Government Enterprise Architecture. GEA-NZ v3.0 Application and ICT Services Reference Model and Taxonomy November 2014

Transcription

1 Government Enterprise Architecture GEA-NZ v3.0 Application and ICT Services Reference Model and Taxonomy November 2014

2 Crown copyright. This copyright work is licensed under the Creative Commons Attribution 3.0 New Zealand licence. In essence, you are free to copy, distribute and adapt the work, as long as you attribute the work to the Department of Internal Affairs and abide by the other licence terms. To view a copy of this licence, visit Please note that neither the Department of Internal Affairs emblem nor the New Zealand Government logo may be used in any way which infringes any provision of the Flags, Emblems, and Names Protection Act 1981 or would infringe such provision if the relevant use occurred within New Zealand. Attribution to the Department of Internal Affairs should be in written form and not by reproduction of the Department of Internal Affairs emblem or New Zealand Government logo. Published by the Department of Internal Affairs Document Version 1.0 Page 2 of 80

3 Document Purpose The Government Enterprise Architecture for New Zealand (GEA-NZ) Reference Models outline the following artefacts for each dimension of the architecture: - Reference taxonomy - Structure and description - Context within the GEA-NZ v3.0 - Description of artefacts and relationships with other artefacts across all dimensions The objective of a Reference Model is to provide widely accepted core taxonomy, and an appropriate visual representation of that taxonomy. A Reference Taxonomy defines the terminology, and provides a useful, coherent, consistent, and structured description of the components of an Enterprise Architecture. The need for reference architectures and associated taxonomies as part of a Government Enterprise Architecture is described in the GEA-NZ v3.0 Context Document. There are eight architecturally significant dimensions within the Government Enterprise Architecture for New Zealand v3.0 framework (GEA-NZ v3.0). Each of these dimensions has a Reference Model which includes relevant reference artefacts and relationships. Where appropriate the Reference Model has an associated Reference Taxonomy. GEA-NZ v3.0 uses reference taxonomies to provide categorisation terms to describe the architecture of capabilities for use across All of Government (AoG), sectors, clusters, and agencies. Reference taxonomies reduce complexity by abstracting, organising and simplifying complex information sets. The overall consistency and cohesiveness of cross government services, shared services and common capabilities, can be improved when government entities apply common reference taxonomies to deliver consistent and aligned views of commonly required operational and technological services. The usage of the GEA-NZ reference taxonomy, at government, agency and sector level, will help drive ICT efficiencies and Transformation programmes through identification of opportunities for development or and reuse of common solutions. This will enable the implementation of the Government ICT Strategy and Action Plan to 2017 and Better Public Services: Results for New Zealanders. Use of the GEA-NZ v3.0 reference model will: - Provide common language to promote service, information, system and technology interoperability - Promote the identification and demand aggregation of sharable and common capabilities to improve the efficacy, utility and cost effectiveness of ICT across government - Foster traceability of features to meet requirements - Support the re-use of solutions and services - Support the development and delivery of coherent AoG Common Capabilities portfolio - Support the AoG Data Governance initiatives Document Version 1.0 Page 3 of 80

4 Scope This document provides a description of the GEA-NZ v3.0 Application and ICT Services Reference Model and Taxonomy. This will provide the basis for developing specific Application and ICT Services reference architectures and patterns. These reference architectures and patterns can be more readily used across government where the terms from the reference taxonomy are used consistently. This document does not include the description of the Application and ICT Services reference architecture or the use of software tools to construct and manage GEA-NZ v3.0 models. References to related documents are contained within the context of the document. Audience The intended audience of this document is (but not limited to): - Agencies Enterprise, Application and Solution Architects - Agencies and Business partners involved in development and delivery of business and technology solutions - ICT and Architect Managers - ICT Security Specialists for Certification & Accreditation activities (C&A) Authors Regine Deleu All-of-Government Enterprise Architect Jim Clendon Senior Enterprise Architecture Modeller Phil Cutforth All-of-Government Enterprise Architect Approval This document has been created following engagement with the Chief Architect Forum (CAF) and the Government Enterprise Architecture Group (GEAG). The content will be subject to yearly review and improvement. The Government Enterprise Architect team will manage revisions and will indicate priorities for this work. Approval for changes will be sought through the GEAG. Version Control Version Date Comment Modified by Approved by Next Review Date 1.0 November 2014 Initial version Regine Deleu GEAG End 2015 Acknowledgements This version of the GEA-NZ Application and ICT Services Reference Model and Taxonomy was developed by the Government Enterprise Architecture team, part of System Transformation Team, Department of Internal Affairs, New Zealand. It was peer-reviewed and approved by GEAG members. Additionally, feedback received from a number of experts from various agencies was greatly appreciated. Document Version 1.0 Page 4 of 80

5 Table of Contents Document... 3 Purpose... 3 Scope... 4 Audience... 4 Authors... 4 Approval... 4 Version Control... 4 Acknowledgements... 4 Table of Contents... 5 Executive Summary... 7 Application and ICT Services Reference Model and Taxonomy... 8 Introduction... 8 Principles... 9 Context within GEA-NZ Benefits Development Background Approach Tools Application and ICT Services Reference Model Structure Application Domains Corporate Applications Common Line of Business Applications End User Computing Data and Information Services Identity and Access Services Security Services ICT Components, Services and Tools Interfaces and Integration Specialist Line of Business Applications Appendix GEA-NZ v3.0 Application and ICT Services Reference Taxonomy in Context with Other Artefacts Strategy and Policy Performance Business Customer Channel Product and Service People and Organisations Document Version 1.0 Page 5 of 80

6 Process Data and Information Application and ICT Services Infrastructure Security and Privacy Standards Document Version 1.0 Page 6 of 80

7 Executive Summary The Government Enterprise Architecture for New Zealand (GEA-NZ) Reference Models outline the following artefacts for each dimension of the architecture framework: - Reference taxonomy - Structure and description - Context within the GEA-NZ v3.0 - Description of artefacts and relationships with other artefacts across all dimensions The objective of a Reference Model is to provide widely accepted core taxonomy, and an appropriate visual representation of that taxonomy. A Reference Taxonomy defines the terminology, and provides a useful, coherent, consistent, and structured description of the components of an Enterprise Architecture. The GEA-NZ Application and ICT Services Reference Taxonomy consistently categorise and describe the government wide Application and ICT that support business capabilities. It is used for identifying opportunities for cost reduction, collaboration, shared services, common capabilities and solution reuse in ICT portfolios within and across agencies to effectively and efficiently support citizen centric service transformation. The usage of the GEA-NZ reference taxonomy, at government, agency and sector level, will help drive ICT efficiencies through identification of opportunities for development or and reuse of common solutions. This will ultimately support the implementation of the Government ICT Strategy and Action Plan to 2017 and Better Public Services: Results for New Zealanders. Use of the GEA-NZ v3.0 reference model will: - Provide common language to promote service, information, system and technology interoperability - Promote the identification and demand aggregation of sharable and common capabilities to improve the efficacy, utility and cost effectiveness of ICT across government - Foster traceability of features to meet requirements - Support the re-use of solutions and services - Support the development and delivery of coherent AoG Common Capabilities portfolio - Support the AoG Data Governance initiatives Document Version 1.0 Page 7 of 80

8 Application and ICT Services Reference Model and Taxonomy Introduction The GEA-NZ Application and ICT Services describes business applications, including X as a Service, that support the business processes. It includes core business, corporate and specialist line of business applications, end user computing, data and information management, identity and access management and security services. It also includes ICT components, services and tools, interfaces and integration. At an All-of-Government level, the model facilitates a common understanding of application assets and ICT services, identifying opportunities for sharing, reuse, and consolidation or renegotiation of licenses. It also assists the GCIO assurance function by identifying application assets that will require maintenance or renewal within the business planning horizon. At an agency level, the model describes the application assets and ICT services of the agency, and helps application portfolio management. Mapping their current and planned Information Systems to the Application and ICT Services Reference Taxonomy categories should help agencies and sectors identify opportunities for sharing, reuse, and consolidation or renegotiation of licenses. The GEA-NZ Application and ICT Services Reference Taxonomy provide the basis for categorising applications and their components. It categorises software that supports business. It does not include operating systems that are used to operate hardware, as these are contained in the Infrastructure Reference Model. Document Version 1.0 Page 8 of 80

9 The GEA-NZ Infrastructure Reference Taxonomy is an integral part of the Government Enterprise Architecture for New Zealand v3.0 (GEA-NZ v3.0). Principles The value of reference models comes from applying them as part of business as usual practices and capability acquisition across agencies in a consistent manner. They are used to provide a consistent view across a complex system of business services and supporting ICT so that the delivery of government services can become customer centric, and that investments can be made that benefits the system as a whole, not just specific agencies in accordance with the guiding principles of the Government ICT Strategy and Action Plan to 2017: - Centrally led, collaboratively delivered The Strategy and Action Plan will be led by the GCIO and delivered in collaboration with agency chief executives. - Customer centricity Customer insights must inform service design and delivery. Customers should be shielded from the internal complexities of Government. - Trust and Confidence Build public trust and confidence in government s ability to maintain the privacy and security of information. This underpins our ability to use digital channels. - Simplify by design Remove complexity, fragmentation and duplication, and reengineer business processes end toend. - Share by default Capabilities must be shared by default rather than by exception. Document Version 1.0 Page 9 of 80

10 Context within GEA-NZ 3.0 The GEA-NZ Application and ICT Services Reference Taxonomy is a core part of the GEA-NZ Application and ICT Services Reference Model within the GEA-NZ v3.0 framework. The GEA-NZ Application and ICT Services Reference Model provides the basis for categorising Application and ICT Services assets at a department or agency level as well as Sector and AoG levels. The following table shows the GEA-NZ Application and ICT Services Reference Model in context with the other GEA-NZ reference models. Application and ICT Services represents a key mechanism for realising strategic goals, through adoption of agile core business applications and industry standard corporate support functions provides the ICT services that enables performance measurement and control, and offers opportunities to improve business efficiency through sharing and reuse provides the application and ICT services that support business services, processes, capabilities, information sharing, and reuse sets requirements and provides the tools to manage, model, structure, share, and exchange data and information provides the application and ICT service requirements for technology and infrastructure services, and supporting applications for infrastructure management (e.g. CMDB) provides the application and ICT service controls needed to support security and privacy requirements Strategy and Policy Performance Business Data and Information Infrastructure Security and Privacy sets the application and ICT service requirements that drive development and scope of corresponding standards Standards In the Appendix you can find tables showing the GEA-NZ Application and ICT Services Reference Taxonomy in context with other artefacts. Benefits The GEA-NZ Application and ICT Services Reference Model will provide the following benefits to agencies, sectors and their business partners involved in the delivery of public services and joint capabilities: - Drives standardisation at the technology layer, improving the overall manageability, ensuring technologies are directly referenced to business outcomes, and making understanding the impact of changes more unambiguous. - Provides a government wide common language for applications and ICT services. - Identification of opportunities for sharing, re-use and consolidation of services to improve efficiencies and effectiveness of current capabilities. To guide change towards shared common services. - It will enable both horizontal assessments of where multiple products are delivering the same business service (consolidation and sharing opportunities), and vertical assessments of where different technology products have been implemented for the same or similar services (standardisation and re-use opportunities. - Provides a basis for the objective review of ICT investment by the government. Document Version 1.0 Page 10 of 80

11 - For agencies Four Year Plan to help show what they will achieve and how it will be achieved aligning to Better Public Services and all-of-government shared services. - Enables more cost-effective and timely delivery of ICT services through a repository of standards, principles and templates that support repeatable and consistent design and delivery of ICT capability, as well as business and operational support services. - Identification of opportunities for the consolidation and standardisation of applications and ICT services. - Baseline for agencies Services and API Catalogue and their Application portfolio and Catalogue; - An engagement framework that translates a high-level logical view for capability definition and delivery. From a practical perspective, to provide a tool kit for Enterprise Architects to use in their daily work. This will ultimately result in increased collaboration between agencies, reduced risks, reduced number of incompatible systems across and within agencies, and it contributes to government-wide interoperability commitments in an affordable manner. In real terms, this will allow the Government to realise savings in two key areas: Financial Aligning the GEA-NZ Application and ICT Services Reference Model within the broader architectural framework enables explicit links to be established from the performance layer through to the data and application and infrastructure layers. This will facilitate continuous, robust analysis of the relationship between ICT investments and the associated impact on performance against required business outcomes. Once established, these linkages will support evidence-based decision making around which technologies and standards are most essential to ensure the continued provision of priority, fit-for-purpose and value for money systems, services and applications. User Productivity Standardisation and rationalisation of diverse set of technical standards will improve productivity for not only the user community and those responsible for the management and delivery of ICT services, but also those involved with capability definition, development, acquisition, and delivery and integration (introduction into service, and integrated logistics support management). Improved standardisation will reduce existing barriers to workforce interoperability, service availability and sharing, and data access and sharing capabilities, and deliver improved consistency across communication and collaboration platforms. ICT will realise increases in productivity driven by the reduced complexity which flows from having a standardised, agreed set of application and ICT services. Additionally, as a more standardised suite of approved technologies and platforms develops over time, the number of applications which are supported by bespoke or specialised technologies will fall, reducing the requirement to maintain highly specialised skills to support legacy applications. Document Version 1.0 Page 11 of 80

12 Development The GEA-NZ Application and ICT Services Reference Taxonomy has been adapted for New Zealand based on the United States Federal Enterprise Architecture version 2 (US FEAF v2) 1 Application and ICT Services Reference Model combined with content developed for the NZ Defence Technology Reference Model. NZ Defence based the development of their Technology Reference Model on the following sources: - GEA-NZ v2.0 AoG Common Operating Environment (COE) and NZDF COE - NATO C32 Taxonomy - Australian Department of Defence (DoD) Integrated Defence Architecture3 (IDA) - US Information Exchange Architecture (IEA). - UK Government ICT Strategy, End User Device Programme Conceptual Framework dated Apr 12. The GEA-NZ v3.0 framework separates Application and ICT Services from Applications and ICT Services, so only content from the NZ Defence Technical Reference Model that relates to Application and ICT Services have been included. We have deliberately used the term ICT services to remove any confusion between the services delivered by government to customers / New Zealand, and what are ICT services which support the delivery of services by government to customers / New Zealand. Background The GEA-NZ v3.0 Application and ICT Services Reference Taxonomy replaces the GEA-NZ v2.0 Service Reference Taxonomy which re-used the NZ FEAF Service Reference Model. The Service Reference Model abstracted ICT services from the underlying applications. While this approach has merit in a Service Oriented Architecture for the most part applications are delivering the services directly. This Service Reference Taxonomy was originally approved as part of the NZ FEAF, back in 2008, and was essentially the same as the taxonomy in the US FEAF Service Reference Model developed in years ago. There has been some adoption of this within agencies. However 8 years is a long time in the fast moving world of ICT and technology so it is missing some concepts. As a result agencies have in turn adapted and expanded the taxonomy to the extent that it no longer provides a common set of terms. For example the GEA-NZ v2.0 COE Reference Architecture was defined using a new set of terms, with very few terms from the older reference taxonomies being reused. Approach Our approach is to reuse and adapt reference taxonomies from other jurisdictions. Three major sources for GEA-NZ v3.0 are the Australian Government Architecture v3.0 (AGA v3.0), the UK Reference Architecture (UK-RA 2012), and the US FEAF v2.0. Representatives from the Chief Architects Forum (CAF) and the Government Enterprise Architecture Group (GEAG), and other agencies review and contribute to the taxonomies NATO C3 = North Atlantic Treaty Organisation Command, Control and Co-ordination Agency 3 Note: The ADF IDA closely follows the US FEAF model. Document Version 1.0 Page 12 of 80

13 Tools The master GEA-NZ v3.0 Application and ICT Services Reference Model has been developed using the OpenText ProVision 4 modelling tool using hierarchical models. The diagrams are published using.png files, and the taxonomy data is published using Microsoft Excel. Government Enterprise Architecture will migrate the master Application and ICT Services Reference Taxonomy to the Sparx Systems Enterprise Architect 5 modelling tool in the last quarter of The Application and ICT Services Reference Taxonomy will subsequently be published in Sparx EA compatible file formats. 4 OpenText ProVision was the tool selected by the State Services Commission for Enterprise Architecture modelling by agencies in Sparx Systems Enterprise Architect, Ultimate Edition, has been selected by Government Enterprise Architecture in August 2014 as the go forward tool for developing and maintaining GEA-NZ v3.0. Document Version 1.0 Page 13 of 80

