Steps to successfully retire applications.
As organisations adapt to change and leverage the latest technology to deliver more value to customers, the corresponding change is reflected in the application portfolio.
It is not uncommon for companies that have been in business for a decade to have hundreds of legacy applications that deliver marginal value to the business yet represent a significant operational and maintenance cost.
Application retirement addresses these challenges by removing the legacy application and the supporting software and hardware stack while keeping the application data accessible for reporting, regulatory compliance and regular business needs.
The following seven steps can assist organisations to successfully retire applications:
1. Create a cross-functional team.Successful application retirement projects are typically staffed by cross-functional teams with representation from compliance, the line-of-business function, and IT to ensure the requirements of the entire organisation are met.
2. Understand the legacy application and the data that needs to be retired.A good understanding of an application and the underlying data model ensures that data required for normal business needs and regulatory compliance is retired.
To get a better understanding of the scenarios in which an application is used and the business benefits, conduct interviews with employees, partners, customers and auditors who use the legacy application.
Answering the following questions will assist in developing a better understanding of the legacy application and the data that needs to be retired:
- what purpose does the application serve today versus when the application was originally deployed?
- what application modules or functionality are no longer in use?
- what reports are run against the application?
- if there are several reports being run, can reports be consolidated?
- are there similar applications in the organisation that serve the purpose of the legacy application?
- should data be migrated to another application?
- what data needs to be retained for compliance purposes?
For example, if you are retiring purchase orders from a legacy financial application, all the transactional, referential and audit information associated with the purchase order must be captured.Transactional information associated with the purchase order includes each item purchased, quantity, price and shipping details. Referential information includes vendor name, address and contact information.
The audit trail includes details about who approved the purchase order and the user who changed the purchase order. This data is typically stored in several tables in the database.There are complex relationships between the data in the tables and business rules that define additional semantics. Adding to the complexity is the fact that many of these relationships and business rules are defined at the application layer and cannot be mined directly from the database.
Preserving the original business context of the application data requires application knowledge and sophisticated data modeling techniques that ensure the relationships between the data and the business rules are not compromised.
4. Access to retired data.Providing quick and efficient access to retired data is key to the success of your application retirement project.
Organisations must have the capability to retrieve historical data on demand. The ability to query, browse and generate reports lets you respond to audits and discovery requests.
Once the application is shut down, the retirement solution must provide robust application-independent access leveraging open industry standards such as ODBC/JDBC, XML, and SQL and reporting tools such as Crystal Reports and Cognos.
Access to retired data should not compromise the user experience. For example, if a legacy insurance policy administration system is retired, the policies should be accessible in its original format. Consider the following when developing a plan that defines how retired data will be accessed:
- how will business users and administrators access data? What format do they need to see retired data in?
- how will auditors access the data? What reports do auditors typically access?
- what reporting tools are users and administrators familiar with?
- how will users search for retired data?
Consider the following when developing a plan to secure retired data:
- should only administrators and privileged users be entitled to access retired data or should a broader group be allowed to access the retired data?
- should the same security policy that controlled access in the legacy application apply or should the security policy be further restricted or relaxed?
Retired data should be managed as defined by the enterprise-wide information management policy.
An application retirement solution must provide comprehensive policy management features as well as integration with storage platforms that manage retention.
7. Select a vendor for application retirement.Because application retirement requires sophisticated data modeling, extraction, and retrieval capabilities, organisations can be better served by seeking out a vendor with a proven application retirement solution rather than reinventing the wheel.
An application retirement solution must:
- model the data in the legacy application
- create policies that define what data should be retired
- extract the data
- index the data for efficient searching
- provide application independent access and reporting.