Enterprise Architecture Principles Architecture Principles.pdf · University of Saskatchewan...
Transcript of Enterprise Architecture Principles Architecture Principles.pdf · University of Saskatchewan...
EnterpriseArchitecturePrinciples
InformationandCommunicationTechnology
University of Saskatchewan Enterprise Architecture Principles Page 2 of 31
IntroductionTheuniversity’svisionusesenterprisearchitecturetoprovideaholisticviewoftheprocesses,data,applicationsystemsandtechnologyinfrastructurethatexistswithintheUniversityofSaskatchewan.Thisholisticview,orblueprint,providesstrategiccontextforplanningtheevolutionofinstitutionalinformationsystemsintoanintegratedenvironmentthatisresponsivetochangeandsupportsthedeliveryofuniversitystrategy.TheprinciplesdefinedinthisdocumentformthebasisforgovernanceoftheUniversityofSaskatchewan’senterprisearchitecture.
PurposeofPrinciplesPrinciplesarestatementsofdirectionthatprovideafoundationfordecisionmakingintheselection,implementationandevolutionoftheuniversity’sinformationsystems.Enterprisearchitectureprinciplesaligninformationsystemusesanddevelopmentwiththeuniversity’smission,strategicobjectivesandgoals.Enterprisearchitectureprinciplesserveasaframeworkfordecisionmakingbyprovidingguidanceaboutthepreferredoutcomesofadecisioninagivencontext.Thisactsasamechanismforharmonizingdecisionmakingacrossunitsandguidingtheselectionandevolutionofinformationsystemstobeasconsistentandcosteffectiveaspossible.
UseofPrinciplesEnterprisearchitectureprinciplesshouldbeconsideredwhenmakinganydecisionregardingtheuse,selection,evolutionandintegrationofallinformationsystemsresourcesandassetsattheUniversityofSaskatchewan.Theseprinciplesareinter-relatedandneedtobeappliedasacohesiveset.Eachprinciplemustbeconsideredinthecontextof“allotherthingsbeingequal”.Therearetimeswhenadecisionwillneedtobemaderegardingwhichprincipleswilltakeprecedenceonaparticularissue.Whenthosesituationsarise,therationalforthedecisionneedstoberecorded.Therecordedrationalwillbeusedtoinformfuturedecisionsontheinitiativeandallowfortheconsistentapplicationoftheprinciples.
GovernanceofthePrinciplesTheseprinciplesprovideguidanceanddirectionfortheuseandevolutionofinformationsystems.Deviatingfromtheprinciplesmayresultinunnecessaryandavoidablelong-termcostsandrisks.Assuch,deviationfromthesolution-setboundbytheseprinciplesrequirestheexplicitapprovaloftheInformationSystemsSteeringCommittee(ISSC)throughitsdesignatedArchitecturalGovernanceprocess.
HowdoEnterpriseArchitecturePrinciplesfitwithintheInstitutionAlignmentwithenterprisearchitectureprinciplesshouldbeagoalforanyinitiativeandwillresultinfewerobstacles,surprisesandcoursecorrectionslaterintheproject.Toachievethesebenefits,areviewofthealignmentbetweentheinitiativeandenterprisearchitectureprinciplesmustbedoneinadvanceofacharterreviewbyanyICTSteeringcommittee.
University of Saskatchewan Enterprise Architecture Principles Page 3 of 31
SummaryofthePrinciplesThefollowingprinciplesapplytoalldecisionsmadeattheuniversityregardinginformationsystemchange.Althoughtheyapplytoallpersonnel,theywillmostfrequentlybeusedbythoseresponsiblefordesigningtechnology-enabledsolutions.GeneralPrinciples
1. PrincipledDecisionMaking2. MaximizeValuetotheUniversity3. MaintainTransparencyinInformationSystemDecisionMaking4. PlanforContinuedOperations5. MinimizeDuplication6. MaintainLegalandRegulatoryCompliance7. Risk-basedApproachtoSecurity8. InformationSystemsResponsibility9. ContinuousImprovement
DataPrinciples
10. DataisanAsset11. DataisaSharedResource12. CommonVocabularyandDataDefinitions13. DataisEasilyAccessible14. DataManager
ApplicationPrinciples
15. ConvergenceWiththeEnterpriseArchitecture16. EnterpriseArchitectureAppliestoExternalITproviders17. TechnologyIndependence18. Ease-of-Use19. ComponentSimplicityandReusability20. ReusableInterfaces
TechnologyPrinciples
21. RequirementBasedChange22. ResponsiveChangeManagement23. ControlTechnicalDiversity24. SeamlessIntegration
University of Saskatchewan Enterprise Architecture Principles Page 4 of 31
GeneralPrinciples
Principle1:PrincipledDecisionMakingStatement:Theinformationsystemsprinciplesapplythroughouttheuniversityandtakeprecedenceoverallotherconsiderationswheninformationsystemdecisionsaremade.Rationale:Theseprinciplesprovideguidanceanddirectionfortheuseandevolutionofinformationsystems.Deviatingfromtheprinciplesmayresultinunnecessaryandavoidablelong-termcostandrisk.Theonlywaywecanprovidearecognized,consistentandmeasurablelevelofoperationsisifallorganizationalunitswithintheuniversityabidebytheprincipleswhenmakingdecisions.
Implications:• Withouttheseprinciples,short-termconsiderations,convenientexceptionsandinconsistencieswill
rapidlyunderminethemanagementofinformationsystems.• Informationsysteminitiativeswillnotbeginuntiltheyareexaminedforcompliancewiththeprinciples.• Principlesareinter-relatedandneedtobeappliedasacohesiveset.Initiativesthatareinconflictwiththe
principlesrequiretheexplicitapprovaloftheInformationSystemsSteeringCommittee(ISSC)throughitsdesignatedArchitecturalGovernanceprocess.
Principle2:MaximizeValuetotheUniversityStatement:Strategicdecisionsforinformationsystemsmustalwaysstrivetoprovidemaximumvaluetotheinstitutionwhilebalancingthelong-termcostsandrisks.
Rationale:Everystrategicdecisionmustbeassessedfromacost,riskandbenefitperspective.Decisionsmadefromauniversity-wideperspectivehavegreaterlong-termvaluethandecisionsmadefromanyparticularorganizationalunit’sperspective.Maximizingthebenefittotheuniversityrequiresthatinformationsystemdecisionsadheretoenterprise-widedriversandpriorities.Nogroupwilldetractfromthebenefitofthewhole;however,thisprinciplewillnotprecludeanygroupfromgettingtheirjobdone.Implications:
• Weneedtoensurethequantitativeandqualitativebenefitsoutweighthecostsandrisksassociatedwiththeinitiative.
• Thecostsmustbedeterminedbasedonthetotalcost-of-ownershipacrossthelifecycleoftheinitiative.Thisincludesbusinesscostsaswellasinformationsystemcosts.
• Thiswilloftenresultin:o Reusebeforebuy.Whereverpossible,existingsystemsandtechnologyshouldbeusedratherthan
acquiringordevelopinganewsystem.o Buybeforebuild.Opensourcesystemsorcommercialoff-the-shelf(COTS)systemsshouldbe
acquiredinsteadofin-housedevelopmentwhereasuitablesolutionisavailablethatisnotcostprohibitive.
University of Saskatchewan Enterprise Architecture Principles Page 5 of 31
o Configurationbeforecustomization.Informationsystemsthatareadaptableandflexibletochangingbusinessprocessesmaycostmoreinitiallybutreducethelongtermcostsandrisksassociatedwithcustomization.
o Theseconsiderationsneedtobebalancedwiththeminimizeduplicationprincipleandtheconvergencewiththeenterprisearchitectureprinciple.
• Achievingmaximumenterprise-widebenefitswillrequirechangesinthewayweplanandmanageinformationsystems.Technologyalonewillnotbringaboutchange.
• Tomaximizeutility,someunitsmayhavetoconcedetheirpreferencesforthebenefitoftheentireuniversity.
• Informationsysteminitiativesshouldbeconductedinaccordancewiththeinformationsystemsstrategicplan.Individualunitsshouldpursueinformationsysteminitiativeswhichconformtotheblueprintandprioritiesestablishedbytheuniversity.Thestrategicplanwillchangeifitneedsto.
Principle3:MaintainTransparencyinInformationSystemDecisionMakingStatement:Allorganizationalunitsattheuniversityparticipateininformationsystemsdecisionsneededtoaccomplishbusinessobjectives.
Rationale:Informationsystemusersarethekeystakeholdersandcustomersintheapplicationoftechnologytoaddressabusinessneed.Inordertoensureinformationsystemsalignwiththebusiness,allorganizationalunitsintheenterprisemustbeinvolvedinallaspectsoftheinformationenvironment.Thesubjectmatterexpertsfromacrosstheenterpriseandthetechnicalstaffresponsiblefordevelopingandsustainingtheenvironmentneedtocometogetherasateamtojointlydefinethegoalsandobjectivesofinformationsystems.
