GWEA Framework & EA Governance
By
Willie Needham (Chief Enterprise Architect, SITA)
11 September 2009
(GITOC Techni-Click – Durban)
2
Agenda
Introduction – “The Problem” A Governance perspectiveGWEA PerspectiveConclusion
3
Objective: Sell more Cola in Middle East Challenge: Language
Solution: Use Pictures
Outcome: Drop in Cola $ales Why: They read from RIGHT-TO-LEFT
More than a technical challenge
4
Introduction – The Problem
“One's mind, once stretched by a new idea, never regains its original dimensions.”
- Oliver Wendell Holmes
5
The Interconnectedness of Government
Activities in Government do not occur in isolation
Government is large, complex and interconnected
Its systems are large, complex but disconnected
Local
Provincial
National
Social Developmen
t
Correctional Services
DTI
Labour
SARS
Agriculture
Home Affairs
Justice
Secret Service
Water Affairs & Forestry
Transport
Housing
Education
Public Works
SAPS
SASSA
Health
Safety & Security
The disconnected nature of systems within Government has a major impact on the lives of its Citizens and the quality and efficiency of the services
6
Information Sharing in Government Today
Limited ‘integration’ is based on exchange of flat-files established on an as-needed basis:Requires time consuming negotiations with individual
organisationsEntities not set-up for information sharing (no
established infrastructure or dedicated and skilled resources)
Have to redefine mechanisms from scratch No use of standards No consistency across government Based on ‘make-do’ infrastructure No reusability
Tends to be batch based with long update cycles
7
Disconnectedness - Social Cluster Example
Tackling poverty remains one of Government’s top moral and political imperatives yet getting help from Government remains difficult
Citizen has to ‘integrate’ Government by following arduous administrative processes
Gathering proof-of-eligibility alone can often take up to 24 months
Other impacts include:
Duplication of administrative processes
Fraud and double-dipping
Labour
SARS
Home Affairs
UIF
Housing
Education
Public Works
SASSA
Local Gov
Land Affairs
Gather proof of plight
Prioritisation and access for public works programme
Exemption from school fees
Access to housing subsidy
Diversion to economic activity and enrolment totraining programme
Access to Free Basic Services
Access to Grant
Accessing Social protection services
8
Disconnectedness - Justice Cluster Example The justice system is still plagued
with inefficiencies
Crime reporting and response is a nightmare for citizens
Evidence gathering and collaboration for prosecution a challenge (missing dockets etc)
Prisoner Identity swapping
Children in conflict with the law imprisoned with hardened criminals
Cases involving child abuse not reported to social workers
Inadequate probation services
SAPS
SARS
Home Affairs
Other
Gather evidence and related info
Probation Service
Juvenile detention
Child Protection
Investigate Arrest
NPA
DoJ
DCS
DSD
Prosecute
Adjudicate
Detention
Person Exhibit ID C
ase
9
ChallengesDiverse and Fragmented ICT Planning
Frameworks and Processes.Proprietary “extensions” to Open Standards.Technical standards quagmire (balancing the right
mix).The priority of Performance over Conformance
result in low levels of interoperability.Regulation and Security complexities often default
to isolation of systems.Incomplete ICT System inventories in
Government.
So where are we?
10
?
11
A Governance perspective“Sometimes when I consider what tremendous
consequences come from little things… I am tempted to think there are no little things.”
- Bruce Barton
12
Talk to each other
“Government IT systems must talk to each other”…
Minister Public Service & Administration, 7 October 2000
13
ICT Planning (GWEA) → ICT Acquisition → ICT Operations
Government ICT House of Values*
* From e-Government Policy, SITA Regulations & SITA Act (amended)
ICT Value
Principles
Means/Services
Secu
rity
Inte
rope
rabi
lity
Redu
ced
Dupl
icat
ion
Econ
omie
s of
Sca
le
Digi
tal I
nclu
sion
Lower Cost
Citizen Convenience
Increased Productivity
14
Regulatory drivers* Chap 1, Part III:B,C – Strategic Planning
Define Core Objectives Describe Core and Support Activities Specify the Functions & Structures Specify the Main Services to customers
Chap 1, Part III.E – Information Planning Establish an Information Plan Establish an Information Infrastructure Plan; and Establish an Operational Plan to implement the
above
Chap 5 – e-Government Compliance Comply with “ICT House of Values” Comply with MISS (Security Standard) Comply with MIOS (Interoperability Standard)
* Public Service Regulations, 2001 (amended Mar 2009)
15
ICT Governance Overview
Governance defined Governance is derived from the Greek verb κυβερνάω
[kubernáo] which means to steer. Corporate governance is the set of processes, customs,
policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. The principal stakeholders are the shareholders/members, management, and the board of directors.
