The document discusses the essential components of successful governance with Service-Oriented Architecture (SOA), emphasizing the need for clear decision rights, accountability frameworks, and alignment with business strategies. It outlines a six-step process to develop and mature SOA governance, including defining goals, creating standards, and establishing metrics for success. The importance of executive buy-in and the adaptation of governance to the scale of the organization are highlighted as crucial elements for effective SOA implementation.

1. Dr Mohamad Afshar Sr. Director, Product Management Oracle Corporation SessionTitle: Keys to Successful Governance with SOA Welcome to Transformation and Innovation 2007 The Business Transformation Conference Ben Moreland Director, Foundation Services The Hartford

2. <Insert Picture Here> “ Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.” Peter Weill Professor, MIT

3. Establish chains of responsibility authority and communication to empower people (decision rights) And establish measurement and policy control mechanisms to enable people to carry out their roles and responsibilities Governance is about getting people to do the right thing at the right time in the right way leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives IT Governance Institute Delivery of value to the business and mitigation of risk: mitigation through accountability in the enterprise; driven by strategic alignment Organizational structures and processes that ensure organizations IT sustains and extends the organizations strategy and objectives Not about making specific IT decisions (management does that), but rather determines which individuals and roles with the company systematically make and contribute to those decisions.

4. Marks of Good IT Governance With SOA Differentiated Business Strategies Enabled by SOA Business Objectives for Evaluating SOA Investments Executives Engaged and Can Describe Arrangements Stable with Few Changes Year to Year Well-Defined Formal IT Exception Processes Multiple Formal Communications Methods to Engage Business Leaders

5. Where Do You Stand? ? SOA by Accident IT Plan Non Existent or Not Aligned with Business Plan IT Reactive to Business Initiatives No SOA Strategy No SOA Roadmap Silos of SOA SOA By Design IT Plans Aligned with Business Plans and Initiatives SOA Strategy that is Communicated Widely Well-Defined Business Benefits Sought from SOA Strategy SOA Roadmap Aligned to Deliver on Business and SOA Strategy

6. Governance is Key to Delivering on SOA by Design Delivery With Control & Reduced Risk Governance with SOA Business Strategy SOA Strategy SOA Roadmap Business Plan EA Strategy

7. Constituents of a SOA Roadmap SOA Strategy SOA Roadmap Planning Helps Avoid Duplicated Effort, Realize SOA Benefits Earlier and Support Improved Ability to Deliver Projects to SOA Risk Identification and Mitigation Against them Capability Development to Improve Ability to Deliver on SOA Project Leverage Services Portfolio Maximize Reuse Align with Platform Availability SOA Requires Competence in a Range of Areas Source of Risk How to Lessen Impact Business Services Portfolio Plan Which Services, When Buy-in from Business Leverage Projects to Build Infrastructure SOA Benefits Expected Risk Profile For Projects SOA Requires Capability Planning Prioritized Projects In Project Portfolio

8. Essence of Governance with SOA Processes (How) Decisions (Who) Policies (What) GOVERNANCE with SOA ADDRESSES What decisions must be made for effective management Who should make those decisions and who has input rights? How will the decisions be formed and enacted

9. Key Leverage Points for SOA Governance | Prevalent View Financial Portfolio People Operations Projects / Service Lifecycle Technology Architecture Service Usage Fees Service Funding Model Projects Applications Platform Funding Business Services Roles & Responsibilities Service Ownership EA Group Service & Process Owners Service Lifecycle Gov Shared Artifacts Capacity Planning Enforce Service Levels Enforce Policies Strategic SOA Platform Shared Foundation Srvcs Enforce Platform Decisions Reference Architectures Architectural Standards Blueprints & Patterns DRIVEN BY EXECUTIVES Information Data Standards Data Quality Data Ownership

