Industry research consistently shows that structural decisions in large organisations are made on incomplete, manually assembled data. At Xon, with over 30,000 employees across multiple divisions and a complex SAP organisational model, preparing data for a single structural analysis takes weeks. Consultants spend up to 80% of project time extracting and cleansing data before diagnostic work begins. Analysis quality then varies by individual consultant — the same org structure reviewed by two different specialists produces two different assessments. There is no systematic, repeatable way to evaluate design effectiveness or model restructuring scenarios at scale.
Blueprintenergy
AI-Powered Org Structure Analysis for Xon
AI system for Xon's HR team to query, analyse, and model org structures — grounded in frameworks with AI hallucination safeguards.
PythonLangChainRAG PipelineGoogle Cloud (Vertex AI, Cloud SQL, Cloud Run)Next.js
Project at a Glance
Project at a Glance
8–10 weeks
Project Timeline
30,000+
Employees analysed
6
Org Design Frameworks
3
Output Channels
Deterministic + AI
Trust Architecture
SAP HCM + SF
Data Sources
Case Study
Challenge
Solution Architecture
The system gives Xon's HR team and org design consultants a single platform to query, analyse, and stress-test the entire organisational structure. Consultants ask questions in natural language — "Where is span of control widest in Operations?", "Which divisions have the most management layers relative to headcount?", "What happens if we merge these two business units?" — and receive grounded, evidence-based responses drawn from the actual SAP org data.
The platform automatically applies established org design frameworks — Mintzberg's structural configurations, McKinsey 7S, Galbraith's Star Model, Bain span-of-control benchmarks, and Xon's own design guidelines — to evaluate the current structure and flag anomalies. It generates not just numbers, but context-rich findings: "In the Chemicals Division, 34% of managers at level 4 have fewer than 4 direct reports — 43% below the benchmark for knowledge-based roles."
Three-Layer Architecture
The platform is built around three distinct layers — Input, Query, and Output — each designed for a different user interaction pattern.
Input Layer — Chat Interface. Consultants and HR leaders interact through a natural-language chat interface. No query syntax, no report builders. Ask a question in plain language and the system handles the rest.
Query Layer — Four Intent Types. Every question is classified into one of four intent categories, each triggering a different analytical pipeline:
| Intent | Engine | What happens | Example query |
|---|---|---|---|
| Explore | LLM → Parameterised SQL | LLM selects from a curated query library and fills parameters — no raw SQL generation | "Show me span of control across all divisions" |
| Diagnose | LLM → RAG | Metrics evaluated against retrieved framework benchmarks (Mintzberg, Bain, etc.) | "Which teams violate Bain's span benchmarks?" |
| Simulate | LLM → Simulation | LLM parameterises the scenario; simulation engine computes structural ripple effects | "What if we merge Chemicals and Energy into one division?" |
| Recommend | LLM → Optimisation | LLM defines objectives and constraints; solver finds optimal restructuring paths | "What are the top 3 structural changes to reduce management layers?" |
Output Layer — Three Channels. Results are delivered through the channel that fits the context: the chat interface for real-time exploration, BI dashboards for visualisation and period-over-period tracking, and scheduled PDF reports delivered automatically to stakeholders.
Trust Architecture
This system draws a hard line between what is computed and what is interpreted — and makes that boundary visible to every user.
All quantitative metrics — span-of-control distributions, management layer counts, reporting chain depths, role-overlap indicators — are calculated deterministically from the extracted SAP data. These numbers are never AI-generated. The AI layer sits on top: a Retrieval-Augmented Generation pipeline grounded in the curated framework library, powered by Vertex AI embeddings on Google Cloud. The LLM interprets the deterministic metrics against these frameworks and produces natural-language diagnostics.
Every AI output is anchored to specific data points in the extracted org structure. The model cannot fabricate org nodes, positions, or relationships that do not exist in the data. Where data gaps exist — a missing reporting line, an unfilled position — the system explicitly flags the gap rather than interpolating. Confidence levels accompany every AI-generated finding, making it transparent where the system is certain and where human judgment should take over. Every AI-generated recommendation passes through a human approval gate before it becomes an actionable finding in reports or dashboards. Token usage is tracked and reported per query session, giving full transparency on AI compute costs.
Data Integration
The system connects to Xon's SAP environment through a secure, read-only connector layer — supporting both SAP HCM and SuccessFactors Employee Central as data sources. Two integration paths are available depending on Xon's IT governance: a live API connection for routine incremental syncs, or periodic batch imports for deep quarterly analysis. Both paths feed a normalised analytical model hosted on Cloud SQL.
The connector automatically flags data quality issues — missing reporting lines, vacancy inconsistencies, duplicate position assignments — and quantifies them before any analysis runs. The data pipeline processes only structural org data: positions, org units, and reporting relationships. No salary data, no performance appraisals, no personal employee information enters the system. Credentials for SAP access are stored in encrypted secrets management on Google Cloud, never transmitted in plaintext, and use short-lived session tokens invalidated after each extraction run.
