A Guide to

SOA Governance

Executive Summary

SOA projects have to normally justify themselves through quantifiable results, one at a time, to
get wider internal adoption. SOA Governance could help realize the ROI by defining reliable,
quantifiable results for SOA implementations through a regular collection of metrics and
mandating changes to improvise implementation. This document describes SOA Governance
and the typical stages through which such Governance could be implemented. It briefly discusses
the types of Governance and typical Governing bodies that could be formed to deliver a
successful SOA project.

Company Confidential -1-

Introduction
SOA or Service Oriented Architecture is:

An approach to implement business processes as a set of predefined services. In a service-

oriented approach, a “service” is the smallest building block, which encapsulates the
implementation logic and can be executed repeatedly in a given process or across processes.
Typically, a service repository contains the portfolio of services in an organization. The value of
SOA is realized through its powerful framework of services built using open standards to promote
reuse.

The ROI realized through SOA is a much-debated topic today. Considering the effort it takes to
build a SOA, in-terms of the people, training, tools, processes and internal discipline, benefits of
reuse would need to be realized early on, to gain confidence. Carefully planned governance could
be a critical catalyst in realizing ROI for a SOA project.

Governance is:

 To define/implement/monitor policies, principles, standards, procedures & processes that

enable organizations to direct & conduct business, and enable people in their roles.
 To establish a chain of responsibilities, decision-making rights & authority,
communication & escalation channels that empower people (decision makers).

Governance is a tool that defines organizational roles and empowers individuals conducting these
roles. Various technical tools available in the market today help automate a certain aspect of the
governance process; however, as would be expected, Governance does involve considerable
human intervention.

IT Governance refers to a subset of the organization’s governance that deals with the
management and control of its IT systems, processes, people, IT assets, infrastructure and the
way IT processes support a business goal. IT governance forms a significant part of the
Enterprise governance – considering the horizontal IT spread in any organization.

SOA Governance is an extension of IT governance, which focuses primarily on the lifecycle of

services, metadata and composite applications in a typical SOA initiative.

As a specialization of IT governance, SOA governance suggests how an IT governance’s

decision rights, policies, procedures and measures need to be modified and augmented for
successful SOA adoption.

Company Confidential -2-

SOA Governance - an extension to IT & Organization Governance

Company Confidential -3-

SOA Life Cycle & Processes
A typical five-stage SOA lifecycle is as shown below:

Five-Stage SOA life cycle

Identify phase involves gathering business requirements & objectives, identifying the
independent business processes in design, which will be translated to achieve the business goal
– mapping the requirement to the design and breaking the design down into business processes.

Create phase concerns the creation of the identified business processes or realigning them
(through addition/modification/integration) to the business goal.

Company Confidential -4-

Test phase addresses the conformance to requirements. Each developed process / service gets
evaluated against pre-defined criteria for conformance.

Integrate suggests creating a host environment for composite (service-oriented) applications and
their testing. This includes evaluating capacity planning, operational efficiency & performance,
integrity, security and other dependencies.

Manage & Improve phase involves the actual deployment and maintenance of the operational
system. This includes performance monitoring, service response time, problem log & fix, among
others to get the service operational. This would also involve tuning the services to achieve an
updated business design.

Company Confidential -5-

SOA Governance
As SOA crosses lines of business and IT, there is a greater need for effective SOA governance to
ensure success in-terms of ROI. In the initial SOA wave, governance was thought to be a ‘nice-
to-have’ discipline but with growing maturity and complexity, SOA projects mandate a well-
defined SOA governance body.

Quality of project execution & ROI is a mirror reflection of any governance

and so it is for SOA

Symptoms of poor SOA governance:

 Less or no planning and coordination hurdles in project execution

 Redundant services
 No metrics to track success
 Poor non-functional capabilities (security, logging, reliability, transactions, auditing,
filtering etc.)
 Runtime service management issues like performance, scalability, availability etc.
 Problem in isolating production issues.
 Change & release management issues.
 Increased complexity.
 Blame game among vendors.
 Poor quality end use experience.

Symptoms of good SOA governance:

 Well-defined project execution with quantifiable ROI.

 Sharing and reusable services
 Less point-to-point connections
 Secure, reliable and highly available systems
 Able to recognize potential problems and fix them before impacting business
 Swift transition & enhancements
 Growing ROI
 Accountable team
 Delighted end user
A typical SOA governance team would need to:

 Understand the current IT governance, which includes all the business line procedures,
policies, principles, measures, decision roles and cultures.
 Identify the processes/applications that can be reused and the overall impact of SOA
adoption.
 Select the best practices for existing business models.
 Create a prioritized SOA adoption plan
 Involve all stakeholders for communication & suggestions.
 Review and control the transition plan during the course
 Implement the agreed plan
 Continuously measure the implemented model and log performance & issues
 Consider future regulatory needs

Company Confidential -6-

Implementing SOA Governance

SOA projects typically require higher governance owing to hidden dependencies & less available
standardization. We believe that SOA Governance must be diligently implemented and treated as
a full-fledged project, rather than as an overhead.

Hence, we recommend that SOA governance principles be applied in a similar fashion to the 5
stage lifecycle as described in the ‘SOA lifecycle & processes section’ above:

Five-Stage SOA governance implementation

1) Identify
 Document the SOA benefits & prepare a business case to get an internal buy-in.

