Who Offers Consulting for Integrating Blockchain Into Legacy Systems? Evaluation Framework

---

Why this matters now

• The landscape of cross‑border payments and data standards has changed: As of November 22, 2025, SWIFT’s coexistence period is officially over, and ISO 20022 has taken the spotlight as the go-to standard for FI‑to‑FI cross‑border payment messages. If you’re working with an integration partner, make sure they’re mapping your on-chain workflows to these ISO 20022 data structures. (swift.com)
• Identity and proof standards are coming together nicely: W3C Verifiable Credentials 2.0 officially became a Recommendation on May 15, 2025, and DIDs have been a W3C Recommendation since 2022. These are super important for KYC, getting suppliers on board, and inter-organizational workflows. (w3.org)
• Cloud ledgers and managed blockchain are evolving: Azure’s Managed CCF is now deprecated, and they recommend migrating to Azure Confidential Ledger. On the other hand, AWS AMB has added support for Ethereum, Polygon, Bitcoin, and Hyperledger Fabric. Plus, Google Cloud’s Blockchain Node Engine offers managed nodes with a clear SLA and pricing. (learn.microsoft.com)
• Regulators are tightening up on disclosure: Starting January 1, 2026, Basel’s cryptoasset disclosure framework comes into play--banks are going to need consultants who can help them map tokenized assets, stablecoins, and ledger exposures into their Pillar 3 disclosures. (bis.org)

---

Who actually offers enterprise‑grade consulting for legacy integration?

Here's a handy map you can refer to when putting together RFPs. The names listed here are tied to real products, documented case studies, or ongoing institutional projects as of December 2025.

1) Global systems integrators (SIs) with end‑to‑end programs

• IBM Consulting: These folks are the go-to for Hyperledger Fabric expertise. They’ve got a wealth of experience with long-running assets like the IBM Blockchain Platform legacy, plus they offer solid support and education on Fabric. If you’re in the market for solutions related to supply chain, identity, or regulated workloads, they’ve got you covered. Check them out here.
• Deloitte, PwC, EY, KPMG: The Big Four really know their stuff when it comes to vertical blueprints, audit capabilities, and keeping up with regulations. EY has even rolled out their OpsChain Contract Manager (OCM) that utilizes zero-knowledge proofs on public Ethereum--great for situations where you need confidentiality over public networks. Meanwhile, KPMG is gearing up for some exciting collaborations focused on Hedera-based enterprise projects by 2025. Dive into more details here.
• Accenture, Capgemini, TCS, Wipro, Cognizant, NTT DATA, Infosys: This crew has a broad range of integration expertise and strong partnerships in the cloud space. They’re also well-versed in ISO 20022 programs and offer managed services. Their blockchain teams often take the lead in integrating ERP, MES, and CRM systems (think SAP, Oracle, Dynamics) and providing guidance for moving from on-prem to cloud. If you want to get a sense of what’s happening in the market, keep an eye on their recent AI and cloud initiatives. More info can be found here.

When you're looking for multi-vendor orchestration, tight RTO/RPO, and seamless cross-functional delivery (think security, risk, infrastructure, data, and DevOps) all in one place.

2) Protocol and network specialists (own the rails)

• R3 (Corda): They offer professional services for both Corda 4.x and 5.x, plus you get a Kubernetes-native Corda 5, complete with clear platform support matrices. They even have active end-of-life schedules to help you plan your upgrades. This is a great pick if you’re working on privacy-focused, bilateral workflows in areas like capital markets and trade finance. Check out more details here.
• Digital Asset (Canton Network): If you're looking into institutional tokenization and interoperability with a focus on regulated markets, this is the place to be. They've got some exciting pilots lined up for 2024-2025, including Euroclear collateral mobility, and they’re backed by a wide range of industry support. If you need help connecting to Canton apps and TestNet, their consultants have you covered. You can read more about it here.
• ConsenSys: This is your go-to for the Ethereum enterprise stack, including Besu/Quorum and the Orchestrate toolchain, along with audits through Diligence. They provide app integration patterns that work well for both public and permissioned networks. If you're aiming for a good mix of public Ethereum compatibility along with enterprise solutions, this could be a solid match. Learn more about what they offer here.

