ISO/IEC 17998

Description / Abstract: Overview

Many companies have adopted Service-Oriented Architecture (SOA) as an approach to architecture to assist in closing the business and IT gap by delivering the appropriate business functionality in a timely and efficient manner. For more details on this, refer to available books and standards on SOA (see Referenced Documents and Appendix D).

Many companies that have approached SOA via a pilot project have not been seeing the same demonstrated SOA benefits once they have deployed a fully-fledged SOA project. While pilot projects achieved a level of re-use, they have tended to be within one division, but as soon as a project boundary crosses multiple divisions, new challenges are encountered.

One of the key disciplines to assist in addressing these challenges is governance. Whilst governance has been around a long time, SOA has heightened the need and importance of having a formal SOA Governance Regimen that sets expectations and eases the transition of an organization to SOA by providing a means to reduce risk, maintain business alignment, and show business value of SOA investments through a combination of people, process, and technology. The role of the SOA Governance Regimen is to create a consistent approach across processes, standards, policies, and guidelines while putting compliance mechanisms in place.

Most organizations already have a governance regimen for their IT department covering project funding, development, and maintenance activities. These tend to have been defined using either one of the formal standard IT governance frameworks – such as COBIT, ITIL, etc. – or an informal in-house governance framework that has been built over many years. The focus of The Open Group's initial release of an SOA Governance Framework is primarily based on the IT aspects of SOA governance.

This document contains a description of the governance activities that are impacted by SOA, and puts forward some best practice governance rules and procedures for those activities. In order to specify the changes necessary to accommodate SOA in an existing governance regime, the governance activities described in this document must be mapped and integrated to the activities being utilized in the existing regime. Many of the lists provided with the explanations of the SGRM and SGVM are non-normative examples intended to provide a starting point for customization to the SOA solution.

This document is organized as follows:

• This chapter provides a general introduction.

• Chapter 2 discusses the background to SOA governance, describing the reasons why governance is important for SOA, the challenges involved, and the benefits that should be achieved.

• Chapter 3 defines SOA governance and explains The Open Group SOA Governance Framework.

• Chapter 4 defines the generic SOA Governance Reference Model (SGRM) used as a baseline for tailoring an SOA Governance Model for an organization.

•Chapter 5 defines the SOA Governance Vitality Method (SGVM) which describes a method using the generic SGRM to instantiate an organizational unique SOA Governance Model.

• Appendix A describes the SOA governance process activities.

• Appendix B describes the SOA governance process information entities.

• Appendix C provides an SOA governance metrics example.

• Appendix D describes the relationship of this document to other SOA standards.