1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication Information technology SOA Governance Framework BS ISO/IEC 17998:2012National foreword This British Standard is the UK implementation of ISO/IEC 17998:2012. The UK participati
2、on in its preparation was entrusted to Technical Committee ICT/-/1, Information systems co-ordination. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are
3、 responsible for its correct application. The British Standards Institution 2012 Published by BSI Standards Limited 2012 ISBN 978 0 580 77830 8 ICS 35.080; 35.100.05 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the author
4、ity of the Standards Policy and Strategy Committee on 30 September 2012. Amendments issued since publication Date Text affected BRITISH STANDARD BS ISO/IEC 17998:2012 Reference number ISO/IEC 17998:2012(E) ISO/IEC 2012INTERNATIONAL STANDARD ISO/IEC 17998 First edition 2012-09-01 Information technolo
5、gy SOA Governance Framework Technologies de linformation Cadre de gouvernance SOA BS ISO/IEC 17998:2012ISO/IEC 17998:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any mean
6、s, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyri
7、ghtiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2012 All rights reservedBS ISO/IEC 17998:2012ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved iiiForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the spe
8、cialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical
9、committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Interna
10、tional Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting
11、. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or
12、all such patent rights. ISO/IEC 17998 was prepared by The Open Group and was adopted, under the PAS procedure, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by national bodies of ISO and IEC. BS ISO/IEC 17998:2012Technical Standard SOA Governance F
13、ramework ii Technical Standard (2009) Copyright 2009, The Open Group The Open Group hereby authorizes you to copy this document for non-commercial use within your organization only. In consideration of this authorization, you agree that any copy of this document which you make shall retain all copyr
14、ight and other proprietary notices contained herein. This document may contain other proprietary notices and copyright information. Nothing contained herein shall be construed as conferring by implication, estoppel, or otherwise any license or right under any patent or trademark of The Open Group or
15、 any third party. Except as expressly provided above, nothing contained herein shall be construed as conferring any license or right under any copyright of The Open Group. Note that any product, process, or technology in this document may be the subject of other intellectual property rights reserved
16、 by The Open Group, and may not be licensed hereunder. This document is provided “AS IS“ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. Some jurisdictions do n
17、ot allow the exclusion of implied warranties, so the above exclusion may not apply to you. Any publication of The Open Group may include technical inaccuracies or typographical errors. Changes may be periodically made to these publications; these changes will be incorporated in new editions of these
18、 publications. The Open Group may make improvements and/or changes in the products and/or the programs described in these publications at any time without notice. Should any viewer of this document respond with information including feedback data, such as questions, comments, suggestions, or the lik
19、e regarding the content of this document, such information shall be deemed to be non-confidential and The Open Group shall have no obligation of any kind with respect to such information and shall be free to reproduce, use, disclose and distribute the information to others without limitation. Furthe
20、r, The Open Group shall be free to use any ideas, concepts, know-how, or techniques contained in such information for any purpose whatsoever including but not limited to developing, manufacturing, and marketing products incorporating such information. Technical Standard SOA Governance Framework ISBN
21、: 1-931624-82-8 Document Number: C093 Published by The Open Group, August 2009. Comments relating to the material contained in this document may be submitted to: The Open Group, Thames Tower, 37-45 Station Road, Reading, Berkshire, RG1 1LX, United Kingdom or by electronic mail to: ogspecsopengroup.o
22、rg ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved BS ISO/IEC 17998:2012SOA Governance Framework iii Contents 1 Introduction.1 1.1 Objective.1 1.2 Overview.1 1.3 Conformance.2 1.4 Terminology3 1.5 Future Directions 4 2 Background .6 2.1 SOA Challenges and Goals.6 2.2 SOA Governance 7 3 SOA Go
23、vernance 9 3.1 SOA Governance Definition.9 3.2 SOA Governance Scope .10 3.3 SOA Governance Framework.10 3.3.1 SOA Governance Reference Model (SGRM) .11 3.3.2 SOA Governance Vitality Method (SGVM).11 4 SOA Governance Reference Model (SGRM).12 4.1 SOA Governance Guiding Principles .12 4.2 SOA Governin
24、g Processes15 4.2.1 Compliance15 4.2.2 Dispensation 16 4.2.3 Communication .16 4.3 Governed SOA Processes .18 4.3.1 Service Portfolio Management19 4.3.2 Service Lifecycle Management .20 4.3.3 Solution Portfolio Management 21 4.3.4 SOA Solution Lifecycle 22 4.4 SOA Governance Roles and Responsibiliti
25、es.24 4.5 SOA Governance Process Artifacts27 4.6 SOA Governance Technology 29 5 SOA Governance Vitality Method (SGVM).30 5.1 Plan Phase.31 5.1.1 Understand Current Governance Structures31 5.1.2 Assess SOA Maturity 32 5.1.3 Develop SOA Governance Vision and Strategy33 5.1.4 Develop SOA Governance Sco
