Principles and Standardization COIT Architecture and Policy Subcommittee

Similar documents
How To Develop An Enterprise Architecture

SAM Benefits Overview

Guidelines 1 on Information Technology Security

ENTERPRISE ARCHITECTUE OFFICE

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Configuration Management System:

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

INFORMATION TECHNOLOGY SECURITY STANDARDS

Chapter 4 Information Security Program Development

FUNCTIONAL AREA 12. Network Administration (NET)

INFORMATION TECHNOLOGY ENGINEER V

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE

Active Directory & Consolidation Project. Category: Enterprise IT Management Initiatives. State of Missouri

CDC UNIFIED PROCESS PRACTICES GUIDE

ehealth Architecture Principles

ISO Controls and Objectives

Location: [North America] [United States] [Home Working, United States]

U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT. Issued: September 6, 2002

Security Issues in Cloud Computing

Role of Analytics in Infrastructure Management

Global Solution Services Overview

Virtual Desktop Infrastructure

State of Missouri Active Directory & Consolidation Project Executive Summary

Cisco Advanced Services for Network Security

DISASTER RECOVERY ebook FACING DISASTERS HEAD ON

WHITE PAPER. Realizing the Value of Unified Communications

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Five keys to a more secure data environment

NASCIO EA Development Tool-Kit Solution Architecture. Version 3.0

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

Main Reference : Hall, James A Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Hedge Funds & the Cloud: The Pros, Cons and Considerations

Avoiding the Top 5 Vulnerability Management Mistakes

Recommendations for the PIA. Process for Enterprise Services Bus. Development

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

ISO27001 Controls and Objectives

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

TOP TEN CONSIDERATIONS

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Delphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11

SECTION 15 INFORMATION TECHNOLOGY

White Paper. Managed IT Services as a Business Solution

Architecture Principles

ISACA Kampala Chapter Feb Bernard Wanyama Syntech Associates Limited

Executive Summary - North Carolina Statewide Technical Architecture

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

Improving Network Security Change Management Using RedSeal

California Enterprise Architecture Framework

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

28400 POLICY IT SECURITY MANAGEMENT

INFORMATION SYSTEMS MANAGER

What you need to know about cloud backup: your guide to cost, security and flexibility.

Strategic Goals. 1. Information Technology Infrastructure in support of University Strategic Goals

PARCC TECHNOLOGY ARCHITECTURE ARCHITECTURAL PRINCIPLES AND CONSTRAINTS SUMMARY

STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

Migrating to Windows 7 - A challenge for IT Professionals

Division of Information Technology. Strategic Plan. July 3, 2007

Total Protection for Compliance: Unified IT Policy Auditing

CISM ITEM DEVELOPMENT GUIDE

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

The PerspecSys PRS Solution and Cloud Computing

FSW QA Testing Levels Definitions

Information Security Program

EMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Montana Department of Transportation Information Services Division. System Development Life Cycle (SDLC) Guide

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

John Essner, CISO Office of Information Technology State of New Jersey

Supporting information technology risk management

DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE

CS 389 Software Engineering. Lecture 2 Chapter 2 Software Processes. Adapted from: Chap 1. Sommerville 9 th ed. Chap 1. Pressman 6 th ed.

Office of the Chief Information Officer

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Beyond Data Breach: Cyber Trends and Exposures

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

Virtual Infrastructure Creates Communications Agility

Performance Audit E-Service Systems Security

Program: Management Information Systems. David Pfafman 01/11/2006

Information Management Advice 39 Developing an Information Asset Register

Select the right configuration management database to establish a platform for effective service management.

E-Guide. Sponsored By:

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

A Primer for IT and Business Decision Makers:

Transform Performance Through. Enterprise Integration

CLASSIFICATION SPECIFICATION FORM

Information and Communication Technology. Patch Management Policy

Evaluation of the Iceland State Financial and Human Resource System REPORT OF THE INDIVIDUAL EVALUATOR. Annex 2 SYSTEM AND SOFTWARE QUALITY

Pervasive PSQL Meets Critical Business Requirements

Managing business risk

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Operational Excellence for Data Quality

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

HBA Virtualization Technologies for Windows OS Environments

Endpoint Virtualization Explained:

Transcription:

Enterprise Information Technology Architecture Principles Enterprise Information Technology Architecture is most effective when it is based on principles that guide development, maintenance, and use. A principle describes a consistent decision-making process with a justification, implications, and executive agreement. Principles ensure consistency, articulate how to manage change and affect individual decision-making. They also define the criteria used to assess architectural decisions and future investments. Intended outcomes 1. Business and information technology leaders plan collaboratively 2. IT leaders plan and execute information technology initiatives to support business needs and application changes 3. Infrastructure and application life cycles are clearly linked to business process life cycles 4. IT leaders save time and money and reduce risk by using repeatable, reusable solutions that are developed and applied to similar problems 5. IT leaders focus on the value of the solution to the business rather than its affect on any specific project What are the qualities of a well defined principle? It is unambiguous and not open to interpretation It is clear and concise without jargon or acronyms. It is prescriptive. It is not created in the context of a specific project or initiative. It defines a course of action or defines what should not be done. Principle #1: Business Needs To Serve Customers Will Drive Information Technology Decisions The information environment changes in response to the needs of the business. Business events define the boundaries of the information technology environment. Changes in technology provide an opportunity to improve business processes and to address changing business needs. Includes the business and its perspective in the information technology decision process Minimizes the unintended effects on business from information technology changes Information technology builds what the business needs, not what it wants Being focused on business needs makes it easier to identify technical impacts when business events change 1