14 Application and ICT Services Reference Model Structure GEA-NZ v3.0 Application Reference Taxonomy Structure Application Services Application GEA-NZ Application v3.0 Application Area Domain Taxonomy Reference and ICT 1 1 Categorisation 1Reference Taxonomy Structure* Agency Implementation (Using ArchiMate elements)application Category ArchiMate (Information Data Asset) Object ArchiMate Application «generalisation» «access» Function «assignment» The GEA-NZ Application and ICT Services Reference Taxonomy model is a simple hierarchical structure made up of application domains, which are divided into application areas, which have categories. Application categories may have multiple levels where more detail is required. The diagram below shows the structure of the taxonomy and an approach for implementation using the Open Group ArchiMate 6 elements and relationships. ArchiMate Component Application 6 ArchiMate is an emerging standard for enterprise architecture modelling in the GEA-NZ Standards. Document Version 1.0 Page 14 of 80

15 Application Domains The GEA-NZ Application and ICT Services Reference Model include nine domains that can be used as a common language to classify Application and ICT Services. These are the: - Corporate Applications - Common Line of Business Applications - End User Computing - Data and Information Services - Identity and Access Services - Security Services - ICT Components, Services and Tools - Interfaces and Integration - Specialist Line of Business Applications Document Version 1.0 Page 15 of 80

16 Application The domains and their related areas are shown in the following diagram: and ICT Services Reference TaxonomyA1 A1.05 Strategy A1.01 (ERP) Corporate Applications A1.09 Corporate Enterprise Governance Resource Planning and A1.02 A1.06 Financial Corporate and Administration Asset A1.03 A1.07 Human Procurement Resource A1.04 A1.08 A1.12 Workforce System Business (BPMS) Intelligence Process Capability and A1.13 Analytics Improvement Continuity A1.10 Collaboration Unified Communications and A1.11 (ECM) Enterprise Content A2.05 A2.01 Business Transformation and Customer Product and Accounting Service A2.06 A2.02 Customer Marketing Service A2 Common Line of Business A2.03 Customer Applications Relationship A3.05 A3.01 Graphics End User and Device Multimedia A3.02 End User Tools A3 End User Computing A3.03 A2.07 Mobile Emergency Applications A2.04 A3.04 A2.08 Partner Productivity Grants Relationship Suite A4.01 Architecture A4.05 A4 Data and Information Services A4.09 Data and Protection Information A4.06 A4.02 Interoperability Database and Information A4.07 Services A4.03 Additional Data and Records Data and Governance Information A4.08 A4.04 Geospatial Data Quality Information A5.01 Accountability Content System A5 Identity Access A6.03 A5.03 Authentication Services Security Service A5.04 A6.04 Authorisation Security Service and Controls Access A6.01 A5.05 Identity Encryption Directory Governance Service and A5.06 Components A5.02 Operations Identity Functional Administration Core and Services A6.06 A6.02 Enterprise Network Security Security Service A5.99 Other Identity Service A8.01 Integration A8.02 A7.02 Data ICT Components Interoperability A7 ICT Services A5.07 Public Identity Key Interoperability Infrastructure (PKI) A7.01 Tools A6.05 A7.05 Business Digital Forensics Cloud Services Process A7.06 Core ICT Operation A8 Services Components, Services Interfaces and A7.03 and A8.03 xa7.07 Tools ICT Integration Interface Host and Development Layering Tools Environment A7.04 ICT Tools A9 Specialist Line of Business Applications A8.04 Gateways A1.09 Business Continuity A1.06 Corporate Administration A1.11 Enterprise Content A1.12 Business Process A3.05 Graphics and Multimedia A3.04 Productivity Suite A5.05 Directory Service A5.03 Authentication Service A8.01 A7.05 Integration Cloud Services A8.02 Data Interoperability A8.03 xa7.07 Interface Host Layering A8.04 Gateways Document Version 1.0 Page 16 of 80

17 Corporate Applications A1.05 Strategy A1.01 (ERP) Corporate Enterprise Governance Resource Planning and A1.02 Financial and Asset A1 Corporate Applications A1.03 A1.07 Human Procurement Resource A1.04 A1.08 Analytics A1.12 System Workforce Business (BPMS) Intelligence Capability A1.09 Continuity A1.06 A1.10 Collaboration Corporate Unified Communications Administration and A1.11 (ECM) Enterprise Content Process and A1.13 Improvement Business Transformation and A1.09 Business Continuity A1.06 Corporate Administration A1.11 Enterprise Content A1.12 Business Process Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A1 Corporate Applications A1.01 Enterprise Resource Planning (ERP) Description These are standard corporate applications within government to support the internal facing functions for managing staff, money and the way government agencies run their business. Note: The applications found in this domain can also be used as ICT services or application components. Many commercial applications may contain elements of applications listed here and specific software solutions may offer a mix of these in one suite. Enterprise resource planning (ERP) is business management software; usually a suite of integrated applications, that an organisation can use to collect, store, manage and interpret data from many business activities. In the past ERP solutions focused on back office functions but modern solutions often include some key front office functions as well. Note: Application Categories for ERP can be found under the Corporate Applications and Core Business Applications areas. Example ERP Modules are: - Financial Accounting: General ledger, fixed asset, payables including vouchering, matching and payment, receivables cash application and collections, cash management, financial consolidation. - Accounting: Budgeting cost management; activity based costing - Human Resources: Recruiting, training, rostering, payroll, benefits, diversity management, retirement, and separation. - Manufacturing: Engineering, bill of materials, work orders, scheduling, capacity, workflow management, quality control, manufacturing process, manufacturing projects, manufacturing flow, product life cycle management. - Order Processing: Order to cash, order entry, credit checking, pricing, available to promise, inventory, shipping, sales analysis and reporting, sales commissioning. - Supply Chain : Supply chain planning, supplier scheduling, product configurator, order to cash, purchasing, inventory, claim processing, and warehousing (receiving, put away, picking and packing). - Project : Project planning, resource planning, project costing, work breakdown structure, billing, time and expense, performance units, activity management. - Customer Relationship : Sales and marketing, commissions, service, customer contact, call center support - CRM systems are not always considered part of ERP systems but rather Business Support systems (BSS). - Self Service: Various "self service" interfaces for customers, suppliers and/or employees. Document Version 1.0 Page 17 of 80

18 A1.02 Financial and Asset A Budget Planning and Execution A General Ledger A Accounts Payable A Accounts Receivable A Asset Applications, software or services that support financial and asset management. Financial management refers to the efficient and effective management of money (funds) in such a manner as to accomplish the objectives of the organisation. It is the specialised function directly associated with the top management. It includes how to raise the capital, how to allocate it i.e. capital budgeting. Not only about long term budgeting but also how to allocate the short term resources like current assets. It also deals with the dividend policies of the shareholders. Software that supports all activities undertaken to determine priorities for future spending and to develop an itemised forecast of future funding and expenditures during a specified period of time. This includes the collection and use of performance information to assess the effectiveness of programs and develop budget priorities and the legal (apportionment) and managerial (allotment and sub-allotment) distribution of budget authority to achieve results consistent with the formulated budget. Software that supports accounting for assets, liabilities, fund balances, revenues and expenses associated with the maintenance of government funds and expenditure of government appropriations (salaries and expenses, operations and maintenance, procurement, working capital, trust funds, etc.), in accordance with applicable standards. Software that manages and pays the funds owed. Software that supports collections and receivables, including deposits, fund transfers, and receipts for sales or service. Software that supports the tracking of information related to deploying, operating, maintaining, upgrading, and disposing of assets cost-effectively. Includes an inventory of assets. A Expense Support the management and reimbursement of costs paid by employees or an organisation. A Financial Audit Software used to track and manage financial audit and support the examination and verification of records for accuracy. A Portfolio Software or services that provide the set of capabilities to support the administration of a group of investments held by an organisation. A1.03 Human Resource A Recruitment Applications, software or services that support human resource management. Human resource management (HRM or simply HR) is a function in organisations designed to maximize employee performance in service of their employer s strategic objectives. HR is primarily concerned with how people are managed within organisations, focusing on policies and systems. HR departments and units in organisations are typically responsible for a number of activities, including employee recruitment, training and development, performance appraisal, and rewarding (e.g., managing pay and benefit systems). HR is also concerned with industrial relations, that is, the balancing of organisational practices with regulations arising from collective bargaining and governmental laws. Software that supports the procedures for attracting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles. This includes developing a staffing strategy and plan, and establishing an applicant evaluation. Document Version 1.0 Page 18 of 80

19 A Education / Training A Personnel Administration A Employee Records A Time and Attendance A Career Development and Retention A Staff Directory A Payroll A Salary A Benefits A Awards A Team and Organisation A Skills A Emergency Notification A1.04 Workforce Capability Software that supports the design, development, and implementation of a comprehensive employee development and training approach to ensure that agency employees have the right competencies. Support the matching between an organisation s employees and potential opportunities as well as the modification, addition and general upkeep of an organisation s employee-specific information. Software that manages employee personnel records and files. Software that supports the set of capabilities to support the submission, approval and adjustment of employee hours. Support the monitoring of performance as well as the professional growth, advancement and retention of an organisation's employees. Software that supports the listing of employees and their whereabouts. Software that supports the administration, calculation and payment of employee wages, bonuses, and deductions including tax. Software and or services that support the calculation and payment of salaries and payroll taxes. Software that supports the design, development, and implementation of benefits programs for agency employees. This includes establishing and communicating benefits programs, processing benefits actions, and interacting as necessary with third party benefits providers. Software that supports the administration of employee bonus and monetary awards programs. Also includes software used to design, develop, and implement pay for performance compensation programs to recognize and reward high performance, with both base pay increases and performance bonus payments. Software that supports the hierarchy structure and identification of employees within the various sub-groups of an organisation. Software that supports the proficiency of employees in the delivery of an organisation's products or services. Software that enables designated individuals to communicate critical information to many individuals across multiple devices. Applications, software or services supports workforce management. Workforce capability management encompasses all the activities needed to maintain a productive workforce. It can be part of or overlap with HR management and ERP systems. Document Version 1.0 Page 19 of 80

20 A Resource Planning and Allocation A Field Service A Demand A Workforce Scheduler A Workforce Dispatcher A Contingent Workforce A1.05 Corporate Governance and Strategy Software that supports the processes for identifying the workforce competencies required to meet the agency s strategic goals and for developing the strategies to meet these requirements. The software also supports procedures for attracting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles. This includes developing a staffing strategy and plan; establishing an applicant evaluation approach; announcing the vacancy, sourcing and evaluating candidates against the competency requirements for the position; initiating pre-employment activities; and hiring employees. Software to optimally plan and dispatch field service technicians and their properly stocked vehicles to a customer's location in a timely manner in order to deliver against their service commitments. Software to help forecast work orders to plan the number and expertise of staff that will be needed. Software to predefined rules to automatically optimise the schedule and use of resources (people, parts, vehicles). Software to automatically assigning work orders within predefined zones to particular technicians. Software that supports the continuity of operations for an organisation's business through the identification of surge or temporary personnel in addition to agency staff. Applications, software or services that support corporate governance functions. Corporate governance broadly refers to the mechanisms, processes and relations by which corporations are controlled and directed. Governance structures identify the distribution of rights and responsibilities among different participants in the corporation (such as the board of directors, managers, shareholders, creditors, auditors, regulators, and other stakeholders) and include the rules and procedures for making decisions in corporate affairs. Corporate governance includes the processes through which corporations' objectives are set and pursued in the context of the social, regulatory and market environment. Governance mechanisms include monitoring the actions, policies and decisions of corporations and their agents. Corporate governance practices are affected by attempts to align the interests of stakeholders. A Strategy and Planning Software that allows setting up the activities of determining strategic direction, identifying and establishing programs, services and processes, and allocating resources (capital and labour) among those programs and processes. A Governance A Compliance Software that supports decisions, actions, business rules and other matters that govern an organisation. Compliance software and or services provide a common framework and an integrated approach to manage all compliance requirements faced by an agency. It enables companies to manage cross-industry mandates and regulations such as SOX, OSHA, EH&S, and FCPA as well as industry focused regulatory guidelines from FDA, FERC, FAA, HACCP, AML, Basel II, and Data Retention laws. Document Version 1.0 Page 20 of 80

21 A Internal Control A Corporate Policy A Risk A Corporate Performance A1.06 Corporate Administration A Legal Advice Support the methods and procedures used by the organisation to safeguard its assets, produce accurate accounting data and reports, contribute to efficient operations, and encourage staff to adhere to management policies and mission requirements. Software that supports development and enforcement of corporate policy within an organisation. Software that allows planners to explicitly address uncertainty by identifying and generating metrics, setting parameters, prioritizing, and developing mitigations, and tracking risk. Software that allows setting up performance metrics, planners to explicitly address uncertainty by identifying and generating metrics, setting parameters, prioritizing, and developing mitigations, and tracking risk. Applications, software or services that support the day-to-day management and maintenance of the internal administrative operations. Software that supports giving legal advice. A Facilities Software that supports facilities management including the maintenance, administration, certification, and operation of office buildings that are possessions of the government / agency. A Accommodation A Media and Facilities Reservations A Travel A Issue Tracking Software that supports managing the accommodation needs of the workforce. Software that supports arrangements to track and secure the use of media and facilities. Software that supports activities associated with planning, preparing, and monitoring of business-related travel expenses. This may include employees and others supporting the work of the government. Software that supports the management of a service center to respond to government and contract employees' technical and administrative questions. A1.07 Procurement Applications, software or services that supports procurement; the acquisition of goods, services or works from an outside external source. A Supplier Software used to manage the relationship and lifecycle of existing suppliers. The purpose of Supplier is to obtain value for money from suppliers and contracts. It ensures that underpinning contracts and agreements align with business needs, Service Level Agreements and Service Level Requirements. Supplier oversees process of identification of business needs, evaluation of suppliers, establishing contracts, their categorisation, management and termination. Note: This has a close link to "Partner Relationship " in the "Common Line of Business Application" area. A Sourcing A Supplier Contract Support the supply of goods or services as well as the tracking and analysis of costs for these goods. Supplier Contract (SPM) is about defining what a supplier is to deliver in a contract. Document Version 1.0 Page 21 of 80

22 A Supplier Performance A Supplier Balanced Scorecard Supplier Performance (SPM) is about ensuring the supplier delivers what has been promised in the contract. A balanced scorecard includes a mixture of quantitative and qualitative measures, including how key participants perceive the quality of the relationship. These KPIs are shared between customer and supplier and reviewed jointly, reflecting the fact that the relationship is two-way and collaborative, and that strong performance on both sides is required for it to be successful. Advanced organisations conduct 360 degree scorecards, where strategic suppliers are also surveyed for feedback on their performance, the results of which are built into the scorecard. A Ordering / Purchasing Allow the placement of request for a product A Supplier Catalogue A Invoice Tracking and Approval A Logistics and Transportation A1.08 Business Intelligence and Analytics A Data Warehouse A Data Mart A Data Mining A Decision Support Support the listing of available products or services that an organisation offers and shopping cart / ordering functionality. Software that manages inflow and outflows of "products", as well as data about the level of "products" on hand and support the identification of where a shipment or delivery is within the business cycle. Provide for efficient freight and traffic management to receive purchased goods and services. Software or services to support Business intelligence (BI). It includes techniques and tools for the transformation of data and information into meaningful and useful information and knowledge for business analysis purposes. Common functions of business intelligence technologies are reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics and prescriptive analytics. A data warehouse (DW, DWH), or an enterprise data warehouse (EDW), is a system used for reporting and data analysis. Integrating data from one or more disparate sources creates a central repository of data, a data warehouse (DW). Data warehouses store current and historical data and are used for creating trending reports for senior management reporting such as annual and quarterly comparisons. The data stored in the warehouse is uploaded from the operational systems (such as marketing, sales, etc.). The data may pass through an operational data store for additional operations before it is used in the DW for reporting. A data mart is the access layer of the data warehouse environment that is used to get data out to the users. The data mart is a subset of the data warehouse that is usually oriented to a specific business line or team. Data marts are small slices of the data warehouse. Whereas data warehouses have an enterprisewide depth, the information in data marts may pertain to a single department. Software that provides for the efficient discovery of non-obvious, valuable patterns and relationships within a large collection of data. Software or services that support business or organisational decision-making activities. Supports the management, operations, and planning levels of an organisation and helps to make decisions, which may be rapidly changing and not easily specified in advance. Document Version 1.0 Page 22 of 80