10. Key Leverage Points for SOA Governance | Full Picture Financial Portfolio People Operations Projects Technology Architecture Service Usage Fees Service Funding Model Projects Applications Platform Funding Business Services Roles & Responsibilities Service Ownership EA Group Service & Process Owners Service Lifecycle Gov Shared Artifacts Capacity Planning Enforce Service Levels Enforce Policies Strategic SOA Platform Shared Foundation Srvcs Enforce Platform Decisions Reference Architectures Architectural Standards Blueprints & Patterns DRIVEN BY EXECUTIVES Information Data Standards Data Quality Data Ownership

11. Financial SOA may require governance of new policies and procedures around SOA Funding and Chargebacks Distribution of Budget Funding the SOA Journey and Programs Allocation and Funding of SOA Software License, Hardware Based on Priorities SOA Center of Excellence Funding Allocating cost of SMEs Covering costs of outside consulting Defining the Service Usage Fee Model Chargebacks for shared services usage Foundational, architectural services such as Error Handling, Notification, etc. Business Services built by projects such as Customer Lookup, Item Validation, etc. Allocating support costs (operations, enhancement, bug fix) of shared services

12. Portfolio Successful SOA Governance requires alignment of the IT Portfolio with the SOA Strategy and Roadmap Application Portfolio Planning Ensure application lifecycles (upgrades, enhancements, maintenance, sunset) are consistent with the SOA Strategy Infrastructure and Technology Portfolio Planning Ensure hardware and software agendas are consistent with the SOA Strategy Project Portfolio Management Create projects to align applications and infrastructure to the milestones and goals of the SOA Roadmap Services Portfolio Planning Business Services Portfolio Foundational/Technical Services Portfolio

13. People SOA is not only a Technology Shift. Policies governing employees must be included in SOA Governance Clarity Around Roles and Responsibilities Process Ownership – NEW Service Ownership – NEW Architecture Development Approach - NEW Testing Approach Operations Training Enable and Support People Making the Change - Organize around the SOA Vision Knowledge Centers – SOA CoEs Enterprise Architecture Group Cross Project Governance Board Foster Innovation and Creativity Demonstrate Leadership Affirm Executive Buy in and Support Monitor progress Provide Rewards/Incentives

14. Projects Project Prioritization Align with Strategy/Roadmap Ongoing Service Ownership and Management Consistency in Service Implementation Design, Code Reviews Create, Store, Find Shared Artifacts Utilization Shared Services Service Lifecycle Governance Business Process Lifecycle Governance Policies, processes and decisions must guide the projects designed to deliver on the SOA Vision

15. Service Lifecycle Service Identification and Design Services Identification Framework Service Interface Design Approving a Service Service Development Consistency in Service Implementation Building for Reuse Service Deployment Publishing a Service Service Operations Policies Relating to Services - Security Service Change Requests Service Versioning Service Retirement/Sunset Proper Service Lifecycle Governance is a critical component of SOA success. Without this, you may have services and SOA technology, but you will not realize benefits of an enterprise Service Oriented Architecture

16. Architecture Standards Compliance WSDLs WS-I Compliance Architecture Assessments Review & Change Processes Reference Architecture(s) Guidelines Service Interface Design What to Repeat (patterns) What to Share (reuse) Blueprints Multi-Channel Patterns Data Integration Architecture Documents Goals, Use Cases, Views, Standards SOA Architecture provides the foundation to ensure consistent, shareable services

17. Technology Select technical technical solutions that adhere to industry standards Platforms and Infrastructures should Evolve Aligned with Service Portfolio Plan and SOA Roadmap Build Consensus to Migrate to an SOA Platform Enforce Platform Decision Across IT Teams Manage Timing and Implementation of SOA Platform Enhancements Design and Build Shared Foundation Services as Part of SOA Infrastructure Technology must be identified, sourced and managed like any other component of SOA - It is not a one-time “fire-and-forget” decision

18. Operations Develop an Operational Model for Services Formalize Capacity Monitoring and Planning Control Service Execution Define/Enforce Service Levels Define/Enforce Runtime Policies (Security, Access, Logging, Billing) SOA Infrastructure Monitoring and Management Polices for Review and Handling of Exceptions and Violations Operations of an SOA could be different than standard IT operations. Changes to existing, or even new policies may be needed to govern Operations for a SOA

