model.q24"]},{"decision_template_id":"it.decisions.d11","title":"Confirm GCC sizing — adopt Alcent VC base case (180/540/720) or revise.","summary":"Drives BoM and ramp plan.\n\nDecision owner (sheet): GCC Head + CFO.\nSheet target: Wk 1.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Drives BoM and ramp plan.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"alcent_base_case","label":"Adopt Alcent VC base case (180 / 540 / 720)","description":"Sizing follows the prepared VC base case across Y1/Y2/Y3.","default_pros":["Externally benchmarked","Aligns with funding model"],"default_cons":["Locks early; revise harder later"]},{"option_id":"revised_sizing","label":"Revise sizing","description":"Re-baseline Y1/Y2/Y3 against actual capability migration plan.","default_pros":["Bottom-up grounded","Matches mature-capability rule"],"default_cons":["Slower to lock"]}],"scope":"GCC","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.gcc_context.q01","it.gcc_context.q02"]},{"decision_template_id":"it.decisions.d12","title":"Data residency for GCC — Azure Central India / Mumbai / Singapore.","summary":"Latency + compliance.\n\nDecision owner (sheet): Data Lead + Legal.\nSheet target: Wk 2.","rationale_prompt_skeleton":"Capture the rationale for this decision. Sheet-recorded justification: \"Latency + compliance.\". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.","default_options":[{"option_id":"azure_central_india","label":"Azure Central India (Pune)","description":"India-region cloud for GCC analytics workloads.","default_pros":["Lowest latency for Chennai","India residency"],"default_cons":["Azure-only"]},{"option_id":"azure_mumbai","label":"Azure South India / Mumbai","description":"Alternative India region.","default_pros":["India residency"],"default_cons":["Slightly higher latency from Chennai"]},{"option_id":"singapore","label":"Singapore","description":"Regional hub option.","default_pros":["Strong connectivity to Middle East"],"default_cons":["India PDPL cross-border review","Higher latency to KSA than India region"]}],"scope":"GCC","priority":"P0","default_approval_chain_template":["Admin","ExecutiveViewer"],"evidence_question_template_ids":["it.applications_data.q09","it.gcc_context.q06"]}],"maturity_rubric":[{"maturity_dimension_template_id":"it.operating_model.maturity","name":"IT Operating Model & Governance Maturity","description":"5-level rubric for IT Operating Model & Governance.","workstream_template_id_ref":"it.operating_model","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["No federated model; each subsidiary runs IT autonomously with no group standards.","Group standards informally agreed; ad-hoc steerco; subsidiaries comply when convenient.","Documented decision-rights matrix; joint IT steerco with regular cadence; exception path defined.","Standards adherence actively monitored; KPIs tied to leadership scorecards; HR enforcement hooks live.","Continuous-improvement loop on the operating model itself; data-driven federation tuning per subsidiary."],"target_level":4},{"maturity_dimension_template_id":"it.os_endpoint_user.maturity","name":"OS, Endpoint & User Operating Model Maturity","description":"5-level rubric for OS, Endpoint & User Operating Model.","workstream_template_id_ref":"it.os_endpoint_user","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["Mixed OS mix unmanaged; no MDM; field/WFH users treated identically to in-office.","Windows mostly managed; macOS/Linux pockets unmanaged; partial MDM coverage.","All OS families in MDM; persona-based provisioning; documented golden builds; patch SLAs.","Zero-touch provisioning; >95% patch compliance; ZTNA replaces VPN; persona-based hardware standards locked.","Continuous device-health telemetry feeds proactive remediation; autonomous patching with risk-weighted rollback."],"target_level":4},{"maturity_dimension_template_id":"it.cloud_on_prem.maturity","name":"Cloud & On-Prem Posture Maturity","description":"5-level rubric for Cloud & On-Prem Posture.","workstream_template_id_ref":"it.cloud_on_prem","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["Workloads scattered across colo/on-prem/multiple clouds with no strategy.","Cloud-first declared but inconsistently applied; legacy workloads dominant.","Documented hosting strategy per workload tier; cloud provider rationalised; backup standard defined.","DR runbooks tested annually; RPO/RTO measured per workload; M365 backup standard live.","Cloud cost optimisation continuous; chaos-style DR drills; cross-region failover automated."],"target_level":4},{"maturity_dimension_template_id":"it.network_topology.maturity","name":"Network & Topology Maturity","description":"5-level rubric for Network & Topology.","workstream_template_id_ref":"it.network_topology","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["No group topology view; new sites onboarded ad-hoc, vendor-led.","Site list maintained; per-site asset counts informal; no SD-WAN.","Topology diagrammed at group level; SD-WAN posture decided; field-site standard documented.","Network ops measured (uptime, latency); refresh cycles funded; OT segmentation enforced.","Software-defined networking with policy-as-code; continuous