Playbook — Get your technology sunset-risk list¶
Outcome: a ranked list of the technologies in your estate that are at or near end-of-life, weighted by what they put at risk, plus a plain-English summary you can send by link.
The situation¶
You're being asked — by a CIO, a security lead, an auditor, or your own conscience — "what's about to go unsupported, and how exposed are we?" Right now the answer lives in scattered spreadsheets and people's heads. There's an external clock ticking (vendors set end-of-support dates whether you act or not), so this is the rare EA deliverable with a real deadline behind it.
You'll walk away with¶
- A Sunset Debt Score for the estate (accumulated lifecycle risk).
- A ranked risk list (critical → low) of technologies by EOL exposure.
- A Risk Matrix plotting each technology on criticality × end-of-life likelihood.
- Vendor concentration — where you're dangerously single-vendor.
- A shareable risk narrative — the board-ready version.
Before you start¶
A list of your technologies (name, vendor, version, category) — a CSV is enough. You'll also want to know which of your applications run on which technologies, and which applications are business-critical.
Steps¶
- Get your technologies in. Add & Connect → Import / Export (
/import) → upload a CSV of technologies. The column-mapping step and preview let you fix problems before anything is written. (On the Enterprise tier you can pull these from AWS / Azure / ServiceNow instead of a CSV.) → Detail: Importing data - Link technologies to the applications that run on them. This is what turns "this is old" into "this is old and 40 apps depend on it." Set criticality on those applications too. → Detail: Managing technology & EOL
- Add the end-of-life signal. Open Estate → Technology (
/technology) → the Risk tab. For each technology you care about, use "Link to endoflife.date" and pick the product and release (e.g. Windows Server → 2012). That pulls the real end-of-support date. Set each one's lifecycle status as well. - Click "Refresh scores" (admin-only). This recomputes the Sunset Debt Score, days-to-end-of-support, vendor concentration, and the matrix from everything you've entered.
- Read the result on the Risk tab: the Sunset Debt Score panel, the ranked critical/high list, and the Risk Matrix (criticality × end-of-life band — click any cell to drill into the assets in it). The Radar tab plots the same estate on a lifecycle timeline.
- Produce the shareable version. Generate the risk narrative (an AI-written plain-English summary) and share its public link. That's the artifact you hand upward.
Where people get stuck¶
Step 3 is manual. There is no magic bulk auto-match of your technology names to endoflife.date — you link each technology to its product and release by hand (or set the EOL fields during import). For an estate of any size, this is the real work of the playbook.
This is also exactly the step worth doing for someone. An architect who's drowning will stall here; if you take their raw technology list and hand back a finished, linked, scored risk list, you've delivered the entire outcome and skipped their setup tax.
How to prioritize the list¶
Don't remediate alphabetically or by age. Sort by blast radius weighted by criticality — an end-of-life component under a mission-critical app is urgent; the same component under a sandbox tool is not. Because step 2 linked technologies to applications, the dashboard shows you that context directly.
Make it stick¶
End-of-support dates move toward you every month. Re-running "Refresh scores" on a cadence (and watching the Sunset Debt Score trend) turns this from a one-off fire drill into a standing report — which is what gets you invited back to the table.
Related¶
- Guide: Managing technology & end-of-life
- Discipline: Technology lifecycle & risk
- Playbook: What breaks if I retire this?