What we did
Discovery — three research tracks
We attacked the problem from three angles at once. Stakeholder research mapped the business goals, scope, timelines, opportunities and constraints — and surfaced where leadership agreed and where we needed to force clarity. SME research tapped the people inside RSA Archer who had lived this journey before, across product, engineering, support, education, professional services and sales engineering. Customer research went straight to the source: users' typical days, key processes, barriers, and desires.
Opportunity statements — clustered into three themes
The research produced dozens of verbatim pain points. Clustering them revealed a clear arc — users needed visibility into their data, insight from it, and the ability to take action:
"We have the data, but can't find it."
"Getting data in and out is very difficult."
"I want to see the holistic view of risk."
"We need to make connections to understand the data."
"It's difficult to see trends."
"We don't know what the data means to be able to act."
"We need to know what to do to reduce risk — and act quickly."
"We want to be proactive vs. reactive."
"I want to show we made a positive impact."
Synthesis — plotting behaviour to find patterns
Across the 23 interviews, we plotted every participant on behavioural spectrums — tactical ↔ strategic, reactive ↔ proactive, completes work ↔ oversees work, low ↔ high domain expertise, self-reliant ↔ reliant on others. Clusters emerged. Crucially, we grouped people by consistent goals and behaviours, not by job title or role — which is what made the resulting personas durable.
Five behavioural personas
The clusters became five provisional personas — named, evidence-based archetypes the whole team could design against.
"I want to drive change proactively through a holistic, data-driven, modern approach."
Proactive, strategic, high influence. Connects the dots to make data-driven decisions and inspires the enterprise to own risk at every level.
"I want to focus on building the risk-management program by proving value."
Builds the program in a lower-maturity org. Needs evidence for regulators and stakeholders, and scalable processes that remove barriers to growth.
"My job is to remove barriers to using the platform and make it easy to use."
The technologist who builds, maintains and evolves the platform — consulting business areas as the program onboards more groups.
"I keep business users, process, and tools working together within a specific risk area."
Owns a specific risk area across the enterprise. Surfaces relevant information up the chain and enforces process to ensure timely compliance.
"I just need to get my tasks done. The system shouldn't slow me down — it should make it faster."
Reactive, focused, low oversight. Enters data accurately and on time — and will use workarounds the moment the tool gets in the way.
We designed for the primary persona and accommodated the secondary — choosing between them on three axes: which covers the most functionality, who the business needs to attract or retain, and who represents the masses.
Context scenarios — a "Today vs. Tomorrow" vision
To make the personas tangible, we wrote day-in-the-life scenarios for primary personas — a store manager and a compliance analyst — contrasting their friction-filled present with the experience we were aiming for. This gave the whole organisation a shared, concrete picture of the future state.
Stores struggle to use Archer, so Ruby manually re-enters data in whatever format she receives it. She feels like "a data-entry clerk with really bad tools" — doing necessary work that doesn't feel meaningful.
Her dashboard prioritises her day and shows a holistic, trending view of risk. The system connects the dots — flagging a correlation between rainfall and slip-and-fall incidents — and she adds an automated control before lunch.
