GWEA Framework & EA Governance

By

Willie Needham (Chief Enterprise Architect, SITA)

11 September 2009

(GITOC Techni-Click – Durban)

2

Agenda

Introduction – “The Problem” A Governance perspectiveGWEA PerspectiveConclusion

3

Objective: Sell more Cola in Middle East Challenge: Language

Solution: Use Pictures

Outcome: Drop in Cola $ales Why: They read from RIGHT-TO-LEFT

More than a technical challenge

4

Introduction – The Problem

“One's mind, once stretched by a new idea, never regains its original dimensions.”

- Oliver Wendell Holmes

5

The Interconnectedness of Government

Activities in Government do not occur in isolation

Government is large, complex and interconnected

Its systems are large, complex but disconnected

Local

Provincial

National

Social Developmen

t

Correctional Services

DTI

Labour

SARS

Agriculture

Home Affairs

Justice

Secret Service

Water Affairs & Forestry

Transport

Housing

Education

Public Works

SAPS

SASSA

Health

Safety & Security

The disconnected nature of systems within Government has a major impact on the lives of its Citizens and the quality and efficiency of the services

6

Information Sharing in Government Today

Limited ‘integration’ is based on exchange of flat-files established on an as-needed basis:Requires time consuming negotiations with individual

organisationsEntities not set-up for information sharing (no

established infrastructure or dedicated and skilled resources)

Have to redefine mechanisms from scratch No use of standards No consistency across government Based on ‘make-do’ infrastructure No reusability

Tends to be batch based with long update cycles

7

Disconnectedness - Social Cluster Example

Tackling poverty remains one of Government’s top moral and political imperatives yet getting help from Government remains difficult

Citizen has to ‘integrate’ Government by following arduous administrative processes

Gathering proof-of-eligibility alone can often take up to 24 months

Other impacts include:

Duplication of administrative processes

Fraud and double-dipping

Labour

SARS

Home Affairs

UIF

Housing

Education

Public Works

SASSA

Local Gov

Land Affairs

Gather proof of plight

Prioritisation and access for public works programme

Exemption from school fees

Access to housing subsidy

Diversion to economic activity and enrolment totraining programme

Access to Free Basic Services

Access to Grant

Accessing Social protection services

8

Disconnectedness - Justice Cluster Example The justice system is still plagued

with inefficiencies

Crime reporting and response is a nightmare for citizens

Evidence gathering and collaboration for prosecution a challenge (missing dockets etc)

Prisoner Identity swapping

Children in conflict with the law imprisoned with hardened criminals

Cases involving child abuse not reported to social workers

Inadequate probation services

SAPS

SARS

Home Affairs

Other

Gather evidence and related info

Probation Service

Juvenile detention

Child Protection

Investigate Arrest

NPA

DoJ

DCS

DSD

Prosecute

Adjudicate

Detention

Person Exhibit ID C

ase

9

ChallengesDiverse and Fragmented ICT Planning

Frameworks and Processes.Proprietary “extensions” to Open Standards.Technical standards quagmire (balancing the right

mix).The priority of Performance over Conformance

result in low levels of interoperability.Regulation and Security complexities often default

to isolation of systems.Incomplete ICT System inventories in

Government.

So where are we?

10

?

11

A Governance perspective“Sometimes when I consider what tremendous

consequences come from little things… I am tempted to think there are no little things.”

- Bruce Barton

12

Talk to each other

“Government IT systems must talk to each other”…

Minister Public Service & Administration, 7 October 2000

13

ICT Planning (GWEA) → ICT Acquisition → ICT Operations

Government ICT House of Values*

* From e-Government Policy, SITA Regulations & SITA Act (amended)

ICT Value

Principles

Means/Services

Secu

rity

Inte

rope

rabi

lity

Redu

ced

Dupl

icat

ion

Econ

omie

s of

Sca

le

Digi

tal I

nclu

sion

Lower Cost

Citizen Convenience

Increased Productivity

14

Regulatory drivers* Chap 1, Part III:B,C – Strategic Planning

Define Core Objectives Describe Core and Support Activities Specify the Functions & Structures Specify the Main Services to customers

Chap 1, Part III.E – Information Planning Establish an Information Plan Establish an Information Infrastructure Plan; and Establish an Operational Plan to implement the

above

Chap 5 – e-Government Compliance Comply with “ICT House of Values” Comply with MISS (Security Standard) Comply with MIOS (Interoperability Standard)

* Public Service Regulations, 2001 (amended Mar 2009)

15

ICT Governance Overview

Governance defined Governance is derived from the Greek verb κυβερνάω

[kubernáo] which means to steer. Corporate governance is the set of processes, customs,

policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. The principal stakeholders are the shareholders/members, management, and the board of directors.