When you’re looking for solid protocol options, privacy models, SDKs, upgrade paths, and a direct connection to the teams working on the roadmap.

3) Interoperability and Web3 gateway implementers

• Hyperledger Cacti: This is an open-source interoperability framework that merges Cactus and Weaver. It features connectors for Fabric, Besu, Corda, and a few others, all with the backing of Hyperledger. If you're looking to design cross-network asset exchanges without relying on central settlement chains, you'll want to find consultants who are well-versed in Cacti. Check it out here.
• Hyperledger FireFly: Think of this as your open-source Web3 gateway that handles events, tokens, and multi-chain connectivity. It's super helpful for keeping things consistent across different layers (L1s/L2s) and platforms like Fabric and Besu. Dive into the details here.
• Chainlink (enterprise integrations): With CCIP, you can easily move tokens and messages across different chains. Plus, they’ve got pilots lined up for 2024-2025 with DTCC’s Smart NAV and some cool SWIFT experiments, which really gears it towards capital markets data and interoperability. Skilled partners are on board to help implement CCIP as a solid abstraction layer. For more info, visit DTCC.

When you're looking to steer clear of single-chain lock-in and create designs that are future-proof and work across different chains, here’s what you should keep in mind.

4) Cloud providers and their service catalogs

• AWS: Amazon Managed Blockchain (AMB) lets you access and query data from Ethereum, Polygon, Bitcoin, and Hyperledger Fabric. With AMB Query, you get a serverless API that standardizes multi-chain data, plus KMS-backed identity features for Fabric CA. AWS Professional Services and their partners will help you implement everything from start to finish. (aws.amazon.com)
• Google Cloud: The Blockchain Node Engine provides SLA-backed, managed Ethereum nodes, all with easy-to-understand pricing (think $0.69/hr for a full node and $2.74/hr for an archive node, at the time of this writing). This is a solid choice if you're looking for a compliance-friendly setup in a VPC-isolated environment. (cloud.google.com)
• Microsoft Azure: Since Azure Managed CCF has been deprecated, enterprises are encouraged to switch to Azure Confidential Ledger and SQL Database's ledger features for tamper-evident records and WORM-style digests. To enhance your operations, consider pairing these with AKS and Key Vault. (learn.microsoft.com)

When you’re looking for things like managed infrastructure, enterprise IAM/VPC controls, native KMS/HSM, SOC reports, and pricing that you can count on.

---

What’s different in 2024-2025 (so your RFP doesn’t look 2019)

• Institutional tokenization is really taking off: DTCC’s Smart NAV has moved past the pilot stage, offering standardized, on-chain fund data sharing with industry players. It’s crucial for consultants to understand how to integrate fund data into on-chain workflows, whether through permissioned or public bridges. (dtcc.com)
• Fabric 2.5 is where it’s at for long-term support; while Fabric 3.x brings improvements in performance and Byzantine Fault Tolerance (BFT) ordering. If your system integrator is still pushing Fabric 1.x or 2.2, it’s time to raise an eyebrow. Make sure they’re on board with plans for 2.5 LTS and aware of the features in 3.x. (lf-decentralized-trust.github.io)
• Identity stacks are getting a makeover: Make sure to ask for W3C VC 2.0 and DID alignment when it comes to onboarding suppliers, conducting eKYC, and credentialing your workforce. It’s a good idea to integrate these verifications with your existing IAM and IGA systems and keep your audits up to date. (w3.org)
• Data and ledger options on Azure have changed: Now, Azure Confidential Ledger and the SQL Database ledger are the go-to choices from Microsoft for keeping tamper-evident records and creating cryptographic digests. (azure.microsoft.com)

---

A practical evaluation framework (scoreable)

Check out this handy 10‑dimension rubric (just make sure to weigh it to your taste). We’ve thrown in some clear checks and examples that you can easily toss into your RFPs.