Implications:
• Tooperateasateam,allstakeholdersandcustomerswillneedtoacceptresponsibilityfordevelopingtheinformationenvironment.
• Resourcecommitmentwillberequiredtoimplementthisprinciple.• Riskismanagedjointly.• Governancebodydecisionsneedtobewidelycommunicatedtoensureasharedunderstanding.
Principle4:PlanforcontinuedoperationsStatement:Universityoperationsmustbemaintained,despitesysteminterruptions.
Rationale:Informationsystemoperationsarepervasiveandwearedependentonthem.Therefore,wemustconsiderthereliabilityofsuchsystemsthroughouttheirdesign,useanddecommissioning.Businessunitsthroughouttheuniversitymustbeabletoconducttheirnormaloperations,regardlessofexternalevents.Hardwarefailure,naturaldisastersandlackofdataintegritymustnotstopbusinessactivities.Organizationalunitsmustbecapableofoperatingonalternativeinformationdeliverymechanisms.
University of Saskatchewan Enterprise Architecture Principles Page 6 of 31
Implications:• Applicationsmustbeassessedforcriticalityandimpactontheuniversity’smissioninordertodetermine
thelevelofcontinuitythatisrequiredaswellaswhatcorrespondingrecoveryplanisnecessary.Thisincludesidentifyingfallbackmodesofoperationifavailable.
• Managingtheongoingoperationalriskincludes,butisnotlimitedto:o Regularsystempatchingandupdateso Regulartestingforvulnerabilityandexposureo Periodicreviewsorsystemaudits
• Recoverability,redundancyandmaintainabilityshouldbeaddressedatthetimeofdesign.• Theriskassociatedwithrunninganalternativeorfallbackdeliverymodelneedstobeidentifiedand
remediatedtoanacceptablelevel.
Principle5:MinimizeDuplicationStatement:Informationsystemsshouldbedesignedtoallowforenterprise-wideuse,ratherthanusebyaspecificorganizationalunit.
Rationale:Duplicatingacapabilityisexpensiveandleadstoinconsistentbusinessactivitiesandconflictingdata.
Implications:
• Technologyandservicesshouldnotbeduplicatedwhentheneedbeingfulfilledisthesame.• Theimpetusforaddingtothesetofuniversity-widecapabilitiesmaywellcomefromanorganizational
unitmakingaconvincingcase,buttheresultingcapabilitywillbecomepartoftheenterprise-widesystemandthedataitproduceswillbesharedacrosstheinstitution.
• Unitsarenotpermittedtodevelopcapabilitiesfortheirownusewhicharesimilarto,orareaduplicationofanenterprise-widecapabilities.Thisway,expendituresofscarceresourcestodevelopessentiallythesamecapabilityinmarginallydifferentwayswillbereduced.
• Iftheenterprisecapabilityisincompleteordeficient,effortswillbemadetoaddressthedeficiency.Thiswillallowustoachievemaximumutilityfromexistinginvestments.
• Whenduplicateservicesortechnologiesexist,anefforttostandardizeonasingleenterprisesolutionshouldbemade.Thisprinciplemaybeinfluencedbytheconvergencewiththeenterprisearchitectureprinciple.
• Dataandinformationusedtosupportuniversitydecision-makingwillbestandardizedtoamuchgreaterextentthanpreviously.
Principle6:MaintainLegalandRegulatoryComplianceStatement:Informationsystemmanagementprocessesmustcomplywithallrelevantcontracts,laws,regulationsandpolicies.Rationale:Theuniversityissubjecttoprovincialandfederallawsandregulations.Therearehowever,additionallaws,regulations,contracts,policiesandstandardsthatmustbeadheredtoasaresultofspecificbusinessactivitywithintheuniversity.Examplesinclude,butarenotlimitedto,PaymentCardIndustrystandards(PCI),CanadianAnti-SpamLaw(CASL),collegeaccreditationstandardandtheuniversity’sFreedomofInformationandProtectionofPrivacyPolicy.
University of Saskatchewan Enterprise Architecture Principles Page 7 of 31
Thisprinciplewillnotprecludeprocessimprovementsthatleadtochangesininternalpoliciesandregulations.
Implications:• Theinformationsystemdecisionsmustbemindfultocomplywithlaws,regulations,aswellasinternal
andexternalpoliciesregardingthecollection,retentionandmanagementofdata.• Staffneedtobeeducatedabouttheimportanceofregulatorycomplianceandtheirresponsibilityto
maintainit.• Whereexistinginformationsystemsarenon-complianttheymustbestrategicallybroughtinto
compliance.• Changeinlaworregulationmaydrivechangeinourprocessesorapplications.• Theinformationsystemdecisionsmustbemindfulcontractualobligation.
Principle7:Risk-BasedApproachtoSecurityStatement:Therisktoinformationandinformationsystemsmustbeassessedtoensureanacceptablelevelofconfidentiality,integrityandavailabilityisachieved.Rationale:Riskisthepossibilityofloss,injuryorotheradverseorunwelcomecircumstancethatmayhaveanegativeimpactonuniversityobjectives.Riskassessmentistheoverallprocessofriskidentification,analysis,evaluationandmitigation.Followingarisk-basedapproachprovidestheuniversitywithanopportunityto:
• Identifythreatstoprojects,initiatives,dataandtheongoingoperationofinformationsystems.• Effectivelyallocateanduseresourcestomanagethoserisks.• Avoidunwarrantedspeculation,misinterpretationandinappropriateuse.• Improvestakeholderconfidenceandtrust.
Implications:
• Informationsystems,dataandtechnologiesmustbeprotectedfromunauthorizedaccessandmanipulation.Universityinformationmustbesafe-guardedagainstinadvertentorunauthorizedalteration,sabotage,disasterordisclosure.
• Thecostandlevelofsafeguardsandsecuritycontrolsmustbeappropriateandproportionaltothevalueoftheinformationassetsandtheseverity,probabilityandextentofharm.
• Riskidentificationmusttakeintoconsiderationexistingcontrols,theconsequenceandthelikelihoodoftheriskoccurring.
• Optionsforaddressingtheriskshouldbereviewedandthedecisionabouttreatmentoftherisksdocumented.
• Risktreatmentwilltypicallyinvolvechoosingoneormoreofthefollowing:o Acceptingriskbyhavinganappropriateuniversityofficialsignoffontheacceptanceoftherisk.o Avoidingriskbydecidingnottopursueaparticularinitiative.o Transferringriskbyhavinganappropriateuniversityofficialtransfertherisktoanexternalentity
(suchasbybuyinginsurance).o Mitigatingriskbyapplyingappropriatesafeguardsandcontrols,andacceptingtheresidualrisk.
• Riskmanagementrelatedtodata:o Sensitivityandriskmustbeassessedatthedatalevel,nottheapplicationlevel.
University of Saskatchewan Enterprise Architecture Principles Page 8 of 31
o Aggregationofdata,bothsensitiveandnot,mayresultinnewrisksrequiringareviewtoensuretheappropriatelevelsofcontrol.Datastewardsand/orsubjectmatterexpertsmustdeterminewhetheraggregationresultsinanincreasedsensitivity.
o Datasafeguardssuchasrestrictingaccessto"viewonly"or"neversee"shouldbeconsidered.Sensitivitylabelingmustbedetermined.
Principle8:InformationSystemsResponsibilityStatement:TheChiefInformationOfficer(CIO)isaccountableforallinformationsystemsattheuniversitythroughbothanofficialroleaswellastheexpectationofseniorexecutive.Thisaccountabilityextendstothedevelopmentandmanagementofinformationsystemsandinfrastructurethatmeetuser-definedrequirementsforfunctionality,servicelevels,costsanddeliverytime.
Rationale:Theuniversityistransformingintoadigitalenterprisewheretechnologyisbothpervasiveandubiquitous.Inthishighlycomplexanddistributedenvironment,itisessentialtoalignexpectationswithcapabilitiesandcostssothatallinformationsysteminitiativesareefficient,effective,havereasonablecostsandclearbenefits.
Implications:
• Governanceandneedidentificationprocessesmustevolvethatallowfortherationalizeddevelopmentandprioritizationofinformationsysteminitiativesandprojects.
• Managingbusinessunitexpectationsiscritical.• Businessprocess,data,applicationandtechnologymodelsmustbecreatedtoallowustounderstandthe
complexrelationshipbetweenbusinessprocessesandinformationsystems.Principle9.ContinuousImprovementStatement:Allprocessesareinneedofcontinuousimprovementtostayrelevant.Rationale:Therateofchangeandimprovementintheworldwideinformationtechnologymarkethasledtoextremelyhighexpectationsregardingquality,availabilityandaccessibility.Asaresult,ICTmustdeliverprojectsandservice-levelagreements(SLAs)onprogressivelyshorterdeadlinesandinformationsystemswithincreasinglyhigherqualityinaneffectivecost-controlmanner.Thisdemandrequiresanoperatingmodelthatcontinuouslyreviewsandimprovesuponcurrentpracticesandprocesses.Implications:
• Performancemetricslinkedtobusinessgoalsmustbedefinedandusedtodriveimprovements.Industrybenchmarksshouldbeusedasacomparatorwhereappropriate.
