I have mentioned in prior blogs my belief that an enterprise architecture is comprised of 3 intertwined components; standards, governance, and a repository of binaries.  I will address standards and binaries later. 

For now, I will focus on the concrete manifestation of governance.

Governance differs from standards in 2 important ways;

  • While standards provide well known boundaries within which applications are expected to stay, standards will change and applications are expected to stray on occasion.  Governance, on the other hand, provides a clear immutable declaration of fact within the context of the enterprise.  Governance is inherently stable and exceptions should be few and far between.

  • Standards are technical selections, usually one of many possibilities, where any alternative choice is likely to be equally effective. While governance is binary.  The only alternative to a given piece of governance is non-compliance.

For example, the preferred development in the enterprise language might be C++, but applications written in C# or visual basic would be equally consumable by users.  Making development language a clear candidate as a standard.  Conversly. maintaining a measurably high level of security in an environment is a candidate for governance. Applications either are or are not meeting the security metrics.

I like to think of good governance as those policies focused on the management of shared resources as well as policies which provide safety and security to the participating applications in the enterprise.

For kicks, here are a few more candidate governance items;

  • typical, average, & maximum network bandwith consumed by an application.

  • typical, average, & maximum storage used at the desktop, at local shared servers, near & off-line storage over time (1 -3 -5 years )

  • Service levels for various categories (low priority, business necessary , mission critical, & highly available) of applications

  • limits on public & internal attack surfaces

  • audit & logging requirements and/or limits

  • requirements and/or limits on the use of mobile code and remote invocation

  • type and source of valid credentials within the enterprise

... More

The devil, as they say, is in the details.  Creating and issuing governance for an enterprise requires carefully crafting statements without ambiguity yet reasonable enough to be implemented.