23 A Online Analytical Processing (OLAP ) A Online Transaction Processing (OLTP ) A Predictive Analysis A Knowledge and Discovery A Data and Information Analysis A Information Retrieval A Knowledge Capture A Knowledge Distribution and Delivery A Simulation A Survey Data Collection A Business Intelligence Reporting A Ad hoc Reporting A Balanced Scorecard Software or services that support a process to swiftly answer multi-dimensional analytical (MDA) queries and enable users to interactively analyse multidimensional data from multiple perspectives. An OLAP consists of three basic analytical operations: consolidation, drill-down, and slicing and dicing. Online transaction processing (OLTP) is a class of information systems that facilitate and manage transaction-oriented applications, typically for data entry and retrieval transaction processing. Software and or services to provide predictive analysis. Predictive analysis is about finding and quantifying hidden patterns in the data using complex mathematical models that can be used to predict future outcomes. Predictive analysis is different from OLAP in that OLAP focuses on historical data analysis and is reactive in nature, while predictive analysis focuses on the future. These systems are also used to support Customer Relationship (CRM). Software that supports knowledge and discovery management. Software and or services to support the analysis and inspection of data and information. This feeds into: - Data and Information Modelling - Data Categorisation - Data Cleaning - Data Transformation Software that provides access to data and information for use by an organisation and its stakeholders. Software that facilitates collection of data and information. Software that supports the transfer of knowledge to the end customer. Software or services that help manipulate information to identify patterns and create possible changes. Software or services that support methods to collect information from a sample of individuals in a systematic way for empirical research in social sciences, marketing and official statistics. Software and or services that supports analysis, reporting and statistics for Business Intelligence. Software tools or services that support the creation and display of individually designed and structured reports with self-service access to meaningful data. A semi-standard structured report supported by proven design methods and automation tools that can be used by managers to keep track of the execution of activities by the staff within their control and to monitor the consequences arising from these actions. Document Version 1.0 Page 23 of 80

24 A BI Dashboard A On Demand Reporting A Standardised / Canned A Operational Data Store (ODS) A Statistical Analytics A Data Profiling A dashboard is "an easy to read, often single page, real-time user interface, showing a graphical presentation of the current status (snapshot) and historical trends of an organisation s key performance indicators to enable instantaneous and informed decisions to be made at a glance. In real-world terms, "dashboard" is another name for "progress report" or "report." Often, the "dashboard" is displayed on a web page that is linked to a database which allows the report to be constantly updated. A dashboard can be created as a 'mashup' of data from different sources. Note: This is not to be confused with a balanced scorecard. Software tools or services that support on-demand reporting. An on-demand report is a formatted version of a report run with the currently available data and viewed immediately. When you run an on-demand report, you can specify the parameter values to use; the report is then formatted using the current data and displayed in the report viewer. Software or services that support the creation and display of standard reports with self-service access to meaningful data. An operational data store (ODS) is a database designed to integrate data from multiple sources for additional operations on the data. Unlike a master data store the data is not passed back to operational systems. It may be passed for further operations and to the data warehouse for reporting. Because the data originates from multiple sources, the integration often involves cleaning, resolving redundancy and checking against business rules for integrity. An ODS is usually designed to contain low-level or atomic (indivisible) data (such as transactions and prices) with limited history that is captured "real time" or "near real time" as opposed to the much greater volumes of data stored in the data warehouse generally on a less-frequent basis. Software or services that support the study of a collection, organisation, analysis, and interpretation of data. Software that supports all forms of data analysis of extremely large, complex data sets (big data) that are manipulated for business consumption. Data profiling is the process of examining the data available in an existing data source (e.g. a database or a file) and collecting statistics and information about that data. The purpose of these statistics may be to: - Find out whether existing data can easily be used for other purposes. - Improve the ability to search the data by tagging it with keywords, descriptions, or assigning it to a category. - Give metrics on data quality including whether the data conforms to particular standards or patterns. - Assess the risk involved in integrating data for new applications, including the challenges of joins. - Assess whether metadata accurately describes the actual values in the source database. - Understanding data challenges early in any data intensive project, so that late project surprises are avoided. Finding data problems late in the project can lead to delays and cost overruns. - Have an enterprise view of all data, for uses such as master data management where key data is needed, or data governance for improving data quality. A1.09 Business Continuity Software or services to support the business continuity. This includes Health and Safety, Disaster. Document Version 1.0 Page 24 of 80

25 A Health & Safety Software and or services that support the security and physical well-being of an organisation's employees. A Disaster Software and or services that support the emergency processes and recovery of the physical facilities and people in case of a disaster. A1.10 Unified Communications and Collaboration A Calendaring A Communications Integration A Electronic Meeting and Collaboration A Server A Event / News A Instant Messaging A Social Software A Syndication Software and or services that support unified communications and collaboration. Software and or services that provide users with an electronic version of a calendar, an appointment book, address book, and/or contact list. Software and or services that support the integration and coordination between different communication types that delivers the value of unified communications. It includes the ability to contact people with a range of different types of communications technology as appropriate for the situation and person, presence across different communication types, and follow-me functionality across different communication types. Software and or services for sharing presentations, electronic whiteboards, screens with other meeting participants. These may be delivered bundled as part of video conferencing tools, or delivered separately. Software and or services for delivering, storing and managing . Electronic mail, commonly referred to as or , is a method of exchanging digital messages from an author to one or more recipients. Modern operates across the Internet or other computer networks. systems are based on a store-and-forward model. servers accept, forward, deliver and store messages. Software and or services that provides users with frequently updated content to which they subscribe. Software and or services that provides Instant messaging (IM). These technologies support a form of communication over the Internet that offers quick transmission of text-based messages from sender to receiver. In push mode between two or more people using personal computers or other devices, along with shared clients, instant messaging basically offers real-time direct written language-based online chat. The user's text is conveyed over a network, such as the Internet. It may address point-to-point communications as well as multicast communications from one sender to many receivers. More advanced instant messaging allows enhanced modes of communication, such as live voice or video calling, video chat and inclusion of hyperlinks to media. Software that supports the capturing, storing and presentation of communication, usually written but may include audio and video as well. Interactive tools handle mediated interactions between a pair or group of users. They focus on establishing and maintaining a connection among users, facilitating the mechanics of conversation and talk. Software and or services that supports web feed formats used to publish frequently updated works, such as blog entries, news headlines, audio, and video, in a standardised format. This can include ATOM feeds, RSS etc. Document Version 1.0 Page 25 of 80

26 A Video A Voice A Voic A Other Unified Communications and Collaboration A1.11 Enterprise Content (ECM) A1.12 Business Process System (BPMS) Software and or services for communicating with people using video. Video is the technology of electronically capturing, recording, processing, storing, transmitting, and reconstructing a sequence of still images representing scenes in motion. Software for communicating with people using voice or audio channels. Software for storing voic , delivering notifications and managing access to stored messages. Voic is a computer based system that allows users and subscribers to exchange personal voice messages; to select and deliver voice information; and to process transactions relating to individuals, organisations, products and services, using an ordinary telephone. Other Unified Communications and Collaboration software. Software and or services that support Enterprise Content. ECM is an umbrella term covering document management, Web content management, search, collaboration, records management, digital asset management (DAM), workflow management, capture, and scanning. ECM is primarily aimed at managing the life-cycle of information from initial publication or creation all the way through archival and eventually disposal. Note: The underlying modules / applications components / services are found in "Records and Content ". The Business Process System (BPMS) is considered a critical component of operational intelligence (OI) solutions to deliver real-time, actionable information. This real-time information can be acted upon in a variety of ways - alerts can be sent or executive decisions can be made using real-time dashboards. OI solutions use real-time information to take automated action based on pre-defined rules so that security measures and or exception management processes can be initiated. Note: BPM is viewed as a bridge between Information Technology (IT) and Business. Note: The components that make up BPMS are found in the application area "Business Process Tools". For the purposes of the ART we have taken this approach as while BPMS is a recognised application system or suite the components can be found in many other applications as core building blocks for those applications. Document Version 1.0 Page 26 of 80

27 A1.13 Business Transformation and Improvement A Business Change Software and or services that supports business transformation. Business transformation is about making fundamental changes in how business is conducted. Business improvement is about making evolutionary changes, and includes the practice of Business Process Improvement (BPI). This application area covers the software tools to manage both transformation and improvement. Business transformation is achieved by realigning the way staff work, how the organisation is structured and how technology is used. Typically organisations go through several stages in transforming themselves: - Recognising the need to change and gaining consensus amongst stakeholders that dramatic change is necessary. - Agreeing what form the change should take the objectives of the change and a vision that describes a better future. - Understanding what the organisation is changing from and what needs to change in detail. - Designing the new organisational way of working and its support and management. - Testing and implementing changes, usually in waves, typically over a number of years. - Bedding in the change so that the organisation cannot move back to how it was and achieves the intended benefits. Business Process Improvement is a systematic approach to help an organisation optimize its underlying processes to achieve more efficient results. Software and or services that support Change. Change is the process, tools and techniques to manage the people-side of change to achieve the required business outcome. It also incorporates the organisational tools that can be utilised to help individuals make successful personal transitions resulting in the adoption and realisation of change. - Process: Planning for change, Managing change, Reinforcing change. - Tools: Individual change model, Communications, Sponsorship, Coaching, Training, Resistance management. A Portfolio Software and or services that support the centralized management of processes, methods, and technologies used by project managers and project management offices to analyse and collectively manage current or proposed projects based on numerous key characteristics. A Programme Software and or services that support Program. Programme is the process of managing several related projects. It provides oversight of the purpose and status of the projects in a program and can use this oversight to support project-level activity to ensure the program goals are met by providing a decision-making capacity that cannot be achieved at project level. A Project Software and or services that provides capabilities for cost estimation and planning, scheduling, cost control and budget management, resource allocation, collaboration, communication, quality management and documentation or administration systems, which are used to deal with the complexity of large projects. Project management is the application of knowledge, skills, tools and techniques to project activities to meet project requirements. Project management is accomplished through the application and integration of the project management processes of initiating, planning, executing, monitoring and controlling, and closing. Document Version 1.0 Page 27 of 80

28 A Requirements Software and or services used to document, analyse, trace, prioritize and agree on requirements for an initiative and communicate with the relevant stakeholders. Document Version 1.0 Page 28 of 80

29 A2.05 A2.01 Customer Product and Accounting Service A2.06 A2.02 MarketingA2 Customer Service Common Line of Business A2.03 A2.07 Customer Emergency Applications Relationship Common Line of Business Applications A2.04 A2.08 Partner Grants Relationship Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A2 Common Line of Business Applications A2.01 Product and Service A Product and Service Lifecycle A Product and Service Catalogue A Product and Service Performance Description These are standard business applications within government to support the outward facing functions for managing touch-points with customers, partners and anyone who interacts with government. Note: The applications found in this domain can also be used as ICT services or application components. Many commercial applications may contain elements of applications listed here and specific software solutions may offer a mix of these in one suite. Software and or services that facilitate the creation and maintenance of products and services. These applications are used to manage the lifecycle of a product from idea through to retiring a product. Features include: managing product requirements, modelling products, providing detailed product specifications, introducing new products, managing existing products, retiring products, forecasting, and implement marketing and offer strategies. Product and Service Catalogue is the ability to create and maintain products that can be offered to customers. More specifically, it is the ability to explicitly model the structure of a product, then create and centrally manage the instances (or catalogue ) of products based upon that structure. Products are not always discreet, single items. A product can be a number of components associated together and sold as a single purchasable entity. Therefore the product may be comprised of multiple components, tangible or intangible, such as services, features, devices, etc., that are assembled together to form a single sellable entity. Some of the components within a product will be enabled by shared / common / reusable services (e.g., location finder). Some of the components within a product will be enabled by shared / common / reusable resources. These underlying services and resources may be managed by different parts of the organisation. These applications are used to manage the performance of products and services. Features include: campaign tracking, revenue reporting, cost reporting, capacity analysis, cost management, inventory optimisation, and sourcing determination. A2.02 Marketing Software and or services to facilitate marketing and promotion of products and services. A Sales and Marketing Software and or services to manage promotions of a product or service and capture of new business. Document Version 1.0 Page 29 of 80

30 A Brand A Marketing Surveys A Campaign A2.03 Customer Relationship A Customer Contact and Profile A Customer Order and Registration A Customer Account A Customer Self A Customer Problem A Customer Analytics Software and or services to support the application of a trade name to a product or service as well as developing an awareness for the name Software and or services to support surveys to collect useful information from an organisation's customers. Software and or services to manage the lifecycle of marketing campaigns. Ideally this should leverage a single consistent view of the customer data. It provides design, execution, analytics and refinement. Software and or services to support customer relationship management (CRM). Software used to plan, schedule, and control the activities between the customer and the enterprise, both before and after a product or service is offered. Software and or services to provide a comprehensive view of all customer interactions, including calls, , correspondence and meetings; also provides for the maintenance of a customer s account, business and personal information. It can automatically synchronize suitable appointment dates, times, and methods for customer contact. Software and or services to support customer order and registration that allows order creation and tracking. Software and or services to support the retention and delivery of a service or product to an organisation's clients. Software and or services to support customer self-management that can include: - Browsing the product and services catalogue. - Viewing product and services eligibility. - Shopping cart driven order management. - Reporting problems and troubleshooting. - Setting preferences, alerts and notifications. - Access to guidelines and tutorials. - Access to Call center agents. - Account management. - Self registration to online services. - Service requests management. - Service request submission. - Service request amendment. - Service request closure. Software and or services to support customer problem management that allows problem qualification & reception. Software and or services that supports the analysis of an agency s customers, customer experiences, as well as the scoring of third-party information as it relates to customers. This also includes handling comments and feedback from customers. Document Version 1.0 Page 30 of 80

31 A2.04 Partner Relationship A Partner Contract and SLA A Partner Account A Partner Contact and Profile A Partner Problem A Partner Analytics Software and or services that supports the effective collaboration between an organisation and its business partners, providers, particularly members of the distribution chain (e.g. channel and alliance partners, resellers, agents, brokers and dealers) and other third parties that support operations and service delivery to an organisation s customers; includes performance evaluation of partners, if necessary. This becomes increasingly important as government products and services are delivered through non-agency channels. Software and or services that support partner contract and SLA management including features such as: issue reception, collection, analysis, violation management, and reporting. Software and or services that support the retention and delivery of a service or product to an agency's partners. Software and or services that provides a comprehensive view of all partner interactions, including calls, , correspondence and meetings; also provides for the maintenance of a customer s account, business and organisational information. Software and or services that support partner problem qualification & reception features such as: ID validation, reception of problems from various sources, problem triage, and access to a complete partner problem history database... It also includes problem lifecycle management, problem resolution, problem reporting. Software and or services for the analysis of an agency's partners, partner collaboration, partner engagement, as well as the scoring of partner information. This also includes handling comments and feedback from partners. A2.05 Customer Accounting Software and or services for financial interactions with the customers of Government, business and individuals. A Customer Financial Account A Customer Invoicing and Statement Software and or services that support financial account management for customer financial transactions with the agency. Software and or services that support the management of customer invoices and statements produced by the agency. A Customer Collections Software and or services that is concerned with financial transactions which include receipts and payments from / to Customers. A Customer Debts and Recovery Software and or services that handles customer debts and recovery. A2.06 Customer Service Software and or services that supports activities associated with providing an agency s customers with information regarding the agency s service offerings and managing the interactions and relationships with those customers. These tools can also be used by partners involved in providing service to customers. A Contact Centre / Help Desk Software and or services that support activities associated with providing an agency s customers with information regarding the agency s service offerings and managing the interactions and relationships with those customers. Document Version 1.0 Page 31 of 80

32 A Contact Centre A Contact Centre Knowledge Base A Case A Online Interactive Assistance A Online Guidelines A Translation Software A Payment Systems Software and or services that support Contact Centre. Contact Centre handles telephone sales and/or service to the end customers. Application services include; contact centre workforce management (including virtual operators that may work outside the call centre), queue management (including call backs where customer choose to be called back rather than wait, and automatic call distributing queuing (ACDQ), quality monitoring, analysis, and reporting. Software and or services that support a Contact Centre Knowledge base. This provides instant, reliable answers to agents, for example process guides, product guides, frequently asked questions, escalation etc. Includes; search, ability to collaborate with other departments, and reporting on knowledge base usage. Software and or services that support the management of the life cycle of a particular claim or investigation within an agency to include creating, routing, tracing, assignment and closing of a case as well as collaboration among case handlers. Note: The terms case management is fairly generic, and we can find specific instances of case management for example order management, problem management, grant management etc. Software and or services that provide an electronic interface for customers receive assistance from customer service personnel. Software and or services that provide an electronic interface to educate and assist customers. Software and or services that supports or enables translation functionality. This does not include software for other purposes that can be used in multiple languages. Also known as multi-lingual support. Software and or services that support the use of credit cards or electronic funds transfer for payment and collection of products or services. Examples: PayPal, cash, Bitcoin, etc. Also known as point of sale systems (POS). A2.07 Emergency Software that supports delivery of emergency management services. A Emergency Information System (EMIS) A Hospital Incident Command System (HICS) Software that supports emergency management information collection and management. For continuity and inter-operability between emergency management stakeholders, EMIS supports an infrastructure that integrates emergency plans at all levels of government and non-government involvement for all four phases of emergencies. Common features of the software include Geographic Information Systems (GIS), weather and plume modelling, resource management, and Command, Control, and Communication (C3) functions. A Hospital Incident Command System (HICS) is an incident command system (ICS) designed for hospitals and intended for use in both emergency and nonemergency situations. It provides hospitals of all sizes with tools needed to advance their emergency preparedness and response capability both individually and as members of the broader response community. Document Version 1.0 Page 32 of 80

