SOA Governance

A Practical Guide for Public Service Organizations

Over the last 5 to 10 years, service-oriented architecture (SOA) has become fairly common within the IT landscape across industries—for good reason. With layered and modular design and a loosely coupled approach to application integration, SOA has become a leading practice for large-scale, enterprise architectures. What is not commonplace, however, are the policies and processes required to effectively manage and coordinate the re-use of the shared services infrastructure that SOA provides. In fact, the lack of an effective SOA governance infrastructure (SGI) is often the reason that SOA implementations fail.

While SOA is the architecture of choice for most public sector organizations, the transition to SOA can often be fraught with uncertainty. Establishing an effective SOA governance infrastructure is a critical component to fully realize the expected benefits of SOA and maximizing return on investment (ROI).

Get started with SOA governance—champion business and IT alignment along the way.

Contrary to popular belief, one of the biggest reasons SOA implementations fail has nothing to do with technology. While selecting the right tools is important, a key cause of unsuccessful implementations is the lack of an effective SOA SGI. Nevertheless, with other priorities competing for scarce resources, many organizations have ignored, underfunded or even abandoned their SOA governance efforts.

For those organizations that have made SOA governance a priority, the challenges can seem overwhelming. By its very nature, cross-organizational SOA governance must address the competing objectives and agendas of different organizations. Budget, policy, legal and security considerations add further complexity. However, using the right approach, these challenges can be overcome—allowing organizations to fully reap the benefits of their new SOA, and ultimately maximize its ROI.

Three key enablers play a critical part in establishing a successful SGI—People, Processes and Technology.

• The right people. Identifying and organizing the appropriate stakeholders to manage the SGI is essential. In addition to providing cross-organizational buy-in, the SOA Governing Body will be responsible for aligning business and IT objectives, setting policy and standards and managing the overall lifecycle of assets within the service portfolio. It should include three groups—the Strategic, Tactical and Operational—each consisting of skilled individuals with a “SOA mindset.”

• The right processes. A successful SGI depends on implementing the right processes and practices to support the enterprise SOA. While multiple supporting processes will be established and utilized by the Governing Body, the most critical process for the SGI deals with effectively managing the overall service lifecycle. Establishing a robust service lifecycle management process should be a key objective of every SGI.

• The right technology. The SGI will include tools needed to support the Governing Body’s SOA strategy, goals and governance priorities. The selected tools will provide decision-making guidance for all stages in the service’s lifecycle—from planning to retirement. While many different tools will likely be used, two key components within any successful SGI are the service repository and the service registry.

When it comes to establishing an SGI, to improve the probability of success, organizations should start small and gradually work up to a more sophisticated governance structure. An organization’s SOA Governance process will “mature” over time. The transition from “unorganized” to “full maturity” can be expected to take five years or more.

Within each phase of the maturity model, specific objectives are set for each of the three SOA Governance enablers. For those organizations that have already begun the SOA journey, but are still struggling with the establishment of an effective SGI, an “as is” assessment of current capabilities is essential. Organizations should also create a“to be” plan, with a clear time-line and associated action items.