topology validation; OT continuously monitored."],"target_level":4},{"maturity_dimension_template_id":"it.identity_security.maturity","name":"Identity & Security Maturity","description":"5-level rubric for Identity & Security.","workstream_template_id_ref":"it.identity_security","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["Mixed IdPs per subsidiary; partial MFA; no PAM; no SOC.","Entra ID dominant; MFA for most users; ad-hoc EDR; informal incident response.","Federated identity strategy locked; >95% MFA; SSO across top-20 SaaS; SOC operating with SLAs.","PAM in force for all privileged accounts; SOAR-supported SOC; quarterly purple-team drills.","Identity-first zero trust enforced everywhere; SOC continuously tuned via threat-intel; ISO27001 / SAMA-CSF certified."],"target_level":4},{"maturity_dimension_template_id":"it.applications_data.maturity","name":"Applications & Data Maturity","description":"5-level rubric for Applications & Data.","workstream_template_id_ref":"it.applications_data","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["Apps fragmented per subsidiary; no integration platform; shadow IT prevalent.","Core ERP per holding; integrations point-to-point; data residency informal.","ERP strategy decided; integration platform live; data residency documented; shadow IT inventoried.","Master data governed across subsidiaries; SaaS lifecycle managed; data classification + DLP enforced.","Data products govern cross-subsidiary reporting; integration mesh observable; shadow IT eliminated by design."],"target_level":4},{"maturity_dimension_template_id":"it.hardware_standard.maturity","name":"Hardware Inventory Standard & Asset Register Maturity","description":"5-level rubric for Hardware Inventory Standard & Asset Register.","workstream_template_id_ref":"it.hardware_standard","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["No asset register; refresh ad-hoc; no SKU standard per persona.","Spreadsheets per subsidiary; partial coverage; warranty data inconsistent.","Group asset register defined with required fields incl. support geography; refresh-cycle policy locked.","CMDB authoritative; refresh capex planned 24 months out; SAM reconciled annually.","Continuous asset telemetry; predictive refresh; SAM continuously reconciled; e-waste lifecycle managed."],"target_level":4},{"maturity_dimension_template_id":"it.itsm_service.maturity","name":"ITSM & Service Delivery Maturity","description":"5-level rubric for ITSM & Service Delivery.","workstream_template_id_ref":"it.itsm_service","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["Email-driven support; ticketing system unused; no SLAs.","Ticketing in place but bypassed; SLAs informal; change control inconsistent.","'No ticket, no service' policy live; service catalogue published; SLAs measured per category.","Change/Problem/Knowledge/Asset modules operating; self-service deflection measured; CAB cadence stable.","Continuous-improvement loop on ITSM data; automated problem-management triggers; AI-assisted ticket triage."],"target_level":4},{"maturity_dimension_template_id":"it.vendors_contracts.maturity","name":"Vendors & Contracts Maturity","description":"5-level rubric for Vendors & Contracts.","workstream_template_id_ref":"it.vendors_contracts","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["Vendors selected per project; no group view; renewals reactive.","Top vendors known; some MSAs at group level; renewals tracked manually.","Strategic partner per tower; volume agreements harvested; support geography mapped.","Vendor performance scorecarded; QBRs run; exit clauses adequate; consolidation opportunities executed.","Vendor ecosystem managed as a portfolio with continuous benchmarking and active rotation."],"target_level":4},{"maturity_dimension_template_id":"it.gcc_context.maturity","name":"GCC Context — Chennai Build & Transition Maturity","description":"5-level rubric for GCC Context — Chennai Build & Transition.","workstream_template_id_ref":"it.gcc_context","levels":["Ad-hoc","Repeatable","Defined","Managed","Optimised"],"scoring_criteria_per_level":["GCC scope not defined; sizing unclear; no parent-tenant decisions taken.","GCC scoped narrowly; sizing tentative; identity-tenant decision pending.","GCC capability list locked (mature-only); sizing baselined; identity + M365 SKU decided; cutover plan drafted.","Wave-based capability migration executing with go/no-go gates; parallel-run windows observed; G.O.34 reporting live.","GCC operates as a peer service centre with measured maturity per capability and continuous expansion playbook."],"target_level":4}],"raci_defaults":{"it.operating_model.