1. Reference Architectures (15%)

• Make sure to show evidence for at least two of the following:
  • Fabric 2.5 LTS deployments featuring private data patterns and purge APIs
  • Corda 5.x running on Kubernetes with high availability (HA) patterns
  • Public Ethereum integrations that utilize zero-knowledge proofs (ZKPs) over public networks (think EY OCM-style)
• What we need from you: diagrams that illustrate event buses, key custody, HA ordering/consensus, and rollback processes. Check out the details here.

2) Interoperability Strategy (12%)

• Are they able to use Chainlink CCIP, Hyperledger Cacti, or FireFly to dodge that pesky vendor lock-in?
• Request: a design showcasing atomic or near-atomic settlement between two networks (like Fabric and Ethereum), complete with failure modes and rate-limit controls. Check it out here: hyperledger-cacti.github.io

3) Legacy Integration Patterns (12%)

• Got some hands-on experience with CDC/Kafka, MuleSoft, SAP PI/PO, Dynamics/Dataverse, Oracle, and mainframe adapters? You're in the right place.
• Don’t forget to ask for: a few sample connector configurations and idempotency patterns to ensure at-least-once delivery.

4) Security and Key Management (10%)

• We'll be diving into HSM/KMS integration, which includes AWS KMS for Fabric CA, Azure Key Vault, and HashiCorp Vault. Don't forget about separation of duties (SoD), key rotation, and quorum approvals too!
• It would be great to get some clear diagrams showing crypto boundaries and signing flows. Check out this link for more info: aws.amazon.com.

5) Data governance and privacy (10%)

• Keep your PII and data residency off-chain; leverage ZKPs or TEEs when necessary; utilize Azure SQL ledger digests for immutable storage; and maintain audit-ready evidence trails.
• Don’t forget to request: a sample data classification matrix that maps on-chain and off-chain data. Check it out here: (techcommunity.microsoft.com).

1. Compliance Mapping (10%)

• We're talking about getting the ISO 20022 message mapping down, gearing up for Basel's cryptoasset disclosure requirements, and ensuring WORM retention for those audit logs (think Azure SQL's immutable LTR backups).
• Don’t forget to ask for: control objectives and test scripts. (swift.com)

1. Operability/SRE (8%)

• We're focusing on SLOs for things like node uptime, keeping an eye on block finality, handling chain reorgs, and disaster recovery (RPO/RTO). Also, don't forget about blue/green deployments for chaincode or contracts.
• Make sure to ask for runbooks and any canary strategies you've got in place.

8) Costing and TCO Modeling (8%)

• Let’s break down the cloud basics: think about things like AMB Query versus custom ETL and the hours you’ll spend on Node Engine. Make sure we’re clear about separating capex and opex for nodes, storage, and bandwidth.
• We need a detailed cost model that goes line by line, plus some sensitivity analysis on TPS and data retention. Check out the details here: docs.aws.amazon.com.

Delivery Readiness and Change Management (8%)

• We need solid training plans for everyone involved--developers, ops, and auditors. Plus, let's make sure we've got a secure Software Development Life Cycle (SDLC) for our smart contracts. Don't forget about red team and adversarial testing; it’s crucial!
• What we’re looking for: detailed curriculum outlines and a gated SDLC that includes SAST/DAST along with all relevant audit artifacts.

10) Proof of Value and References (7%)

• Provide two solid references that touch on both the industry and the tech stack. If you can, throw in some insights on identity or onboarding at scale--like the results from Trust Your Supplier.
• Make sure to request some measurable KPIs, such as onboarding cycle time, reconciliation errors, and settlement windows. Check out this link for more info: lfdecentralizedtrust.org.

You can turn the above into a 100-point scorecard. Make sure to highlight partners who score 80 and above.