ICT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s ICT sustains and extends the organisation’s strategies and objectives.
16
So, it’s a …Virtual Structure of Leaders (PEOPLE)
responsible to“DIRECT”, “MONITOR” & “ENSURE”
Performance and Conformance of Strategic Resources
ICT Governance in Context
17
King III on ICT Governance (ICTG) 5.1 ICTG is Board responsibility
On the Board Agenda IT charter & policies implemented. Awareness & common ICT language. ICT control framework implemented Effectiveness of ICT controls.
5.2 Align ICT and company objectives ICT strategy integrated with
company’s strategy/processes. Improve performance through ICT.
5.3 ICTG Framework Structures, processes and
mechanisms for the ICT governance. ICT SteerCom to support ICTG Appoint a CIO; as executive.
5.4 Monitor ICT investments and expenditure Value delivery of ICT and monitor
ROI. IP in information systems are
protected. ICTG for outsourced ICT services.
5.5 ICT an integral part of risk management Adequate business resilience for
disaster recovery. Complies with ICT laws and that ICT
related rules, codes and standards.
18
King III on ICT Governance 5.6 Information assets are managed
effectively systems in place for the
management of information which should include information security, information management and information privacy.
All personal information is treated by the company as an important business asset and is identified.
Information Security Management System is developed and implemented.
Approve the information security strategy and delegate and empower management to implement the strategy.
5.7 A risk committee and audit committee should assist the board in carrying out its ICT responsibilities IT risks are adequately addressed. appropriate assurance that controls
are in place and effective in addressing IT risks.
Consider IT as it relates to financial reporting and the going concern of the company.
Consider the use of technology to improve audit coverage and efficiency.
19
COBIT – IT Governance Focus Areas Strategic alignment
Link Business and IT plans (IT Value proposition) Align IT operations with Business Operations
Value delivery Ensure IT delivers to promised benefits/value Optimising costs and Value of IT.
Resource management Optimal investment Manage IT resources (applications, information, infrastructure and people).
Risk management Risk awareness and appetite by senior corporate officers. Understanding of compliance requirements Assign risk management responsibilities into the organisation.
Performance measurement Tracks/Monitors strategy implementation - BSC (projects, resource, process and
services)
20
COBIT - Align Business with EA for IT
21
COBIT Processes (34)
22
ISO 38500 Principles Principle 1: Responsibility
Individuals and groups within the organization understand and accept their responsibilities.
Principle 2: Strategy The organization’s business strategy takes into account the current and future
capabilities of IT. Principle 3: Acquisition
IT acquisitions are made for valid reasons; clear and transparent decision making (balance between benefits, opportunities, costs, and risks).
Principle 4: Performance IT is fit for purpose in supporting the organization, providing the services, levels of
service and service quality required to meet current and future business requirements. Principle 5: Conformance
IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.
Principle 6: Human Behaviour IT policies, practices and decisions demonstrate respect for Human Behaviour
23
ISO38500 ICT Governance Model
24
Business Processes
DIRECT
EVALUATE
MONITOR
ICT PROJECTS ICT OPERATIONS
Pro
posa
ls
Pla
nsP
olic
ies
Per
form
ance
Con
form
ance
ICT Governance
Are Governance Models all aligned?