33 A Emergency Communications System (ECS) An Emergency Communication System (ECS) is any system (typically, computerbased) that is organised for the primary purpose of supporting one-way and two-way communication of emergency messages between both individuals and groups of individuals. These systems are commonly designed to integrate the cross-communication of messages between varieties of communication technologies, forming a unified communication system intended to optimize communications during emergencies. A2.08 Grants Software that supports grants management, where a grant of money is made to an organisation or individual for a specific purpose. A Grant Receipt of Proposals Portal for the receipt of grant proposals. A Grant Administration Software that supports the administration and monitoring of grants. A Grant Review Software that supports the review process for grants. A Grant Announcement Portal that posts and publishes announcements of grants to be funded. Document Version 1.0 Page 33 of 80

34 A3.01 A3.05 End Graphics User and Device Multimedia A3.02 End User Tools A3 End User Computing A3.03 Mobile Applications A3.04 Productivity Suite A3.01 A3.05 End Graphics User and Device Multimedia End User Computing Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A3 End User Computing A3.01 End User Device A Application Compatibility Testing A Application Deployment Description The End User Computing application domain brings together the various applications and ICT services needed to support a range of end user computing devices, from traditional PC's through to smart phones and tablets and personalisation services. Software and or services that controls the hardware and software environments, as well as documents of end users (individuals and or organisations). Note: Security aspects are covered under "Security Services". Tool to automate the analysis of applications to determine compatibility with device operating systems. Mechanism to install packaged applications to workstations and other end user devices running locally installed applications. See also "Packaging Tools". A Application Discovery Application Discovery is a tool that can be used to discover which applications are being used within an agency. Discovery tools may be agent-less or require agents and may use a variety of means to discover applications. A OS Deployment A Packaging Tools A Patch Manager A Persona Manager The OS Deployment tools are used to deploy (patched) operating system images. See also "Packaging Tools". Tools or solution set for packaging applications for delivery to an end user device. See also" OS Deployment" and "Application Deployment". Tools to automatically remediate manage installation of and report on operating system and application software patches. The applicability of this functional component is mainly focussed on fat device desktop and fat device laptop. Persona Manager tools maintain information relevant to a particular user (settings, preferences, and configuration) and determine how it is managed across devices and contexts. Document Version 1.0 Page 34 of 80

35 A Policy Compliance Manager A Policy Manager A Security Configuration Manager A Self Service Application Store A User Data Manager A Virtualisation Compatibility Testing A Virtual Desktop Manager A Privacy and Policy Enforcement A Other End User Configuration Policy Compliance Manager tools monitor configuration against policy for compliance and initiates action if the configuration does not comply with the relevant policy. Note: Policy Compliance Manager, Policy Manager and Security Configuration Manager are often, though not always, implemented using the same software technology. Tools to manage deployment and enforcement of policy on the configuration and settings of devices and their operating systems. NB: Policy Compliance Manager, Policy Manager and Security Configuration Manager are often, though not always, implemented using the same software technology. Tools to manage, report on and enforce required security configuration of client devices. NB: Policy Compliance Manager, Policy Manager and Security Configuration Manager are often, though not always, implemented using the same software technology. A Self-Service App Store allows users to self-select, and automatically provision applications onto their devices. This may include workflow functionality to allow for line-management approval or to control expenditure, license consumption and financial approval. User Data Manager tools provide access to users files regardless of their environment. This functional building block does NOT guarantee off-line access, but may deliver that as an additional feature. Tool to automate the analysis of applications to determine compatibility with application virtualisation. Note: these tools are often implemented in combination with Application Compatibility Testing. Virtual Desktop Manager tools manage the allocation and configuration of virtual desktops and virtual desktop pools to PC's and other end user devices. Tools to manage, report on and enforce required privacy and policy configuration of client devices. Other End User Configuration tools. A3.02 End User Tools End User Tools consists of all of the utility applications that are available for use by the users of the Standard Operating Environment (SOE). There will be a variance of the utilities required between devices. In addition, some operating systems deliver these capabilities as part of the operating system s native capabilities. Therefore care needs to be taken not to merely provide a utility because it is in this list, but instead to ensure that these capabilities are delivered by the complete SOE while minimising the number of utilities delivered as separate applications. Note: Productivity, Mobile Applications, Unified Communications and Collaboration, and Visualisation have specific application areas and are not include here. A Additional Language Support Software and or services that support additional languages. This gives the use the ability to enter, display and spell-check additional languages as required. Māori should be installed as a default. Document Version 1.0 Page 35 of 80

36 A Audio Tools A File Compression and Extraction A File Screen Saver A Display Tools A Legacy Browser Support A PDF Reader A Power Tools Audio Tools are required to adjust and tune audio components installed in the devices. There are some tools resident in the OS, but advanced functionality can be gained from using the native tools that are provided with the audio components. File compression software and or services. File Compression is the capability to compress files for storage or transit and extract files that have been compressed. There are formats that are commonly used such as ZIP, which require an additional software component or could be supported natively in the Operating System being run. An application that displays an image on and end user device display after a pre-set time to hide applications and the information they display when running on that device to minimise the opportunity for unauthorised access. Screen Savers include the ability to auto-lock a device. Display Tools are required to attach additional monitors / projectors and to change resolution states etc. Some display tools are resident in the OS, but advanced functionality can be gained by using the native tools that are provided with the display adapter. Legacy Browser Support services provide the ability to display web applications that require legacy browsers, for example some applications require Internet Explorer 6 proprietary extensions. PDF Reader is the software required to read PDF files. This is a basic tool that does not allow editing of the PDF file. This software is subject to regular version updates which can be problematic for users and cause issues in locked down environments. Because of this, the software is a perfect candidate for Application Virtualisation technology. Power Tools allow changes to be made to the power scheme on the device. This can reduce the energy consumption on the device or ensure power saving doesn't affect expected operation. As an example, users would turn off hibernation if they were going to be doing a presentation. Power settings have the potential to save an organisation a substantial amount of money, when the savings per device are multiplied by the number of devices installed. A Runtime Environment Runtime Environments (also known as Development frameworks) such as a Java runtime environment or.net are required to allow applications or applets based on those frameworks to execute. Incompatibility issues can arise when different versions of the frameworks are required on a single device. This can be resolved using Application Virtualisation Client and its associated backend technologies, as each virtual bubble forms an isolation barrier. A Web Application Frameworks A Web Browser Web Application Frameworks are required to run web application components developed in that framework. Examples of these frameworks are Adobe Flash and Air or Microsoft Silverlight. Web Browser provides the interface to all web based content, be it on the Internet or Intranet. Often the delivery of web applications is underestimated because of a perception that it s simply browser based. Web applications often require additional applets or plug-ins for the application to work or to be displayed for the visually impaired. These factors need to be considered to ensure usability and security is not compromised. Document Version 1.0 Page 36 of 80

37 A Secure Remote Access Solution providing secure access from outside the boundaries of the agency to a user s end user computing environment. Enables authorised individuals to remotely access the user interface of a computing resource for the purpose of installation, configuration, auditing or process management. A Other End User Tools Other end user tools without a defined application category. A3.03 Mobile Applications Mobile applications are deployed on mobile devices such as smart phones and tablets. A3.04 Productivity Suite Productivity Suite is the core suite of bundled applications that support the most commonly used office activities such as; Word processor, Spreadsheet, clients, Presentation software, Drawing tools, Publishing software, and Database application. A Image Manipulation A Clients A Presentation A Publishing A Spreadsheet A Word Processing A Follow-me Printing A Other Productivity Suite Software used to create or edit images. Includes: vector and raster drawings, colour manipulation, image filtering, etc. Clients also known as Mail User Agents - MUA. Software used to display information, normally in the form of a slide show. Software used to publishing. Software used to create, update and/or read a two-dimensional matrix of rows and columns. Software used for the composition, editing, formatting and/or possibly printing of print material. A service for sending documents to a print queue that can be accessed by any networked printer when the user authenticates with that printer. Other Productivity Suite software that does not have an existing application category. A3.05 Graphics and Multimedia Software and or services that supports visualisation. A Charting A Computer Aided Design (CAD) A Idea Mapping A Multimedia A Photographic Software to develop graphical representation of data in which the data is represented by symbols such as bars, lines, slices, dots, size, etc. Software that supports the use of computer technology for the process of design and design-documentation and includes software or environments which provide the user with input-tools for the purpose of streamlining design processes; drafting, documentation, and manufacturing processes. Software that is used to create diagrams of relationships between concepts, ideas or other pieces of information. Software to manage, develop and manipulate content from a combination of different content forms such as text, audio, still images, animation, video, or interactivity. Software that supports the capture, storage, and manipulation of photographic images. Document Version 1.0 Page 37 of 80

38 A Video Editors A Other Visualisation Applications Software that enables a person to manipulate animated or video visual images on a computer. Other visualisation software that does not have an existing application category. Document Version 1.0 Page 38 of 80

39 A4.01 Data Architecture A4.05 and Information A4.02 A4 Data and Information Services and Information Interoperability and Information A4.07 Services A4.03 Additional Data and Records Data and Governance A4.09 Data Content Protection System A4.06 Database Information Services A4.08 A4.04 Geospatial Data Quality Information Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A4 Data and Information Services A4.01 Data and Information Architecture A Data and Information Categorisation A Data and Information Modelling A Data Representation Languages A Metadata A4.02 Data and Information Interoperability A Data and Information Catalogue A Data Extraction, Transformation and Loading Description Software and or services that support management of government data and information and the alignment with standards, quality initiatives, good practice accessibility, etc. This includes the development, execution and supervision of plans, policies, programmes and practices that control, protect, deliver and enhance the value of data and information assets. Software and or services that support data and information architecture which is composed of models, policies, rules or standards that govern which data is collected, and how it is stored, arranged, integrated, and put to use in data systems and in organisations. Data and Information is one of the architecture dimensions that form the pillars of an enterprise architecture or solution architecture Software and or services that supports the creation and maintenance of relationships between data entities, naming standards and categorisation and allows classification of data and information into specific layers or types to support an organisation. Software and or services to support data and information modelling to define and analyse data requirements needed to support the business. Software languages used for data representation, such as XML, JSOW, SDL, GSML and other markup languages. Software that supports the maintenance and administration of data that describes data. Software and services that support data and information interoperability. Interoperability is the ability of making systems and organisations work together (inter-operate) to allow for information exchange, Software and or services that support the cataloguing of data and information assets. Software that supports the extraction of data from a data source, the manipulation and change of data to a different format and the population of data destination with the transformed data. Document Version 1.0 Page 39 of 80

40 A Data Integration and Exchange A Data Mapping A Metadata Extraction A Records Linking / Association A4.03 Data and Records Governance A Data Lifecycle A Master Data Software services that enable elements of distributed business applications to interoperate and the software development necessary to facilitate such integration. These elements can share function, content, and communications across heterogeneous computing environments. Includes data import and export between systems and or services. Software that supports the process of creating data element mappings between two distinct data models. Data mapping is used as a first step for a wide variety of data integration tasks. Software and or services that support metadata extraction. It includes: - Automatically extracts preservation-related metadata from digital files. - Output metadata in a standard format (XML) for use in preservation activities. Can be used for preservation data processes and activities, resource discovery and other. Software and or services that support the correlation between logical data and information sets. Software and or services that supports data and records governance. Data governance encompasses the people, processes, and information technology required to create a consistent and proper handling of an organisation's data across the business enterprise. It is a set of processes that ensures that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient. Data governance also describes an evolutionary process for a company, altering the company s way of thinking and setting up the processes to handle information so that it may be utilised by the entire organisation. It s about using technology when necessary in many forms to help aid the process. Note: Note: In New Zealand (Australia and Canada) we have a view that something is inherently a record because it provides evidence of a transaction; therefore almost all content including data and documents are also records. However most software has been developed to support the US model where records only becomes records only after someone or some process has formally declared them to be a record. Note: "Data Quality " can be part of "Data Governance". Software and or services that support a policy-based approach to managing the flow of an information system's data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted. Software and or services that supports a set of processes and tools that consistently define and manage the non-transactional data entities of an organisation, which may include reference data. It has the objective of providing processes for collecting, aggregating, matching, consolidating, quality-assuring, and distributing such data throughout an organisation to ensure consistency and control in the ongoing maintenance and application use of this information. Document Version 1.0 Page 40 of 80

41 A Records Disposal A Records Transfer to Chief Archivist A Records Destruction A Records Discharge A Records Transfer A Records Sale Software and or services that supports the process of records disposal. In records management there are five possible disposal outcomes under the NZ Public Records Act 2005 Subsection 20: - Destruction. - Transfer to another government agency. - Transfer to Archives NZ for long term preservation and availability. - Discharge to another entity, e.g. another government department. - Sale. Disposal supports these steps: > Step 1 - A record becomes inactive because a passive or active trigger: - No person or mechanism is continuing to alter it we observe the lack of activity, and after a period of time we conclude that it is inactive. - A later version has been created and/or a record has been superseded and this record should No longer be in current use. - In some cases a person or mechanism closes/finalises the record to prevent any further changes to the content and to some attributes. > Step 2 - The record is retained for a period of time after last alteration. This period could be seconds (keep the sent data packet until recipient acknowledges receipt) through to decades. > Step 3 - The record disposal action occurs destruction or transfer to an archival authority, discharge. Software and or services that support the transfer of control of the record to the chief archivist. This may, or may not, involve transfer of the actual records. Note: In records management the term 'archival' is not a proxy for storage. Software and or services that supports the destruction of records. Software and or services that supports the discharge of records. Software and or services that support the transfer of the control of records from one government agency to another. This may, or may not, involve transfer of the actual records. Software and or services that support the sale of the records from a government agency to a buyer. A Controlled Vocabulary Software and or services that provides a way to organize knowledge for subsequent retrieval. They are used in subject indexing schemes, subject headings, thesauri, taxonomies and other forms of knowledge organisation systems. Controlled vocabulary schemes mandate the use of predefined, authorised terms that have been preselected by the designer of the vocabulary, in contrast to natural language vocabularies, where there is no restriction on the vocabulary. A4.04 Data Quality A Data Cleansing A Data Enrichment Software and or services to ensure that data are fit for their intended uses in operations, decision making and planning and to ensure internal consistency of the data. Software and or services that support the cleaning of data and information. Cleansing can including merging data, removing duplicates, identifying authoritative sources, fixing data entry errors, marking suspect records. Software and or services that support data enrichment. Data enrichment is a general term that refers to processes used to enhance, refine or otherwise improve raw data. This idea and other similar concepts contribute to making data a valuable asset for almost any modern business or organisation. Document Version 1.0 Page 41 of 80

42 A Data Integrity A Data Quality Assurance Software and or services that support data integrity. Data integrity refers to maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. Software and or services that support data quality assurance. Data quality assurance is the process of profiling the data to discover inconsistencies and other anomalies in the data, as well as performing data cleansing activities (e.g. removing outliers, missing data interpolation) to improve the data quality. These activities can be undertaken as part of data warehousing or as part of the database administration of an existing piece of applications software. A4.05 Data Protection Software and or services that support data security and protection. Note: Other aspects of data security are covered under the application domain "Security Services". A Data Access Levels A Data Archiving A Data Erasure A Data Masking A Data Replication Software and or services that support adding access levels to data entities, attributes and record level content. Software and or services that support data archiving. Data archiving is the process of moving data that is no longer actively used to a separate data storage device for long-term retention. Data archives consist of older data that is still important and necessary for future reference, as well as data that must be retained for regulatory compliance. Data archives are indexed and have search capabilities so that files and parts of files can be easily located and retrieved. Note: Data archives are often confused with data backups, which are copies of data. Data backups are used to restore data in case it is corrupted or destroyed. In contrast, data archives protect older information that is not needed for everyday operations but may occasionally need to be accessed. Software and or services that support data erasure (also called data clearing or data wiping) is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment. New flash memory based media implementations, such as solid-state drives or USB flash drives can cause data erasure techniques to fail allowing remnant data to be recoverable. Software and or services that support the masking of data entities at attribute and record level to support privacy of information such as a credit card number, passwords, and for the creating of test data. Software and or services that support the replication of data so that data is not lost in the event of a failure of the storage hardware. This is related to but different from backup and restore. A4.06 Database Software and or services that support database management. Document Version 1.0 Page 42 of 80

