2. SOA on your terms and our expertise2
What is Governance?
Establishing chains of responsibility,
authority and communication
to empower people (decision rights)
Establishing measurement,
policy and control mechanisms
to enable people to carry out
their roles and responsibilities
3. SOA on your terms and our expertise3
SOA Governance
is a catalyst
for improving
overall IT
governance
It’s all part of Corporate Governance
What is IT governance?
Establishing decision making rights
associated with IT
Establishing mechanisms and policies
used to measure and control the way
IT decisions are made and carried out
What is SOA governance?
Extension of IT governance
focused on the lifecycle
of services to ensure the
business value of SOA
What is Governance?
Corporate Governance
SOA
Governance
IT Governance
4. SOA on your terms and our expertise4
What is the Difference Between IT Governance and SOA
Governance?
IT Governance is broader and covers all aspects of IT governance. For example, it
includes data governance and IT security
SOA Governance addresses aspects of the service life cycle such as:
– Planning
– Publish
– Discover
– Versioning
– Management
– Security
SOA Governance, while it contains aspects of IT Governance, SOA Governance
covers business aspects that are not captured in IT Governance such as the linkage
required between business and IT.
This is SOA governance. According to vendors, industry media, and IBM.
5. SOA on your terms and our expertise5
SO IT Governance Capability Model
Discipline-Independent Governance Capabilities
GovernanceofITFinancing
andPrioritization
ArchitecturalGovernance
ITPortfolioGovernance
GovernanceofSystems
DevelopmentLifecycle
ITDataCenterOperations
Governance
DataGovernance
SOAGovernance
Governance Disciplines
6. SOA on your terms and our expertise6
10 Principles of IT Governance
1. Decision Rights & Measurement etc. (Core Definition of
Governance)
2. Governance is Applied to Processes
3. Artifact lifecycle is an Important Process to be Governed
4. Decision Rights are Assigned to Roles
5. Governance Processes Applies Governance to Governed
Processes
6. Policies Guide Decision Making
7. Compliance is the Documentation of Decisions Made
8. Governance is about Behavior Change
9. The Level(s) and Style(s) of Governance should be Tailored
10.Organizations Approach Governance Incrementally
7. SOA on your terms and our expertise77
Principle 1: Core Definition of IT Governance
IT Governance:
– IT Governance is that subset of corporate governance that pertains to an organization’s IT activities and
the way those activities support the goals of the organization.
– IT governance includes the decision making rights associated with IT as well as the mechanisms and
policies used to measure and control the way IT decisions are made and carried out within the
organization.
Why you should care?
– Clarifies what SOA Governance is and is not
[1] www.ibm.com/soa/gov
[2] http://en.wikipedia.org/wiki/SOA_Governance
8. SOA on your terms and our expertise88
Principle 2: Governance is applied to processes
It is an important analytical simplification to understand that in IT :
– we govern processes,
– we apply policy to processes,
– we apply decision points to processes
– we measure and control processes
Governance may be characterized by the sorts of decisions that need to be made at certain
control points within a process
– Control points provide an opportunity to measure the process and make decisions on whether any
adjustments are needed to the execution of the process
– Certain activites within a process may be associated with a control point
– Certain events may be a control point
Why should you care?
– Provides a structure to understand where to start with the Plan phase
• Think about the key processes and how they are governed.
9. SOA on your terms and our expertise99
Principle 3: Artifact Lifecycle is an Important Process to be Governed
The lifecycle of an artifact can be characterized as a process, involving a
set of activities and events associated with state changes of the artifact
– State transitions may be associated with a control point
– Changing state values of an artifact may be associated with a control point
“assets” are artifacts that have value to the business
– Typically, it is “assets” that have governance focus
It is also important to consider how “collections” of artifacts
Why should you care?
– By understanding the set of artifacts associated with a particular
IT discipline, we can quickly enumerate a set of key processes
that need to be governed
10. SOA on your terms and our expertise1010
Principle 4: Decision Rights are assigned to Roles
Decision rights are assigned to roles in an organization, not to individuals.
– Governance is about assigning the rights to make the decisions and deciding
what measures to use and policies to follow in order to make those decisions.
• Therefore one aspect of governance is determining organization roles.
– Management, on the other hand, includes assignment of staff to the roles and
monitoring the compliance to policies during the execution of processes.
Why should you care?
