Enterprise and Solutions Architecture
Turntabl delivers enterprise architecture grounded in the FINOS-backed CALM stack — integrating with your existing teams to build modern, scalable systems that align technology with your organization's future.
Enterprise and Solutions Architecture
The Context
Global Investment Bank's enterprise architecture function operates across three worlds that don't naturally speak to each other:
A mandatory internal security-review tool that captures architecture intent for compliance.
A growing set of architecture-as-code notations engineering teams already use -- C4 (multiple dialects), Mermaid, PlantUML and others.
FINOS CALM, an open-source architecture-as-code standard the bank spearheaded – now the strategic direction for architecture as code firmwide
Without a bridge between these worlds, architects re-drew the same system in each tool. Security reviewers saw a different artefact from the engineers who built the system. Compliance state and engineering reality drifted.
The Core Challenge
Treat architecture as data, not pictures. Build one translation surface that lets engineers describe a system in whichever notation they already use, and round-trip it -- losslessly enough to be useful -- to and from the bank's compliance tool and the open industry standard. Without forking either. Without imposing yet another modelling language on engineers who would have to use it.
Approach: Centralize format rules – provide bidirectional surface
The team owns two pieces of enterprise-architecture infrastructure: an architecture translation service it designed and built (the canonical bridge between formats), and the bank's architecture-as-code platform, which it maintains and supports as the primary authoring environment for architecture as code. Most of the design decisions below sit in the translation service; the platform is the on ramp.
One service, many formats. A REST surface with format-named endpoints, converting between architecture-as-code notations (C4 dialects, Mermaid, PlantUML), image formats (SVG, PNG), the bank's security-review tool's native format, and the open-source architecture as code. Java and Python client libraries hide auth, retry and error-envelope concerns -- adopting the service is one dependency, not an integration project.
The artefact travels with the engineer. A security architecture authored in the bank's security-review tool can be exported into the architecture-as-code platform and worked on there directly. One model across products, not one re-drawing per tool.
Visualization stays in sync with the source. The service generates architecture diagrams on demand from architecture-as-code. Stakeholder documents and review packs pull live renderings from the source rather than embedding hand-drawn copies. Visualization cannot drift from what the architecture says
Runtime metadata, not build-time mapping. Translation destination values live in a metadata table the compliance teams own and edit directly. Rule changes ship without a service redeploy. The redeploy cost is removed from the compliance change pathway.
Stand up for the open standard the bank spearheads. Internal-specific data is captured via metadata extensions, not by mutating CALM itself. The bank's contribution to the open spec stays compatible with the rest of the open-source community.
Cover the structural hard cases. Nested zones, nested deployment nodes, and pattern-vs-architecture export modes -- the cases that previously blocked complex real-world architectures from round-tripping cleanly.
Proven Outcomes
Architecture-as-code adoption is visibly trending up. Workspace count on the team's architecture-as-code platform grew from 225 in January 2025 to 513 in June 2025 -- a 46% increase in six months.
Security architecture is portable across products. The bank's mandatory security-review tool round-trips with the CALM standard and exports into the architecture-as-code platform. A security architecture stays usable across compliance, architecture-as-code, and open-standard tooling without re-authoring.
The translation service is the integration substrate for three adjacent enterprise-architecture products, all of which call it through its client libraries to complement REST API surface.
Removed redeployment step that limited compliance change pathway. Partner security-architecture teams ship translation-rule changes by editing the metadata table. No service release required.