---

Integration patterns that actually work (with current stack options)

1. Event-Driven Bridge (Just Your Typical Setup for Core Apps)

• Pattern: Legacy DB → CDC (Debezium/SQL Change Tracking) → Kafka → Chaincode or smart contract call → On-chain receipt ID → Back to legacy through the event bus.
• Where to Run It:
  • Fabric on AWS AMB (you'll get private channels + private data collections); plus, use AMB Query for your analytics needs. Don’t forget to set up KMS for the CA! Check it out here: (aws.amazon.com)
  • Or go for a public Ethereum node using Google Cloud Node Engine for those gas-budgeted calls you've been thinking about (private tx routing is covered through a dedicated RPC). More info here: (cloud.google.com)
• What to Ask from the Consultant: Make sure to get insights on a back-pressure strategy, ensure you’ve got exactly-once semantics, and talk about replay protection too!

2) Tokenization + Market Data Interop (Finance)

• Pattern: You’ve got off-chain fund/NAV systems that get a little boost with ISO 20022 enrichment. From there, we see them move onto on-chain publishing, whether it’s permissioned or public. Then, smart contracts jump in to utilize that reference data, making cross-chain distribution a breeze through CCIP.
• Why it’s Real: The DTCC Smart NAV pilot has really taken off, showing how on-chain dissemination for fund data can work with major financial institutions. Check it out here: dtcc.com.

3) Digital Identity for Supplier/Partner Onboarding

• Pattern: Issue W3C Verifiable Credentials (VCs); keep Personally Identifiable Information (PII) off-chain; store proofs or hashes on a chain or ledger; set up revocation processes.
• Why it’s real: Decentralized Identifiers (DIDs) and VC 2.0 are solid standards; IBM and Chainyard demonstrated a faster onboarding process using Fabric. (w3.org)

4) Audit-ready Tamper-evidence Without Moving Workloads

• Pattern: Leverage Azure SQL ledger for cryptographic attestation of your current transactional tables. Then, send the digests to Azure Confidential Ledger or some immutable storage for WORM retention.
• When to use: This is your go-to solution if you want immutability and attestation but aren’t ready to go through a full blockchain migration. (techcommunity.microsoft.com)

---

Emerging best practices we recommend (and why)

• Architect for interop on Day 1
  Leverage Cacti/FireFly/CCIP to steer clear of re-platforming whenever a new chain, L2, or RWA marketplace pops up. Make sure to enforce connector abstraction layers in your codebase. Check it out here: (hyperledger-cacti.github.io)
• Keep sensitive data off-chain; push proofs on-chain
  Mix ZKPs (like the EY OCM method) with off-chain encrypted storage and granular disclosure. This way, you get to enjoy privacy without losing out on verifiability. Check it out here: (ey.com)
• Get on board with payments and identity standards today
  Using ISO 20022 and VC 2.0 helps cut down on the hassle of custom mapping and audits down the road. Make sure to build canonical data models that align with these standards. Check it out here: (swift.com)
• Go for managed services when dealing with non-differentiating infrastructure
  Stick to options like AMB Access/Query, Node Engine, Confidential Ledger, and SQL ledger when it makes sense. They come with service level agreements (SLAs), Key Management Service (KMS), and costs that are pretty easy to predict. Check it out here: (aws.amazon.com)
• Plan your upgrade path--not just the MVP
  For Fabric, aim for 2.5 LTS while keeping an eye on 3.x down the road. With Corda, make sure you're familiar with the supported matrix and the end-of-life (EOL) dates. For Ethereum, it’s a smart move to pin client versions and keep RPC layers under change control. (lf-decentralized-trust.github.io)
• Bake in disclosure/audit from the start
  Banks and insurers really need to map out how their ledger exposures tie into those Basel cryptoasset disclosures coming in 2026. Plus, they should ensure that WORM policies are properly applied in their backups and ledgers. (bis.org)

---

Pitfalls and reality checks (learned from the field)