– This focuses the design phase to make sure the decision rights are properly
assigned at given control points
– Eases the enable phase to make sure decision rights are properly abstracted
11. SOA on your terms and our expertise1111
Example Decision Rights Matrix
Decision ESC ARB PMO SCB SAB BUC
Service Funding R I R I R
Service Ownership R I R I
Service Platform R R I
Service Identification R R I I I R
Service Specification I R I R
Service Realization I I R I I
Service Development I R R I
Service Release Mgmt R R I
SOA Training R I R I
Input advisors (I) make recommendations; decision makers have the right (R) to decide.
Executive Steering Committee (ESC), architectural review board (ARB), program
management office (PMO), SOA Center of Excellence Board (SCB), SOA CoE Advisory
Board (SAB), Business Unit Committees (BUC)
This example uses only high-level service lifecycle steps (and not the related decisions).
It does not illustrate use of individual roles.
12. SOA on your terms and our expertise12
Principle 5: Governance Processes and Processes Being Governed
The processes in SOA Foundation Governance Lifecycle
(Plan/Define/Enable/Measure) are “Governance Processes”
The processes in SOA Foundation Lifecycle
(Model/Assemble/Deploy/Manage) are “Processes Being
Governed”
Why should you care?
– It is important to distinguish whether a process is a governance
process or not.
– Many things called Governance Processes are in fact not
Governance Processes, but rather, they are simply processes that
Governance has a strong influence over.
13. SOA on your terms and our expertise13
Principle 6: Policies Guide Decision Making
A policy is an artifact of a governance process that guides
decision making behavior associated with one or more control
points in one or more processes.
– That is, the policy provides guidelines for decision making, sets the
rigidity for following the policy and may provide for exceptions.
• E.g., federal judges are granted decision rights for sentences for convicts.
However, they are constrained by the sentencing guidelines.
Policy provides guidelines
– sometimes sets limits
– sometimes enables
Why should you care?
– Policy is at the heart of what makes governance actionable
14. SOA on your terms and our expertise14
Principle 7: Compliance is the Documentation of Decisions Made
Compliance is an artifact of a governance process that records
the fact that a decision was made in accordance with policy(s)
associated with a control point within a process
Why should you care?
– The relationship between Governance and Compliance are often
confused
– The relationship between Policy and Compliance are often confused
15. SOA on your terms and our expertise15
Principle 8: Governance is about Behavior Change
The purpose of governance is to moderate behavior of
processes, particularly the way processes are executed by
humans and IT systems.
– The change of behavior is intended to increase the likelihood of
some specific outcome
Although some may claim that process models drive behavior,
at best a process model standardizes tasks;
– Governance drives behavior.
– People understand how to execute their decision rights and react to
measures.
Why should you care?
– Keep in mind what the purpose of Governance is.
• It is not just a ticky mark, it is about change
– Helps drive the measure phase to verify change in governance
16. SOA on your terms and our expertise16
Principle 9: The level(s) and style(s) of Governance should be Tailored
to the Needs of the Organization
Different organizations have different needs
Even within an organization, different processes may require
different styles of governance.
Some governance styles need to consider the relationship
between an organization and its sub organizations
Why should you care?
– Choosing an appropriate governance style is a Governance Process
– There is no “one size fits all” in governance
17. SOA on your terms and our expertise17
Principle 10: Organizations build up IT Governance capabilities
Incrementally
IT Governance capabilities include
– formalizing processes and best practices associated with the various
disciplines of IT Governance
– establishing cross-discipline capabilities and services to make
Governance processes more efficient and cost effective.
There are 2 reasons to iterate in the SOA Governance Lifecycle
– To incrementally add new Governance Capabilities
– To incrementally improve on existing Governance Capabilities
Why should you care?
– Don’t bite off the entire governance problem all at once
• pick your battles
– Getting Governance right is an iterative process
18. SOA on your terms and our expertise18
Principles
– Policies
– Guidelines
– Standards
Method
– What & How do I tailor the model for individual projects
Governance Processes
– Definition
– Compliance
– Vitality
– Communication
Governance Organizational Structure
Governance Roles and Responsibilities
What Constitutes a Governance Model
Governance
Foundational
Building Blocks
19. SOA on your terms and our expertise19
Principles for Success
Enabling organizations to achieve the desired goals and promises of
SOA requires an interlock between People, Process and Technology.
This interlock is accomplished with SOA governance:
– Organizing business functionality into shareable services that meet the
needs of the business require governance that defines process and
technologies to make this vision a reality
– Breaking down silos and unlocking the value of legacy systems while
making software less brittle cannot be accomplished solely with technology it
requires governance
– Cross functional nature of SOA requires improving the alignment between
business and IT but this requires SOA governance to facilitate the dialog and
interactions between business and IT
20. SOA on your terms and our expertise20
The SOA Governance processes require active participation and
decisions from different individuals and groups that are contributing to
the success of SOA.