43 A Database System (DBMS) A Database Administration A Database Backup and Recovery A Database Tuning A4.07 Additional Data and Information Services A Auto Categorisation A Digital Rights A Digital Conversion Database management systems (DBMSs) are computer software applications that interact with the user, other applications, and the database itself to capture and analyse data. A general-purpose DBMS is designed to allow the definition, creation, querying, update, and administration of databases. Note: Database System covers database, administration, tuning, backup, recovery, upgrades, etc. Registering and monitoring users, enforcing data security, monitoring performance, maintaining data integrity, dealing with concurrency control, and recovering information if the system fails. Software and or services that creates copies of databases which may be used to restore the original after a data loss event or to restore and stabilize data sets to a consistent, desired state. Database maintenance includes software tools and or services to monitor, tune, upgrade, migrate and optimise databases. It also includes tablespace maintenance. Software and or services that supports data and information services. Note: "Enterprise Content " is in the "Corporate Applications" domain. "Data Mining" and "Data Profiling" are covered in the "Business Intelligence and Analytics" in area A1. Auto Categorisation is an approach to use technology to automatically determine what a piece of electronic content is and how to address it. In the context of records management, auto categorisation can be helpful in two areas: determining whether a piece of content is a record or not and then assigning that record to its logical spot in the classification scheme. The technology analyses the record to determine what it is and where it goes. In most cases this analysis is based on the content of the record itself. For a record that contains text-type information, such as Microsoft Word, , PDFs, project files, and others, the text can be analysed. For records that are images, some solutions can use character recognition technologies like OCR and barcodes to extract meaning from the image and analyse that. For other types of content, and even for some of these types as well in some systems, the application analyses the metadata of the record. For this might include date sent and address of the sender, while for a Word document it might include the title of the document or its author. Even the file format itself could provide initial analysis; for an engineering firm, for example, the mere fact that a document is a CAD drawing or a.dwg file could be enough to start the classification process (though it would almost certainly not end there). Software and or services that support the claim and ownership of intellectual capital and artefacts belonging to an organisation. Software that supports scanning and the interpretation into digital formats. Depending on the reason for an image being scanned there may be special requirements as to the quality of the image. For example scanning a tax invoice does not need to be high quality whereas LINZ scanning a map for a record of a property needs to have a very high quality image. Includes 3D scanning of objects. Document Version 1.0 Page 43 of 80

44 A Enterprise Search A Optical Character Recognition (OCR) A Data and Information Analytics A Version Control A Other Data and Information Services Software and or services that support the search information within an enterprise (though the search function and its results may still be public). Enterprise search can be contrasted with web search, which applies search technology to documents on the open web, and desktop search, which applies search technology to the content on a single computer. Enterprise search systems index data and documents from a variety of sources such as: file systems, intranets, document management systems, , and databases. Many enterprise search systems integrate structured and unstructured data in their collections. Enterprise search systems also use access controls to enforce a security policy on their users. Software that supports scanning and the interpretation of images into digital formats. Depending on the reason for an image being scanned there may be special requirements as to the quality of the image. For example scanning a tax invoice does not need to be high quality whereas LINZ scanning a map for a record of a property needs to have a very high quality image. Includes 3D scanning of objects. Software and or services to support text, voice, video, sound analytics. This involves information retrieval, lexical analysis to study word frequency distributions, pattern recognition, tagging/annotation, information extraction, data mining techniques including link and association analysis, visualisation, and predictive analytics. The overarching goal is, essentially, to turn text, voice, video, sound into data for analysis, via application of natural language processing (NLP) and analytical methods. Software and or services to support version control. Most commonly run as stand-alone applications, but revision control is also embedded in various types of software such as word processors and spreadsheets. Note: It is also covered by the "Content Control" application category within the "Content " application area and in various content management systems. Other Data and Information Services without a defined application category. A4.08 Geospatial Information Software and or services that supports geospatial information. Geospatial information is information describing the location and names of features beneath, on or above the earth's surface. A Cartography A Collection and Manipulation of Satellite and Aerial Photographs A Geometric Networks A Geocoding (Forward Geocoding) Software that supports the creation of maps. Includes hydrography. Software which supports the modification or analysis of imagery information. Software that supports modelling of common networks and infrastructures found in the real world. Water distribution, electrical lines, gas pipelines, telephone services, and water flow in a stream are all examples of resource flows that can be modelled and analysed using a geometric network. Software that supports Geocoding. This is sometimes called forward geocoding and is the process of enriching a description of a location, most typically a postal address or place name, with geographic coordinates from spatial reference data such as building polygons, land parcels, street addresses, ZIP codes (postal codes) and so on. Geocoding facilitates spatial analysis using Geographic Information Systems and Enterprise Location Intelligence systems. Document Version 1.0 Page 44 of 80

45 A Geospatial Data Analysis A Geospatial Data Collection A Hydrological Modelling A Imagery A Reverse Geocoding A Spatial Data Infrastructure Supports the application of statistical analysis and other informational techniques to geographically based data. Also known as Geostatistics. Software that supports the collection or management of geospatial information. Includes hydrographic data collection Software that supports Hydrologic modelling. They are primarily used for hydrologic prediction and for understanding hydrologic processes. Software that supports the collection of information via satellite and aerial photography. Software that supports Reverse Geocoding. Reverse geocoding is the process of enriching geographic coordinates with a description of the location, most typically a postal address or place name. Software that supports linking online spatial data and allowing it to be discovered, accessed and used. A Topological Modelling Software that supports modelling utilising the topological properties of spatial objects. Topology is one of the mechanisms to describe relationships between spatial objects. Thus, it is the basis for many spatial operations. A Spatial Data Modelling Software that supports modelling of spatial data. This includes: - Vector data representation as discrete points, lines, and polygons. - Raster data representation of landscapes as a rectangular matrix of square cells. - Projections - Tiling. It supports the Geo Service Standards. A4.09 Content System A Content Categorisation A Content Control A Content Library A Content Publishing Software used to track, store and retrieve content. It is usually capable of keeping track of the different versions created by different users (history tracking). Software and or services that support the categorisation of content, both electronic and physical, and artefacts using metadata for aggregation, Software and or services that support the control of content and artefacts used by an organisation and its stakeholders. Content control is used to put in place defined processes around the development, publication and withdrawal/retirement of documents. On line repository of content, documents, letters, speeches, web sites, books, or articles to be shared. Software and or services that supports the collection, managing, and publishing of information in any form or medium, including intranet, internet, etc. When stored and accessed via computers, this information has come to be referred to, simply, as content or, to be precise, digital content. Digital content may take the form of text (such as electronic documents), multimedia files (such as audio or video files), or any other file type that follows a content lifecycle requiring management. Document Version 1.0 Page 45 of 80

46 A Content Workflow Software and or services that supports routing documents (or pages) between users responsible for working on them. This is often used to implement a review and sign-off process for new or updated content. Workflow is the management of who exactly is working on a ContentElement or ContentTemplate, what exactly they are doing, and when. The workflow reporting system sends messages to others working on a page, with details of actions taken. Different workers can have assigned roles. Notification may be sent to the roles rather than the individuals. Typical roles are writers, copy editors, editors, illustrators, graphic artists, rights clearance managers, lawyers, (multilingual) localizers, and publishers. Note: This is specialised workflow software. Generic workflow software and services can be found in the ICT Service Components domain. Document Version 1.0 Page 46 of 80

47 A5.01 Accountability A5.05 Identity Directory Governance Service and ComponentsA5 A5.06 A5.02 Operations Identity Functional Administration Identity Core and Access A5.03 A5.07 Authentication Identity Services Interoperability Service A5.04 A5.99 Authorisation Other Identity Service and Service Access Identity and Access Services A5.05 Directory Service A5.03 Authentication Service Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A5 Identity and Access Services A5.01 Identity Governance and Accountability A Policy / Rule / Requirements Development Description Software and services to support Identity and access management (IAM), identifying, controlling and auditing interactions with government assets. This enables the security discipline of authorised access to the right resources at the right times for the right reasons. Software and or services at which entities create, monitor, and enforce rules, guidelines, and requirements for executing the IDESG functional elements across communities or actors. Unlike the administration and operations layer, the governance and accountability layer is specifically intended to address cross entity efforts rather than enterprise or internal governance. Software and or services for creating a trust framework including identifying or adopting rules, requirements, and policy for governing the use of identities and identity technology within a specific community. A Identity Accreditation Software and or services for the evaluation, approval and formal recognition that an entity is capable of carrying out certification or assessment activities for a trust framework. A Identity Certification A Identity Reporting A Role / Persona Engineering & Modelling A Separation of Duties (SoD) Compliance Software and or services for the evaluation, approval and formal recognition that an entity is capable of carrying out certification or assessment activities for a trust framework of assessing, validating, and determining that a product or service provider meets the defined requirements of a trust framework. Software and or services to support identity performance reporting; such as revocation lists, user accounts list, incidents, recovery, redress etc. Software and or services to support modelling of personas and roles within an organisation. Software and or services to enforce separation of duties for tasks where additional fail safes are required or advisable to prevent loss due to fraud or mistake. A Identity Conformance Software and or services to support the process of reviewing and collecting evidence of an entity s conformance with enterprise rules, policies, and requirements. A5.02 Identity Administration and Operations Software and or services to administer and support the basic operations and functions that may occur in online identity-related interactions grouped into core operations. Not all elements will be invoked in every identity interaction, and some may be invoked multiple times. While logically some functions are likely to occur before or after others, there is no explicit order specified in the model. Document Version 1.0 Page 47 of 80

48 A Role A Identity Workflow Design and Implementation A Identity Provisioning A Identity Updates (Periodic & Event Based) A Identity Recovery A Identity Redress A Identity Assurance A Identity Entitlement & Access Audit Software and or services providing centralised or federated role management function to a single set of organisations and services regardless of geographic location. Software and or services to design and implement workflow solutions to Identity & Access requirements. Software and or services supporting the provisioning of approved identities and access controls such as the creation of accounts on target enterprise applications in response to a user profile. Software and or services by which an entity updates accounts, attributes, credentials, and other identity information to determine eligibility for an entitlement; may be periodic in nature or event based (e.g., marriage, end of subscription, etc.), including revocation. Software and or services to support identity recovery; this includes the continuity of credentials, attributes, and other identity services following a security or privacy event (e.g., data breach, disruption of services, etc.) All ecosystem participants are responsible for executing recovery activities. Software and or service that support reconciliation of errors that occur during the operations and processes of an identity system. All ecosystem participants must execute redress activities. Software and or services to determine, with some level of certainty, that a claim to a particular identity by some entity can be trusted to be the claimant's "true" identity. Software and or services to enable an organisation to certify users, and support the process of reviewing and collecting evidence of an entity s conformance with the rules, policies, and requirements for a trust framework or community. This is essentially an audit of the entitlements that personnel hold to ensure they do not have entitlements that they should not hold. A5.03 Authentication Service Software and or services used to confirm the identity of a user. A Adaptive Authentication A Authentication Brokerage A Multi-factor Authentication A Out of Band Authentication Software and or service that support a risk based approach to authentication where the complexity of the authentication "challenge" is determined by the risk of the transaction. Factors considered in determining the risk include the profile of the user, connection type, IP geolocation and keystroke dynamics) Software and or service that support centralised responsibility for authenticating the consumer and issuing them with a credential that can be used to access services. Software and or service that supports multi-factor authentication that requires the presentation of two or more of the three authentication factors, being the knowledge factor (something the user "knows), the possession factor (something the user "has") and the inherence factor (something the user "is"). Software and or service that supports authentication performed over a network or channel separate from the primary network or channel - used in multi-factor authentication. An example of this is sending users a one-time password via their cell phone, which is required to complete the authentication process. Document Version 1.0 Page 48 of 80

49 A Biometrics A Simple Key Protocol (SKIP) A Web Services Security (WS Security) A5.04 Authorisation and Access Service A Enterprise SSO A Federation Service A Access Control A Web Access A Web SSO A Delegation Service Software and or service that supports biometrics; biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric authentication is used as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are often categorised as physiological versus behavioural characteristics. - Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent. - Behavioural characteristics are related to the pattern of behaviour of a person, including but not limited to typing rhythm, gait, and voice. Software and or services that support Simple Key Protocol (SKIP) - a protocol developed by Sun Microsystems to handle key management across IP networks and VPNs. ( Software and or services that support Web Services Security (WS Security); describes enhancements to SOAP (Simple Object Access Protocol) messaging to provide message integrity, message confidentiality and single message authentication. Software and or services to provide authorised access management to resources. SSO = Single Sign On. Software and or services to store and transmit encrypted user credentials across local and network boundaries, including domain boundaries. SSO stores the credentials in the credential database. Because SSO provides a generic single sign on solution, middleware applications and custom adapters can take advantage of SSO to securely store and transmit user credentials across the environment. End users do not have to remember different credentials for different applications. Software and or services to maintain the relationship between identity providers and service providers whereby authentication is performed by the identity provider and is then used by service providers to make authorisation decisions. Software and or services to support provisioning of user access rights based on their assumed roles or attributes. Software and or services to control access to web resources, providing authentication management, policy based authorisations, and reporting services. SSO = Single Sign On. Software and or services to support users to access resources over the internet using a single set of user credentials. The user provides a set of credentials to log onto different web sites that belong to different organisations. Software and or services to support a delegation service, such as where consent is provided for legal or financial liable transactional activities. Document Version 1.0 Page 49 of 80

50 A5.05 Directory Service Software and or services that store, organize and provide access to information held within a directory, which can be considered a map between objects and information about those objects, typically described as attributes. Attributes of objects can be made secure so that only users with the available permissions are able to access it. Examples of directory services include Active Directory, Open LDAP, e-directory and other implementations of the X.500 ISO/IEC 9594 directory services standards. A5.06 Identity Functional Core Components A Registration Components A Identity Application A Registration Attribute Control A Registration Attribute Verification A Registration Decision A Credentialing Components A Credential Provisioning A Token Binding A Attribute Binding A Identity Revocation A Authentication Components A Authentication Request A Credential Presentation A Credential Validation A Authentication Decision Software and or services that provide the basic identity operations that may occur in online identity-related interactions grouped into core operations. Not all elements will be invoked in every identity interaction, and some may be invoked multiple times. While logically some functions are likely to occur before or after others, there is no explicit order specified in the model. Components that support the process that establishes a digital identity for the purpose of issuing or associating a credential. Supports process by which an entity or agent requests initiation of registration. Supports process of managing and releasing attributes for the purposes of registration. Supports process of confirming or denying that claimed identity attributes are correct and meet the pre-determined requirements for accuracy, assurance, etc. Supports decision that an entity does or does not meet the pre-determined eligibility requirements for a digital identity or credential. Components that support the process to bind an established digital identity with a credential. Supports process by which ownership of a credential is conferred, confirmed, or associated with a digital identity. Supports process of binding a physical or electronic token to a credential. Supports process of binding attributes to a credential. Supports process by which an issuing authority renders a digital identity, issued credential, token, or verified attribute invalid for authentication or authorisation. Components that support the process determining the validity of one or more credentials used to claim a digital identity. Supports process by which authentication is initiated by an entity. Supports process by which an entity submits a credential for the purposes of authentication. Supports process of establishing the validity of the presented credential. Supports decision to accept or not accept the results of the credential validation process. Document Version 1.0 Page 50 of 80

51 A Authorisation Components A Authorisation Request A Authorisation Attribute Control A Authorisation Attribute Verification A Authorisation Decision A Transaction Intermediation A Identity Blinding Components that support the process of granting or denying specific requests for access to resources. Supports process by which authorisation is initiated by an entity. Supports process of managing and releasing attributes for the purposes authorisation. Supports process of confirming or denying that claimed attributes are correct and meet the pre-determined requirements for authorisation; typically, these attributes for authorisation have not been bound to the credential or previously available to the organisation making the authorisation decision. Supports decision to grant and deny access to a resource based on the results of the authorisation processes and policies. Processes and procedures that limit linkages between transactions and facilitate credential portability. Support process by which service providers involved in a transaction are prevented from observing each other (i.e., a relying party does not know which credential service provider an entity is utilizing in a transaction or vice versa). Based upon the transaction type and the number of service providers involved, blinding may be done to prevent a single, multiple, or all transactional partners from viewing the other participating services. A Identity Pseduonymisation Supports process by which an intermediary prevents service providers from linking a digital identity with a particular person or entity. A Transaction Consent Supports process by which consent is granted to an intermediary, such as in conducting liability transactions (Land Online, Lawyers, Accountants etc.), or sharing personal information. A5.07 Identity Interoperability Software and services to support processes and procedures that limit linkages between transactions and facilitate credential portability. This allows entities in the identity ecosystem establish and maintain the ability to communicate and exchange identity data. A Identity Mapping A Identity Credential Exchange A Identity Policy / Rule Exchange A Identity Translation Software and or service to support the mapping of different identities on various platforms, user repositories and applications to a single identity. It can be used with a range of authentication mechanisms to allow one repository to authenticate the user and for this to be passed to another platform for authorisation even when the identities differ. Software and or service to support the process of facilitating technical (including semantic) interoperability to support credential portability between participants within a specific community or across the identity ecosystem. Software and or service to exchange policy and rules for governing the use of identities and identity technology. Software and or service by which one identity format is translated to another for consumption by different entities involved in a transaction. Document Version 1.0 Page 51 of 80

