AIM
Architectural Insight for Modernization
How AIM Works
AIM (Architectural Insight for Modernization) turns your messy reality — legacy systems, half-documented integrations, political constraints, and budget limits — into a structured modernization plan.
No magic. No vendor kickbacks. Just structured inputs, transparent scoring, and AI that stays inside the lines you define.
1. Start with a Guided Assessment
AIM begins with a structured intake that captures:
Organization & environment
- City, county, agency, or business
- On-prem, cloud, or hybrid environment
- Size and scope of the effort
Systems & components
- Core systems (ERP, billing, public portals, EHR, mainframes, databases, firewalls, etc.)
- Critical infrastructure (network, storage, backup, identity)
Applications & vendors
- COTS products, SaaS platforms, custom apps
- Known vendor lock-in or proprietary dependencies
Integrations & data flows
- How data moves between systems
- Protocols and interfaces (APIs, file transfer, HL7, message buses, etc.)
Constraints & requirements
- Timelines, budgets, staffing limits
- Regulatory requirements (HIPAA, CJIS, PCI, etc.)
- Uptime, security, data residency, and other technical requirements
You answer in plain language. AIM normalizes and structures the rest.
2. Constraint Normalizer (C-1, C-2, C-3…)
Free-text constraints are converted into normalized constraint records with IDs like:
- C-1 – Timeline
- C-2 – Budget
- C-3 – Regulatory
- C-4 – Technical / SLA
- C-5 – Data / Residency
- C-6 – Security / Compliance
- C-7 – Architecture / Dependency
- C-8+ – Other
Each constraint is:
- Split into clear, atomic statements
- Classified by type (timeline, budget, regulatory, etc.)
- Given a stable code (C-1, C-2, C-3, …)
These codes show up in recommendations and reports so decision-makers can see exactly which constraints each recommendation honors.
3. Structured Context Builder
Behind the scenes, AIM builds a single structured context object for each assessment — think of it as a single source of truth that the AI models are allowed to use:
assessmentSnapshot
- Organization, environment, size, archetype (new build, integrate, replace, etc.)
- Normalized constraints with C-codes
currentState
- Systems, applications, and vendors
- Integrations and data flows
- Risks and known pain points
raoData
- RAO scores for candidate solutions
- Risk, cost, maturity, lock-in, and complexity dimensions
architecturePatterns
- Detected patterns (e.g., mainframe core, cloud-native, hub-and-spoke, API-driven)
- Migration patterns (lift-and-shift, carve-out, strangler pattern, full replace)
guardrails
- Flags for IBM mainframes, Oracle, cloud providers, PHI/PII, etc.
- Anti-hallucination safety rails that prevent invention of unsupported technologies
This context is what AIM's AI models see — not your raw survey answers.
4. RAO Engine (Retrieval-Augmented Optimization)
AIM doesn't just "ask a model for ideas."
RAO is a scoring system that ranks modernization paths using your constraints as hard boundaries — not suggestions. It evaluates options across multiple dimensions:
- Cost – upfront + operating
- Maturity – stability and real-world adoption
- Security & compliance – fit against your regulatory profile
- Vendor lock-in risk – difficulty of future exit
- Operational complexity – skills, runbooks, and support needs
- Strategic fit – alignment with constraints C-1, C-2, C-3, etc.
Each recommendation carries a RAO score and a breakdown across these dimensions. This lets you explain why a given path is preferred, not just what the AI suggested.
Important: AIM outputs are designed to be reviewed, edited, and owned by your architects — not blindly accepted. The goal is a faster, clearer starting point, not a replacement for human judgment.
5. Risk & Integration Insight Engines
AIM analyzes your inputs to surface:
Risk patterns
- Single-vendor dependence on critical platforms
- Deprecated or end-of-life technologies
- Unencrypted or fragile data flows
- Gaps between requirements and current reality
Integration hot spots
- Choke points where many systems depend on a single integration
- Legacy protocols that will block modernization
- Candidate areas for API gateways, data hubs, or integration platforms
These insights feed directly into the modernization strategy and roadmap.
6. Anti-Hallucination Guardrails
AIM is deliberately strict about what it's allowed to say.
The report engine and recommendation engine are explicitly instructed to:
- Use only facts present in the structured context
- Never invent vendors, technologies, integrations, or regulations
- Recommend named technologies only when supported by your inputs (existing environment or explicitly justified requirements) — and flag anything net-new
- Only mention HIPAA, CJIS, PCI, etc. if detected in your constraints or requirements
- Tie recommendations back to RAO scores and constraint codes (C-1, C-2, etc.)
If the data isn't there, AIM prefers to say:
"This area requires more input before a confident recommendation can be made."
That's by design.
