Service-Oriented Architecture Governance for the Services Driven Enterprise by Eric A. Marks

6.1. OVERVIEW OF THE GOALS–PRINCIPLES–POLICY CYCLE

SOA governance is most effective when the SOA policies are derived from and aligned to an SOA strategy and its supporting goals. These SOA goals form the basis for defining SOA principles, which are critical inputs in defining SOA policies. Thus, there is an ongoing cycle of defining, managing, and updating SOA goals, principles, and policies, as well as assessing policy impacts on existing services, consumers, and providers. The SOA enabling technology must support the critical policies, and the SOA governance model must provide organization and process for enforcing manual policies. Taken together, an SOA governance model must integrate governance organizations, people, processes, and technology into a coherent policy enforcement fabric.

The SOA governance goals, principles, and policies cycle is summarized below:

• Define business, IT, and SOA goals (from the SOA strategy document, if it exists).

• Identify IT and SOA principles that support those business goals. These are broad statements of intent that align with and support the business, IT, and SOA Strategy.

• Select governance processes and/or concerns that impact the principles.

• Define policy categories that support the principles, such as the examples below:

  • Business policies (e.g., regulatory policies, Sarbanes-Oxley, compliance policies, industry specific policies for example HIPAA, outsourcing policies, vendor management policies, acquisition policies)

  • Process policies (e.g., ...