SAP PI Governance P… · management of the interface design and build processes in SAP PO (SAP Process Orchestration)”. “Determine Best Practices, Roles and Security considerations

SAP PI GovernanceSecurity, Compliance, Quality and Risk management of

interfaces

Author: JFJD• Approved by: xxxx • Version 0a NNIT CONFIDENTIALSlide 2

Agenda

IT Governance

Definition

Enterprise Architecture

Enterprise IT Governance

ISO 38500

Governance for SAP PI

Why Governance in SAP PI?

Purpose

Audience

Document Life Cycle

Teasers

When to Apply Governance?

Other Benefits

Key Points and Next Steps


IT GOVERNANCEIntroduction to


IT Governance in GxP projects

Definitions

"Specifying the decision rights and accountability framework to encourage desirable

behaviour in the use of IT."[1]

"an integral part of corporate governance and addresses the definition and implementation

of processes, structures and relational mechanisms in the organization that enable both

business and IT people to execute their responsibilities in support of business/IT alignment and

the creation of business value from IT enabled investments"[2]

Keywords:

Accountability, Performance, Compliance, Risk, Sustainability, Behaviour, Operations,

TCO, ROI

We don’t take overship of GxP processes (Validated systems) but we adhere and advice

towards them!

GxP is traceability, in order for have that accountability and responsibility need to be

very clear. Ie. Never miss a code review

1. Weill, P. & Ross, J. W., 2004, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results", Harvard Business School Press, Boston.2, Van Grembergen and De Haes (2009)


IT Governance in Enterprise Architecture

Business Architecture

What has been done?

Who has done it?

Which information was used?

Where was it done?

Information Architecture

Data

Integration

Applications

Technology Architecture

Security, Management, Platforms,

Networks, etc.

IT Governance assures the support of the accountability framework by the Information and technology resources and architecture.


Enterprise IT Governance Organization, Human Behavior,

Control

Processes, Business Liason ,

Change Management

Hardware, Infrastructure, Data

and Applications

Regulation, Compliance

Sustainability, Risk, TCO, ROI,

Impact, Health, Environment

IT Governance has a stake in

all enterprise layers

IT Governance is NOT the

same as Good Management

Practice

IT Governance focuses over

stakeholders, accountability

and return over their

investments


ISO 35800 – A good start

International standard for Corporate governance of

information technology/

Contents:

Scope, application and objectives

Framework for good corporate governance of IT

Guidance for corporate governance of IT

The objectives of the ISO 38500 standard:

Assuring stakeholders that they can have confidence in the

organization's corporate governance of IT

Informing/guiding corporate management in governing the use of IT

in their organization

Providing a basis for objective evaluation of the corporate

governance of IT

Source: <http://www.38500.org/objectives.htm>

http://www.38500.org/

http://www.38500.org/objectives.htm


Questions?

How to translate IT and Corporate governance into IT technical

Systems?

How do you control your accountability framework?

Where do Quality documents and Standards fit and who has

ownership?


Questions?

How to translate IT and Corporate governance into IT technical

Systems?

Compose Guidelines, Preferences and Best practices which are technology specific

but addressed to not only to technical audiences.

How do you control your accountability framework?

Governance as a contractual document for quality and expectations toward

deliverables

Where do Quality documents and Standards fit?

Implementation Standards and procedures are under the umbrella of governance


GOVERNANCE FOR SAP POTeaser


Why Governance in SAP PO?

Importance of Integration:

Interfaces supporting critical business processes

Process Integration as tool for optimizing business processes

Integration in all functional areas

High Volume of transactions

Risks

Critical Business Processes halted due to technical issues

Sensitive data in interfaces

Security of Integration Engines

Un-compliance over regulations

Expensive Operations


Why Governance in SAP PO?

How do we mitigate risk and increase accountability?

Best Practices

Well defined Roles

Well defined Standards

Documentation Processes

Why is different SAP PO?

Is a technical system (no users)

Is a critical system, (ESOA single point of failure)

Supports Open and Industry standards

Very flexible, high implementation volumes

Badly designed interface could jeopardize the whole system stability

Standard IT Governance is not a perfect fit


SAP PO Governance Purpose

“Define guidelines, standards and expectations for consistent

management of the interface design and build processes in SAP

PO (SAP Process Orchestration)”.

“Determine Best Practices, Roles and Security considerations to

guarantee a controlled growth during the application lifecycle

and manageable operations.“

Always Support Strategic IT Governance


SAP PO Governance Audience

Chapter 1 – SAP PO Governance is relevant for solution

architects and functional resources and system owners involved

in an interface implementation project or task.

Chapter 1 and 2 are relevant and mandatory for all internal and

external SAP PI Integration Architects and Developers

To any resource or stake holder involved, partner selection,

design, development and operate an integration solution.


Governance Document Lifecycle during Project

PO Governance is a live document, adapted to the customer/project

organization and needs.

User Requirements

Draft Release

Project Design Phase

1rst Review Corrections Changes Add-ons Release

Project Build Phase

Corrections Add-ons Release

Delivery Review Release Handover

OperationsOperational

ReviewOperational

Release


SAP PI Governance Chapter 1


SAP PI Governance Chapter 2


Integration Scenario Document Requirement Diagram

Third Party SAP PISAP_ECC

Interface TDSSAP_ECC TDS Third Party TDS

Mandatory

Not Mandatory

Integration Scenario FDS

Mapping document


Governance Use during the Development ProcessDeliverable Use

User Requirement Specification (URS) SAP PI Governance serves as guidelines for those

involved in defining the URS.

Functional Design Specification (FDS) SAP PI Governance serves as guidelines for

consideration during the business choices in relation

to interface design, best practices, standards, and

error handling

Technical Design Specification (TDS) SAP PI Governance provides guidelines and standards

to be used during the technical design, in relation to

for example naming standards, program design,

development patterns and technology choices.

Integration Agreement (IA) SAP PI Governance prepares guidelines for those

involved in the Integration Agreement process, to

identify areas of importance to be included, for End-

2-End support process documentation

Test Documentation SAP PI Governance helps scoping the test

requirement, the roles involved process, and

consideration on terms of Quality of Service and

Security


SAP PI Interface Implementation Process Flow


When to apply the governance product?

New Implementations

Bundle in the implementation project

Upgrades/Migrations

Apply during migration

Existing Implementations

Partial application of governance

Roadmap to Governance

Outsourced projects

Guarantee operations and deliverables

Offshore Teams

Harmonize development


Key points

SAP PI Governance product, out-of-the-box and customizable

SAP PI Governance is now part of NNIT Quality Management

System

SAP PI Governance support IT of corporate governance

Next Steps:

Governance for Cloud and Hybrid Cloud

Agile development methods

“time spend in following standards and best practices, is compensated in the time

saved fixing errors and making corrections” unknown


Questions

Documents

SAP PI Governance P… · management of the interface design and build processes in SAP PO (SAP Process Orchestration)”. “Determine Best Practices, Roles and Security considerations