25
26
GWEA / MIOS Governance Structure (draft)Minister
PSA
SITA Exec
Gov CIOGITOC
AGB
GITO
ARBGWEA/MIOS
NationalProvincialPublic Entities
AGB = Architecture Governing Board (Central)ARB = Architecture Review Board/Committee (Departmental)
SCARCISS
e-Gov
Projects
Procure
KIM
OSS
Other GITOC Committees
EACOM
27
GITO Council
28
CIO
/GIT
O
ICT Planning & Governance
DEPA
RTM
ENT
1 2 3 4 …5 6 7
Internal Service Agreements/Contracts
Procurement& Development
ICT Operation& Support
Departmental Engagement ModelSI
TA
Business Agreement & Service Level Agreements (SITA ACT)
EA ServicesProcurement
& DevelopmentServices
ICT InfrastructureServices
INDU
STRY
Transversal Contracts
29
EA In Government
“All models are wrong, but some are useful” George Box, Edward Deming
30
2001 - 2003
MIOS / GWEA Product Evolution
ODF
GWEA v1.0
GWEA v1.2
MIO
S
XML
MIOS v1&2
UKe-GIF
UML TOGAF9
MIOS v4.1
MIOS = Minimum Interoperability StandardsGWEA = Government Wide Enterprise Architecture
GW
EA
2007 - 20092004 - 2006
GITAv1.0
GITAv1.1
MIOS v3
MIOS v4
Zachman
UML
TOGAF8,Zachman
31
EA Context
Architecture / Planning Design / Development Production / Operation
* From Forsberg & Mooz and ISO 15288; Corporate Governance not shown
GWEA / MIOS ISO 12207 (SDLC) ITIL / ISO 20000
COBIT / ISO 38500
Buy
Business Architecture
TechnicalDesign
Build
IS/ICTArchitecture
Business Integration
Component Verification
IS/ICT Integration
ICT Ops
Buss OpsBusiness Design & Dev(e.g. OD, Srv Dev)ENTERPRISE
ARCHITECTURECAPABILITY
SYSTEM ACQUISITION CAPABILITIES(Solution Architecture, Project Management,
Procurement, Solution Development, Integration)
ICT OPERATIONCAPABILITIES
PUBLIC SERVICECAPABILITIESPUBLIC SERVICE
DEVELOPMENT CAPABILITIES
32
GWEA Framework compositionTOGAF ADM Phase TOGAF-9 GWEA 1.2
Prelim: FW & Contract 5P+1A = 6 3P = 3A: Vision, Scope & Principles 6P+2A = 8 3P+1A = 4
B: Business Architecture 3P+(2x17)A = 39 2P+(2x5)A = 12C1: Data Architecture 3P+(2x9)A = 21 2P+(2x3)A = 8C2: Application Architecture 3P+(2x14)A = 31 2P+(2x3)A = 8D: Technology Architecture 3P+(2x8)A = 19 2P+(2x3)A = 8E: Opportunities/Solutions 5P 1PF: Migration Planning 10P 2PTOTAL DELIVERABLES 38P+99A = 137
(89 Non-Duplicated)17P+29A = 46
(32 Non-Duplicated)P = Project Deliverables (e.g. Charters, Contracts, Analysis Reports, Schedules)A = Architecture Deliverables (e.g. Models, Diagrams, Matrices, Catalogues)Non-Duplicated = As-Is or To-Be models of the same format
33
GWEA Framework
Technology Architecture Views (D)
Application Architecture Views (C2)
Business Architecture Views (B)
Data ArchitectureViews (C1)
Organisation Structure Model
Application Reference & Standards Model
Business Process Model
Business Function/Service Model
Business Performance Model
Business Information Model
Application Distribution Model
Technology/Network Distribution Model
Technology Platform Model
Technology Reference & Standards Model
Data Reference & Standards Model
Data Security Model
Data Gap Application Gap Technology Gap
Data-Application Model Application Stakeholder Model
Opportunities & Solution (E) and Implementation Plan (F) Views (Programmatic Views)
Business Gap
Preliminary (P) & Vision (A) Views
EA Org Model EA FW EA Request EA Principles EA VisionEA SOW Comm Plan
Business Roadmap Data Roadmap Application Roadmap Technology Roadmap
Consolidated Roadmap & Transition Architecture
Implementation and Migration Plan
Implementation Governance Model
INTEROPERABILITYCONSISTENCY
ALIGNMENT
Purpose
The minimum standard by which to use an Enterprise Architecture approach to develop and
construct National and Departmental ICT Plans and Blueprints
34
Busin
ess
Serv
ices
CoreServices
CommonServices
Government Departments, Bodies & ClustersEA Planning concept
Shared
Non-Shared
ICT
Infra
stru
ctur
eIn
form
atio
nSy
stem
s
Core
Common /Transversal
Departmental Plans/Blueprints
IFMS, e-Gov, GIS, e-Natis, e-HR, NISIS, Who-Am-I, LURITS…
NGN, Data Centres, Help Desk, Security, …
Resource Management Services (“Backend”)
Public Services (“Front-End”)
35
Interoperability – [Re-]defined Interoperable (Dictionary)
adj; able to operate in conjunction [Concise Oxford Dictionary, 9th Edition]
Interoperability (from the Web) The ability to exchange and use information. [Princeton] The ability of diverse systems and organizations to work together
(interoperate). [Wikipedia] The ability of systems, units, or forces to provide data,
information, materiel, and services to and accept the same from other systems, units, or forces, and to use the data, information, materiel, and services so exchanged to enable them to operate effectively together. [US DoD, DoDD 5000.1]
The capability of systems to communicate with one another and to exchange and use information including content, format, and semantics [NIST]
Mathematician's definition
0
222
211
2)(tanh1*)cosh(
)(cos)(sin1!limlnn
n
TT
z
qqpp
zXX
36
Physical Interoperability
Protocol Interoperability
Data/Object Interoperability
Information Interoperability
Knowledge/Awareness
Aligned Procedures
Aligned Operations
Harmonised Strategy/Doctrine
Political Objectives
Interoperability levels*
* Tolk, Andreas. “Beyond Technical Interoperability – Introducing a Reference Model for Measures of Merit for Coalition Interoperability.