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q13":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q14":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q15":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q16":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q17":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q18":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q19":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q20":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q21":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q22":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q23":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q24":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q25":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q26":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q27":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q28":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q29":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q30":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q31":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q32":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q33":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q34":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q35":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q36":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q37":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q38":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.operating_model.q39":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.os_endpoint_user.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.cloud_on_prem.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q13":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q14":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q15":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q16":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.network_topology.q17":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q13":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q14":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q15":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q16":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q17":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q18":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q19":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q20":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.identity_security.q21":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q13":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q14":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q15":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q16":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q17":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q18":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q19":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.applications_data.q20":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.hardware_standard.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q13":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q14":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q15":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q16":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q17":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q18":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q19":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q20":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q21":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q22":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q23":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q24":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.itsm_service.q25":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.vendors_contracts.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q01":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q02":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q03":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q04":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q05":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q06":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q07":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q08":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q09":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q10":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q11":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q12":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q13":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q14":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q15":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q16":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q17":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.gcc_context.q18":{"reviewer":["ProgrammeLead"],"contributor":["ProgrammeLead","Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d01":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d02":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d03":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d04":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d05":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d06":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d07":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d08":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d09":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d10":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d11":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]},"it.decisions.d12":{"decision_maker":"ProgrammeLead","approver":["Admin","ExecutiveViewer"],"reviewer":["ProgrammeLead"],"contributor":["Stakeholder"],"informed":["ExecutiveViewer"]}},"ai_interpretation_templates":[{"ai_interpretation_template_id":"it.ai.auto_draft_answer","name":"Auto-draft answer for IT discovery question","target_node_type_ref":"Question","interpretation_type":"draft_answer","prompt_template_skeleton":"You are drafting an answer to an IT discovery question for the {{tenant_name}} engagement.