52 A Security Assertion Markup Language (SAML) Software and or services that support Security Assertion Markup Language (SAML) - an XML-based framework for exchanging security information expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. SAML is expected to play a key role in the federal-wide e-authentication initiative and is supported by both the Liberty Alliance and WS Security. A5.99 Other Identity Service Other identity service and or software without a specific application area or application category. Document Version 1.0 Page 52 of 80

53 A6.01 A6.05 Encryption Digital Forensics Services A6.06 A6.02 Enterprise Network Security Security Service A6.03 Security Services Public Key Infrastructure (PKI) A6.04 Security Controls Security Services A6.05 Digital Forensics A6 Security Services Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A6 Security Services Description The Security Services domain defines the methods of protecting information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide integrity, confidentiality and availability. That is, protecting the assets at rest and in-transit. A6.01 Encryption Services Software and or services that ensure network protection and information assurance through encryption and decryption. Defines the methods of protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability. Biometrics, two-factor identification, encryption, and technologies based on the NIST FIPS-140 standards are particular areas of focus. A Crypto Key A Drive Encryption A Information Encryption A Network Encryption A Removable media encryption Software and or services that support Crypto Key (CKM) or Key Variable (KVM) which includes all of the activities involved in the handling of cryptographic keys during the entire life cycle of the keys, in accordance with an agreed security policy. These can be used in addition to certificates and digital signatures. Encryption of data stored on local drives or encryption of the complete local drive for thick clients. Software and or services to protect the information that is exchanged across organisations networks, and/or externally with other organisations. Includes protection of information at rest, particularly in Cloud architecture. Includes products used to apply cryptographic protection to a data set, file or drive. Software and or services used to apply crypto services at the network transfer layer. Software that provides device encryption for portable storage devices. A6.02 Network Security Service Software and or service to support security requirements in and across ICT networks. Note: Network Encryption is covered under the Encryption Services. A Infrastructure Guard A Internet Protocol Security (IPSec) Connect networks of different security policy and usage areas to control traffic flow in-between the networks following a set of predefined rules for Infrastructure Services. Software and or services that support Internet Protocol Security (IPSec). Document Version 1.0 Page 53 of 80

54 A Network Access Control A Secure Multipurpose Internet Mail Extensions (S/MIME) A Secure Sockets Layer (SSL) A Secure Shell (SSH) A Transport Layer Security (TLS) A6.03 Public Key Infrastructure (PKI) Services A Digital Certificate A Client Authentication (Personal Certificates) A Digital Certificate Revocation A Digital Certificate Issuing A Digital Certificate Authentication Software and or services that provides the configuration of devices connecting to the network based on endpoint security (such as OS patch level, antivirus updates, host IPS, etc.) user and system authentication and network security enforcement. The NAC will protect the network by preventing non-compliant clients from accessing the network at the IP-level. In case of non-compliance a remote user will be redirected to a network quarantine segment where the client can be updated to the level of required compliancy. Includes VLAN assignment. Software and or services that support Secure Multipurpose Internet Mail Extensions (S/MIME); provides a consistent way to send and receive secure MIME data. Based on the Internet MIME standard, S/MIME provides cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and data confidentiality (using encryption). S/MIME is not restricted to mail: it can be used with any transport mechanism that transports MIME data, such as HTTP. Software and or services that support Secure Sockets Layer (SSL); an open, nonproprietary protocol for securing data communications across computer networks. SSL is sandwiched between the application protocol (such as HTTP, Telnet, FTP and NNTP) and the connection protocol (such as TCP/IP, UDP). SSL provides server authentication, message integrity, data encryption and optional client authentication for TCP/IP connections. Software and or services that support Secure Shell (SSH); a strong method of performing client authentication. Because it supports authentication, compression, confidentiality and integrity, SSH is used frequently on the Internet. SSH has two important components: RSA certificate exchange for authentication and Triple DES for session encryption. Software and or services that support the Transport Layer Security (TLS) standard for the next generation SSL. TLS provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering or message forgery. Software and or services that manage Public Key Infrastructure (PKI) that includes policies and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Software and or services to manage and use certificates to secure access to information. Software and or services to provide authentication of personal certificates for client applications during the handshake in order to confirm their identity. Software and or services to support the revocation of digital certificates. Software and or services used by a certification authority (CA) to issue digital certificates and secure access to information. Software and or services to support Digital Certificate Authentication; authentication implementation for controlling access to network and Internet resources through managing user identification. An electronic document (digital certificate) is issued and used to prove identity and public key ownership over the network or Internet. Document Version 1.0 Page 54 of 80

55 A Digital Signature A Document Signing A Time Stamping Service A Transaction Signing A Key Generation Software and or services that support Digital Signature that specifies a digital signature algorithm (DSA) appropriate for applications requiring a digital, rather than written, signature. The DSA authenticates the integrity of the signed data and the identity of the signatory. The DSA may also be used to prove that data was actually signed by the generator of the signature. Digital signatures can provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid. Software and or services to create a digital signature for a document using such data as account numbers, transaction amounts and timestamp. This is to preserve data integrity and ensure authenticity, rendering any changes made to a document after it has been electronically signed, and invalid. This cryptographically binds an electronic identity to an electronic document. Software and or services to provide a trusted time stamping service. Digital signatures can also provide non-repudiation; some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid. Software and or services to create a digital signature for a transaction using such data as account numbers, transaction amounts and timestamp. This is to preserve data integrity and ensure authenticity, rendering any changes made to a transaction after it has been electronically signed, and invalid. This cryptographically binds an electronic identity to an electronic transaction. Software and or services to generate keys. A6.04 Security Controls Software that supports security controls. A Application Whitelisting A Content Security Control A Decommissioning and Disposal Software and or services to only allow approved applications to run on user s device. Software used to control information content received or sent via web, or other means, between networks, organisations, or domains/zones (especially over the Internet). Includes content filtering and application of censorship or classification rules on material (files, documents). Software and or services to support system decommissioning, media sanitisation destruction and disposal. A Device Port Manager Controls read & write access to external ports & portable storage devices (USB devices at a minimum). A Perimeter Protection Software and or service to securely control network access to and/or from a device, or between network zones/domains includes host firewalls, gateways, data diodes, cross domain solutions. A Physical Access Security Services Software to regulate entry to facilities, turnstiles, gates, campuses, doors, equipment rooms, racks, server and network devices, and cabling infrastructure, etc. Document Version 1.0 Page 55 of 80

56 A Radio Spectrum Security Controls A Virus Protection A Other Security Controls Software to or services that protect information and assets implying RF spectrum devices such as mobile phone jammers, electronic counter measures (ECM) equipment, remote controlled improvised explosive devices (RCIED). Software used to prevent, detect, and remediate infection or self-replicating programs that run and spread by modifying other programs, files or operating systems of government computing assets. Anti-virus Tools provide protection against viruses and other threats at the device level. Common components that are included are real time, scheduled and manual scans. Other security control software and or services that do not have a specific application category. A6.05 Digital Forensics Software or services that support the practice of gathering, retaining, and analysing computer-related data for investigative purposes in a manner that maintains the integrity of the data. A Computer Forensics A Mobile Device Forensics A Network Forensics Software and or services that support computer forensics. Computer forensics explains the current state of a digital artefact; such as a computer system, storage medium or electronic document. The discipline usually covers computers, embedded systems (digital devices with rudimentary computing power and on-board memory) and static memory (such as USB pen drives). Computer forensics can deal with a broad range of information; from logs (such as internet history) through to the actual files on the drive. Software and or services that support mobile device forensics. Mobile device forensics is a sub-branch of digital forensics relating to recovery of digital evidence or data from a mobile device. It differs from Computer forensics in that a mobile device will have an inbuilt communication system and proprietary storage mechanisms. Mobile devices are also useful for providing location information; either from inbuilt gps/location tracking or via cell site logs, which track the devices within their range. Software and or services that support network forensics. Network forensics involves monitoring and analysis of computer network traffic, both local and WAN/internet, for the purposes of information gathering, evidence collection, or intrusion detection. A Forensic Data Analysis Software and or services that support forensic data analysis. Forensic data analysis examines structured data with the aim to discover and analyse patterns of fraudulent activities resulting from financial crime. A Database Forensics A6.06 Enterprise Security A Intrusion Prevention Software and or services that support database forensics. Database forensics is a branch of digital forensics relating to the forensic study of databases and their metadata. Investigations use database contents, log files and in-ram data to build a timeline or recover relevant information. Software and or services that supports security management for an organisation. Software and or service to prevent unauthorised access to a government network or information system. Document Version 1.0 Page 56 of 80

57 A Intrusion Detection A Security Audit Trail and Capture A Security Configuration Manager A Security Incident A Security Intelligence and Analysis A Security Metrics A Security Reporting Software products that gather and analyse information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisations) and misuse (attacks from within the organisations.) Products that monitor network and/or system activities for malicious activities or policy violations and produces reports to a Station. Some services may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention services are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organisations use them for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. Software that supports the set of capabilities to support the identification and monitoring of activities within an application, system, or network. Software and or services to manage, report on and enforce required security configuration of client devices. Also known as audit logging, where it describes the set of capabilities to support the identification and monitoring of activities within an application, system, or network. Software that supports the set of capabilities to provide active response and remediation to a security incident that has allowed unauthorised access to a government information system. Covers the detection, reporting, and resolution management of information security incidents. Software and or services that support security intelligence and analysis. Software and or services to support the key performance indicators measuring effective security management such as event detection, incidents, and vulnerabilities addressed. Software and or services to support reporting across incidents, intrusions, threats etc. in order to track conformance of security services against organisational security and privacy policy. Document Version 1.0 Page 57 of 80

58 A7.01 Tools A7.05 Business Cloud Services Process A7.02 A7.06 ICT Core Components ICT Operation A7 ICT Services Components, Services A7.03 and xa7.07 Tools ICT Host and Development Layering Tools Environment A7.04 ICT Tools ICT Components, Services and Tools A7.05 Cloud Services xa7.07 Host Layering Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A7 ICT Components, Services and Tools A7.01 Business Process Tools A Business Activity Monitoring (BAM) A Business Process Modelling and Simulation A Business Process Engine (BPE) Description Software and services for operational management and maintenance of applications, ICT components and services. Software and or services that allows organisations to abstract business process from technology infrastructure and support the managerial approach through enabling technology, bridging organisational and technology silos. Business activity monitoring (BAM) is Software and or services that aids in monitoring of business activities, as those activities are implemented in computer systems. One of the most visible features of BAM solutions is the presentation of information on dashboards that contain key performance indicators (KPIs) used to provide assurance and visibility of activity and performance. This information is used by technical and business operations to provide visibility, measurement, and assurance of key business activities. It is also exploited by event correlation to detect and warn of impending problems. Although BAM systems usually use a computer dashboard display to present data, BAM is distinct from the dashboards used by business intelligence (BI) insofar as events are processed in real-time or near real-time and pushed to the dashboard in BAM systems, whereas BI dashboards refresh at predetermined intervals by polling or querying databases. Depending on the refresh interval selected, BAM and BI dashboards can be similar or vary widely. Note: Some BAM solutions additionally provide trouble notification functions, which allow them to interact automatically with the trouble ticket system. For example, whole groups of people can be sent s, voice or text messages, according to the nature of the problem. Automated problem solving, where feasible, can correct and restart failed processes. Process modelling tools provide business users with the ability to model their business processes, implement and execute those models, and refine the models based on as-executed data. As a result, business process modelling tools can provide transparency into business processes, as well as the centralisation of corporate business process models and execution metrics. Process Modelling and simulation functionality allows for pre-execution whatif modelling and simulation. Post-execution optimisation is available based on the analysis of actual as-performed metrics. A business process engine (BPE) is a software framework that enables the execution and maintenance of process workflows. It provides business process interaction and communication between different data/process sources spread across one or more IT applications and services. BPE automates linking processes and their activities in an enterprise IT environment. Document Version 1.0 Page 58 of 80

59 A Business Process Monitoring A Workflow Engine Business process monitoring tools provide real-time scrutiny of an activity or set of activities that have been set up to accomplish a specific organisational goal. As part of a larger business process management initiative, business process monitoring enables an organisation to measure and analyse process performance to identify critical process problems pro-actively, using data to make decisions that will improve the speed, quality and efficiency of business processes. A workflow engine is a software application that defines a process, the rules governing process decisions, and routes information. It is a key component in workflow technology and typically makes use of a database server. A workflow engine manages and monitors the state of activities in a workflow, such as the processing and approval of a loan application form, and determines which new activity to transition to according to defined processes (workflows). The actions may be anything from saving an application form in a document management system to sending a reminder to users or escalating overdue items to management. A workflow engine facilitates the flow of information, tasks, and events. Workflow engines may also be referred to as a Workflow Orchestration Engines. Workflow engines mainly have three functions: - Verification of the current status: Check whether the command is valid in executing a task. - Determine the authority of users: Check if the current user is permitted to execute the task. - Executing condition script: After passing the previous two steps, workflow engine begins to evaluate condition script in which two processes are carried out, if the condition is true, workflow engine execute the task, and if execution successfully complete, it returns the success, if not, it reports the error to trigger and roll back the change. A workflow engine is a core technique for task allocation software application, such as BPM in which the workflow engine allocates task to different executors with communicating data among participants. A workflow engine can execute any arbitrary sequence of steps, for example, a healthcare data analysis. A7.02 ICT Components ICT Components that can be used to make new business applications and services or is used in business processes. A Alerts A Inbound Correspondence Component A Notifications A Outbound Correspondence Component A Personalisation A Rating Engine Components that generate alerts based upon settings or rules. Components to support externally initiated communication between an organisation and its stakeholders. Component that sends a notification based upon an alert or rules. Components to support internally initiated communication between an organisation and its stakeholders. Personalisation allows a user or customer to change preferences about user interfaces / portals in terms of the way that data is displayed, levels of detail, and even language. Component that rates atomic events or transactions based on upon rules applied to data associated with the event or transaction. Rates can be event or transaction specific, for example each lookup of a database cost $x.xx, or that can use customer specific rates, so that each lookup of a database, for customer xyz cost $x.xx. Document Version 1.0 Page 59 of 80

60 A Storefront / Shopping Cart A Subscriptions A Other ICT Components A7.03 ICT Development Environment and Tools A Development Frameworks A Development Resource Libraries A Forms A Integrated Development Environment A Mash-up Editor A Software Configuration A Software Development Kit A Testing Tools A Security Testing Tools A Test Automation Tools A User Innovation Toolkit A Validation Tools A Other Development Environment and Tools Component to support the online equivalent of the supermarket cart, where orders and merchandise are placed. Allow users to subscribe and unsubscribe to a service. Any other ICT Components for which there no applicable application category. Note: Components may be found in a number of the application areas. Software and or services that forms development environments and related tools. Development frameworks such as a Java runtime environment or.net are required to allow applications or applets based on those frameworks to execute. Incompatibility issues can arise when different versions of the frameworks are required on a single device. This can be resolved using Application Virtualisation Client and its associated backend technologies, as each virtual bubble forms an isolation barrier. A collection of resources used to develop software which may include prewritten code and subroutines, classes, values or type specifications. Software and or services that support the creation, modification, and usage of physical or electronic documents used to capture information within the business cycle. Software and or services that provides comprehensive facilities to computer programmers for software development. Software and or services that uses and combines data, presentation or functionality from two or more sources to create new services. The main characteristics of the mash-up are combination, visualisation, and aggregation. Software to track and control changes in the software including the establishment of baselines and revision control. Software development tools that allow for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar platform. Software and or services that support testing of infrastructure, software, and services against requirements. Software and or service to support security testing, for example penetration testing of web portals, networks, ICT assets. Software and or services that support automated testing of infrastructure, software, and services against requirements. Software toolkit based on the idea that manufacturers possess the knowledge of the solution possibilities, while the users possess the knowledge about needs. Software tools that check web pages for accessibility and syntactical correctness of code. Any other development environment or tools without a suitable application category. Document Version 1.0 Page 60 of 80