• Routinetasksthatcanbeautomatedshouldbe,butonlywherethebenefitjustifiesthecost.Thecomplexityoftheprocess,thepotentialtimesavingsandthepotentialforerrorreductionshouldbefactoredintothebenefit.
• Processesandtasksmustbeanalyzedandunderstoodtodeterminetheopportunityforimprovementandautomation.
University of Saskatchewan Enterprise Architecture Principles Page 9 of 31
• ICTstaffmustbeincreasinglyqualifiedandmotivatedtoautomatetheirtasksaswellasthoseofthebusinessusers.
• Thestandardinformationsystemandtechnologyarchitecturesmustbedefinedandapplied.• Serviceoutages,errorsandproblemsneedtobeanalyzedtounderstandandimproveupondeficiencies
inexistingprocessesandpractices.• Manualintegration,wheredataiscopiedfromoneinformationsystemtoanotherbyhand,shouldgive
waytoautomatedprocessesthatarerepeatable,timelyandlesspronetoerror.
DataPrinciples Principle10:DataisanAssetStatement:Dataisanassetthathasvaluetotheuniversityandneedstobemanagedaccordingly.Rationale:Institutionaldataisamongtheuniversity'smostvaluableassetsandrepresentsasignificantinvestmentoftimeandeffort.Dataisthefoundationofourdecisionmaking,andsupportsacademic,researchandadministrativefunctions.Thereforewemustcarefullymanagedatatoensurethatweknowwhereitis,sowecanrelyonitsaccuracyandobtainitwhenandwhereitisneeded.Implications:
• Thisisoneofthreeclosely-relatedprinciplesthatalignwiththeUniversityDataManagement,DataAccessandDataUsePolicies.Theimplicationisthatthereisaneducationtasktoensurethatallunitswithintheuniversityunderstandtherelationshipbetweenvalueofdata,sharingofdataandaccessibilitytodata.
• Stewardsmusthavetheauthorityandmeanstomanagethedataforwhichtheyareaccountable.• Theroleofadatastewardiscriticalbecauseobsolete,incorrectorinconsistentdatacouldbepassedto
universitypersonnelandadverselyaffectdecisionsacrosstheinstitution.• AsdefinedbytheDataManagementPolicy,thedatastewardisrequiredtoensuredataqualityis
sufficientfortheinstitutionalneedsandnotjusttheneedsoftheunit.o Proceduresmustbedevelopedandusedtopreventandcorrecterrorsintheinformationandto
improvethoseprocessesthatproduceflawedinformation.o Dataqualitywillneedtobemeasuredandstepstakentoimprovedataquality.o Policyandproceduresmayneedtobeamendedtoensurequalityissuesareaddressedinatimely
manner.Principle11:DataisaSharedResourceStatement:Dataiscapturedonceandsharedacrossuniversityfunctionsandunits.Rationale:Timelyaccesstoaccuratedataisessentialtoimprovingthequalityandefficiencyofuniversitydecision-makingandsupportingacademic,researchandadministrativeactivities.
University of Saskatchewan Enterprise Architecture Principles Page 10 of 31
Itislesscostlytomaintaintimely,accuratedataandshareitfromasingleapplicationthanitistomaintainduplicatedatainmultipleapplicationswithmultiplerulesanddisparatemanagementpractices.Theuniversityholdsawealthofdata,butitisstoredinhundredsofincompatiblestovepipeinformationsystems.Thespeedofdatacollection,creation,transferandassimilationisdrivenbytheabilityoftheuniversitytoefficientlysharetheseislandsofdataacrosstheinstitution.Ashareddataenvironmentwillresultinimproveddecisionmakingandsupportactivitiesaswewillrelyonfewersources(ultimatelyone)ofaccurateandtimelymanageddata.Implications:
• Thisisoneofthreeclosely-relatedprinciplesregardingdatathatalignwiththeUniversityDataManagement,DataAccessandDataUsePolicies.Theimplicationisthatthereisaneducationtasktoensurethatallunitswithintheuniversityunderstandtherelationshipbetweenvalueofdata,sharingofdataandaccessibilitytodata.
• Intheshort-term,wemustinvestinsoftwarecapableofmigratinglegacysystemdataintoashareddataenvironmenttopreserveoursignificantinvestmentinlegacysystems.
• Weneedtodevelopstandarddatamodels,dataelementsandothermetadatathatdefinesthissharedenvironmentanddeveloparepositorysystemforstoringthismetadatatomakeitaccessible.
• Inthelong-term,aslegacysystemsarereplaced,wemustadoptandenforcecommondataaccesspoliciesandguidelinesforinformationsysteminitiativestoensurethatdataremainsavailabletothesharedenvironmentandthatdatacancontinuetobeusedbythenewinitiatives.
• Forboththeshort-termandthelong-termwemustadoptcommonmethodsandtoolsforcreating,maintainingandaccessingthedatasharedacrosstheinstitution.
• Datasharingwillrequireasignificantculturalchange.• Thisprincipleofdatasharingwillneedtobebalancedwiththeprincipleofdatasecurity.Underno
circumstancewillthedatasharingprinciplecauseconfidentialdatatobecompromised.• Datamadeavailableforsharingwillhavetoberelieduponbyalluserstoexecutetheirrespectivetasks.
Thiswillensurethatonlythemostaccurateandtimelydataisrelieduponfordecisionmaking.Shareddatawillbecometheuniversity-wide‘virtualsinglesource’ofdata.Energyandresourcesmustbecommittedtothistask
Principle12:CommonVocabularyandDataDefinitionsStatement:Dataisdefinedconsistentlythroughouttheuniversityandthedefinitionsareunderstandableandavailabletoallusers.Rationale:Thedatathatwillbeusedinthedevelopmentofinformationsystemsmusthaveacommondefinitionthroughouttheuniversitycommunitytoenablethesharingofdata.Acommonvocabularywillfacilitatecommunicationsandenabledialogtobeeffective.Inaddition,itisrequiredtointerfacesystemsandexchangedata.Implications:
• ThisprincipleisinalignmentwiththecurrentUniversityDataManagement,DataaccessandDataUsePolicy.
University of Saskatchewan Enterprise Architecture Principles Page 11 of 31
• Theuniversitycommunitymustestablishacommonvocabulary,accessibilityguidelines,sensitivitylabelingandbusinessrulesaboutthedata.Thedatadefinitionswillbeuseduniformlythroughouttheinstitution.
• Wheneveranewdatadefinitionisrequired,thedefinitioneffortwillbecoordinatedandreconciledwiththeuniversity‘glossary’ofdatadescriptionsthatwillneedtobeestablished.TheReportingandDataServicesstaffwillprovidethiscoordinationandtherepositoryfortheglossary.
• Ambiguitiesresultingfrommultipledefinitionsofdatamustgivewaytoacceptedenterprise-widedefinitionsandunderstanding.
• Multipledatastandardizationinitiativesneedtobecoordinated.• Functionaldataadministrationresponsibilitiesmustbeassigned.
Principle13:DataisEasilyAccessibleStatement:Datamustbeaccessibleinorderforuniversitypersonneltoperformtheirfunctions.Rationale:Wideaccesstodataleadstoefficiencyandeffectivenessindecision-makingandaffordstimelyresponsestoinformationrequestsandservicedelivery.Accesstoinformationmustbeconsideredfromauniversity-wideperspectivetoallowaccessbyawidevarietyofusers.Stafftimeissavedanddataconsistencyisimproved.Implications:
• Thisisoneofthreeclosely-relatedprinciplesregardingdatathatalignwiththeUniversityDataManagement,DataAccessandDataUsePolicies.Theimplicationisthatthereisaneducationtasktoensurethatallunitswithintheuniversityunderstandtherelationshipbetweenvalueofdata,sharingofdataandaccessibilitytodata.
• Accessibilityinvolvestheeasewithwhichusersobtaininformation.Barrierstoaccessshouldberemovedwherereasonable.
• Thewayinformationisaccessedanddisplayedmustbesufficientlyadaptabletomeetawiderangeofuser’sneedsandmethodsofaccessingthedata.
• Accessanduseofdatarequiresanunderstandingofthedata.Itistheresponsibilityofeverydatausertounderstandthedatathattheyuseandtoguardagainstmakingmisinformedorincorrectinterpretationsofdataormisrepresentationsofinformation.
