Skip to main content

Phase 2: Architecture and Design

In the Architecture and Design phase, the detailed requirements from the Jira task are used to create a comprehensive technical design for the Osborn project. This phase is critical for embedding security, privacy, accessibility, and quality into the solution's core, whether it is for the Django backend, the React frontend, or the Figma plugin.

Key Activities

1. Detailed Design and Planning

  • Project Plan: A formal project plan is created and maintained, often as part of the epic or task in Jira.
  • System Design Document: A central document is created, detailing the technical design. For Osborn, this involves:
    • Backend: Designing according to the multi-tenant AWS architecture, often involving services like Lambda, S3, RDS, and EC2.
    • Frontend: Architecting React Server Components (RSC) and client components, defining state management with Zustand, and planning Server Actions.
    • Technical Reviews: Both application-level (e.g., Django service layer) and infrastructure-level (e.g., VPC subnets, ALB rules) reviews are conducted.

2. Risk and Impact Assessments

  • Security Risk Assessment: A detailed Risk Assessment is completed based on the feature's requirements and its interaction with the Osborn ecosystem.
  • Privacy Impact Assessment (PIA): For any feature processing Personal Identifiable Information (PII), a PIA must be conducted within the OneTrust privacy management system. This is crucial for features handling user data in the Django backend.
  • Vulnerability Assessment: An assessment of potential application and infrastructure vulnerabilities is conducted, considering the specific AWS services being used.

3. Standards Alignment

  • The design must be reviewed to ensure alignment with key standards, applied to Osborn's tech stack:
    • Privacy-by-Design (ISO 27701): Ensuring user data is handled securely in the Django backend and NextAuth sessions.
    • Digital Accessibility (ISO 30071-1): Building accessible React components, often tested with Storybook.
    • Quality Management (ISO 9001): Applying quality principles to both backend and frontend development processes.
  • Public-Facing Websites: All public-facing endpoints, like those on the Application Load Balancer (ALB), must use HTTPS.

4. Business Continuity

  • Current business continuity plans for the AWS infrastructure are reviewed and updated as necessary to incorporate the new components.

Control Point

  • A formal Control Point, requiring technical and security approvals, must be passed before the Jira task moves to the development stage.
  • This includes the evaluation and authorization of all system components, such as new AWS resources or frontend libraries.
  • The approval is documented in the Jira ticket before a developer can create a branch and start coding.