Principle #2: City makes IT investments based on an evaluation of the overall impact and benefit Decisions made with a City-wide perspective have greater long-term value to the enterprise than decisions made from any particular Department s perspective. A common governance structure is needed to support citywide investment decision making. Information management initiatives need to align to the Citywide IT plan To achieving the maximum citywide benefit, the City will need to change the way it plans, reviews, approves and funds information technology initiatives. Technology alone cannot bring about this change. City Departments will use the established technology standards to develop information management initiatives If a technology standard meets a defined business need, Departments may need to concede their own technology preferences for the greater benefit of the City Principle #3: Common business solutions that are usable by more than one Department are preferable to similar or duplicative solutions in every Department. Duplicative solutions have a higher cost and lead to conflicting data and data representations, making it more difficult and costly for City Departments to share information. A common technology and City Department infrastructure will support shared business solutions Departments will not develop solutions for their own use that are similar or duplicate the functions of a Citywide solution Application components should be shared across Departmental boundaries May require changes to legislation and government code to guide separate departments to act in a unified manner 2

Principle #4: Enterprise information must be secure to prevent unauthorized access, modification, or destruction Hacking, viruses, and terrorism are an increasing threat to information technology systems. The City needs to keep its systems and sensitive data secure by using security best practices and by conducting security assessments on a regular basis Secure systems will ensure the continuity of the City s business activities. Information must be safeguarded against inadvertent or unauthorized alteration, sabotage, disaster, or disclosure. Security considerations must be an integral part of architecture design, not an afterthought. Security must enable and not impede business activities Security policies must be developed, published, and maintained. Repairing insecure systems that are compromised is time consuming and costly Principle #5: Compliance with established standards will improve interoperability and consistency Use of proven technology will simplify software design, reduce application development time, facilitate learning, improve systems maintenance and support, and promote information sharing between Departments, ultimately reducing the total cost of ownership. Establish a process for setting, reviewing and revising standards periodically, and granting exceptions. Information technology policies and procedures must support this principle. Fewer products and configurations simplify the information technology environment Principle #6: Control Technical Diversity The City is currently supporting many different types of components and platforms in its processing environment. This diversity of technology makes managing the IT architecture more complicated, leading to higher maintenance and support costs. Controlling the technical diversity also has many advantages: components will have common and standard forms. With common platforms and standards, it will be easier to assess the impact of adding new components; predict the value and return 3

on investment; and increase the flexibility to accommodate technological change. Using common technology across the City also brings the benefits of economies of scale. Technical administration and support costs will be lower when the available resources can focus their time and effort on a common and shared set of technology. The target architecture must be used in conjunction with the organization s investment review process and technology insertion plans. If architecture is an integral component of IT decision-making helps control the introduction of incompatible products Policies, standards, and procedures that govern acquisition of technology must be tied directly to this principle Technology choices will be constrained by the choices available within the technology blueprint. Procedures for augmenting the acceptable technology set to meet evolving requirements will have to be developed and emplaced The technology baseline will not be frozen. Technology advances will change the technology blueprint when compatibility with the current infrastructure, improvement in operational efficiency, or a required capability has been demonstrated to promote controlled innovation Principle #7 Applications Must Easy to Use and Maintain The underlying technology of all applications should be as easy to use as possible so that employees can concentrate on supporting business activities. When applications are easy to use, employees can work in the enterprise's integrated information environment rather than developing isolated systems to accomplish the same task outside of the integrated information environment. Most of the knowledge required to operate one system can be applied to others, which decreases the need for training and reduces the risk that employees will use a system incorrectly. Applications that have a common underlying standard and technology are also easier to maintain. Applications will be required to have a common "look and feel" and support ergonomic requirements. The City needs to set a standard for applications to ensure a common look and feel and develop usability test criteria Guidelines for ease of use for user interfaces should be guided by the language of the interaction, customer physical infirmities (visual acuity, ability to use keyboard/mouse), and proficiency in the use of technology Applications should leverage standard reference architectures based on their type and required capabilities Applications should be implemented following best practices to ensure improved maintainability 4

Principle #8 Ensure Continuity for Critical Business Functions As the City becomes more dependent on systems for its daily operations, it must consider the reliability of such systems, beginning with their design and construction, and continuing through their daily use. Business premises throughout the enterprise must have the capability to continue their core business functions regardless of external events. Hardware failures, natural disasters, and data corruption should not be allowed to disrupt business critical activities. All critical enterprise business functions must be able to operate on alternative information delivery mechanisms. As the City becomes more dependent on shared system applications, it must establish practices to manage the risk of business interruption. These practices include periodic reviews, testing for vulnerability and exposure, and designing redundant or alternative capabilities ensuring that the City can continue to provide mission-critical services. Recoverability, redundancy, and maintainability should be addressed at the time of design Applications must be assessed for criticality and impact on the enterprise mission, in order to determine what level of continuity is required and what corresponding recovery plan is necessary Action: Build an Infrastructure Blueprint (Applying all principles) The Infrastructure Blueprint (IB) supports architectural analysis and reporting in the host infrastructure sub-architecture view of the overall Enterprise Architecture. The IB is a component- driven taxonomy that categorizes the network/voice systems/server/cloud related technology and vendor standards to support and enable the delivery of voice, data, video, and mobile service components and capabilities. The IB also unifies existing department infrastructure standards and provides guidance on standard configurations by providing a foundation to advance the reuse and standardization of technology and service components. Aligning agency capital investments to the IB leverages a common, standardized vocabulary, allowing inter-department discovery, collaboration, and interoperability. Departments will benefit from economies of scale by identifying and reusing the best solutions and technologies for applications that are developed/provided or subscribed to support their business functions, mission, and target architecture via Enterprise Agreements. 5

References: 1. Gartner Enterprise Architecture Program - R. Scott Bittler Research VP 2. California Enterprise Architecture Framework Version 2.0 August 01, 2013 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information