61 A7.04 ICT Tools ICT tools support the day to day operations and management of ICT. It includes tools enabling the ICT support organisation to quickly resolve or escalate issues and problems, improve root cause isolation, and provide higher levels of business user satisfaction. Using this business view, IT support organisations manage incidents, problems and service requests throughout their life cycles at a more efficient and effective rate. A Fault A ICT Configuration Database (CMDB) A ICT Definitive Media Library (DML) A Monitoring Software and or services that detects, isolates, and corrects malfunctions in a telecommunications network and compensates for environmental changes. This includes maintaining and examining error logs, accepting and acting on error detection notifications, tracing and identifying faults, carrying out sequences of diagnostics tests, correcting faults, reporting error conditions, and localizing and tracing faults by examining and manipulating database information. A configuration management database (CMDB) is a repository that acts as a data warehouse for information technology (IT) organisations. Its contents are intended to hold a collection of IT assets that are commonly referred to as configuration items (CI), as well as descriptive relationships between such assets. When populated, the repository becomes a means of understanding how critical assets such as information systems are composed, what their upstream sources or dependencies are, and what their downstream targets are. CMDBs are used to keep track of the state of different things that are normally referred to as assets, such as products, systems, software, facilities, and people as they exist at specific points in time, as well as the relationships between such assets. The maintenance of such state related information allows for things like the reconstruction of such assets, at any point in their existence, as well as for things such as impact analysis, in the cases of root cause analysis or change management. A Definitive Media Library (DML) is a secure Information Technology repository in which an organisation's definitive, authorised versions of software media are stored and protected. Before an organisation releases any new or changed application software into its operational environment, any such software should be fully tested and quality assured. The Definitive Media Library provides the storage area for software objects ready for deployment and should only contain master copies of controlled software media Configuration Items (CIs) that have passed appropriate quality assurance checks, typically including both procured and bespoke application and gold build source code and executables. In the context of the ITIL best practice framework, the term Definitive Media Library supersedes the term Definitive Software Library referred to prior to version ITIL v3. In conjunction with the Configuration Database (CMDB), it effectively provides the DNA of the data center i.e. all application and builds software media connected to the CMDB record of installation and configuration. The Definitive Media Library (DML) is a primary component of an organisation's release and provisioning framework and service continuity plan. Software and or services that continuously records performance, capacity use, throughput of computer hardware or software and provides notification about deviations from normal. Note: This includes utilities that are deployed down to the infrastructure level to monitor hardware performance and generate log files etc. Document Version 1.0 Page 61 of 80

62 A Software Asset Software and or services that supports license management. Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilisation, and disposal of software applications within an organisation. The goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity. Note: A software license manager is different from a software asset management tool, which end-user organisations employ to manage the software they have licensed from many software vendors. A Software Distribution Software and or services that supports distribution of software, propagation, installation and upgrade of written computer programs, applications and components. A Software License Manager A ICT Diagnostic Tools A Network Tools A Other ICT Tools A software license manager is a software management tool used by Independent software vendors or by end-user organisations to control where and how software products are able to run. License managers protect software vendors from losses due to software piracy and enable end-user organisations to comply with software license agreements. License managers enable software vendors to offer a wide range of usage-centric software licensing models, such as product activation, trial licenses, subscription licenses, featurebased licenses, and floating licensing from the same software package they provide to all users. Note: A software license manager is different from a software asset management tool, which end-user organisations employ to manage the software they have licensed from many software vendors. Diagnostic tools to examine the state and configuration of ICT infrastructure, network, and software applications. Tools that pertain to the operation, administration, maintenance, and provisioning of networked systems. Network management is essential to command and control practices and is generally carried out of a network operations center. Any other ICT Tools that do not have an application category. A7.05 Cloud Services The Cloud Services area contains a range of ICT services that are provided externally to the agency such as cloud service and XaaS (X as a Service). A Cloud Computing Services A Community Cloud Cloud computing services are large groups of remote servers networked to allow the centralised data storage, and online access to computer services or resources. Cloud computing services can support various "X as a Service" models such SaaS, PaaS, IaaS, UCaaS. Community cloud shares infrastructure between several organisations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing are realised. Document Version 1.0 Page 62 of 80

63 A Hybrid Cloud A Personal Cloud A Private Cloud A Public Cloud Hybrid cloud is a composition of two or more clouds (private, community or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud can also mean the ability to connect collocation, managed and/or dedicated services with cloud resources. Gartner, Inc. defines a hybrid cloud service as a cloud computing service that is composed of some combination of private, public and community cloud services, from different service providers. A hybrid cloud service crosses isolation and provider boundaries so that it can t be simply put in one category of private, public, or community cloud service. It allows one to extend either the capacity or the capability of a cloud service, by aggregation, integration or customisation with another cloud service. Personal cloud is a collection of digital content and services which are accessible from any device. The personal cloud is not a tangible entity. It is a place which gives users the ability to store, synchronize, stream and share content on a relative core, moving from one platform, screen and location to another. Created on connected services and applications, it reflects and sets consumers expectations for how next-generation computing services will work. The four primary types of personal cloud in use today are: Online cloud, NAS device cloud, server device cloud, and home-made clouds. Private cloud is cloud infrastructure operated solely for a single organisation, whether managed internally or by a third-party, and hosted either internally or externally. Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment, and requires the organisation to re-evaluate decisions about existing resources. When done right, it can improve business, but every step in the project raises security issues that must be addressed to prevent serious vulnerabilities. Self-run data centres are generally capital intensive. They have a significant physical footprint, requiring allocations of space, hardware, and environmental controls. These assets have to be refreshed periodically, resulting in additional capital expenditures. They have attracted criticism because users "still have to buy, build, and manage them" and thus do not benefit from less hands-on management, essentially lacking the economic model that makes cloud computing such an intriguing concept. A cloud is called a "public cloud" when the services are rendered over a network that is open for public use. Public cloud services may be free or offered on a pay-per-usage model. Technically there may be little or no difference between public and private cloud architecture, however, security consideration may be substantially different for services (applications, storage, and other resources) that are made available by a service provider for a public audience and when communication is effected over a non-trusted network. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure at their data centre and access is generally via the Internet. AWS and Microsoft also offer direct connect services called "AWS Direct Connect" and "Azure ExpressRoute" respectively, such connections require customers to purchase or lease a private connection to a peering point offered by the cloud provider. Document Version 1.0 Page 63 of 80

64 A Infrastructure as a Service (IaaS) A Platform as a Service (PaaS) A Software as a Service (SaaS) A Unified Communications as a Service (UCaaS) A Other ICT Services A7.06 Core ICT Operation Services In the most basic cloud-service model & according to the IETF (Internet Engineering Task Force), providers of IaaS offer computers physical or (more often) virtual machines and other resources. (A hypervisor, such as Xen, Oracle VirtualBox, KVM, VMware ESX/ESXi, or Hyper-V runs the virtual machines as guests. Pools of hypervisors within the cloud operational supportsystem can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.) IaaS clouds often offer additional resources such as a virtual-machine disk image library, raw block storage, and file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles.[49] IaaS-cloud providers supply these resources on-demand from their large pools installed in data centres. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems and the application software. Cloud providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed. In the PaaS models, cloud providers deliver a computing platform, typically including operating system, programming language execution environment, database, and web server. Application developers can develop and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software layers. With some PaaS offers like Microsoft Azure and Google App Engine, the underlying computer and storage resources scale automatically to match application demand so that the cloud user does not have to allocate resources manually. The latter has also been proposed by an architecture aiming to facilitate realtime in cloud environments. Software as a service (SaaS) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software". SaaS is typically accessed by users using a thin client via a web browser. SaaS has become a common delivery model for many business applications, including office & messaging software, payroll processing software, DBMS software, management software, CAD software, development software, accounting, collaboration, customer relationship management (CRM), enterprise resource planning (ERP), invoicing, human resource management (HRM), enterprise content management (ECM) and service desk management. Note: A New Zealand Government Common Capability is called Enterprise Content as a Service (ECMS) and is an example of SaaS. In the UCaaS model, multi-platform communications over the network are packaged by the service provider. The services could be in different devices, such as computers and mobile devices. Services may include IP telephony, unified messaging, video conferencing and mobile extension etc. Any other ICT services which do not have an applicable application category. Services that support core ICT operations. This includes server configurations, network operation services, file services, etc. Document Version 1.0 Page 64 of 80

65 A Application Server A Communications Server A Compute / Simulation Server A Database Server A File Server A Mail Server A Server A Media Server A Name Server / DNS A Portal Server In a three-tier environment, a separate computer (application server) performs the business logic, although some part may still be handled by the user's machine. After the popularity of the Web exploded in the mid-1990s, application servers became Web-based. An application server's function is dedicated to the efficient execution of procedures (programs, routines, scripts) for supporting its applied applications. It acts as a set of components accessible to the software developer through an API defined by the platform itself. Communications servers are open, standards-based computing systems that operate as a carrier-grade common platform for a wide range of communications applications and allow equipment providers to add value at many levels of the system architecture. High performance servers used in simulation and modelling synthetic environments such as gaming, defence, mining, and medical industries. Refers to a collection of information organised in such a way that a computer program can quickly select desired pieces of data. A database management system (DBMS) is a software application providing management, administration, performance, and analysis tools for databases. A file server is a computer attached to a network that has the primary purpose of providing a location for shared disk access, i.e. shared storage of computer files (such as documents, sound files, photographs, movies, images, databases, etc.) that can be accessed by the workstations that are attached to the same computer network. A mail server is a computer that serves as an electronic post office for . Mail exchanged across networks is passed between mail servers that run specially designed software. This software is built around agreed-upon, standardised protocols for handling mail messages and any data files (such as images, multimedia or documents) that might be attached to them. A centralised device that receives information from sensors or agents on devices from around the network, allowing specialist personnel to analyse and manage the performance of those devices via a management console. Provide optimised management of media-based files such as audio and video streams and digital images. A name server is a computer hardware or software server that implements a network service for providing responses to queries against a directory service. It translates an often humanly-meaningful, text-based identifier to a systeminternal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request. An example of a name server is the server component of the Domain Name System (DNS), one of the two principal name spaces of the Internet. The most important function of DNS servers is the translation (resolution) of humanmemorable domain names and hostnames into the corresponding numeric Internet Protocol (IP) addresses, the second principal name space of the Internet which is used to identify and locate computer systems and resources on the Internet. Portals represent focus points for interaction, providing integration and singlesource corporate information. Document Version 1.0 Page 65 of 80

66 A Print Server A Proxy Server A Storage Server A Web Server A Other Server Configurations A7.07 Business Rules Tools A Business Rules System (BRMS) A print(er) server is a device that connects printers to client computers over a network. It accepts print jobs from the computers and sends the jobs to the appropriate printers, queuing the jobs locally to accommodate the fact that work may arrive more quickly than the printer can actually handle it. A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems. Today, most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity. Storage devices are designed to provide shared storage access across a network. These devices provide extended storage capabilities to the network with reduced costs compared to traditional file servers. A computer that provides World Wide Web services on the Internet. It includes the hardware, operating system, Web server software, TCP / IP protocols, and the Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an "intranet server." Other server applications types not defined. Software and or services that allows organisations to abstract and execute business rules from technology infrastructure and support the managerial approach through enabling technology, bridging organisational and technology silos. A BRMS or Business Rule System is a software system used to define, deploy, execute, monitor and maintain the variety and complexity of decision logic that is used by operational systems within an organisation or enterprise. This logic, also referred to as business rules, includes policies, requirements, and conditional statements that are used to determine the tactical actions that take place in applications and systems. A BRMS includes, at minimum: - A repository, allowing decision logic to be externalised from core application code. - Tools, allowing both technical developers and business experts to define and manage decision logic. - A runtime environment, allowing applications to invoke decision logic managed within the BRMS and executes it using a business rules engine. A Business Rules Engine A business rules engine is a software system that executes one or more business rules in a runtime production environment. The rules might come from legal regulation ("An employee can be fired for any reason or no reason but not for an illegal reason"), company policy ("All customers that spend more than $100 at one time will receive a 10% discount"), or other sources. A business rule system enables these company policies and other operational decisions to be defined, tested, executed and maintained separately from application code. Rule engines typically support rules, facts, priority (score), mutual exclusion, preconditions, and other functions. Document Version 1.0 Page 66 of 80

67 A8.01 Integration A8.02 Data Interoperability A8 Interfaces and A8.03 Integration Interface A8.04 Gateways Interfaces and Integration A8.01 Integration A8.02 Data Interoperability A8.03 Interface A8.04 Gateways Note: Detailed diagrams are available as.png files, and this table is available as an Excel file. Name A8 Interfaces and Integration Description The Interfaces and Integration application area refers to the collection of software and services that support how agencies will interface and integrate both internally and externally. This includes interfaces and integration with back office / legacy assets as well as the use of gateways and portals as points with which to integrate. A8.01 Integration Defines the software services enabling elements of distributed business applications to interoperate. In particular, service integration offers a set of architecture services such as platform and service location transparency, transaction management, basic messaging between two points, and guaranteed message delivery. A Services Integration In SOA compliant systems/services, provides the application functionality to manage SOA-based integration, including the Services Registry. A Enterprise Service Bus In SOA compliant systems/services, the software layer used for designing and implementing the interaction and communication between mutually interacting software applications in SOA environments. A Enterprise Application Integration (EAI) A Broker A Adapter A File Transfer A Legacy Integration Support the redesigning of disparate information systems into one system that uses a common set of data structures and rules. Refers to software used to 'broker' interfaces; typically with legacy systems that are not SOA compliant. This includes integration with various protocol or software specific adapters. Also includes mapping of data as it passes from the source system to the destination system(s). Refers to a protocol or software specific interface, typically for integration to a legacy system that is not SOA-enabled. Examples of adapters include API wrapper, FTP, Database, Message queuing, Siebel adapter. Refers to software or protocols specifically used for file transfer handling; such as FTP or SFTP protocols, and specialist utility applications. Support the communication between newer generation hardware/software applications and the previous major generation of hardware/software applications. A8.02 Data Interoperability Data Interoperability defines the software and or services for sharing data and services across disparate systems and vendors. A Data Structure Dictionary This service holds the data definition, structure, and metadata and mapping rules used by the data transformation service to map incoming messages to the required destination services or software. Document Version 1.0 Page 67 of 80

68 A Data Transformation Service The Data Transformation Service takes incoming messages and transforms and maps the data to the output format needed by the destination service or software. A8.03 Interface Software or services supporting the communicating, transporting and exchanging information through a common dialog or method. Delivery Channels provide the information to reach the intended destination, whereas Interfaces allow the interaction to occur based on a predetermined framework. A Service Discovery A Service Description / Interface A API A Electronic Business extensible Markup Language (ebxml) A RESTful APIs A Web API Software or services supporting the method in which applications, systems or web services are registered and discovered. For example: Universal Description, Discovery and Integration (UDDI) are a platform-independent, Extensible Markup Language (XML)-based registry by which businesses worldwide can list themselves on the Internet, and a mechanism to register and locate web service applications. UDDI is an open industry initiative, sponsored by the Organisation for the Advancement of Structured Information Standards (OASIS), for enabling businesses to publish service listings and discover each other, and to define how the services or software applications interact over the Internet. Software or services supporting the method for publishing the way in which web services or applications can be used. For example: The Web Services Description Language (WSDL) is an XML-based interface definition language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also referred to as a WSDL file), which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns. Software components that use an application programming interface (API) to communicate with each other. May include specifications for routines, data structures, object classes, and variables. Electronic Business using extensible Markup Language, commonly known as e- business XML, or ebxml as it is typically referred to, is a family of XML based standards sponsored by OASIS and UN/CEFACT whose mission is to provide an open, XML-based infrastructure that enables the global use of electronic business information in an interoperable, secure, and consistent manner by all trading partners. RESTful APIs do not require XML-based Web service protocols (SOAP and WSDL) to support their interfaces as they use HTTP. Representational State Transfer (REST) is a style of software architecture for distributed hypermedia systems such as the World Wide Web. A Web API is a development in Web services where emphasis has been moving to simpler representational state transfer (REST) based communications. RESTful APIs do not require XML-based Web service protocols (SOAP and WSDL) to support their interfaces. A Web Services (WS-*) A Web service is a method of communication between two electronic devices over a network. It is a software function provided at a network address over the Web with the service always on as in the concept of utility computing. WS- is a prefix used to indicate specifications associated with Web Services and there exist many WS* standards including WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust, WS- SecureConversation, WS-Federation, WS-Authorisation, WS-Privacy, WS-Test. Document Version 1.0 Page 68 of 80

69 A Other Application Interfaces Other application interfaces. A8.04 Gateways Software and or services used for information-layer gateways and automated electronic interfaces between networks or systems. Does not extend to boundary protection devices. Provides the various gateways that are used to provide automated electronic interfaces with external organisations or parties, and internally between communities of interest or network domains. A B2B Software and or services that provides B2B (Business to Business) gateway functionality. Includes variations such as C2G (Citizen to Government), G2G (Government to Government), and B2G (Business to Government). A Command and Control Software and or services that provides system-system gateway interaction for the exchange of C2 critical information, such as Battle System 'tracks', obstacles, events, items of interest. Typical standard here would be the Multilateral Interoperability Programme (MIP) JC3IEDM (STANAG 2252). A Formal Messaging A Informal Messaging A Remote Access A SMS/MMS A Web Access A Other Gateways Software and or services that provides system-system gateway interaction for official, mission critical messaging services that typically have attributes such as non-repudiation, full-traceability (audit tracking), guaranteed delivery timelines. Software and or services that provide system-system gateway interaction for services. This may just be an enterprise application, such as Microsoft Exchange, or an external providers own services. Software and or services that provides system-system gateway functionality to manage user remote-access to the organisations networks or systems. Typically web-based using VPN protocol and thin-client delivery. Software and or services that provides system-system gateway interaction for SMS or MMS messaging services. Software and or services that provides system-system gateway functionality to manage web-based access. Software and or services that provides other gateway types. For example: - Intelligence; provides system-system gateway interaction for exchange of intelligence-led information. Typical standard here would be the MAJIIC data model. Document Version 1.0 Page 69 of 80