\n\nQuestion: {{question.prompt}}\nRationale (why it matters): {{question.rationale_skeleton}}\nScope: {{question.scope}}\nCategory: {{question.category}}\nArtefact type expected: {{question.artefact_type}}\n\nUse the retrieved documents ({{retrieval.documents}}) and any prior locked answers ({{retrieval.related_answers}}) to draft a concise answer. Cite every fact (document title + page or section). If the evidence is insufficient, explicitly mark the gap and propose the data the client should provide. Output: 1) the draft answer in the expected artefact format, 2) a citations block, 3) a 'gaps' section.","trigger_event_type_ref":"QuestionOpened","retrieval_strategy":"tenant_documents_plus_memory","default_confidence_threshold":0.6,"acceptance_ux_type":"inline_accept_reject"},{"ai_interpretation_template_id":"it.ai.steerco_workstream","name":"Steerco synthesis for IT workstream","target_node_type_ref":"Workstream","interpretation_type":"steerco_synthesis","prompt_template_skeleton":"You are preparing the Steerco section for the {{workstream.name}} workstream of {{tenant_name}}.\n\nProduce an executive-grade narrative (max 200 words) covering:\n1) Progress against this workstream's discovery questions (% answered, P0 outstanding).\n2) Maturity score vs. target (current level on the {{workstream.maturity_dimension}} rubric vs. target {{workstream.target_maturity_level}}).\n3) Top 3 risks/issues from the RAID register linked to this workstream.\n4) Decisions blocked on this workstream's evidence ({{workstream.linked_decisions}}).\n5) Next 2-week action plan with named owners.\n\nTone: factual, decision-oriented, no jargon.","trigger_event_type_ref":"ProgrammeConfidenceSnapshotted","retrieval_strategy":"tenant_graph_neighbours","default_confidence_threshold":0.7,"acceptance_ux_type":"side_panel"},{"ai_interpretation_template_id":"it.ai.decision_blast_radius","name":"Blast-radius narrative for locked IT decision","target_node_type_ref":"Decision","interpretation_type":"blast_radius_narrative","prompt_template_skeleton":"Decision just locked: {{decision.title}}\nChosen option: {{decision.chosen_option}}\nRationale: {{decision.rationale}}\n\nUsing the dependency graph ({{retrieval.graph}}), produce a 'blast-radius' narrative explaining:\n1) Which capabilities, milestones, and other decisions become unblocked.\n2) Which artefacts (BoM, architecture diagrams, vendor contracts) now need updates.\n3) Which stakeholders should be informed and by when.\n4) Any risks the locked option introduces that the team should track.\nOutput as a structured bullet list grouped under the four headers above.","trigger_event_type_ref":"DecisionLocked","retrieval_strategy":"tenant_graph_neighbours","default_confidence_threshold":0.7,"acceptance_ux_type":"modal"},{"ai_interpretation_template_id":"it.ai.decision_quality_check","name":"Decision quality check pre-lock","target_node_type_ref":"Decision","interpretation_type":"decision_quality_check","prompt_template_skeleton":"Decision under review: {{decision.title}}\nOptions on the table: {{decision.options}}\nEvidence questions cited: {{decision.evidence}}\n\nAct as a sceptical IT advisor. Identify: 1) any required evidence question that is still unanswered or weakly answered; 2) any option whose pros/cons list looks one-sided or stale; 3) any cross-pack or cross-subsidiary dependency the team appears to be missing; 4) the single highest-risk assumption baked into the chosen option (if one is leading). Output a short, named checklist the decision owner should resolve before locking.","trigger_event_type_ref":"DecisionInReview","retrieval_strategy":"tenant_graph_neighbours","default_confidence_threshold":0.65,"acceptance_ux_type":"side_panel"},{"ai_interpretation_template_id":"it.ai.maturity_recommendation","name":"Maturity uplift recommendation","target_node_type_ref":"MaturityDimension","interpretation_type":"maturity_recommendation","prompt_template_skeleton":"Maturity dimension: {{maturity_dimension.name}}\nCurrent assessed level: {{maturity_dimension.current_level}} ({{maturity_dimension.current_label}})\nTarget level: {{maturity_dimension.target_level}} ({{maturity_dimension.target_label}})\n\nUsing the scoring criteria ({{maturity_dimension.scoring_criteria_per_level}}) and the linked workstream evidence ({{retrieval.workstream_evidence}}), produce a recommendation with exactly 3 actions to move the assessment up one level. For each: action description, named owner role, estimated effort (S/M/L), and the leading indicator that proves the action landed.","retrieval_strategy":"tenant_graph_neighbours","default_confidence_threshold":0.65,"acceptance_ux_type":"side_panel"}]}