• Accesstodatadoesnotgranttheuserrightstomodifyordisclosethedata.Avoidingthesecommonissueswillrequireaneducationprocessandachangeinculture,whichcurrentlysupportsabeliefin‘ownership’ofdatabyfunctionalunits.
Principle14:DataCustodianStatement:EachdataelementhasaDataCustodianaccountablefordataquality.Rationale:Oneofthebenefitsofanarchitectedenvironmentistheabilitytosharedataacrosstheinstitution.Asthedegreeofdatasharinggrowsandorganizationalunitsrelyuponcommoninformation,itbecomesessentialthatonlythedatacustodianmakesdecisionsaboutthecontentofdata.
University of Saskatchewan Enterprise Architecture Principles Page 12 of 31
Note:Adatacustodianisdifferentthanadatasteward.Adatacustodianisresponsibleforaccuracyandcurrencyofthedata,whileresponsibilitiesofadatastewardarebroaderandincludedatastandardization,access,useanddatadefinitiontasks.Implications:
• Itisessentialtoidentifytheauthoritativesourceofthedatainordertoidentifytheownerofthedataandthemanagementandstewardshipresponsibility.
• Thedatacustodianwillberesponsibleformeetingqualityrequirementslevieduponthedataforwhichthemanagerisaccountable.
• Informationshouldbecapturedonceandimmediatelyvalidatedasclosetothesourceaspossible.Qualitycontrolmeasuresmustbeimplementedandadheredto,toensuretheintegrityofthedata.
• Asaresultofsharingdataacrosstheenterprise,thedatastewardisaccountableandresponsiblefortheaccuracyandcurrencyoftheirdesignateddataelement(s)andmustrecognizetheimportanceofthisresponsibility.
ApplicationPrinciplesPrinciple15.ConvergencewiththeEnterpriseArchitectureStatement:Theconvergencewithenterprisearchitectureisvaluedandpromotedaspartoftheinstitution’sinvestmentstrategy.Theconvergencewiththeenterprisearchitecturetakesplacestrategicallyasnewapplicationsarebuilt,newtechnologiesareimplementedandoldersystemsareupdatedordecommissioned.ExceptionstotheenterprisearchitecturemaybesupportedforspecificcaseswithexplicitapprovaloftheInformationSystemsSteeringCommittee(ISSC)throughitsdesignatedArchitecturalGovernanceProcessifthebenefitsofusingasolutionexceedthosearisingfromtheadoptionoftheenterprisearchitecture.Rationale:Convergenceoffersseveraladvantages:
• Itallowstheenterprisearchitecturetoevolveandaccommodatechangesinbusinessandtechnologies.• Itavoidsconversionsofobsoletesystems,whichareextremelyexpensive.• Overtime,itpreservesandrationalizestheinvestmentininstitutionalsystems.
Implications:
• Requiresanarchitecturalvision(As-IsvsTo-Be)atthestrategy,portfolioorcapabilitylevel.• Delayedconvergencecouldreducethebenefitsoftheenterprisearchitecture.• Requiresarealisticandtangibleapproachtomigrationtotheenterprisearchitectureandarchitectural
standards.• Requiresanexplicittransitionstrategyforcurrentsystemsafterthedesiredtargetarchitectureis
identified.• Allowsdecommissioningofaninformationsystemwhenappropriate.• Requiresabusinesscaseforexceptions,anexceptionprocessandanexitstrategy.Itmustestablish
temporaryorpermanentexceptions,aswellasexitstrategiesfortemporaryexceptions.• Requiressponsorshiptoreplaceobsoletetechnologies.• TheOneI.S.principlesareapartofenterprisearchitectureandhelpguidetheconvergencebasedon
responsibledecisionmaking.
University of Saskatchewan Enterprise Architecture Principles Page 13 of 31
Principle16.EnterpriseArchitectureAppliestoExternalITProvidersStatement:Outsourcedactivitiesmustnotbeexceptionstotheenterprisearchitecturesimplybecausetheyareprovidedbyathirdparty.Asoutsourcingcontractsandagreementsareenteredinto,theymustreflectandincorporatetheOneI.S.principles.Rationale:Tobesuccessful,enterprisearchitecturemustbeintegratedwithallinformationsystemprojectsandoperationalchangeactivities.Implications:
• Workneedstobedonetoinformprocurementareasonenterprisearchitectureissuesanddeveloppracticesthatensuretheseconsiderationsareaddressed.
• Thisrequirespartnershipsandefficientcommunicationbetweenthebusinessunit,procurementandinformationtechnologyareastogetthebenefitsofferedbytheenterprisearchitecture.
• Informationtechnologyacquisitionsmustincluderequirementsbasedontheenterprisearchitecture.Principle17:TechnologyIndependenceStatement:Applicationarchitecturemustbeplannedtoreducetheimpactoftechnologychangesandvendordependenceonthebusiness.Applicationsareindependentofspecifictechnologyoptionsandthereforecanoperateonavarietyoftechnologyplatforms.Rationale:Everydecisionmadewithrespecttotechnologymakesusdependentonthattechnology,therefore,theintentofthisprincipleistoensurethatinformationsystemsarenotdependentonspecifichardwareandoperatingsystemssoftware.Independenceofapplicationsfromthesupportingtechnologyallowsapplicationstobedeveloped,upgradedandoperatedunderthebestcost-to-benefitratio.Otherwisetechnology,whichissubjecttocontinualobsolescenceandvendordependence,becomesthedriverratherthantheuserrequirementsthemselves.
Implications:
• Adherencetothisprinciplerequiresconsiderationbegiventowhetheraninformationsystemcansupportinterchangeabletechnologycomponentssuchas:o Webbrowserso Operatingsystemso Physicalandvirtualhardwareo Networkcomponentso Cameraso Projectors
• ApplicationProgramInterfaces(APIs)willneedtobedevelopedtoenablelegacyapplicationstointer-operatewithapplicationsandoperatingenvironmentsdevelopedundertheenterprisearchitecture.
University of Saskatchewan Enterprise Architecture Principles Page 14 of 31
• Middlewareshouldbeusedtode-coupleapplicationsfromspecificsoftwaresolutions.• Thisprinciplealsoimpliesthattechnologystandardsbedocumentedandmetricsestablishedtobetter
understandoperationalcost.Adoptingindustrybenchmarksshouldprovidecomparatormetricsforefficiencyandreturnoninvestment.
Principle18:Ease-of-UseStatement:Applicationsneedtobeeasytouse.Thetechnologyshouldbetransparenttousers,sotheycanconcentrateontheirobjectivesratherthanontheirinteractionwiththesystem.Rationale:Usingdifferentapplicationsshouldbeasintuitiveasdrivingcarsofdifferentbrands.Themoreauserhastounderstandtheunderlyingtechnology,thelessproductivethatuseris.Ease-of-useisapositiveincentiveforuseofapplications.Theknowledgerequiredtooperateonesystemwillbesimilartoothers.Trainingiskepttoaminimumandtheriskofmistakesormisuseisreduced.Implications:
• Systemsthatareonlyusedoccasionallyshouldn’trequiresignificantre-learninginordertocarryoutatask.
• Thisdoesnotjustapplytotheweb-basedapplications.• Applicationsmuststriveforacommonlookandfeel.• Commonlookandfeelstandardsmustbedesignedtobeadaptabletotheenvironmenttheyoperatein
andmustevolve.Effortshouldbemadetomeasureandoptimizethelookandfeel.• Guidelinesforuserinterfacesshouldnotbeconstrainedbynarrowassumptionsaboutuserdevice,
location,language,technologyexperienceorphysicalcapability.Principle19.ComponentSimplicityandReusabilityStatement:Theinformationsystemarchitectureisbuiltwithmodular,reusable(plug-n-play)componentsthatimplementservices.Informationsystemsarchitecturemustbeassimpleaspossibletomeetchangingbusinessrequirements.Whenevercomplexityisrequired,itmustbeabstractedtopromotesimplicity.Rationale:Reusablecomponentsrepresentopportunitiestoreduceinformationsystemdevelopmenttimesandcostsbecausetheyleverageinvestmentsincurrentsystems.Modularcomponentsincreasethesystem’scapacitiestoadapttodifferentevolutionneeds,becausethechangeisisolatedfromtheaffectedmodules.Implications:
• Thearchitectureestablishesstandardsandguidelinestodevelopsystemcomponents.• Needtodevelopandpublishasharedcomponentlibraryorcatalog.• Componentsmayincludebutarenotlimitedto:
o Authenticationservicesandauthenticationlibraries
University of Saskatchewan Enterprise Architecture Principles Page 15 of 31
o Authorizationandrightsmanagementserviceso Listserviceso Commonlookandfeelstylingrepositorieso Commoncodelibrariesandrepositories
• Informationsystemarchitectureisbuiltoverlooselycoupled,modular,reusablecomponentsthatimplementservices.
