6.9. SUGGESTED POLICY DEFINITION PROCESS

Next we turn to the policies or the specific "rules of engagement," for designing, building/exposing, and operating services within an SOA. SOA governance is an exercise in futility without enforceable policies that will drive conformance to the SOA vision, goals, and standards. The policies that will be enforced include specific design-time and runtime policies. They must support and enable the higher-level SOA governance model. The following are major steps in defin-ing enterprise policies that will be enforced in your governance model:

  • Define business, IT, and SOA goals (from the SOA strategy document, if it exists).

  • Identify IT and SOA principles that support those business goals. These are broad statements of intent that align with and support the business, IT, and SOA strategy.

  • Define policy categories that support or implement the principles, such as the examples below:

    • Business policies (e.g., regulatory policies, Sarbanes-Oxley, compliance policies, industry specific policies, for example, HIPAA, out-sourcing policies, vendor management policies, acquisition policies)

    • Process policies (e.g., SDLC process enforcement, governance thresholds, governance enforcement triggers)

    • Technical policies (e.g., service design-time governance, quality assurance and test policies, service runtime and operations governance, SOA security policies)

    • Security policies (e.g., business level security policy, security process policies, security policies at ...

Get Service-Oriented Architecture Governance for the Services Driven Enterprise now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.