Digital Sovereignty Maturity Assessment Workshop
A comprehensive one-day workshop to evaluate and enhance your organization's digital sovereignty posture
Workshop Details
Duration: 1 full day (6-7 hours including breaks)
Location: [Customer Site / Virtual]
Date: [To be scheduled]
Format: Interactive workshop with assessment, discussion, and collaborative analysis
Participants
Customer Representatives
- Chief Information Officer (CIO)
- Chief Operating Officer (COO) or delegate
- Chief Information Security Officer (CISO)
- Chief Architect / Technical Lead
- Compliance / Legal Officer (optional)
- Cloud Infrastructure Lead (optional)
Red Hat Team
- Digital Sovereignty Architect
- Account Team Representatives
- Technical Consultants (as needed)
- Solutions Architect
Workshop Objectives
- Understand the strategic importance of Digital Sovereignty in your context
- Complete a comprehensive maturity assessment across 7 sovereignty domains
- Identify current strengths and critical capability gaps
- Develop a prioritized roadmap for sovereignty enhancement
- Align on short-term quick wins and long-term strategic initiatives
Detailed Agenda
09:00 - 09:30 (30 min)
Welcome & Workshop Objectives
- Introductions and participant roles
- Workshop goals and expected outcomes
- Overview of the day's agenda
- Ground rules and expectations
09:30 - 10:30 (60 min)
Digital Sovereignty: The Context
- What is Digital Sovereignty? Definition and strategic importance
- Regulatory Landscape:
- EU Cloud Sovereignty Framework
- Regional requirements (GDPR, NIS2, DORA, etc.)
- Industry-specific mandates (FSI, Healthcare, Government)
- Customer Context Discussion: Your specific sovereignty concerns and drivers
- Red Hat's Approach: How we enable sovereign cloud strategies
- Q&A and open discussion
10:30 - 10:45 (15 min)
☕ BREAK
10:45 - 11:15 (30 min)
The 5-Level Maturity Model Framework
- CMMI-based Maturity Model: Introduction to 5 levels (Initial → Managed → Defined → Quantitatively Managed → Optimizing)
- The 7 Digital Sovereignty Domains:
- Data Sovereignty
- Technical Sovereignty
- Operational Sovereignty
- Assurance Sovereignty
- Open Source
- Executive Oversight
- Managed Services
- Understanding the Inflection Point: Moving from reactive (Levels 1-2) to proactive (Levels 3-5)
- Assessment Methodology: How scoring works, evidence-based evaluation, industry weighting
11:15 - 12:30 (75 min)
Domain Deep-Dive & Assessment: Part 1
Interactive assessment of the first 3 domains:
1. Data Sovereignty
- Data residency and location control
- Data protection and privacy compliance
- Data classification and inventory
- Legal and jurisdictional control
- Cryptographic key management
- Workload data protection (data-in-use)
- Data flow and transfer auditing
- Third-party data access policies
2. Technical Sovereignty
- Technology stack ownership and control
- Vendor lock-in risk mitigation
- Standardized framework adoption
- Interoperability and portability strategy
- Hardware and infrastructure source verification
- Self-hosted application runtime control
- Code and intellectual property control
- Future-proofing technology roadmaps
3. Operational Sovereignty
- Operational process documentation
- Dependency on external managed services
- Access control and identity management
- Internal skills and competency development
- Disaster recovery and business continuity
- Supply chain transparency and vetting
- Sovereign incident response plan
- Operational autonomy in critical functions
For each domain, we will:
- Review the 8 capability questions
- Discuss what "good" looks like at each maturity level
- Evaluate current state with evidence
- Identify relevant examples from your environment
- Capture improvement opportunities
12:30 - 13:30 (60 min)
🍽️ LUNCH
13:30 - 15:00 (90 min)
Domain Deep-Dive & Assessment: Part 2
Continue interactive assessment for remaining 4 domains:
4. Assurance Sovereignty
- Audit and inspection rights
- Sovereign security monitoring (SIEM)
- Compliance framework verification
- Vendor transparency requirements
- Sovereign certifications and attestations
- Continuous security validation
- Independent security testing
- Vulnerability and patch management
5. Open Source
- Open source strategy and policy
- Community participation and influence
- License compliance management
- Open source vulnerability scanning
- Sovereign open source distributions
- Contribution policies and guidelines
- Internal open source expertise
- Open source project governance
6. Executive Oversight
- Board and C-suite awareness
- Dedicated sovereignty governance
- Budget allocation for sovereignty
- Sovereign cloud policies
- Risk management integration
- Accountability and ownership
- Strategic sovereignty planning
- Regulatory relationship management
7. Managed Services
- Vendor selection criteria (sovereignty focus)
- Contractual sovereignty controls
- Geographic and jurisdictional restrictions
- Data access limitations
- Performance and compliance monitoring
- Transition and exit planning
- Alternative provider evaluation
- Insourcing capability development
15:00 - 15:15 (15 min)
☕ BREAK
15:15 - 16:15 (60 min)
Results Review & Analysis
- Overall Maturity Score: Present aggregate results and rating
- Domain-by-Domain Breakdown:
- Spider chart visualization
- Areas of strength to build upon
- Critical capability gaps requiring attention
- Industry comparison (based on selected LOB weighting)
- Gap Prioritization:
- Quick wins (0-3 months)
- Tactical improvements (3-12 months)
- Strategic initiatives (12+ months)
- Maturity Progression Path: What does the journey from current state to target state look like?
- Discussion: Constraints, dependencies, and success factors
16:15 - 16:30 (15 min)
Next Steps & Wrap-up
- Summary of key findings and insights
- Immediate action items (who, what, when)
- Schedule follow-up Value-Based Action Plan session
- Feedback on workshop format and content
- Thank you and closing remarks
Follow-up: Value-Based Action Plan
To be scheduled within 2 weeks of initial workshop
Follow-up Session Details
Duration: 90 minutes
Format: Virtual meeting
Participants: Same as workshop + additional stakeholders as needed
Session Agenda
Heatmap Review & Suggested Actions
- Review of priority actions from workshop
- Customer feedback on initial workshop findings
- Refined heatmap presentation showing:
- Current state vs. target state
- Effort vs. impact analysis
- Dependencies and sequencing
- Actionable Roadmap:
- Short-term initiatives (Quick wins, 0-3 months)
- Medium-term improvements (Tactical changes, 3-12 months)
- Long-term goals (Strategic transformation, 12-36 months)
- Red Hat Value Proposition: How we can support your sovereignty journey
- Next Steps: Project planning, resource allocation, partnership opportunities
Pre-Workshop Preparation
To maximize the value of the workshop, please prepare the following information:
- Current cloud infrastructure provider(s) and services in use
- List of critical business applications and their hosting locations
- Existing compliance frameworks and certifications (ISO 27001, SOC 2, etc.)
- Data classification policies and data residency requirements
- Key vendor relationships and managed service agreements
- Recent security audits, risk assessments, or compliance reviews
- Disaster recovery and business continuity documentation
- Open source usage policies and practices (if applicable)
- Any known sovereignty concerns or regulatory requirements
Expected Outcomes
- Baseline Assessment: Comprehensive understanding of current sovereignty maturity across all 7 domains
- Gap Analysis: Clear identification of strengths and areas for improvement
- Prioritized Roadmap: Actionable plan with sequenced initiatives
- Stakeholder Alignment: Shared understanding among technical and business leaders
- Foundation for Action: Evidence-based justification for sovereignty investments