Principle20.ReusableInterfacesStatement:Informationsystemsmustinteractwitheachotherthroughreusableinterfacesthatareself-describedandminimizetheimpactofchange.Rationale:Reusableinterfacesarepotentiallyconsumablebymorethanoneinformationsystemandsafeguardagainstchangesthatcausearippleeffectintotheconsumingsystems.Implications:
• Thetechnicalapproachleveragedtoaccommodatethisprinciplemaychangeovertimeasaresultofchangingtechnologypractices.
• Trainingoreducationmayberequiredtotransitionawayfromthecurrentpracticeofdevelopingpoint-to-pointsolutions.
• Itwillimproveboththespeedwithwhichinformationsystemintegrationcanbeachievedandreducetheriskassociatedwithchangeintheintegratedinstitutionalenvironment.
• Reusableinterfacesmeanthatservicesareconceivedinawaythatgeneralizesspecificconsumerneedstoallowforreusebyothersystemswithsimilarneeds.Thisavoidsthelongtermproliferationofinterfacesresultingfromcreatinganinterfaceforeachconsumerandeachspecificneed.
TechnologyPrinciplesPrinciple21:RequirementBasedChangeStatement:Changestoapplicationsandtechnologyareonlymadewhenaccompaniedbybusinessneeds.Rationale:Thisprinciplepromotesanatmospherewheretheinformationsystemsenvironmentchangestoreflectthebusinessgoals,ratherthanchangingthebusinessasaresultofinformationtechnologychanges.Thisensuresthatbusinessoperationarethebasisforaproposedchangeandthatinvoluntaryeffectsonthebusiness,resultingfrominformationtechnologychanges,areminimized.Technologicalimprovementsandadvancementmaygenerateopportunitiestoimprovethebusinessprocessandsubsequentlyalterbusinessneeds.Implications:
• Thisprincipleaddressesthedesiretoturnonadditionaltechnologicalcapabilitiessolelybecausetheyareavailablethroughavendortechnologybundleorasathrow-inonalicensingagreement.
• Atechnicalimprovementorsystemdevelopmentwillnotbeimplementedunlessadocumentedbusinessneedexists.
University of Saskatchewan Enterprise Architecture Principles Page 16 of 31
• Changemanagementprocesseswillneedtoconformtothisprinciple.• Thisprinciplemayconflictwiththeresponsivechangemanagementprinciple.Thebusinessneedmustbe
consideredbutitmustalsobealignedwithotherenterprisearchitectureprinciples.Theremustbeabalancebetweenbusinessneedsandinformationsystemoperations.
Principle22:ResponsiveChangeManagementStatement:Changestotheenterpriseinformationenvironmentareimplementedinatimelymanner.Rationale:Ifpeoplearetobeexpectedtoworkwithintheenterpriseinformationenvironment,thatinformationenvironmentmustberesponsivetotheirneeds.Implications:
• Weneedtodevelopprocessesformanagingandimplementingchangesthatdonotcreatedelays.• Auserwhoidentifiesaneedforchangewillneedtoconnectwithasubjectmatterexpert(SME)to
facilitateexplanationandimplementationofthatneed.• Ifwearegoingtomakechanges,wemustkeepthearchitecturesupdated.• Adoptingthisprinciplemayrequireadditionalresources.• Processesmayneedtobedevelopedtomanageprioritiesandexpectations.• Thisprinciplewill,attimesconflictwithotherprinciples.Whenthisoccurs,thebusinessneedmustbe
consideredbutinitiativesmustalsobebalancedwithotherenterprisearchitectureprinciples.Withoutthisbalancedperspectiveshort-termconsiderations,supposedlyconvenientexceptionsandinconsistencies,willrapidlyunderminethemanagementofinformationsystems.
Principle23:ControlTechnicalDiversityStatement:Technologicaldiversityiscontrolledtominimizethenon-trivialcostofmaintainingexpertiseinandconnectivitybetweenmultipleinformationsystemenvironments.Rationale:Thereisarealandsignificantcostrelatedtotheinfrastructurerequiredtosupportinformationsystems.Thereareadditionalcostsrequiredtointegrateandmaintaininformationsystemsrunningonmultiple,andoccasionallyinconsistent,infrastructures.Limitingthenumberofsupportedcomponentswillsimplifymaintenanceandreducecosts.Thebusinessadvantagesofminimaltechnicaldiversityinclude:
• Standardpackagingofcomponents• Predictableimplementationimpact• Predictablevaluationsandreturns• Greaterflexibilitytoaccommodatetechnologicaladvances• Fewerserviceoutagesandlowertrainingcosts
Commontechnologyacrosstheenterprisebringsthebenefitsofeconomies-of-scaletotheenterprise.Technicaladministrationandsupportcostsarebettercontrolledwhenlimitedresourcescanfocusonthissharedsetoftechnology.
University of Saskatchewan Enterprise Architecture Principles Page 17 of 31
Implications:• Technologyplatformsmustbeidentifiedanddocumented,andanalysisneedtobedonethatrationalizes
theexistingdiversity.• Policies,standardsandproceduresthatgoverntheacquisitionoftechnologymustbetieddirectlytothis
principle.• Technologychoiceswillbeconstrainedbythechoicesavailablewithinthetechnologyarchitecture.
Proceduresforchangingthetechnologystandardstomeetevolvingrequirementswillhavetobedevelopedandimplemented.
• Wearenotfreezingourtechnologybaseline.Wewelcometechnologyadvancesandwillchangethetechnologyarchitecturewhencompatibilitywiththecurrentinfrastructure,improvementinoperationalefficiencyorarequiredcapabilityhasbeendemonstrated.
Principle24:SeamlessIntegrationStatement:Softwareandhardwareshouldconformtodefinedstandardsthatpromotetheseamlessintegrationofdata,applicationsandtechnology.Rationale:Standardshelpensureconsistency,whichreducesthecomplexityofmanagingsystems,improvesusersatisfactionandprotectstheexistinginformationsysteminvestments.Thismaximizesreturnoninvestmentandreducescosts.Adheringtointegrationstandardsallowsforsupportfrommultiplesuppliers,reducingthecostassociatedwithvendorlock-in.Implications:
• Integrationstandardsandindustrystandardswillbefollowedunlessthereisacompellingbusinessreasontoimplementanon-standardsolution.
• Aprocessforsettingstandards,reviewingandrevisingthemperiodicallyandgrantingexceptionsmustbeestablished.
• Theexistinginformationsystemplatformsmustbeidentifiedanddocumented,anddecisionsneedtobemadeaboutaprocessforconvergencetowardthenewlydefinedstandard.
University of Saskatchewan Enterprise Architecture Principles Page 18 of 31
AppendixA:Applyingtheprinciples–ExamplesThescenariosbelowarepurelyhypotheticalanddonotreflecttheprioritizationthattheinitiativemayreceive.Thequestionsandanswersareexamplesdesignedtohelpthereaderunderstandhowtheprinciplescanhelpevaluateaninitiativetoensureitalignswiththeenterprisearchitecture.Thequestionsbelowarechallengingandensureproperconsiderationhasbeengiventoallaspectsofinformationsysteminitiatives.Dependingonwhereyouareinthedevelopmentofaninitiativeyoumaynotbeabletoanswerthequestioninalinearfashion,buteachprincipleneedstobeassessedatsomepoint.
Scenario1:AlumniandResearchMappingAdvancementCommunicationsandEngagement(ACE)hastwomappinginitiativestheywouldliketopursue.ThefirstinitiativewouldallowalumnitoreconnectwithformerclassmatesbysharingtheirlocationinformationandpersonalinformationonamapwhichcanbeaccessedfromtheACEwebsite.ThecurrentACEwebsitesupportsonlytextualinformationsharing.Thesecondinitiativeistopromoteoutreachandengagementbyvisuallyshowingoutreachandengagementresearchactivityonamap.
ApplicationofPrinciplesPrinciple Impact
PrincipledDecisionMaking Arethereanyotherconsiderationsinfluencingthedirectionofthisinitiative?Ifso,whatarethey?Yes,theseinitiativeswereidentifiedassomeofthehighestvalueactivitiesontheACEbacklog.
MaximizeValuetotheUniversity
• Whataretheanticipatedbenefits?• Whatisthelifeexpectancyofthisinitiative?• Howwillyoudetermineifthisinitiativeissuccessful?• Howwillyoudetermineifthisinitiativeisunsuccessfulandneeds
tobestopped?• Whatistheanticipatedtotallifecyclecoststosupportthis
initiative?• Whatistheexitstrategyandcostifthisinitiativedoesn’trealize
theanticipatedvalue?
Itisanticipatedthatalumniinteractionswithothersthathaveasharedbackground,andawarenessofuniversityinitiativesandeventsintheirareawillresultinincreasedsupportfortheuniversity.Theexistingservicehasbeeninplaceforseveralyearsbuthasverylowusage.Oneofthegoalsofchangingtheserviceistoincreaseparticipation.Ifthereisnoincreaseinparticipationtheservicewillbere-envisionedandthedataconvertedordestroyed.