19. Information Establish Data Ownership and Stewardship Model: Define Roles & Responsibilities for Data Consumers and Produces Set Data Standards Build a Data Services Architecture Mandate Data Access: Schemas for Exchanging Core Enterprise Data Services as Single Sources of Truth Key Enterprise Entities Policies for Access Control Policies for Resolving Data Conflicts to Improve Data Quality Policies for Ensuring Quality of Service Performance Tuning of Data Services for Multiple Application Scenarios Unless data quality and interoperability issues are addressed, SOA apps will rest on top of a very weak foundation.

20. 6 Steps to Successful SOA Governance 6 1. Define Goals and Strategies 3. Define Metrics 5. Analyze and Improve Existing Processes 4. Put Governance Mechanisms in Place 2. Define Standards, Policies, Procedures Around Financial, Portfolio, Project, Service, etc These 6 steps allow a company to incrementally develop and mature their overall SOA and thus business goals 6. Refine and Go to the Next Level of SOA Maturity

21. Goals & Strategies Business and IT Goals SOA Strategy Existing Capabilities SOA Roadmap Journey Management 1

22. Create Standards, Policies & Processes Communicate 2 Policies Create Manage Issues: Decision Rights Input Rights Exception Management Executives Developers Architects Administrators IT Managers Business Analysts Feedback & Monitor Enterprise Architects Governance Board

23. Define Metrics for Success Why Measure ? Ensure Business Goals Deliver SOA Strategy What to Measure ? standards, compliance, # of projects adhering to processes, # of reference architectures, usability of reference architectures, # of exceptions, # of services created, # of reusable services, service reuse metrics, etc How to Measure ? What can be automated? What can be easily captured? 3

24. Put Governance Mechanisms in Place 1. Decision, Policies, Processes 4 Blueprints & Patterns Financial Portfolio People Operations Projects Technology Architecture Service Usage Fees Service Funding Model Projects Applications Platform Funding Business Services Roles & Responsibilities Service Ownership EA Group Service & Process Owners Service Lifecycle Gov Shared Artifacts Capacity Planning Enforce Service Levels Enforce Policies Strategic SOA Platform Shared Foundation Srvcs Enforce Platform Decisions Reference Architectures Architectural Standards DRIVEN BY EXECUTIVES Information Data Standards Data Quality Data Ownership

25. Put Governance Mechanisms in Place 2. Mechanisms Vision for Governance Endorsed by Executives Force Behavioral Change Ensure Participation of Appropriate People Awareness Communication & Collaboration Center of Excellence Roles and Responsibilities Financial, Portfolio, People, Architecture, Projects, Technology, etc Education Strategies Processes (Automated) Capture and Report on Metrics Administration, Monitoring and Enforcement Exceptions Handling Mechanisms Upward Communication when Policies are not followed 4

26. <Insert Picture Here> “ It is an overkill to apply formal discipline and governance to small SOAs (consisting of 50 or fewer services).” Paolo Malinvero VP, Gartner

27. Analyze and Improve Metrics on Governance Process Itself Metrics on Progress of Goals and Roadmap How Often are People Going off the Path? Do they Tell us When they do? Do we need to change restrictive policies? Do we need to have stricter enforcement? What do you do with the Information? Make Decisions Create Feedback Loop 5

28. Refine and Go to the Next Maturity Level SOA Strategies, Goals, Objectives Met for this SOA Maturity Level level Refine SOA Strategies, Goals, Objectives for Current Maturity Level Create New SOA Strategies, Goals, Objectives for next SOA Maturity Level 6

31. The Hartford Financial Services Group, Inc. Founded in 1810 One of the largest investment and insurance companies in the United States. Fortune 100 company 30,000 employees Two Companies: Hartford P&C – Auto, Home, Business insurance Hartford Life – investment plans, Life insurance, Group benefits

32. Step 1: Goals & Strategies – Level 1 Business Goals Reduce TCO Speed To Market Ease of Doing Business SOA Roadmap Project-based (WSM & UDDI Registry selected) Governance “Do No Harm”

