6.21. INTEGRATED POLICY ENFORCEMENT MODEL

Based on the concepts of a unified model for policies, we can now proceed to integrating policy enforcement across the enterprise. As we have suggested, there are three fundamental policy enforcement mechanisms available to you when you design and implement a governance model:

  1. Governance organizations, boards, and committees

  2. Governance processes, triggers, and events

  3. Governance tools and enabling technology

These three broad policy enforcement mechanisms must be integrated into a policy enforcement "fabric" that first and foremost ensures coverage for all critical governance processes and policies, and then ensures an integrated policy enforcement model that integrates governance boards with governance processes, and integrates boards and processes with governance tools. The uniting concept, of course, is the unified policy model.

As we have observed earlier, the weaknesses in most governance approaches is that they focus too narrowly on technical governance via automated tooling without considering the enterprise and business policies that support those technical policies. The technical approach to governance tends to ignore the enterprise context that gives value to those technical policies at run time.

The other extreme is when an organization establishes what it believes in a governance model by implementing a number of board structures and an organizational model embellished by charters, supporting artifacts and great fanfare. These ...

Get Service-Oriented Architecture Governance for the Services Driven Enterprise now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.