University of Saskatchewan Enterprise Architecture Principles Page 19 of 31
MaintainTransparencyinInformationSystemDecisionMaking
Confirmwhichorganizationalunit(s)areaffectedbythisinitiativeorchange.Thisinformationwillhelpdeterminethetargetgovernancecommittee.Who-asidefromtheoriginalcustomer-mightbenefitfromusingthissystem?Atthispoint,itisnotanticipatedthatanyotherunitwillhaveasimilarneed.
PlanforContinuedOperations
• Whatinstrumentationisdeliveredwiththeservicethatallowshealth,performanceorutilizationtobemonitored?
• Whataretheup-timerequirementsoftheservice?• Whataretheconsequenceofthisservicebeingoffline?• Aretherealternativemodesofoperation?• Doestheservicerequireredundancy?• Doesthisservicerelyonanyotherserviceorsub-servicetobe
operational?• Inadisasterscenario:
o Howmuchdatalossistolerable?o Isthereatargetrecoverytime?
• Whatistheplanforaddressingcriticalsecuritypatches,updatesandrenewalsforthissystem?Dothesepatcheshappenautomaticallyonaregularscheduleorissomeoneresponsibleforwatchingforandapplyingthesepatches?
• Howwillthesystembescannedforvulnerabilities?Thesystemisn’tcriticaltoouroperationsandwedonotanticipateaneedtodevelopanalternatemodeofoperation.Downtimesofafewdaysaretolerableaslongasthereissomeindicationthattheserviceistemporarilyoffline.Withregardtopatchingandvulnerabilityscanningofoperatingsystems,theplanistoleverageinternalplatformservicestohostthissystem.Thisisaddressedaspartoftheirserviceoffering.However,wewillneedtodevelopaprocesstohandlelifecyclemanagementandwatchforcriticalfixes.
MinimizeDuplication • Isthedesiredfunctionalitypartofthefutureroadmapinacoreorenterprisesystem?
o Ifso,isthecurrenttimelineacceptable?o Ifthecurrenttimelineisn’tacceptable,canthetimelines
bechangedorastop-gapsolutionbeputinplace?
University of Saskatchewan Enterprise Architecture Principles Page 20 of 31
• Ifthedesiredfunctionalityisnotpartofafutureroadmapandthereisn’tanexistingsystemthatmaysupportthisinitiative,isthisacommonneedacrosscampus?
Thereisn’tasystemthatspecificallyprovidesthisfunctionalitybutthereareanumberofserviceslikemapping(GIS)thatexist.
MaintainLegalandRegulatoryCompliance
• Arethereanyaccreditation,regulatoryorlegalrequirementsassociatedwiththissystem,thebusinessprocessesordata?
• Istheinformationinthissystemconsideredpartofthecoreuniversitybusinessrecords?
• Doesthissystemstorepersonalinformation,healthdata,creditcarddataorothersensitiveinformation?
Thesystemwouldcollectpersonalinformation,butitisanoptionalservicewherethealumniandresearchersarevoluntarilysupplyinginformationtobediscovered.Iftheservicewaswildlysuccessful,thissystemcouldbecomeasystemorauthorityforalumnilocationinformation.
Risk-BasedApproachtoSecurity
• Howandbywhomisthedatacollected,modifiedordisposedof?• Whatarethethreatstothissystemortheinformationcontained
withinitandwhatarethesafeguards?• Whatdatasafeguardswillcontrolorlimitaccessbyindividuals,
supportstaffandadministrators?Alumniandresearcherswouldbeprovidingtheinformationthemselves,butmodifyinganddeletingthedatashouldbeprotectedoratleastlimitedtotheindividualthatsupplieditorasupportstaffmember.Theinformationisfreelyavailabletoviewonlinebutitwouldbedetrimentalfortheserviceandtheuniversityifanunauthorizedpersonmodifiedthedataandaddedundesirablecontent.Weneedtocontrolwhocanadd,modifyordeletetheinformationandwewillneedtomonitorcontentjustincase.
InformationSystemsResponsibility
• Whoistheexecutivesponsor(AVPorDean)accountableforthisinitiative?
• Whoisthebusinessowner?• Whoisthetechnicalmanagerandownerofthisinitiative?• Hasinformationabouttheinitiativeorsystembeenrecordedin
thecentralapplicationcatalogue?
University of Saskatchewan Enterprise Architecture Principles Page 21 of 31
Theinformationwillberecordedintheapplicationcatalogue.TheexecutivesponsoristheAVPCommunications.Thedirectorofcommunicationandoutreachisthelineofbusinessowner.TheManager,ICTAcademicandWebServicesisthetechnicalmanager.
ContinuousImprovement • Whatistheexpectedsizeoftheuserbase?Howisthisinitiativeanticipatedtochangeoverthenextthreetofiveyears?
• Doyouhavecurrentorforecastedmetrics?o Ifnot,howdoyoudetermineifyouareimproving
something?• Whatprocesseswillbeputinplacetogather,evaluateandreport
metrics?
Thecurrentsystemhaslowutilizationandslowgrowthwithmaybeafewhundredentriesintotalandafewthousandviewsperyear,butweanticipateagrowthrateof1,500newentriesperyear.Weareplanninginitiativesthatdirectpeopletothissystemandwillneedtodevelopawaytomeasureconversion.
DataisanAsset • Whatdataisthissystemauthoritativefor?o Whowillgovernit?
• Whatarethebusinessuser’sdataqualityrequirements?• Willtheinformationbeofhighenoughqualitythatitcan
potentiallybeshared?• Doesthissystemneeddatafromothersources?
o Ifso,whatistheintegrationmodel?Thesystemisauthoritativeforgeo-locationofthosealumniandresearchinitiativesthathaveoptedin.ACEwillgovernthedatabutwedon’tanticipatethedatawillbecompleteenoughorofhighenoughaccuracythatitwillbeusefulforanyotherpurpose.
DataisaSharedResource • Isthedatafromthissystemvaluabletoothersystemsorunitsoncampus?
o Shoulditbecollectedincentralsystems?• Whatisthemodelforexposingthedata?Unlesstheinitiativebecomeswildlysuccessfulthereisnoanticipateduseforthedataoutsidethesystem.
CommonVocabularyandDataDefinitions
• Arethereaccessibilityguidelines,sensitivelabelandbusinessrulesforthisdata?
• Istheexternalsystemsdatausedbythissystemconsistentwiththeallowableusageidentifiedintheuniversity‘glossary’ofdata?
University of Saskatchewan Enterprise Architecture Principles Page 22 of 31
Thissystemmayuseinformationfromtheauthenticationservicestogetthenameofthepersonpostingtheirlocation.Weareplanningontellingalumnithatthelocationdatawillnotbeusedforanyotherpurpose.
DataisEasilyAccessible • Whatintegrationmodelortechniqueswillbeusedtosharedatawithotherunits,businessprocessesorsystems?
• Isthereaprocessbeingdevelopedtohelpdatausersunderstandthedatainthissystem,theresponsibilitiesassociatedwithitandthelimitsofitsuse?
Wearen’tcurrentlyplanningonsharingthedata.
DataManager • Whowillbeensuringthequalityofthedata?• Arethereprocessestoreviewandvalidateuserdatatoensure
thatit’snotout-of-date?• Whatprocesseswillcorrectunsatisfactorydata?• Howwillthedataqualitybemeasured?Wewillneedtodevelopaprocesstokeepthedatacurrent(uptodate)andageoutinformationthatisnolongerrelevant.
ConvergencewiththeEnterpriseArchitecture
• Whatsystem,manualorelectronicprocessisthisreplacing?o Isthereadeprecationplanforthoseservice(s)?
Thereisanonlinesystemthathelpslocatealumniinyourarea.Thisinitiativeisare-envisioningofthatsystemandwillenhanceorreplaceit.
EnterpriseArchitecturealsoAppliestoExternalITProviders
• WillthissystemorpartsofituseexternalSaaS,PaaSorIaaS?o Ifthesystemisexternallyprovided,howistheservice
provideraddressingtheprinciples?Aspartofthesolutiondevelopmentprocesswewillevaluateonandoffpremisemappingservicesandwillreviewthisdocumenttohelpwithselectionofthetechnology.
TechnologyIndependence • Doestheapplicationsupportinterchangeablecomponents?o Webbrowserso Operatingsystemso Physicalandvirtualhardwareo Networkcomponents
University of Saskatchewan Enterprise Architecture Principles Page 23 of 31
o Cameraso Projectorso Directories
Thesystemwillneedtosupportmultiplebrowsersandmobileplatforms.Wewillneedtomonitortheothers.