Company Confidential -7-

  Access current IT systems to measure the reusability and feasibility for SOA adoption.
 Evaluate your enterprise goal with SOA adoption to align it for current & future needs.
 Gather business strategy for SOA adoption i.e. participation plan, funding & compliance
necessities.

2) Create
 Formulate a SOA strategy i.e. document the critical roles, responsibilities & engagement
model.
 Understand the current governance structure and document the proposed structure for
SOA adoption.
 Review the proposed SOA governance plan.
 Layout the new policies & structures.
 Identify new/modify authority roles & responsibilities.
 Highlight success factors and metrics.
 Identify funding model & owners.
 Define a SOA centre of excellence.
 Identify & approve the required SOA infrastructure during course.

3) Test
 Review the plan and start a vendor engagement.
 Implement the approved governance model & infrastructure.
 Educate and assign the identified roles and responsibilities.
 Deploy policies.
 Identify any additional process/training required.
 Align new roles with vendor and its engagement model.

4) Integrate
 Kick-off the SOA planned initiative
 Monitor the project progress.
 Organize meetings and report metrics.

5) Measure & Control

 Measure the governance stated compliance.
 Measure and review the effectiveness / metrics.
 Review and suggest improvements.
 Alter or define new policies & roles.
 Measure and report ROI & lessons learnt.

Types of SOA Governance implementations

SOA governance can be logically divided into design time and runtime governance.

Run
Time
SOA
Design + = Governance
Time

Company Confidential -8-

1) Design Time SOA Governance:

Design time SOA governance addresses the concerns of policy management,

information management, lifecycle management and quality management for services.

2) Run Time SOA Governance:

Run time SOA governance relates to contract management, service administration,

service monitoring, and service mediation.

Company Confidential -9-

 SOA Run Time Governance

In practice, design and run time governance overlap in several places. Following are the specific
areas to be addressed during governance:

Design Time SOA Governance:

1. Service registration
2. Service versioning
3. Service ownership
4. Service funding
5. Service monitoring
6. Service auditing
7. Service diagnostics
8. Service modeling
9. Service identification
10. Service publishing
11. Service discovery

Company Confidential - 10 -
 12. Service development
13. Service consumption
14. Service provisioning
15. Service access
16. Service binding to form a composite application

Runtime SOA governance:

1. Service maturity
2. Capacity planning
3. Performance & problem logs
4. Education & training
5. Organizational changes.
6. Service policy enforcement.
THBS recommendations
We recommend the following teams to form a governing body for a typical SOA initiative across
design time and run time:

1) SOA Centre of Excellence (COE)

SOA COE will be responsible to align the different teams involved, with the enterprise
SOA goal. The COE will research and recommend the industry best practices,
procedures & policies. COE will also play an important role in identifying, understanding
& deciding a SOA solution or product or technology for a SOA project. It will create and
gain agreement for a framework for estimating SOA benefits and for tracking
achievements, manage the community of interest and act as an SOA mentor for the
organization.

2) SOA Infrastructure Team

The SOA infrastructure team will be responsible to ensure the availability of the required
infrastructure for development, testing & production environments. Infrastructure team will
also participate in post implementations activities for monitoring and improvements.

3) Service Portfolio Management Team

SPM will assist COE in service categorization and management. SPM will align services
as per their priority, line of business & service behavior. SPM team will also identify the
policy enforcement for each service or group of services.

4) Service Life Cycle Management Team

SLCM team will define the procedure and compliance requirements for a service life
cycle. SLCM will suggest the contract & quality management rules for each service.
SLCM team will assist COE for the required procedure for a service retirement and new
service version release.

5) SOA IT-Executive Team

SOA IT-Executive team should be a mixture of IT & business executives. This team will
be responsible to ensure that the technical implementation and artifacts conform to the
business requirements through rigorous quality assurance and validation. SOA IT-
Executive team will ensure business interacts closely with the development & testing
teams and will apprise the SOA Funding Team of project progress and status.

Company Confidential - 11 -
 6) SOA Funding Team
The SOA funding team will keep an eye on ROI and examine frequently the project
progress. This team will examine and recommend the project status and suggest the
financial gains or losses. SOA funding team will plan the funding proposals i.e. when and
where a central funding is required compare to separate department funding for their
exclusive services.

7) SOA Service Factory

SOA service factory refers to the service development & testing team including onshore
and offshore resources. This team will be responsible to understand the business
requirements and provision the required services. SOA Service Factory team will closely
interact with other teams to understand the business needs & provide end-to-end
application (services) management.

SOA governance does not consist of a set of rigid bureaucratic policies and procedures. It
involves regular collection of metrics and mandating changes to improvise the implementation.
Policies would change as per business and enterprise needs. Consistent waivers are regularly
identified and examined.

An example RACI matrix is as below (which of course would differ from enterprise to enterprise):

Company Confidential - 12 -
SOA Service Life Cycle Management
SOA service life cycle management is an integral part of any SOA governance.

SOA service life cycle management addresses the processes, procedures, patterns, tools, best
practices, configuration management & repositories involved. The diagram below provides an
overview of the repositories in a typical SOA project:

A Repository view of SOA project

Service Life Cycle Management consists of an array of topics that would need to be dealt with
individually and is outside the scope of this document. Please refer to
‘THBS_SOA_Service_lifecycle_management.pdf’ for more details.

Company Confidential - 13 -
Torry Harris SOA engagement

Company Confidential - 14 -