I agree with everything I said. :) -tb Todd Biske http://www.biske.com/blog/
On Sep 26, 2008, at 11:38 AM, Gervas Douglas wrote:
<<During my soapbox derby discussion at the SOA Consortium meeting, I chose to discuss SOA Governance, and I thought that one of the messages I delivered would be another appropriate post to highlight some of the content in my upcoming book. As I've said in this blog, SOA governance is the combination of people, policies, and processes that an organization uses to achieve the desired behavior associated with SOA adoption. This post, not surprisingly , will focus on the process component. Previously, I had a post explaining that governance does not imply command and control. Those two words only bring to mind one of the four processes: enforcement. There are three additional processes that your governance effort must also implement. The four processes are: * Policy definition * Education and communication * Enforcement * Measurement and feedback Policy definition is concerned with establishing the policies that the governance team feels will result in the desired behavior if they are followed. Without policy, the rest of the organization must either guess what the correct decisions are to get to the desired outcome, or involve someone from the governance team on every single project. The first option is unlikely to lead to success, and the second option has both scalability issues as well as being prone to variation based upon the "tribal knowledge" of the particular person from the governance team involved. Defining and documenting the policies is step one toward gaining consistency in the outcome. Education and communication is the next step, not enforcement. Just because the governance team has reached agreement and documented the policies doesn't mean they're going to be followed, or even known for that matter. A formal, planned communication effort to educate the organization on why you're adopting SOA, the desired behavior you hope to achieve, and the policies that are being put in place to achieve them is required. It's not a one time presentation to all of IT, but rather a series of targeted communications for the various roles in the organization, large group presentations, small team presentations, blogs, wikis, and appropriate surveys and followups to ensure that the communication is effective. Enforcement is the third step. Even if your communication efforts are incredibly successful, you still need to put processes in place to ensure the policies are being followed. What you will find, however, is the better job you can do on communication and education, the easier your enforcement processes can be. If education is poor, enforcement will likely need to be more heavy-handed. Where possible, automated testing and reporting can certainly make the processes more efficient and cost-effective. Finally, the governance group must have measurement and feedback processes to ensure that progress is being made toward the desired behavior. If the desired behavior is not reached, something needs to be changed, and it could easily be the policies, the processes, or the people involved with governance. Accountability is lost if the team puts policies and processes in place, but then does nothing to verify that all that effort actually paid off.>> You can find Todd's blog at: http://www.biske.com/blog/?p=506 Thanks to José Carlos for pointing this out on fb. Gervas