Organisational Interoperability- organisational components are able to perform seamlessly together.
Technical Interoperability- technical issues of linking computer systems and services.
Semantic Interoperability- ensuring the precise meaning of exchanged information between different kind of Information Systems.
Business Architecture &
Standards
MIOS V4.1
MIOS V5
Network CentricThinking
(Joint-up Government)
Information-Centric
Thinking
Techno-Centric
Thinking
IS/ICTArchitecture &
Standards
37
MIOS v4.1 Composition*
Category Component (Standards) Connectivity Web/Internet (HTTP)
E-Mail (SMTP, MIME, IMAP, S/MIME)Directory & Naming (X.500 and DNS)Network (FTP, TCP/IP, TLS)Security (e.g. RC4, RSA, AES, ) Web Services (SOAP, WSDL, UDDI)Internet Conferencing (H.323, SIP)Mobile Phones (WAP2, GPRS, SMS, MMS)
Data Interoperability Meta-Data (XML, XSL)Data Security (SAML)PKI (X.509)Modelling (UML, XMI)Ontology (OWL)Geospatial (GML)
Information Access & Content Standards
Web/Hypertext (HTML, XHTML, JavaScript)Office Documents (UTF-8, ODF, CSV, PDF)Still images and Video (JPEG, PNG, TIFF, MPEG)File Compression (TAR, ZIP, GZIP)Relational DB Access (SQL-93)Meta-Data Content Management (Dublin Core)Syndication (RSS)
OPEN STANDARDS
fromIETF, ISO, W3C,
OASIS, ITU-T, ANSI, IEEE, ECMA, ETSI
* Minimum Interoperability Standards (MIOS) v4.1, DPSA, Aug 2007
38
Challenges & Conclusion“Sometimes when I consider what tremendous
consequences come from little things… I am tempted to think there are no little things.”
- Bruce Barton
39
Some challenges
Identity issues Compliance Issues
Conflicting Policies
Cooperation
40
The road ahead (“for ICT”)…
Promulgate GWEA Framework to standardise ICT Planning across government.
Enhance the Minimum Interoperability Standards (MIOS) Add compliance guidelines for Suppliers and Acquirers. Add Transversal Data Standards and Schema’s (e.g. Health, Social,
Safety, Finance, HR, SCM Data Schema) Constitute National EA Governing Body. Enhance Certification of ICT systems for compliance with
MIOS. Validate conformance of Departmental EA against GWEA. Establish Training mechanisms for EA. Establish EA Tool & Repository.
41
Conclusion Relevant Legislation to be enacted to make EA & integration work. Strong ownership and responsibilities of Business Architecture. Appropriate governance structures, performance and funding model. A Common Reference Model to serve as reference for integration. Complete Information System Inventory A new set of Semantic Interoperability standards (e.g. XML Schema) Compliance to Open Technical Standards (non-functional requirement)
as part of all acquisition processes. Require a cross government “Integration Bus”. Stronger “Shared Service” infrastructure Improved “System Integration” capabilities (skills, methods & tools).
A fully integrated government will remain a Vision – a journey that strives for higher levels of maturity in the Technical, Semantic and
Organisational Interoperability areas.
Thank YouDankie
SiyabongaKe a lebohaSiyathokoza
42
Willie NeedhamChief Enterprise Architect Strategic ServicesState IT Agency (Pty) LtdPretoria, South AfricaTel: 012 482 [email protected]
43
Sometimes I think we try to …
Force feed a pill to a cat,
Eat an Elephant,
Boil the Ocean,
Align the Planets.
44
An EA Capability/Function EA Process
EA Development Process EA Logic (Meta-Model of deliverables) EA Methods (Techniques, Notation)
EA People Governance structures Roles & Responsibilities (RACI Charts) Competencies
EA Information System (EA Tools) Planning & Modelling Software EA Data Repository ICT Infrastructure
EA Deliverables (“Content”) EA Reference Models / Blueprints / Plans Interoperability Standards
Process
People Technology
Models, Plans& Standards