ICT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s ICT sustains and extends the organisation’s strategies and objectives.

16

So, it’s a …Virtual Structure of Leaders (PEOPLE)

responsible to“DIRECT”, “MONITOR” & “ENSURE”

Performance and Conformance of Strategic Resources

ICT Governance in Context

17

King III on ICT Governance (ICTG) 5.1 ICTG is Board responsibility

On the Board Agenda IT charter & policies implemented. Awareness & common ICT language. ICT control framework implemented Effectiveness of ICT controls.

5.2 Align ICT and company objectives ICT strategy integrated with

company’s strategy/processes. Improve performance through ICT.

5.3 ICTG Framework Structures, processes and

mechanisms for the ICT governance. ICT SteerCom to support ICTG Appoint a CIO; as executive.

5.4 Monitor ICT investments and expenditure Value delivery of ICT and monitor

ROI. IP in information systems are

protected. ICTG for outsourced ICT services.

5.5 ICT an integral part of risk management Adequate business resilience for

disaster recovery. Complies with ICT laws and that ICT

related rules, codes and standards.

18

King III on ICT Governance 5.6 Information assets are managed

effectively systems in place for the

management of information which should include information security, information management and information privacy.

All personal information is treated by the company as an important business asset and is identified.

Information Security Management System is developed and implemented.

Approve the information security strategy and delegate and empower management to implement the strategy.

5.7 A risk committee and audit committee should assist the board in carrying out its ICT responsibilities IT risks are adequately addressed. appropriate assurance that controls

are in place and effective in addressing IT risks.

Consider IT as it relates to financial reporting and the going concern of the company.

Consider the use of technology to improve audit coverage and efficiency.

19

COBIT – IT Governance Focus Areas Strategic alignment

Link Business and IT plans (IT Value proposition) Align IT operations with Business Operations

Value delivery Ensure IT delivers to promised benefits/value Optimising costs and Value of IT.

Resource management Optimal investment Manage IT resources (applications, information, infrastructure and people).

Risk management Risk awareness and appetite by senior corporate officers. Understanding of compliance requirements Assign risk management responsibilities into the organisation.

Performance measurement Tracks/Monitors strategy implementation - BSC (projects, resource, process and

services)

20

COBIT - Align Business with EA for IT

21

COBIT Processes (34)

22

ISO 38500 Principles Principle 1: Responsibility

Individuals and groups within the organization understand and accept their responsibilities.

Principle 2: Strategy The organization’s business strategy takes into account the current and future

capabilities of IT. Principle 3: Acquisition

IT acquisitions are made for valid reasons; clear and transparent decision making (balance between benefits, opportunities, costs, and risks).

Principle 4: Performance IT is fit for purpose in supporting the organization, providing the services, levels of

service and service quality required to meet current and future business requirements. Principle 5: Conformance

IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.

Principle 6: Human Behaviour IT policies, practices and decisions demonstrate respect for Human Behaviour

23

ISO38500 ICT Governance Model

24

Business Processes

DIRECT

EVALUATE

MONITOR

ICT PROJECTS ICT OPERATIONS

Pro

posa

ls

Pla

nsP

olic

ies

Per

form

ance

Con

form

ance

ICT Governance

Are Governance Models all aligned?

25

26

GWEA / MIOS Governance Structure (draft)Minister

PSA

SITA Exec

Gov CIOGITOC

AGB

GITO

ARBGWEA/MIOS

NationalProvincialPublic Entities

AGB = Architecture Governing Board (Central)ARB = Architecture Review Board/Committee (Departmental)

SCARCISS

e-Gov

Projects

Procure

KIM

OSS

Other GITOC Committees

EACOM

27

GITO Council

28

CIO

/GIT

O

ICT Planning & Governance

DEPA

RTM

ENT

1 2 3 4 …5 6 7

Internal Service Agreements/Contracts

Procurement& Development

ICT Operation& Support

Departmental Engagement ModelSI

TA

Business Agreement & Service Level Agreements (SITA ACT)

EA ServicesProcurement

& DevelopmentServices

ICT InfrastructureServices

INDU

STRY

Transversal Contracts

29

EA In Government

“All models are wrong, but some are useful” George Box, Edward Deming

30

2001 - 2003

MIOS / GWEA Product Evolution

ODF

GWEA v1.0

GWEA v1.2

MIO

S

XML

MIOS v1&2

UKe-GIF

UML TOGAF9

MIOS v4.1

MIOS = Minimum Interoperability StandardsGWEA = Government Wide Enterprise Architecture