• You know the saying, “Build it and they will come”? Well, it turns out that networks like that often don’t last without some neutral governance. The shutdown of TradeLens serves as a pretty solid lesson in governance and commercial strategies--make sure you have a clear consortium model in place or opt for neutral rails. (maersk.com)
• Avoid using outdated tech stacks: if you're looking at Fabric 1.x/2.2 or private Ethereum clients that aren’t being supported anymore, be ready for some serious costs down the line. You might think you’re saving a bit in the first month, but trust me, it’s gonna cost you more in year two. Make sure to audit your vendor's bills of materials against the current LTS matrices. (lf-decentralized-trust.github.io)
• Seriously, don’t overlook ISO 20022/VC 2.0: trying to retrofit standards later can really hit your wallet hard. It’s way smarter to map things out early in the design process. (swift.com)

---

What an excellent SOW looks like (timeline and deliverables)

• Weeks 0-4: Discovery and Target Architecture
  • We’ll kick things off by taking stock of the current situation, sorting through our data, and setting control objectives relevant to SOX, PCI, GLBA, and HIPAA where needed.
  • From there, we’ll sketch out a draft for our target architecture along with an interoperability strategy using tools like Cacti, FireFly, and CCIP, plus setting up our cloud landing zone with KMS, HSM, VPC, and IAM.
• Weeks 5-10: Proof of Value
  • During this phase, we’ll focus on one golden path--imagine something like onboarding a supplier for VC issuance and then notarizing the chain. Plus, we’ll tackle a stress path to see how things hold up under pressure, like dealing with partial failures, chain reorganization, or backpressure.
  • We’ll also be establishing cost and SLO baselines using managed services--for example, comparing AMB Query with a custom ETL or analyzing Node Engine node hour profiles. Check it out here: (docs.aws.amazon.com).
• Weeks 11-20: Pilot Integration
  • Time to connect the dots! We'll integrate legacy systems through CDC, Kafka, or MuleSoft and set up Infrastructure as Code (IaC) with Terraform, all while keeping an eye on observability metrics--think block finality, mempool latency, and chaincode gas/CPU.
  • We won't forget about security; we’ll create key custody runbooks and establish policies around rotation and HSM.
• Weeks 21-28: Production Hardening
  • This is where we tighten things up. We’ll focus on disaster recovery (RPO and RTO), perform threat modeling, and run red team exercises on our smart contracts and chaincode. We’ll also conduct ISO 20022 message conformance tests and design the VC/DID trust registry.
  • Finally, we’ll smooth the operational handover with SRE playbooks, set SLAs, organize pager rotations, and create cost guardrails.

---

Concrete RFP questions you can copy‑paste

• Let’s take a look at how we can map our payment and settlement events to ISO 20022 message schemas, and outline how we’d check for conformance at the edges. You can get more insights on this at swift.com.
• Here’s my idea for an interoperability design using either Chainlink CCIP, Hyperledger Cacti, or FireFly for [two named chains]. I’ll include details like rate-limiters, retries, and making sure we isolate failures. For a deeper dive, check out blog.chain.link.
• I've got a plan to keep PII off-chain while still letting third parties verify through ZKPs or ledger digests (think SQL ledger + Confidential Ledger). You can see more about this on techcommunity.microsoft.com.
• Can you list three production references for Fabric 2.5 LTS or Corda 5.x that involve disaster recovery drills and proper key management with KMS/HSM? Check this out for additional context: lf-decentralized-trust.github.io.
• I’ll put together a cost model that compares AMB Query with custom ETL for handling multi-chain analytics over the next 12 months, based on [X TPS, Y GB storage]. You can find more on this at docs.aws.amazon.com.