70 Specialist Line of Business Applications The Specialist Line of Business Applications domain is intended to be used by agencies to add the unique business applications used to support specific functions within that agency, or could be a unique application supporting multiple agencies, for example within a sector such as health. Note: The specific line of business applications should have direct alignment to the Business Reference Taxonomy sub business functions or line of business. Note: This domain should not contain common business applications; a common application is where multiple agencies have an implementation of a business application category. Document Version 1.0 Page 70 of 80

71 Appendix GEA-NZ v3.0 Application and ICT Services Reference Taxonomy in Context with Other Artefacts These tables are showing the relationship of the GEA-NZ Application and ICT Services Reference Taxonomy in context with other artefacts. The legend used in the tables consists of solid black ticks showing a direct and easily attributable dependency, and a lighter grey tick that indicates a reduced level or limited dependency applicability. Strategy and Policy Artefact Description ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language Strategy and Policy All of Government Government ICT Strategy and Action Plan Better Public Services Results Government Common Capability Roadmap Action Plan / Government Common Capability Matrix Better Public Service / Government Common Capability Matrix Architecture Governance Recommendations Four Year Plans and Excellence Horizons AoG Risk and Assurance Framework Agency and Sector Agency Four Year Plan Agency Change Portfolio Agency Investment Plans Business Motivation Model Agency Information Systems Strategic Plan (ISSP) Agency ICT roadmaps Agency Architecture Governance Framework This is the guiding document for government ICT strategy for delivery of integrated digital services, information assurance and the realisation of the economic potential of the government s information holdings. A set of ten goals for improving public services across New Zealand. The prioritisation and sequencing of government common capabilities produced by the GCIO. Traceability from the Action Plan to government common capabilities produced by GCIO. Traceability from better public services to government common capabilities. Architecture governance recommendations the implementation of controls for the design of all architectural components and activities, to ensure effective evolution of architectures within the agency. It sets out compliance with internal and external standards and regulations, and guidelines that ensure accountability for the architectural solutions within and across agencies. Central agencies view across all agencies Four Year Plan, Excellence Horizon Programme and transformation programmes. GCIO Assurance artefacts including operational and project assurance frameworks. Four-Year Plans set out what the agency is seeking to achieve and how it plans to achieve this. It sets out how the agency intends to address challenges facing delivery of its strategy, including how it will manage within existing funding levels. This is the pipeline of potential change initiatives that are being contemplated at agency and sector level. These are the planned investments, prioritised and drawn from the change portfolio, which the agency/sector intends to undertake within its planning horizon. The BMM captures business requirements across different dimensions to justify what the agency is aiming to achieve, how it plans to get there, and how it assesses the result. It will provide a scheme and structure for developing, communicating, and managing business plans. The ISSP is the information technology component of the overall business strategy. It should cover the following aspects: people, data, policies, processes and systems. Agency roadmaps guided by ISSP, Strategy and Action Plan, and internal ICT initiatives. Architecture governance framework sets out the controls for the design of all architectural components and activities, to ensure effective evolution of architectures within the agency. It ensures the compliance with internal and external standards and regulations, and ensures the accountability for the architectural solutions within and across the agency. Legislation List of acts that are administered by the agency. Agency Policy and Governance List of relevant agency policies and related governance structures, including Investment, risk and assurance, enterprise programme management (EPMO), and enterprise design authority. Agency Risk and Assurance Framework Agencies are required to maintain an enterprise risk and assurance model and an associated hierarchy of risk registers. Document Version 1.0 Page 71 of 80

72 Performance Artefact Description ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises Performance ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government AoG Enterprise Architecture Maturity Assessment tool Enterprise Architecture (EA) maturity assessment guides agencies to improve their enterprise architecture capability to the level needed to achieve their strategic goals. Action Plan Performance Targets GCIO and Cabinet targets for government ICT transformation. Better Public Services Performance Results Benchmarking Administrative and Support Services Performance Improvement Framework Technology Performance Framework Agency Agency Enterprise Architecture Maturity Assessment results and improvement plan Agency Performance Improvement Model Agency Specific Customer Performance Measurements Agency Specific Action Plan Performance Targets Agency Specific Better Public Services Performance Targets Agency Benchmarking Administrative Support Services Report Agency Data and Information Quality Measurements Agency Application Portfolio Risk / Currency Heat Map Agency Technology Performance Measurements Better Public Services (BPS) results are State Services Commission targets for improving public service outcomes. Benchmarking Administrative Support Services (BASS) is an annual Treasury benchmarking service to support agencies to make value for money assessments, with target-setting, and the tracking of improvements over time. Performance Improvement Framework (PIF) is a SSC review of agency's fitness-for-purpose today and for the future using the PIF Framework. It looks at the current state of an agency, then how well placed it is to deal with the issues that confront it in the medium-term future. It looks at the areas where the agency needs to do the most work to make itself fit-forpurpose. BASS and PIF are coarse-grained and we need more fine grained ICT specific measurements. Results of the Enterprise Architecture Maturity Assessment and a plan to improve the maturity level of EA within the agency. The agency SSC PIF report and associated modelling supporting performance improvement. Includes the Four Year Excellence Horizon. Agency customer related targets which need to be met. Action plan agency related targets which need to be met. Better Public Services (BPS) agency related targets which need to be met. The agency annual Treasury benchmarking (BASS) report supporting the agency to make value for money assessments, with target-setting, and tracking of improvements over time. Agency related data and information quality targets. An overview of effectiveness and sustainability risks across the agency s application portfolio. Agency related technology performance targets. Document Version 1.0 Page 72 of 80

73 Business Customer Artefact Description Business Customer ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government AoG Customer Personas and Profiles AoG Customer Experience and Usability Organisation and Individual Customer Identity and Access Agency Agency Customer Personas and Profiles Customer Experience Customer / Channel Matrix Customer / Product and Service Matrix The customer personas and profiles are defined by R9 (business) and R10 (individual) and provide a means of cross agency alignment within the context of these result areas. (R9 and R10) Customer experience and usability is the sum of all experiences a customer has with government and this over the duration of the relationship with the customer. This includes awareness, discovery, attraction, interaction, purchase, enrol, use, cultivation and advocacy. Addresses the mission-critical need to ensure correspondence of identity and appropriate access to resources across business and technology while meeting privacy and other compliance requirements. The agency specific customer personas and profiles are defined by the agency and will provide an oversight of the different kind of customers for that agency. Customer experience is the sum of all experiences a customer has with the agency and its services, and this over the duration of their relationship with the customer. This includes awareness, discovery, attraction, interaction, purchase, enrol, use, cultivation and advocacy. Shows the relationship between the agency s customers and the channels. Shows the relationship between the agency s customers and their products and services. Channel Artefact Description Business Channel ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government AoG Channel Strategy AoG Channel Types A co-ordinated cross-agency channel strategy for government that covers business and citizen services across all channels including digital/mobile, assisted, face-to-face, call centre, etc. The channel types defined by R9 (for business) and R10 (for individual persons) will be provided as a means of cross agency alignment. AoG Channel Catalogue An AoG channel catalogue with channels such as Agency Channel Catalogue An agency specific channel catalogue. Channel / Product and Service Shows the relationship between the agency s channels and Matrix their product and services. Document Version 1.0 Page 73 of 80

74 Product and Service Business Product and Service Artefact All of Government Business Reference Taxonomy Agency Description Business reference taxonomy defines the business terminology, and provides a coherent description and conceptual structure of the functions and services for New Zealand. ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability Product and Service Catalogue An agency s product and services catalogue. Product and Service / Organisational Structure Matrix Product and Service / Process Matrix Shows the relationship between the agency s product and services and their organisational structure. I.e. which department is responsible for which product or services. Shows the relationship between the agency s product and services and their processes. I.e. which process produces, handles, changes which product or services. ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language People and Organisations Business People and Organisations Artefact All of Government New Zealand Public Sector New Zealand Industry Sectors Agency Delivery Partners Agency Organisational Structure Workforce Plan Description The structure of New Zealand s Public Sector, this includes the public services, state services, state sector and public sector and the government sectors and clusters. This provides an overview of all the industry sectors that make up New Zealand s economy. This is provided by MBIE. Shows an overview of the agency s vendors and business ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas partners. Shows an overview of the organisational structure of the agency. Describes how the agency's workforce composition and development will evolve in response to agency strategy and transformation. ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language Document Version 1.0 Page 74 of 80

75 Process Artefact Description ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication Business Process ART Identifies Risk Areas ART Provides Common Language All of Government Accelerated Delivery Methodology Business Process Maturity Assessment Tool Agency Business Process The Accelerated Delivery Methodology (ADM) improves the collaboration between agencies, the speed and quality of projects and will decrease costs of large scale business cases and funding requirements. The ADM was developed by DIA for all-of-government projects. Business Process (BPM) maturity assessment tool and guidelines for using a subset of the BPMN to describe high level business processes consistently across government. Note: Full BPMN would be used where processes are to be automated using standards such as BPEL (Business Process Execution Language). Business process management (BPM) is a management discipline that focuses on improving agencies performance by managing and optimising their business processes. It enables agencies to be more efficient, more effective and more capable of change than a functionally focused, traditional hierarchical management approach. These processes impact the cost and revenue generation of an agency. The Agency BPM should include: * Library of current state business processes * Project based library of future state processes * Process / Business Application matrix Process Inventory BPM Maturity Assessment Results and Improvement Plan Inventory of all the business processes within the agency and the interactions between processes, products, services, information and infrastructure. Results of the Business Process Maturity Assessment and a plan to improve the maturity level of Business Process within the agency. Document Version 1.0 Page 75 of 80

76 Data and Information Artefact Description ART Guides / Informs Artefact ART Uses / Consumes Artefact Data and Information ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government AoG Data Asset Catalogue Data Reference Taxonomy Data and Information Quality Framework. Party Domain Model Data and Information Governance Maturity Assessment Tool Agency Data Asset Catalogue Data and Information Maturity Assessment Results and Improvement Plan This is a catalogue of important data and information assets required, produced across government. This includes template and guidelines. The data and information reference taxonomy defines a standard means by which data may be described, categorised, and shared, and it facilitates discovery and exchange of core information across organisational boundaries. Includes a conceptual data model which is a simple abstract data model used for communicating ideas to a wide range of stakeholders. Framework to insure the quality of the data and information within and across agencies. The party domain model describes the management of the core identity, relationships and channel preferences of a Party, where a Party is defined as an individual or organisation with which NZ Government interacts or about which NZ Government holds information. Data and Information Governance maturity assessment tool and guidelines are focussed on the use, management and quality of data and information within an agency. It is a lowcost tool, developed by DIA, to help agencies assess current level of maturity and to develop appropriate structures and processes towards the next level of maturity. This is a catalogue of important data and information assets required or produced by an agency in order to deliver its products and services to customers. Results of the data and information governance maturity assessment and an optional plan to improve the maturity level of data and information governance within the agency Application and ICT Services Artefact Description ART Guides / Informs Artefact ART Uses / Consumes Artefact Application and ICT Services ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government AoG Business Application Asset Catalogue Application and ICT Service Reference Taxonomy Common Services and API Catalogue Catalogue of the significant business applications across government taken from the collective agency business application catalogues. This includes template and guidelines. The application and ICT service reference taxonomy provides the basis for categorising applications and their components. Catalogue of the common services and APIs across government. This includes template and guidelines. Agency Application Portfolio / Catalogue Inventory and management of applications and ICT services used by the agency. At minimum this should be based on GCIO template that captures classification, ownership, maintenance risks, operational cost, investment plan etc. Total Cost of Ownership Models Calculation of the total cost of ownership of application assets and services over a given period (usually 5-7 years) including depreciation, cost of capital, maintenance, licensing, enhancements, and operating costs (business and technology) for all components. Services and API Catalogue Catalogue of the agency specific services and APIs. ICT Service Inventory and Service Model ICT Service Inventory and Service Model. Document Version 1.0 Page 76 of 80

77 Infrastructure Artefact Description Infrastructure ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government AoG Infrastructure Asset Catalogue Infrastructure Reference Taxonomy Agency Infrastructure Asset Catalogue Catalogue maintained by DIA s Commercial Strategy and Delivery for generally available government common infrastructure capabilities. The infrastructure reference taxonomy provides a categorisation schema for IT infrastructure assets Catalogue application and ICT services available to an agency maintained by an agency's ICT department. Infrastructure Asset The inventory and management of which applications exist and their main characteristics such as flexibility, maintainability, owner, operational cost, investment plan etc. Total Cost of Ownership Models Agency Configuration Database Calculation of the total cost of ownership of infrastructure assets and services over a given period (usually 5-7 years) including depreciation, cost of capital, maintenance, licensing, enhancements, and operating costs (business and technology) for all components. The Agency Configuration Database (CMDB) contains all relevant information about the components of the information systems used in an agency's IT services and the relationships between those components. Shown here as part of the application and ICT services and infrastructure areas as it typically maps the application and ICT services to the actual platforms and hardware they are deployed on. Document Version 1.0 Page 77 of 80

78 Security and Privacy Artefact Description Security and Privacy ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language All of Government NZ Security and Privacy Policies, Regulations and Laws National and International Security and Privacy Standards Security and Privacy Guidelines and Best Practice AoG Guidelines and Assurance Common Threats and Vulnerabilities Taxonomies 7 Security and Privacy Maturity Assessment Tools and Guidelines Agency Agency/Sector Specific Security and Privacy Policies and Guidelines Agency Specific Threats and Vulnerabilities Taxonomies Agency Security and Privacy Risk Artefacts Agency Security and Privacy Maturity Assessment Results and Improvement Plan Project Related Security and Privacy Assessments (Certification and Accreditation) Privacy Act; NZISM 2014; PSR 2014 (incorporating SIGS, PSM and NZISM); NZ Cyber Security Strategy (Jun 2011); ISO/IEC-270xx:2011 series; AS/NZS ISO 31000:2009 Risk ; NIST-SP ; CMU OCTAVE Allegro Risk Assessment methodology; SABSA Security Maturity Framework; COBIT; OWASP Risk Assessment Process Information Security; Cloud Computing Information Security and Privacy Considerations [104 Questions]; DSD (ASD) Top 4 Mitigation Strategies 8 ; ISO/IEC-27002; SANS; GEA-NZ v3.0 Taxonomies; Cyber Critical Security Controls (Top 20) 9 ; GCPO Privacy Maturity Assessment Framework; ICT Security Maturity Assessment; [Information] Security Strategy; Information Security Policy; Security Risk Policy/Plan; System/Service Security Policy/Plan. Additional security and privacy regulations and guidelines for an agency, such as: Business Continuity and Disaster Recovery Plans; ICT Incident Plans; Standard Operating Procedures; Audit reports; PKI Plans (CP, CPS, etc.); Assurance/Performance metrics and reporting; Security Architecture(s); Threats and vulnerability taxonomies are inputs to risk assessments. Agencies should identify threats and vulnerabilities specific to their business from the AoG mandated and advisory sources (above, and as regularly revised by GCSB/NCSC); Configuration Database (CMDB); Asset Register; Approved Software Catalogue. Risk Register: Agencies are required to maintain a hierarchy of risk registers from agency to specific projects, teams and system levels. Security related items to be included at each level, in a suitable format. Risk Action Plan: Agencies are required to produce risk action (mitigation) plans for each system, project, service and other unique environment or capabilities deemed critical to agency operations. Results for all security and/or privacy maturity assessments (including the Cloud Considerations Questionnaire) conducted by the agency, and an associated plan to improve the maturity level of security and privacy within the agency. The Certificate and report (results) from the C&A process for projects, systems, services deemed critical to the agency s operations, to ensure compliance with government and agency s security regulations. Results for an agency specific project performing the security and privacy maturity assessment to make sure the project is in line with the government and agency s regulations around security and privacy. 7 Threats and Vulnerability taxonomies are inputs to Information Security Risk Assessments or; or; Document Version 1.0 Page 78 of 80

79 Standards Standards Artefact All of Government GEA-NZ Standards National and International Standards and Guidelines Agency Agency Standards Description These are the technical interoperability standards for which the Government Enterprise Architecture team are responsible to manage, co-ordinate and publish. ART Guides / Informs Artefact ART Uses / Consumes Artefact ART Categorises ART Describes ART Aids Traceability ART Aids Prioritisation ART Identifies Investment Areas ART Identifies Duplication ART Identifies Risk Areas ART Provides Common Language GEA-NZ aligned reference to National and International Standards and Guidelines These are the technical standards for which the agency is responsible to manage, co-ordinate and publish. Document Version 1.0 Page 79 of 80

80 Document Version 1.0 Page 80 of 80