Ease-of-Use • Howdoesthelookandfeelcomparetootheruniversitysystems?• Willtheapplicationrunonmultipledevices,includingmobile?Thesitecurrentlydoesn’tusethecentrallysupportedvisualidentitytemplatesbutthevisualstylingandfeelofthesiteisrelativelyconsistentwithotheruniversitysites.
ComponentSimplicityandReusability
• Whatbusinessprocesses,dataorpartsoftheinformationsystemareofgeneraluseorcouldbeleveragedasageneralpurposecomponent?
• Isthisinformationsystemcapableofleveragingexistinginfrastructure?
Theauthenticationserviceswillbeleveragedtofacilitateaccesstothesystem,butothersarelessclear.
ReusableInterfaces • Areinterfacesbeingdesignforconsumptionbyothersystems?Notapplicableforthissystem.Seedatasharingabove.
RequirementBasedChange • Isthereanestablishedbusinessneedforthissystem?Yes,see“MaximizeValuetotheUniversity”
ResponsiveChangeManagement
• Isitpossibletodeliverpartsofthesystemimmediatelywhileotherpartsarebeingdevelopedsotheorganizationalunitcanstarttobenefitimmediately?
Yes,wecouldstartbymappingalumniinformationandengagementresearchprojectswealreadyhavepermissiontodisplaythenwecouldstartgettingfeedbackfrompotentialclientswhileweimprovedatacollectionprocesses.
ControlTechnicalDiversity • Areanynewtechnologies,librariesorservicesbeingintroducedtotheuniversityeco-systemasaresultofthisinitiative?
o Ifso,aretherebarrierstothembecomingthestandard?
Thegoalwillbetoleverageexistingtechnologystandardsandplatformsandbuildonthemwhererequired.
University of Saskatchewan Enterprise Architecture Principles Page 24 of 31
SeamlessIntegration • Howwillthisservicebediscovered?• Howdouserstransitioninandoutoftheservicefromother
universityservices?TheservicewillbediscoveredboththroughthealumnipageswithinthemainUofSwebsitebutalsowithinPAWSaspartofthealumniservicesareainPAWS.WhennavigatingfromPAWSsomeinformationmaybepre-populated.
OutcomeTherecommendationforthisinitiativeisapointsolutiontoaddressmappingcurrentinformationanddatacollection,abriefroadmaptoaidinlifecyclemanagementandmonitoringforgrowth.Eventuallywithenoughgrowththisinitiativecouldbecomingashareablesourceofgeolocationdataforalumni.Existingin-housetoolsandinfrastructureshouldbeleveragedwherepossibleandthesolutionshouldbeimplementedinawaythatstrivestoreducetheoperationalcostofsupport.Linkagetoothersystemsoncampusshouldbeexploredtoimprovediscoverability.
Scenario2:CollegeStudentAdmissionsSystemRenewalInthisscenario,acollegeidentifiesthatitrequiresanewsystemforsupportingthestudentadmissionsprocesses.Thecollegehashistoricallymanagedtheprocessesmanuallyusingspreadsheetsandonlineformsthatresultinemailstocollegeadministrativestaff.However,thisprocessisslowanderror-proneandthevolumeofnewapplicationsnowjustifiesamorerobustsystem.ASoftwareasaService(SaaS)vendorgaveapresentationoftheirsystemstothecollegeanditlooksveryattractive.
ApplicationofPrinciplesPrinciple Impact
PrincipledDecisionMaking Arethereanyotherconsiderationsinfluencingthedirectionofthisinitiative?Ifso,whatarethey?Noconsiderationsasidefromtheprinciples.
MaximizeValuetotheUniversity
• Whataretheanticipatedbenefits?• Whatisthelifeexpectancyofthisinitiative?• Howwillyoudetermineifthisinitiativeissuccessful?• Howwillyoudetermineifthisinitiativeisunsuccessfulandneeds
tobestopped?• Whatistheanticipatedtotallifecyclecoststosupportthis
initiative?
University of Saskatchewan Enterprise Architecture Principles Page 25 of 31
• Whatistheexitstrategyandcostifthisinitiativedoesn’trealizetheanticipatedvalue?
Theanticipatedbenefitincludesamorerobustprocessthatreducestherelianceonadministrativesupportstafftocompileandprocesstheapplications.Thissystemsisexpectedtolastforthenext20to30years.Ifsuccessful,theoveralltimetoprocessapplicationswillbereducedby20%andwillhave30%fewererrors.Itwillbeunsuccessfulifitiscumbersomeandnegativelyimpactsthenumberofapplications.TheSaaSofferinghasaperuserfeescheduleof$20perapplicationreceived.Lastyear,thecollegereceived2,000applications.Therewasalsoaslightincreaseinrecruitmentactivitywhichshouldincreaseapplicantsby10%.So,theanticipatedtotalcostis$40,000to$50,000fortheyear.Itisunclearwhatthecostwillbetogetourdatabackfromthevendor.
MaintainTransparencyinInformationSystemDecisionMaking
Confirmwhichorganizationalunit(s)areaffectedbythisinitiativeorchange.Thisinformationwillhelpdeterminethetargetgovernancecommittee.Who-asidefromtheoriginalcustomer-mightbenefitfromusingthissystem?Allcollegesoncampusneedsomeformofadmissionsprocessesandthereisacentraladmissionssystemthatdoesn’taddressalloftherequirementswehaveforadmissions,andweareawarethatsomeothercollegeshavetheirownadmissionssystems.Weknowwhateverwedowillneedtointegratewiththecentralstudentinformationsystem.
PlanforContinuedOperations
• Whatinstrumentationisdeliveredwiththeservicethatallowshealth,performanceorutilizationtobemonitored?
• Whataretheup-timerequirementsoftheservice?• Whataretheconsequenceofthisservicebeingoffline?• Aretherealternativemodesofoperation?• Doestheservicerequireredundancy?• Doesthisservicerelyonanyotherserviceorsub-servicetobe
operational?• Inadisasterscenario:
o Howmuchdatalossistolerable?o Isthereatargetrecoverytime?
University of Saskatchewan Enterprise Architecture Principles Page 26 of 31
• Whatistheplanforaddressingcriticalsecuritypatches,updatesandrenewalsforthissystem?Dothesepatcheshappenautomaticallyonaregularscheduleorissomeoneresponsibleforwatchingforandapplyingthesepatches?
• Howwillthesystembescannedforvulnerabilities?Someofthedetailedinformationrequestedherewedon’thaveyetaswehaveonlybeenassessingwhetherornotthesystemmeetsourrequirements,buthereiswhatweknow.Thevendorwelookedathasreportsaboutusageandperformance.Weacceptapplicationsatalmostanytimeduringtheyearsothesystemshouldbeup24hours-a-day,7days-a-week.Itwouldbeunacceptabletoloseanydataandweneedtoensurethatthisrequirementispartofanyservicelevelagreement.Thevendorsservicelevelagreementwillneedspecificinformationaboutrecoverytimes,lossofdata,vulnerabilityscanningandhowpatchingisaddressed.
MinimizeDuplication • Isthedesiredfunctionalitypartofthefutureroadmapinacoreorenterprisesystem?
o Ifso,isthecurrenttimelineacceptable?o Ifthecurrenttimelineisn’tacceptable,canthetimelines
bechangedorastop-gapsolutionbeputinplace?• Ifthedesiredfunctionalityisnotpartofafutureroadmapand
thereisn’tanexistingsystemthatmaysupportthisinitiative,isthisacommonneedacrosscampus?
Thecurrentstudentinformationsystem(SiRIUS)isonlyan80-85%fitwiththerequirements,withoutcustomization.Itispossiblethatthemissingfunctionalityisonafutureroadmap.
MaintainLegalandRegulatoryCompliance
• Arethereanyaccreditation,regulatoryorlegalrequirementsassociatedwiththissystem,thebusinessprocessesordata?
• Istheinformationinthissystemconsideredpartofthecoreuniversitybusinessrecords?
• Doesthissystemstorepersonalinformation,healthdata,creditcarddataorothersensitiveinformation?
Theinformationinthissystemwouldbepartofthecoreuniversityrecordanditcontainspersonalinformationbuttherearenoaccreditationprocesseslinkedtoadmissionsinthiscollege.
University of Saskatchewan Enterprise Architecture Principles Page 27 of 31
Risk-BasedApproachtoSecurity
• Howandbywhomisthedatacollected,modifiedordisposedof?• Whatarethethreatstothissystemortheinformationcontained
withinitandwhatarethesafeguards?• Whatdatasafeguardswillcontrolorlimitaccessbyindividuals,
supportstaffandadministrators?• IsthedatacenterforthissysteminSaskatchewanorCanada?Studentswhosupplytheirapplicationinformationtothesystemandadministrativestaffwiththeappropriatecredentialscanaccesstheinformation.ThedatacentersareintheUnitedStates.Atthispoint,weareunawareofawaywecanlinkthissystemtothecentralsystemsoruseNSIDs.Therefore,theadministratorwillcreateanaccountforallsupportstaffdirectlyonthissystemandwillusetheUofSemailaddressandarandomfivecharacterpasswordwhensettinguptheaccount.