GW

EA

2007 - 20092004 - 2006

GITAv1.0

GITAv1.1

MIOS v3

MIOS v4

Zachman

UML

TOGAF8,Zachman

31

EA Context

Architecture / Planning Design / Development Production / Operation

* From Forsberg & Mooz and ISO 15288; Corporate Governance not shown

GWEA / MIOS ISO 12207 (SDLC) ITIL / ISO 20000

COBIT / ISO 38500

Buy

Business Architecture

TechnicalDesign

Build

IS/ICTArchitecture

Business Integration

Component Verification

IS/ICT Integration

ICT Ops

Buss OpsBusiness Design & Dev(e.g. OD, Srv Dev)ENTERPRISE

ARCHITECTURECAPABILITY

SYSTEM ACQUISITION CAPABILITIES(Solution Architecture, Project Management,

Procurement, Solution Development, Integration)

ICT OPERATIONCAPABILITIES

PUBLIC SERVICECAPABILITIESPUBLIC SERVICE

DEVELOPMENT CAPABILITIES

32

GWEA Framework compositionTOGAF ADM Phase TOGAF-9 GWEA 1.2

Prelim: FW & Contract 5P+1A = 6 3P = 3A: Vision, Scope & Principles 6P+2A = 8 3P+1A = 4

B: Business Architecture 3P+(2x17)A = 39 2P+(2x5)A = 12C1: Data Architecture 3P+(2x9)A = 21 2P+(2x3)A = 8C2: Application Architecture 3P+(2x14)A = 31 2P+(2x3)A = 8D: Technology Architecture 3P+(2x8)A = 19 2P+(2x3)A = 8E: Opportunities/Solutions 5P 1PF: Migration Planning 10P 2PTOTAL DELIVERABLES 38P+99A = 137

(89 Non-Duplicated)17P+29A = 46

(32 Non-Duplicated)P = Project Deliverables (e.g. Charters, Contracts, Analysis Reports, Schedules)A = Architecture Deliverables (e.g. Models, Diagrams, Matrices, Catalogues)Non-Duplicated = As-Is or To-Be models of the same format

33

GWEA Framework

Technology Architecture Views (D)

Application Architecture Views (C2)

Business Architecture Views (B)

Data ArchitectureViews (C1)

Organisation Structure Model

Application Reference & Standards Model

Business Process Model

Business Function/Service Model

Business Performance Model

Business Information Model

Application Distribution Model

Technology/Network Distribution Model

Technology Platform Model

Technology Reference & Standards Model

Data Reference & Standards Model

Data Security Model

Data Gap Application Gap Technology Gap

Data-Application Model Application Stakeholder Model

Opportunities & Solution (E) and Implementation Plan (F) Views (Programmatic Views)

Business Gap

Preliminary (P) & Vision (A) Views

EA Org Model EA FW EA Request EA Principles EA VisionEA SOW Comm Plan

Business Roadmap Data Roadmap Application Roadmap Technology Roadmap

Consolidated Roadmap & Transition Architecture

Implementation and Migration Plan

Implementation Governance Model

INTEROPERABILITYCONSISTENCY

ALIGNMENT

Purpose

The minimum standard by which to use an Enterprise Architecture approach to develop and

construct National and Departmental ICT Plans and Blueprints

34

Busin

ess

Serv

ices

CoreServices

CommonServices

Government Departments, Bodies & ClustersEA Planning concept

Shared

Non-Shared

ICT

Infra

stru

ctur

eIn

form

atio

nSy

stem

s

Core

Common /Transversal

Departmental Plans/Blueprints

IFMS, e-Gov, GIS, e-Natis, e-HR, NISIS, Who-Am-I, LURITS…

NGN, Data Centres, Help Desk, Security, …

Resource Management Services (“Backend”)

Public Services (“Front-End”)

35

Interoperability – [Re-]defined Interoperable (Dictionary)

adj; able to operate in conjunction [Concise Oxford Dictionary, 9th Edition]

Interoperability (from the Web) The ability to exchange and use information. [Princeton] The ability of diverse systems and organizations to work together

(interoperate). [Wikipedia] The ability of systems, units, or forces to provide data,

information, materiel, and services to and accept the same from other systems, units, or forces, and to use the data, information, materiel, and services so exchanged to enable them to operate effectively together. [US DoD, DoDD 5000.1]

The capability of systems to communicate with one another and to exchange and use information including content, format, and semantics [NIST]

Mathematician's definition

0

222

211

2)(tanh1*)cosh(

)(cos)(sin1!limlnn

n

TT

z

qqpp

zXX

36

Physical Interoperability

Protocol Interoperability

Data/Object Interoperability

Information Interoperability

Knowledge/Awareness

Aligned Procedures

Aligned Operations

Harmonised Strategy/Doctrine

Political Objectives

Interoperability levels*

* Tolk, Andreas. “Beyond Technical Interoperability – Introducing a Reference Model for Measures of Merit for Coalition Interoperability.