Deployment & Monitoring
The system is deployable on-premise or as a dedicated Google Cloud instance, depending on Xon's IT governance requirements. The application layer runs on Cloud Run with auto-scaling. Weekly automated structural scans deliver reports without manual triggers. Framework updates and new benchmarks are deployed without system downtime. The architecture is designed to meet ISO 27001 requirements, with full audit trails on every query and data extraction event.
Security & Data Privacy (POPIA)
Xon operates across jurisdictions including South Africa, where the Protection of Personal Information Act (POPIA) governs the processing of personal data. This system is designed with POPIA compliance as a baseline, not an afterthought.
Data Isolation & LLM Privacy
All data processing — including LLM inference — runs within Xon's own Google Cloud tenant via Vertex AI. Google is contractually barred from using prompts, responses, or uploaded data to train its models. Xon retains 100% ownership of all inputs and outputs.
- All data encrypted at rest (AES-256) and in transit (TLS 1.3), with optional Customer-Managed Encryption Keys (CMEK)
- Role-based access control ensures users see only the organisational scope they are authorised for
- Tenant isolation — Xon's data runs in a dedicated environment, never co-mingled with other clients
- Private endpoints and VPC Service Controls route all traffic over Google's private backbone — no data traverses the public internet
- Full control over data residency — deployable to specific regions (e.g., europe-west3 Frankfurt, or africa-south1 Johannesburg)
- API credentials stored in Google Cloud Secret Manager with automatic key rotation and short-lived session tokens
For organisations requiring stricter sovereignty, the architecture also supports self-hosted open-source models — see FAQ for details.
Audit Trail & Accountability
Every query, every data extraction event, and every AI-generated finding is logged with timestamps and user identity. This provides the accountability trail that POPIA's Section 19 requires for organisations processing personal information. The system is designed to meet ISO 27001 requirements.
Deployment Flexibility
Depending on Xon's data residency requirements, the system can be deployed on-premise or as a dedicated Google Cloud instance within a specific region. No shared infrastructure, no multi-tenant data mixing.
Projected Impact
65%
faster analysis cycles
Consistent
framework application
What-if
scenarios in <30 minutes
This is an engineered blueprint based on publicly available industry challenges. It does not represent work performed for any specific company.
Frequently Asked Questions
Which SAP systems are supported?+
The system supports both SAP HCM and SAP SuccessFactors Employee Central via secure, read-only connections. No write access, no interference with production systems. Data extraction handles both API-based incremental syncs and periodic batch imports, depending on Xon's IT governance preferences.
How long does implementation take?+
Implementation is structured in three phases: data integration and core analysis (3–4 weeks), framework engine and query interface (3 weeks), scenario modelling and reporting (2–3 weeks). Total time to production is approximately 8–10 weeks, assuming read-only API access to the SAP system is available from day one.
How does the system prevent AI hallucinations?+
Every output is anchored to specific data points in the extracted org structure — the model cannot make claims about structures not present in the data. Framework benchmarks are drawn from verified source documents via Retrieval-Augmented Generation, not from the model's training knowledge. Where data gaps exist, the system flags them explicitly rather than interpolating. Confidence levels accompany every finding.
What savings are realistic for Xon?+
According to PwC/Strategy&, a Fortune 100 company achieved approximately $200M in savings through spans-and-layers optimisation — representing 25% of total savings from a full global effectiveness programme. For an organisation of Xon's scale, a conservative expectation is 10–25% reduction in management costs through structured span optimisation, without compromising operational performance.
Can we use a self-hosted open-source model instead of Vertex AI?+
Yes. The architecture is model-agnostic by design. For organisations requiring even stricter sovereignty — such as government agencies, defence contractors, or regulated financial institutions — the analysis engine can run on self-hosted open-source models such as Llama 3 (Meta), Mistral Large, or Qwen, deployed via frameworks like vLLM or HuggingFace TGI on your own infrastructure. The trade-off is higher operational overhead (GPU infrastructure, model updates, monitoring) and potentially lower model performance compared to frontier models. For most enterprise clients, Vertex AI provides the optimal balance of capability and data sovereignty.
Does our HR data ever leave our cloud environment?+
No. All data processing — SAP extraction, graph normalisation, LLM inference, and result generation — occurs within your Google Cloud project. Vertex AI is contractually prohibited from using your data for model training, and supports private endpoints and VPC Service Controls so no traffic traverses the public internet. You can optionally use Customer-Managed Encryption Keys (CMEK) — if you revoke the key, Google can no longer process the data.
Sources & References
More Case Studies
Let's talk
Ready to build this?.
Auch verfügbar auf Deutsch: Jamin Mahmood-Wiebe