InformationSystemsResponsibility
• Whoistheexecutivesponsor(AVPorDean)accountableforthisinitiative?
• Whoisthebusinessowner?• Whoisthetechnicalmanagerandownerofthisinitiative?• Hasinformationabouttheinitiativeorsystembeenrecordedin
thecentralapplicationcatalogue?DeanofFictionalCollege
ContinuousImprovement • Whatistheexpectedsizeoftheuserbase?Howisthisinitiativeanticipatedtochangeoverthenextthreetofiveyears?
• Doyouhavecurrentorforecastedmetrics?o Ifnot,howdoyoudetermineifyouareimproving
something?• Whatprocesseswillbeputinplacetogather,evaluateandreport
metrics?
Therewereabout2,000applicantsthatyearandtherehasbeena10%increaseinapplicantsoverthelasttwoyears.Thisisanticipatedtocontinueforatleasttwomoreyears.Wereallyneedtomonitorthisbecauseiftheapplicantpoolmorethandoubleswedon’thavereservefundingtocovera$100Kbill.
DataisanAsset • Whatdataisthissystemauthoritativefor?o Whowillgovernit?
• Whatarethebusinessuser’sdataqualityrequirements?
University of Saskatchewan Enterprise Architecture Principles Page 28 of 31
• Willtheinformationbeofhighenoughqualitythatitcanpotentiallybeshared?
• Doesthissystemneeddatafromothersources?o Ifso,whatistheintegrationmodel?
Applicantinformationforthecollege.TheVice-ProvostTeachingandLearningisthedatastewardforthisinformationbutthecollegewillberesponsibletoensureitiscorrectandflowsintothestudentinformationsystemoncetheapplicationisaccepted.
DataisaSharedResource • Isthedatafromthissystemvaluabletoothersystemsorunitsoncampus?
o Shoulditbecollectedincentralsystems?• Whatisthemodelforexposingthedata?Itwillbevaluabletootherunitsandcollegesifthestudentisaccepted.Itmayalsobevaluabletotheuniversitytounderstandhowrecruitmentactivityinonareaaffectsothercolleges.
CommonVocabularyandDataDefinitions
• Arethereaccessibilityguidelines,sensitivelabelandbusinessrulesforthisdata?
• Istheexternalsystemsdatausedbythissystemconsistentwiththeallowableusageidentifiedintheuniversity‘glossary’ofdata?
Thevendormaybeabletosupplythis.
DataisEasilyAccessible • Whatintegrationmodelortechniqueswillbeusedtosharedatawithotherunits,businessprocessesorsystems?
• Isthereaprocessbeingdevelopedtohelpdatausersunderstandthedatainthissystem,theresponsibilitiesassociatedwithitandthelimitsofitsuse?
TheSaaSvendorgivesprintablereportsandcsvfilesthatwecanusetoimportintoothersystems.
DataManager • Whowillbeensuringthequalityofthedata?• Arethereprocessestoreviewandvalidateuserdatatoensure
thatit’snotout-of-date?• Whatprocesseswillcorrectunsatisfactorydata?• Howwillthedataqualitybemeasured?Themanagerofadmissionsinthecollegewillneedtoberesponsibleforthedataquality.Thiswillrequirethemtotrainstaffonwhatisappropriateanddevelopprocessestoidentifybaddataandcorrectitbeforeitbecomespartofcentralsystemdata.
University of Saskatchewan Enterprise Architecture Principles Page 29 of 31
ConvergencewiththeEnterpriseArchitecture
• Whatsystem,manualorelectronicprocessisthisreplacing?o Isthereadeprecationplanforthoseservice(s)?
Thisisreplacingsomemanualadmissionsprocesses,andawebformthatcanbepulleddownoncethenewsystemisinplace.
EnterpriseArchitecturealsoAppliestoExternalITProviders
• WillthissystemorpartsofituseexternalSaaS,PaaSorIaaS?o Ifthesystemisexternallyprovided,howistheservice
provideraddressingtheprinciples?Yes,thereisastrongdesiretogowiththeSaaSvendors’product.
TechnologyIndependence • Doestheapplicationsupportinterchangeablecomponents?o Webbrowserso Operatingsystemso Physicalandvirtualhardwareo Networkcomponentso Cameraso Projectorso Directories
YoucanonlyuseMozillaFirefoxtoaccessthesite,otherbrowsersdon’tworkwellandresultinstrangelayoutproblems.
Ease-of-Use • Howdoesthelookandfeelcomparetootheruniversitysystems?• Willtheapplicationrunonmultipledevices,includingmobile?ItdoesnotresembleotherUofSsystems,thoughwecancontractthevendortodolayoutcustomizations.Itwillnotrunonmobiledevices.
ComponentSimplicityandReusability
• Whatbusinessprocesses,dataorpartsoftheinformationsystemareofgeneraluseorcouldbeleveragedasageneralpurposecomponent?
• Isthisinformationsystemcapableofleveragingexistinginfrastructure?
Nopossibilityofre-use
ReusableInterfaces • Areinterfacesbeingdesignforconsumptionbyothersystems?Nointerfacesavailable.Thevendorsuggeststheywillhavesomethingforfuturereleases.
RequirementBasedChange • Isthereanestablishedbusinessneedforthissystem?
University of Saskatchewan Enterprise Architecture Principles Page 30 of 31
Yes.SeetheMaximizeValueprinciple.
ResponsiveChangeManagement
• Isitpossibletodeliverpartsofthesystemimmediatelywhileotherpartsarebeingdevelopedsotheorganizationalunitcanstarttobenefitimmediately?
No,itisaturnkeysystem.
ControlTechnicalDiversity • Areanynewtechnologies,librariesorservicesbeingintroducedtotheuniversityeco-systemasaresultofthisinitiative?
o Ifso,aretherebarrierstothembecomingthestandard?
No,thisiscompletelyself-contained.
SeamlessIntegration • Howwillthisservicebediscovered?• Howdouserstransitioninandoutoftheservicefromother
universityservices?Adiscoverablelinkwouldbesetupfromthecollegewebsite.
OutcomeTheenterprisearchitecturerecommendationistore-usetheSiRIUSsystemgiventheleveloffit.AsecondaryrecommendationistoreviewtheadmissionsprocessesandenhanceSiRIUStoaddressanygapsthataren’tcostprohibitive.Thecollegemaynotbesatisfiedwiththisrecommendationandmayrequestanarchitectureexception.Ifanexceptionweretobegranted,alternatevendorsshouldbesoughtoutduetopoorintegrationoptionswithexistingcampusassets.Partneringwiththisvendorwouldresultinbothinitialandlong-termcoststhatgowellbeyondthecostperapplicantmodelassumed.
University of Saskatchewan Enterprise Architecture Principles Page 31 of 31
AppendixB:GlossaryTerm Definition
ISSC TheInformationSystemsSteeringCommitteeisanexecutive-levelcommitteereportingtoPCIPandUniversityCouncil.Settingstrategicobjectivesandestablishinginstitutionalcriteriaforprioritizingsystemsinitiativeswillbedonebythiscommittee.TheISSCisaccountableforoverarchinginformationsystemspolicies,strategiesandstewardship.Thiscommitteeprovidesstewardshipfortheinformationsystemsprojectportfolioanditensuresinformationsystemsdecisionshaveastrategicfit,functionalutilityandbalancedinvestmentacrosstheinstitution.Thecommitteewillalsoaddressbenefitsrealizationofimplementedprojects.Enterprisearchitecturestandardsareapprovedbythisgroup.
Enterprise Auniversity-widecontextencompassingallofitsinformationandtechnologyservices,processesandinfrastructure.
Architecture Thefundamentalorganizationofasystemembodiedbyitscomponents,theirrelationshiptoeachotherandtheenvironmentandtheprinciplesgoverningitsdesignandevolution.
EnterpriseArchitecture
Aconceptualarchitecturalblueprintthatdefinesthestructuresandoperationsofanorganization.
InformationTechnology(IT)
Ageneraltermthatreferstoanythingrelatedtocomputertechnology.Thismayincludethepeople,software,servers,networkingandtheInternet.
InformationSystems(IS)
Ageneraltermthatreferstoanythingrelatedtocomputertechnology.Thismayincludethepeople,software,servers,networkingandtheInternet.
OrganizationalUnits
Agenerictermusedtorefertocollegesanddepartmentswithintheuniversity.
VendorLock-in Thesituationinwhichtheuniversityisdependentonavendorforproductsorservicesandisunabletouseothervendorswithoutasubstantialswitchingcost.
COTS CommercialOff-The-Shelf.Asoftwarepackagesoldbyavendor.