---

Real‑world mini‑examples (with current tech)

• Supplier onboarding: Think of this as a cool VC/DID-based onboarding process where the ERP just holds onto VC IDs. Verification happens through ledger proofs, which means the whole onboarding cycle is way quicker! You can check out the Chainyard/IBM case for some impressive outcomes. (lfdecentralizedtrust.org)
• Fund data to multiple chains: Here’s the deal: NAV is published once on a permissioned rail and then sent out via CCIP to public chains. This makes it super easy for composability and analytics, and it’s been tested with the DTCC Smart NAV pilot. (dtcc.com)
• Tamper‑evident logs without app rewrite: You can turn on Azure SQL ledger for your audit tables, push the digests to a Confidential Ledger, and link it all up with SIEM for independent attestation. No need to rewrite your apps! Get the details here. (techcommunity.microsoft.com)
• Private workflows + public liquidity: Imagine managing the asset lifecycle on Fabric or Corda and then bridging it all for settlement and visibility using CCIP or Cacti. You can also throw in analytics with AMB Query or BigQuery to really up your game. Check out more info! (docs.aws.amazon.com)

---

How 7Block Labs works with you

We focus on what we like to call “pragmatic blockchain.” This means we tackle business bottlenecks head-on before we start layering on interoperability. Here’s a quick look at what our usual engagements involve:

• A 4-week Discovery sprint that’ll help us come up with a target architecture that’s all about ISO 20022, VC/DID, and your cloud landing zone;
• A 6 to 8-week Proof of Value focusing on one golden workflow, complete with measurable KPIs;
• A solid production plan that incorporates interop (Cacti/FireFly/CCIP), tamper-evidence (SQL ledger/ACL when it makes sense), managed infrastructure (AMB/Node Engine), and ensures we’re ready for audit and disclosure.

We’re all about picking the right tool for the job, whether it’s Fabric, Corda, Canton, or Ethereum. We tend to lean towards managed cloud options since they help lower total cost of ownership (TCO) and speed up compliance sign-off. If you’re interested in a chat or want a workshop that’s customized for your stack, we can bring along a draft scorecard and some sample runbooks for you to check out.

---

Quick checklist to finalize your shortlist

• Are they on board with Fabric 2.5 LTS (or newer) and are they aware of the changes that come with 3.x? Do Corda's plans match up with the supported matrices and EOL? (lf-decentralized-trust.github.io)
• Can they show how interop works using CCIP/Cacti/FireFly, especially when it comes to handling failures? (blog.chain.link)
• Are they well-versed in ISO 20022 mapping and aware of the Basel 2026 disclosure effects? (swift.com)
• Do they ensure that PII is kept off-chain and have strategies for ZKP/ledger-digest? (ey.com)
• Is their cost model based on managed services like AMB/Node Engine/ACL/SQL ledger, with clear assumptions laid out? (aws.amazon.com)

If you can say “yes” to all those points, chances are you’re chatting with the right partner.

---

Sources and further reading (selected)

• DTCC Smart NAV pilot is all about putting fund data on-chain using Chainlink. You can read more about it here.
• AWS AMB (Access/Query) now supports multiple chains and comes packed with some cool features. Check out the AMB Query details here.
• Curious about Google Cloud's Blockchain Node Engine pricing and SLAs? Well, you can find all that info here.
• Azure has some updates for its Confidential Ledger, including Managed CCF deprecation and SQL Database ledger GA details. Get the scoop here.
• Hyperledger Fabric is moving forward with its 2.5 LTS status and the upcoming 3.x releases. More info is available here.
• If you're into Hyperledger Cacti and interoperability, the docs you need are here.
• Hyperledger FireFly has rolled out some new features for its Web3 gateway, and you can check them out here.
• EY has launched the OpsChain Contract Manager, which uses ZKP on public Ethereum to facilitate secure private agreements. You can read all about it here.
• R3 Corda is now supporting the 5.x platform. For the nitty-gritty details, click here.
• Digital Asset's Canton Network is making waves with its pilots and funding efforts. Get the latest updates here.
• The W3C has released VC 2.0 and DIDs Recommendations! Dive into the details here.
• Mark your calendars: ISO 20022’s SWIFT cutover is happening on November 22, 2025. Read more here.

---

At 7Block Labs, we offer a quick 90-minute “architecture sanity check” on your current proposals. After that, we’ll deliver a gap analysis based on our framework within just five business days.