Business Flexibility
Directives
Business Process Owners understand and maintain certain processes with all its
business and IT implications.
The Business Unit Committees are the functional business competencies stakeholders
that have to be involved in the SOA Governance process, because SOA is business
driven.
Executive Leadership
& Funding Sources
The Executive Sponsor is the principle stakeholder and the champion of the SOA CoE
organization.
The Executive Steering Committee provides strategy and initial funding and resolves
final disputes and funding issues
Advice and
Enablement
The SOA CoE Board deals with the management and the operations of the SOA CoE.
The SOA CoE Advisory Group is like a community of practice; they are the first line
review to ensure enterprise wide compliance with reuse and business agility guiding
principles.
IT Resources and
Architecture
The Architectural Review Board is overseeing the whole IT. The SOA CoE might be a
part of it or identical. Because similar work is done the relationship has to be defined.
The Program Management Office is organizing the different projects. SOA Governance
effects then due to inspections and reviews.
21. SOA on your terms and our expertise21
14 Critical Processes to be Created or Modified for an
Effective SOA Governance Model Implementation
Service
Planning
Service
Ownership and
Funding
Service
Modeling
Service
Implementation
Service
Management
Define Service
Focus
Assemble
Services
Deploy Services
Test Services
Design Services
Manage Service
Levels
Manage Service
Security
Manage Service
Change
Manage Quality
of Service
Specify Services
Realize Services
Identify Services
Define Service
Funding
Identify Service
Owners
By effectively establishing governance
mechanisms in these 14 areas, clients
can address these common challenges:
Establishing decision rights
Defining high value business services
Managing the lifecycle of assets
Measuring effectiveness
22. SOA on your terms and our expertise22
Deploy SOA technology like service registries and SOA management solutions
Registries needed to manage services at runtime but not sufficient on its own
Management is most effective when done in the context of governance
Fragmented, uncoordinated activities around SOA
Inconsistent approaches that result in limited ability for reuse
Business as usual
Treat SOA projects same as others
What is needed…
Comprehensive approach encompassing entire services lifecycle with multiple
entry points
Best practices, methodology, processes and tools/ technology
Currently the industry and our clients employ a variety of
sub-optimal approaches to SOA Governance
Current Approaches to SOA Governance in the Marketplace
23. SOA on your terms and our expertise23
SOA Governance Lifecycle
Define the Governance Approach
Define/modify governance processes
Design policies and enforcement mechanisms
Identify success factors, metrics
Identify owners and funding model
Charter/refine SOA Center of Excellence
Design governance IT infrastructure
Monitor and Manage
the Governance Processes
Monitor compliance with policies
Monitor compliance with governance arrangements
Monitor IT effectiveness metrics
Enable the Governance
Model Incrementally
Deploy governance mechanisms
Deploy governance IT infrastructure
Educate and deploy on expected behaviors
and practices
Deploy policies
Plan the Governance Need
Document and validate business strategy
for SOA and IT
Assess current IT and SOA capabilities
Define/Refine SOA vision and strategy
Review current Governance
capabilities and arrangements
Layout governance plan
24. SOA on your terms and our expertise24
New Services and Products in the Press Announcement
BCS: SOA Governance and Management Method
– Services to help customers map their requirements, policies, procedures and regulations to execute new
business plans based on SOA, and help with the necessary cultural changes
Rational: SOA Governance plug-in for IBM Rational Method Composer
– Select governance best practices from IBM Business Consulting Services packaged as a reusable asset
and delivered as part of Rational Method Composer
WebSphere: IBM WebSphere Service Registry and Repository
– Offering to help customers discover, access, and manage service metadata used in the selection,
invocation, management, reuse and governance of services in an SOA
– Target availability: Q3
– WW Technical Sales Leader: Naveen Sachaeva
Information Management: IBM Rational Data Architect
– Helps customers adopt and enforce corporate and industry standards on their data models, and helps
customers design, discover and govern SOA compliant information architectures
Tivoli: IBM Tivoli Change and Configuration Management Database
– Automatically discovers and manages information about a client’s IT environment, including IT resources,
configuration items, user identities, and the interrelationships between these entities.
IBM Software news: New IBM Software and Consulting Services
Help Organizations Reach Business Goals (2006-03-22)
25. SOA on your terms and our expertise25
Thank You
Merci
Grazie
Gracias
Obrigado
Danke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Hindi
Tamil
Thai
Korean