7. Outputs: What AIM Actually Delivers
From a single assessment, AIM can generate:
1. RAO-Backed Recommendations
- Ranked list of modernization options
- Clear tradeoffs and dimension scores
- Constraint references (e.g., "Addresses C-1, C-3, C-5")
2. Modernization Brief (Markdown → PDF/Word)
- Executive summary
- Current state overview
- Target architecture & modernization strategy
- Priority recommendations table
- Risk, compliance, and tradeoff analysis
- Phased roadmap with quick wins vs long-term moves
- Operational considerations and next steps
3. Architecture Views (Future-State)
- Logical component views
- Integration/data flow views
- Platform / cloud vs on-prem splits
4. Modernization Strategy
When AIM generates recommendations, it determines a modernization strategy based on your assessment inputs. This strategy appears as a colored badge in your recommendations and guides the overall approach.
| Strategy | When It's Used | Description |
|---|---|---|
| INTEGRATE | Archetype is "Hybrid / Integrate" | Connect existing systems with new components while preserving current investments. Best for stable systems that work well but need to interact with modern services. |
| REPLACE | High vendor lock-in sensitivity or legacy systems | Completely retire existing systems and deploy new solutions. Best for outdated or unsupportable technology where modernization isn't cost-effective. |
| REPLATFORM | Assessment type is "New Infrastructure" | Move to a new platform with minimal code changes. Also called "lift and reshape" — optimizes for the new environment while preserving core functionality. |
| LIFT & SHIFT | Quick migration with minimal changes needed | Move existing systems to new infrastructure with minimal changes. Fastest migration path, but may not leverage new platform capabilities. |
| MODERNIZE | In-place updates preferred | Update existing systems in place with new technologies and patterns. Preserves institutional knowledge while improving maintainability. |
| RETAIN | System meets current needs | Keep systems as-is with no changes. Appropriate for systems that meet current needs and have no pressing modernization drivers. |
| RETIRE | System scheduled for decommission | Sunset and decommission the system. Data migration and archival may be required. Best for legacy systems no longer needed. |
| MIXED | Multiple approaches needed | Multiple strategies apply across different components. Some systems may be replaced while others are integrated or modernized. |
How is strategy determined? AIM evaluates your assessment's archetype, environment type, vendor lock-in sensitivity, and system constraints to automatically select the most appropriate strategy. You can click on the strategy badge in your recommendations to see a quick explanation of what it means.
All content is implementation-vendor neutral, constraint-aware, and exportable for councils, boards, and leadership review — even after your subscription ends.
8. Why AIM Is Different
- Objective by design – AIM is not paid by vendors, marketplaces, or cloud providers.
- Constraint-driven – C-codes make your priorities explicit and traceable.
- Transparent – Recommendations and reports show why, not just what.
- Built for government & regulated environments – Healthcare, public safety, financial contexts are first-class citizens, not afterthoughts.
Platform Independence
AIM is vendor-neutral in incentives and implementation. The Freedom Project does not accept vendor partnerships, referral fees, or kickbacks. Any qualified vendor can bid on work derived from AIM assessments.
When AIM names specific products (e.g., Okta, PostgreSQL), these represent a solution baseline derived from your assessment — not vendor preference. Naming products makes vendor bids comparable and prevents substitution of non-equivalent components.
Vendors may propose alternatives only if they meet all requirements and include an equivalency matrix (security controls, interoperability, SLA/SLO targets, lifecycle support) plus an impact summary (migration effort, operational burden, lock-in risk).
AIM doesn't replace architects or system engineers. It gives them a faster, clearer starting point — with less vendor noise and fewer hallucinated "best practices."
9. Technology Catalog
AIM recommendations draw from a curated catalog of over 100 enterprise-grade technology products across 16 categories including ERP, Identity & Access, Observability, Data Warehouse, ETL/Integration, and more.
Product Selection Criteria
Products are vetted for inclusion based on objective, security-conscious criteria:
- FedRAMP Authorization – Preferred for government and regulated environments
- SOC 2 Type II Certification – Verified security controls and audit compliance
- Active Maintenance – Products with regular updates and vendor stability
- Proven Security Track Record – Responsive to vulnerabilities, transparent incident handling
- Wide Enterprise Adoption – Battle-tested in production at scale
Scoring Dimensions
Each product in the catalog is evaluated across six dimensions:
Vulnerability posture, certifications, data protection
FedRAMP, HIPAA, PCI-DSS, SOC 2 readiness
Total cost of ownership, pricing model transparency
Portability, migration friction, standards support
Skill requirements, maintenance burden, support quality
Ecosystem stability, community support, longevity
Transparency Guarantee
Product rankings are determined solely by assessment-specific constraints and objective scoring dimensions. AIM does not accept vendor partnerships, referral fees, or placement fees. The catalog is maintained by The Freedom Project team and updated regularly based on market changes and security posture.
Ready to Get Started?
Create your first assessment and see how AIM works for your organization.