4.1.7: Governance
Establish Federated Governance Other Information:
Effective governance recognizes that it is not just about control, policing, and enforcement functions – it is also about
providing essential services. Likewise, governance has jurisdictional boundaries, both within programs, at the enterprise
level, and beyond. For this document, we adopt the following definition of (IT) governance: “Specifying the decision rights
and accountability framework to encourage desirable behavior in the use of IT.” [Weill, 2004] Agencies must clearly establish
governance charters, statements of scope, and areas of responsibility for specific organizational elements within the governance
structure. In Section 3, the need for SOA governance was established and specifically the need for federated SOA governance.
What does a federated governance model look like and how is it different from a non-federated model? Weill and Ross [Weill,
2004, p.61] define federated IT governance as “…coordinated decision making involving both the center [central authority]
and the business units,” suggesting a two tiered vertical model that shares power in some manner. However, this concise definition
does not accurately convey the principles of federalism based on a multi-tiered environment (see Exhibit 3-5). Within the
context of the federal Establish Effective governance recognizes that it is not just about control, policing, and enforcement
functions – it is also about providing essential services. Likewise, governance has jurisdictional boundaries, both within
programs, at the enterprise level, and beyond. For this document, we adopt the following definition of (IT) governance: “Specifying
the decision rights and accountability framework to encourage desirable behavior in the use of IT.” [Weill, 2004] Agencies
must clearly establish governance charters, statements of scope, and areas ofgovernment, federated governance deals with semi-autonomous,
but interconnected, organizations (at multiple levels) coordinating their efforts through a centralized mechanism. To be effective,
the central authority should have the capabilities to effectively carry out the responsibilities delegated to it by the federation.
This includes overseeing the establishment of standards and resolving conflicts, and providing the necessary resources, including
funding and staff, to effectively operate. While the members of the federation retain their individual program authorities,
they give up some control to the centralized authority to create the shared value that each seeks through the federation.
At this point, the discussion has focused on actor relationships or management of the SOA environment. What technical aspects
of the SOA need to be governed in a federated environment? The provider/consumer model introduced in the beginning of this
document provides insight. The provider’s lifecycle involves service development consisting of these primary phases: requirements,
design, implement, publish, manage/service, and retire. The consumer’s lifecycle is concerned with the manage/service phase
of the provider’s lifecycle and includes: discovery, binding, using, and ending with disassociation. Within these two lifecycles,
specific aspects of the SOA lifecycle would concern governance with respect to two or more actors and across multiple tiers.
These include, but are not limited to: • Service requirements to include performance metrics • Service design specifically
with respect to standards (i.e., interoperability) • Service versioning • Service funding • Service stewardship • Service
elevation to enterprise-wide services • Service compensation for elevated services • Service monitoring and diagnosis • Service
registration • Service publishing • Service discovery • Service consumption • Service security (i.e., trust channel mechanisms).
Also of concern is the governance of federal SOA infrastructure (i.e., SOI) where enterprise-services, at any level, may reside.
These may initially be hosted by an agency specific COE, but will evolve to a federated COE due to the joint requirements
of the participants. These include, but are not limited to: • Federated SOA funding • Federated SOA requirements • Federated
SOA design • Federated service repository • Federated monitoring and diagnosis • Federated SOA security • Federated consumption.
Federated governance includes the agreed upon incentives and rules of behavior among peers that enable collaboration to occur
across related domains. We offer the following suggestions for creating and leveraging federated governance: • Turn enterprise
business/operational service level objectives into measures of effectiveness and associated mission level agreements, business/mission
level agreements, and/or service level agreements. Use these to provide incentives instead of “mandates” wherever possible.
Rigorously enforce compliance with the agreements. • Adopt commercial open standards and provide implementation guidance in
the form of well documented reference implementations of those standards. • Develop a funded forum for representatives of
all stakeholders to weigh in on architecture, process, and requirement development and prioritization. • Establish agreements
(MOUs) to define and enable value-based interaction among the participants in the community. The US DoD Cross-domain Information
Exchange Framework (CIEF) is an example that can be employed to define the terms of the agreements. • Balance enterprise concerns
with program level objectives. • Establish overall service operational scope objectives within and across enterprises and
gain executive support. • Guarantee enterprise service levels to program adopters and indemnify risk associated with using
services provided by others. • Employ enterprise architecture tools and artifacts to identify significant information exchanges
across domains of interest. From a practical standpoint, it is recommended that existing governance structures be leveraged
whenever possible. For example, on alternative might be to leverage the existing e-Gov and LOB initiative communities. In
general, we only recommend establishing new governance organizations when there is currently no existing governing body to
absorb the new responsibilities.
Indicator(s):
|
