Building a governance process

IT managers who embark on the SOA journey tend to think of SOA governance in terms of project planning and funding. Those are vital activities, of course, but technical governance -- policies, interoperability frameworks, and reference architectures -- is where the rubber meets the road. The most important thing to get right in the governance process is to establish the communication patterns that will create, approve, and propagate these artifacts.

The trick, says Todd Biske of the consultancy MomentumSI, is to use the appropriate governance tool at every phase: "You need to bring the right parts of governance (project, funding, and technical) to bear on the project at the right time." Project, architectural, funding, and customer reviews tie governance to implementation in appropriate ways and make governance tangible to architects and developers.

The enforcement mechanisms you build into governance are crucial. If you're not enforcing policies, they're just suggestions. We're not talking about thugs in jackboots; just make sure that architectural reviews, routine audits, project scorecards, and other measurement activities are tied to natural gating activities such as project planning, project funding releases, and code promotion.

Equally important is to ensure that your process includes an effective feedback loop. As webMethod's Matsumura says, "A governance mechanism is intrinsically federated. It is neither a 'you must follow this cookbook' nor is it something that's completely fluid. Create a structure that allows for evolution. Policies are manifested in law, and law evolves according to feedback from enforcement. Adjudication procedures built into your governance process will provide feedback on your enforcement process."