SIRMM Modernization

Three generations of security incident modernization work.

SIRMM Modernization

Three generations of CRA's security incident reporting system, each addressing the architectural limitations of its predecessor.

At a glance

~60k users · ~6.1k dedicated roles · ~3.9k incidents/year · SIRMM 2.0 $2.5M · April 2025

EIMET — Emergency and Incident Management Electronic Tool — CRA’s umbrella application

SIRMM — Security Incident Reporting and Management Module

BCMM — Business Continuity Management Module

ERMM — Emergency Response Management Module

EJB — Enterprise JavaBeans — legacy Java RPC framework

JSP — JavaServer Pages — server-side Java templating

Evolution

Project Trajectory

v2 begins

$2.5M Spring Boot rewrite kicks off

Year 1–2

Solo dev lead carries full stack — architecture, code, deploys

Burnout

Lead requests to move off project; second dev promoted to help

Stall

Second dev cannot close the gap — codebase complexity too high

Departure

Original lead leaves the project from burnout

I join

Inherited the full codebase, stabilized delivery, shipped to production

Today

v2 live in production serving ~60k users — v3 clean-architecture redesign in progress

Legacy→Rewrite→Redesign

SIRMM v1 (Legacy)

Legacy Monolith

148

JSP Pages

Servlets

308

Entity Files

Monolithic EJB Bean

Ant build system

9 incident types, 34 subtypes

5 resource bundle pairs (en_CA/fr_CA)

Kerberos/SPNEGO authentication

SIRMM v2 (Active)

Spring Boot Rewrite

196

Angular Components

65+

Spring Services

173

DTOs

116

DAOs

Maven + Angular build

EJB integration with EIMET

Same 9/34 incident schema

Production system today

SIRMM v3 (Design)

Clean Architecture

Tables (from 308+)

Domain services (1 deployed WAR)

—

Generic Extension Pattern

—

Angular 21

Core, Submission, Transfer, Summary, Document, Action, SIR lifecycle

Preserves all 34 subtypes

Kerberos/SPNEGO + LDAP

Context

EIMET is the CRA application that centralizes three modules: SIRMM (security incident reporting), BCMM (business continuity), and ERMM (emergency response). Legacy EIMET 1.0 had a split architecture: two applications with two databases. The SIRMM side is what we modernized to SIRMM 2.0; the other application (194 JSPs, 89 entities, 11 EJB beans, 26 custom ICEForms tags) is the BCMM/ERMM side, integrated with SIRMM via EJB.

Architecture

C4 Container view showing deployment topology and enterprise integrations. Angular SPA and Spring Boot backend packaged as a single WAR, backed by an Oracle database and integrated with five government infrastructure services.

CRA Staff

~60k users on domain-joined workstations

HTTPS

EIMET System

Angular SPA

Angular 16 + TypeScript + Material

13 modules

IncidentsRisk AssessmentReportsWorkshelfSearchMetricsAdmin

JSON / REST

Spring Boot WAR

Java 8 + Spring Boot 2.7 + Hibernate

9 components

REST API (35+ controllers)Business Logic (47 services)Data Access (115 DAOs)Security & AuthMetricsEmailFeature FlagsScheduler

JDBC / JPA

Oracle / PostgreSQL

308+ entity tables · Liquibase-managed schema

Enterprise Integrations

Kerberos / KDC

SPNEGO

SSO authentication

Active Directory

LDAP

Employee lookup & auth fallback

ATLS Audit

SOAP

SIN/BN access compliance

SMTP Server

SMTP

Workflow email notifications

Jira

Webhook

Error auto-creation & health alerts

Single WAR deployed to WildFly 16 — Angular assets bundled into static/, context path /sb-dgs/v2/irm

Incident Lifecycle (SIR Actions)

Role-status-action matrix drives workflow. SIR actions (submit, approve, transfer, close, etc.) are determined by RoleToStatusToSirAction. RA branch for information-breach incidents.

Main Flow

Start

Entry

Reporter initiates a new incident

Reporter creates

Draft

Incident saved but not yet submitted for review

Submit

Submitted

Awaiting coordinator acceptance

Coordinator accepts

In Progress

Active hub

Central state — branches to Transfer and Risk Assessment loops

CloseTransferInfo breach RA

Closed

Terminal

Incident resolved and archived

Transfer Loop

In Progress

Transfer

Transferred

Temporary

Reassigned to another coordinator or branch

In Progress

RA Loop

In Progress

Info breach

Pending RA

Awaiting RA

Risk assessment required for information breach incidents

RA complete

In Progress

RoleToStatusToSirAction matrix drives workflow — SIR actions (submit, approve, transfer, close) are determined by the user's role and the incident's current status. RA branch activates only for information-breach incidents

Key Architectural Decisions

T1 — Scope

Separated SIRMM 2.0 as standalone delivery from original 3-module scope (SIRMM+BCMM+ERMM); halved sprint cadence from 4-week to 2-week after Sprint 6

Line of thinking

Why: Original scope was all three modules. Separating SIRMM reduced risk and allowed focused delivery. Halving sprints improved feedback loops and stakeholder visibility. BCMM/ERMM deferred to separate modernization project.

Original Scope

EIMET 3-Module Delivery

SIRMM + BCMM + ERMM combined

At risk

SIRMM (Security Incidents)BCMM (Business Continuity)ERMM (Emergency Response)

Sprint 6 decision

SIRMM 2.0

Standalone

Focused delivery, reduced risk

2-week sprintsDedicated team

BCMM / ERMM

Deferred

Separate modernization project

4-week sprints (original)

Sprint cadence halved from 4-week to 2-week after Sprint 6 — faster feedback, stakeholders saw progress sooner

1 / 5

Owned the full evolution of CRA's security incident reporting system across three generations, from a monolithic EJB application (148 JSPs, 55 servlets) through a Spring Boot + Angular rewrite (196 components, 65+ services) to a clean-architecture redesign that consolidates 308+ tables down to 61 across 7 decomposed services.