33. Step 2: Create Standards, Policies & Processes – Level 1 Standards - SOAP 1.1, XML 1.0, UDDI 2.0, WSDL 1.1 First SOA initiatives were project-based  SOA governance was at the project (LOB) level Governance processes created to assess projects against Reference Architecture (Application) Aligned LOB architects and project scoring Created IT Roadmaps and Blueprints PCAC formed

34. Step 3: Define Metrics – Level 1 At SOA MM level 1, The Hartford didn’t have any explicit metrics other than project-based metrics Discussions around SOA metrics began No reusability at this point

35. Step 4: Put Governance Mechanisms in Place – Level 1 PCAC put in place to score all projects against Reference Architecture primarily and LOB Roadmap and Blueprint if they existed Scoring was a learning exercise at level 1 Assessment process being defined

36. Step 5: Analyze and Improve – Level 1 Analyzed where we were against business goals Findings: Architecture standards applied inconsistently across LOBs Projects going forward that were not moving the overall architecture in the right direction. Initial services deployed showed promise of re-usability with the one LOB Are you moving forward or closer to your goals? The eB&T organization decided: Centralize the enterprise architects and SOA practice (Foundation Services group) Begin to push back on negatively scored projects Continue with the SOA initiatives (still project based) due to early success (primarily insight into SEMCI application)

37. Step 1: Goals & Strategies – Level 2 Business Goals (same): Reduce TCO Speed To Market Ease of Doing Business SOA Roadmap Project-based (WS-addressing, WS-Security, Central EA organization) Align LOB project decisions with architecture recommendations Governance Score projects to influence business decisions Track all projects assessed and not assessed Track all projects with and without “architects”

38. Step 2: Create Standards, Policies & Processes – Level 2 Standards (added) - WS-Addressing, WS-Security, Reference Architecture 2.0 Governance processes improved to assess projects against the Reference Architecture (SOA based) based on CIOs feedback Project assessments more mature Enterprise Architecture group formed under CTO (also new) SOA governance through EA Foundation Services group, but still project-based

39. Step 3: Define Metrics – Level 2 # of services (course-grained vs fine-grained) Service Sharability, Component Reusability # of projects assessed and not assessed # of projects with assigned “architects” and without architects Cost savings on projects based on architecture assessment and re-use

40. Step 4: Put Governance Mechanisms in Place – Level 2 Central EA organization (ASC) for IT Governance Projects scored and evaluated to “+”, “0”, “-” Projects assessed as short term adequate, near-long term adequate and long term adequate CIOs agree to “tax” if negatively scored project pushed through to delivery SAD course developed and delivered to all architects Service Policies - WS-Addressing and “contract ID” required for all services

41. Step 5: Analyze and Improve – Level 2 Analyzed where we were against business goals. Findings: Architecture standards applied consistently across LOBs Some projects still being pushed forward with negative scores, but now high level discussions and justification at executive level Reusability in certain LOBs very high, others low Still not addressing “Ease of doing business” TCO lowered through SOA efficiencies in maintenance Are you moving forward or closer to your goals? The eB&T organization decided: 5 year business & IT roadmap developed Foundational projects Need better metrics

42. SOA Governance - Level 3 Portfolio transformation program identifying high value business services Standards committee and Services committee formed to formalize standards maturity and P&C SOA policies and procedures Service criteria and processes defined Large number of new metrics with constant feedback from CIOs No projects may be considered without EA involvement Need SOA Governance automation to scale

43. Summary Increasing SOA Maturity Only Achievable through SOA Governance SOA Governance Requires More than Technology Build on Existing IT Governance Mechanisms Executive Buy-In Vital to Catalyze Change Required for SOA Complexity of SOA Governance Proportional to Company Size

44. Thank You Dr Mohamad Afshar Sr. Director, Product Management Oracle Corporation Contact Information: Mohamad . afshar @oracle.com Benjamin.Moreland@ theHartford .com Ben Moreland Director, Foundation Services The Hartford