Deploying SOA introduces new challenges, such as service sprawl, “SOA silos”, inter-organization service use, and service evolution. SOA also heightens the importance of addressing existing challenges that IT has been encountering for years, such as funding models, functional ownership, and standards compliance.

To deploy SOA successfully, an enterprise must meet these challenges, but in many cases new technology is not the answer. New ways of doing things, and new controls to ensure that they are done right, are what is needed. In short, successful SOA requires new forms of governance.

This section of the SOA Source Book introduces the concepts of SOA governance. It describes:

• What SOA governance is;
• What kind of SOA governance regimen an enterprise needs; and
• An overall SOA governance framework;

Further sections describe two elements of the framework in more detail: the generic SOA Governance Reference Model, and the SOA Governance Vitality Method.

These sections will help you to define and implement the right form of SOA governance for your enterprise.

Definition of SOA Governance

The term “governance” is originally from political theory, where it refers to a system by which a political unit is controlled, and to the exercise of that control. The term is now also used in relation to enterprises, where it refers to the organization and control of people to perform enterprise activities. SOA Governance is the organization and control of people to perform enterprise activities concerned with the development, implementation and operation of service-oriented architectures.

SOA Governance should be viewed as the application of corporate governance, information technology (IT) governance, and enterprise architecture (EA) governance to SOA.

The Open Group Architecture Framework (TOGAF) defines architecture governance as: “The practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level.

IT Governance includes the decision rights, accountability framework and processes, to encourage desirable behavior in the use of IT. (See Control Objectives for Information and related Technology (COBIT) Version 4.1, available from ISACA.)

Corporate Governance is the set of processes, customs, policies, laws and institutions affecting the way a corporation is directed, administered or controlled. (See the OECD Corporate Governance Principles 2004, available from the Organization for Economic Cooperation and Development.)

SOA Governance extends IT and EA governance, ensuring that the benefits of SOA are realized. This means governing, not only the execution aspects of SOA, but also the strategic planning activities.

Enterprise SOA Governance Regimens

To address the challenges of SOA, an enterprises needs a comprehensive and appropriately detailed SOA governance regimen that covers:

• Processes – including governing processes and governed processes;
• Organizational structures – including roles and responsibilities; and
• Enabling Technologies.

Introducing such a regimen can be difficult. It is generally best to do it gradually, making adjustments in the light of experience, rather than in a single step.

Different enterprises need different governance regimes - there is no “one size fits all.” This is partly because each enterprise has people with a different mix of capabilities and skills. It is also because each enterprise is engaged in a different set of activities, and adopts a different strategy for conducting them.

Also, because enterprise circumstances are constantly changing, enterprise governance - including SOA governance - must be capable of change too: it must have vitality, and not be rigid or static.

To address the challenges, an enterprise must therefore have a tailored SOA governance regimen that covers processes, structures, and enabling technologies and that can be deployed in an iterative and incremental manner.

SOA Governance Framework

The SOA Governance framework enables enterprises to define and deploy their own focused and customized SOA Governance regimens, based on enterprise-specific factors such as business model, SOA maturity, and company size. It describes what decisions must be made, who should make them, how they are made and monitored, and what organization and tools will support them. It uses an incremental approach so that enterprises can continue to meet their current SOA demands while fulfilling their long-term aspirations and goals for SOA.

The SOA Governance Framework is illustrated in the figure below.

It consists of the SOA Governance Reference Model, which is used as a baseline, and the SOA Governance Vitality Method, which is a definition, improvement and feedback process that can produce a focused and customized SOA Governance regimen for each enterprise. They are described in further sections of this Source Book.