Organisational Interoperability- organisational components are able to perform seamlessly together.

Technical Interoperability- technical issues of linking computer systems and services.

Semantic Interoperability- ensuring the precise meaning of exchanged information between different kind of Information Systems.

Business Architecture &

Standards

MIOS V4.1

MIOS V5

Network CentricThinking

(Joint-up Government)

Information-Centric

Thinking

Techno-Centric

Thinking

IS/ICTArchitecture &

Standards

37

MIOS v4.1 Composition*

Category Component (Standards) Connectivity Web/Internet (HTTP)

E-Mail (SMTP, MIME, IMAP, S/MIME)Directory & Naming (X.500 and DNS)Network (FTP, TCP/IP, TLS)Security (e.g. RC4, RSA, AES, ) Web Services (SOAP, WSDL, UDDI)Internet Conferencing (H.323, SIP)Mobile Phones (WAP2, GPRS, SMS, MMS)

Data Interoperability Meta-Data (XML, XSL)Data Security (SAML)PKI (X.509)Modelling (UML, XMI)Ontology (OWL)Geospatial (GML)

Information Access & Content Standards

Web/Hypertext (HTML, XHTML, JavaScript)Office Documents (UTF-8, ODF, CSV, PDF)Still images and Video (JPEG, PNG, TIFF, MPEG)File Compression (TAR, ZIP, GZIP)Relational DB Access (SQL-93)Meta-Data Content Management (Dublin Core)Syndication (RSS)

OPEN STANDARDS

fromIETF, ISO, W3C,

OASIS, ITU-T, ANSI, IEEE, ECMA, ETSI

* Minimum Interoperability Standards (MIOS) v4.1, DPSA, Aug 2007

38

Challenges & Conclusion“Sometimes when I consider what tremendous

consequences come from little things… I am tempted to think there are no little things.”

- Bruce Barton

39

Some challenges

Identity issues Compliance Issues

Conflicting Policies

Cooperation

40

The road ahead (“for ICT”)…

Promulgate GWEA Framework to standardise ICT Planning across government.

Enhance the Minimum Interoperability Standards (MIOS) Add compliance guidelines for Suppliers and Acquirers. Add Transversal Data Standards and Schema’s (e.g. Health, Social,

Safety, Finance, HR, SCM Data Schema) Constitute National EA Governing Body. Enhance Certification of ICT systems for compliance with

MIOS. Validate conformance of Departmental EA against GWEA. Establish Training mechanisms for EA. Establish EA Tool & Repository.

41

Conclusion Relevant Legislation to be enacted to make EA & integration work. Strong ownership and responsibilities of Business Architecture. Appropriate governance structures, performance and funding model. A Common Reference Model to serve as reference for integration. Complete Information System Inventory A new set of Semantic Interoperability standards (e.g. XML Schema) Compliance to Open Technical Standards (non-functional requirement)

as part of all acquisition processes. Require a cross government “Integration Bus”. Stronger “Shared Service” infrastructure Improved “System Integration” capabilities (skills, methods & tools).

A fully integrated government will remain a Vision – a journey that strives for higher levels of maturity in the Technical, Semantic and

Organisational Interoperability areas.

Thank YouDankie

SiyabongaKe a lebohaSiyathokoza

42

Willie NeedhamChief Enterprise Architect Strategic ServicesState IT Agency (Pty) LtdPretoria, South AfricaTel: 012 482 2774willie.needham@sita.co.zawww.sita.co.za

43

Sometimes I think we try to …

Force feed a pill to a cat,

Eat an Elephant,

Boil the Ocean,

Align the Planets.

44

An EA Capability/Function EA Process

EA Development Process EA Logic (Meta-Model of deliverables) EA Methods (Techniques, Notation)

EA People Governance structures Roles & Responsibilities (RACI Charts) Competencies

EA Information System (EA Tools) Planning & Modelling Software EA Data Repository ICT Infrastructure

EA Deliverables (“Content”) EA Reference Models / Blueprints / Plans Interoperability Standards

Process

People Technology

Models, Plans& Standards