26、pe .33 5.1.5 Develop SOA Governance Principles .33 5.1.6 Develop SOA Governance Roadmap34 ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved BS ISO/IEC 17998:2012iv Technical Standard (2009) 5.2 Define Phase .34 5.2.1 Define Governed SOA Processes35 5.2.2 Define Governing SOA Processes.36 5.2.3
27、Collect SOA Guidelines and Standards.36 5.2.4 Define SOA Governance Organization, Roles, and Responsibilities .36 5.2.5 Define SOA Governance Information Artifacts36 5.2.6 Define SOA Governance Environment .37 5.2.7 Create Transition Plans .37 5.3 Implement Phase.38 5.3.1 SOA Governance Organization
28、 Transition Plan Implementation39 5.3.2 SOA Governance Process Transition Plan Implementation40 5.3.3 SOA Governance Technology Transition Plan Implementation40 5.4 Monitor Phase.41 5.4.1 Monitor and Evaluate SOA Governed Processes42 5.4.2 Monitor and Evaluate SOA Governing Processes.42 5.4.3 Monito
29、r External Changes.42 5.4.4 Monitor and Evaluate SOA Guidelines Development 43 5.5 SGVM Use of SOA Governance Artifacts .43 A SOA Governance Process Activities.45 A.1 SOA Governing Processes45 A.2 SOA Governed Processes .48 B SOA Governance Process Information Entities72 B.1 SOA Governing Process Ar
30、tifacts 73 B.2 SOA Governed Process Artifacts73 B.3 SGVM Artifacts79 C SOA Governance Metrics Example 81 D Relationships with Other SOA Standards .83 ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved BS ISO/IEC 17998:2012SOA Governance Framework v Preface The Open Group The Open Group is a vend
31、or-neutral and technology-neutral consortium, whose vision of Boundaryless Information Flow will enable access to integrated information within and between enterprises based on open standards and global interoperability. The Open Group works with customers, suppliers, consortia, and other standards
32、bodies. Its role is to capture, understand, and address current and emerging requirements, establish policies, and share best practices; to facilitate interoperability, develop consensus, and evolve and integrate specifications and Open Source technologies; to offer a comprehensive set of services t
33、o enhance the operational efficiency of consortia; and to operate the industrys premier certification service, including UNIX certification. Further information on The Open Group is available at www.opengroup.org. The Open Group has over 15 years experience in developing and operating certification
34、programs and has extensive experience developing and facilitating industry adoption of test suites used to validate conformance to an open standard or specification. More information is available at www.opengroup.org/certification. The Open Group publishes a wide range of technical documentation, th
35、e main part of which is focused on development of Technical and Product Standards and Guides, but which also includes white papers, technical studies, branding and testing documentation, and business titles. Full details and a catalog are available at www.opengroup.org/bookstore. As with all live do
36、cuments, Technical Standards and Specifications require revision to align with new developments and associated international standards. To distinguish between revised specifications which are fully backwards-compatible and those which are not: A new Version indicates there is no change to the defini
37、tive information contained in the previous publication of that title, but additions/extensions are included. As such, it replaces the previous publication. A new Issue indicates there is substantive change to the definitive information contained in the previous publication of that title, and there m
38、ay also be additions/extensions. As such, both previous and new documents are maintained as current publications. Readers should note that updates in the form of Corrigenda may apply to any publication. This information is published at www.opengroup.org/corrigenda. This Document This document is the
39、 Technical Standard for the SOA Governance Framework. It has been developed by the SOA Governance project of The Open Group SOA Working Group. ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved BS ISO/IEC 17998:2012vi Technical Standard (2009) Trademarks Boundaryless Information Flow and TOGAF a
40、re trademarks and Making Standards Work , The Open Group , UNIX , and the “X” device are registered trademarks of The Open Group in the United States and other countries. The Open Group acknowledges that there may be other brand, company, and product names used in this document that may be covered b
41、y trademark protection and advises the reader to verify them independently. ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved BS ISO/IEC 17998:2012SOA Governance Framework vii Acknowledgements The Open Group gratefully acknowledges all contributors to the SOA Governance project, and in particul
42、ar the following individuals: Ali Arsanjani, IBM Stephen G. Bennett, Oracle (Former Co-Chair) William A. Brown, IBM Tony Carrato, IBM (Former Co-Chair) Carleen Christner, HP Jorge Diaz, IBM (Co-Chair) Steve Dupont, The Boeing Company Mats Gejnevall, Capgemini (Co-Chair) Chris Harding, The Open Group
43、 (Forum Director) Andrew Hately, IBM (Former Co-Chair) Heather Kreger, IBM Nikhil Kumar, ApTSi Bob Laird, IBM Milena Litoiu, CGI Ranu Pandit, Deloitte Vishal Prabhu, Deloitte Madhu Reddiboina, Deloitte Chuck Reynolds, Deloitte Mohan Venkataraman, Deloitte Bobbi Young, Unisys ISO/IEC 17998:2012(E) IS
44、O/IEC 2012 All rights reserved BS ISO/IEC 17998:2012viii Technical Standard (2009) Referenced Documents The following documents are referenced in this Technical Standard: Introduction to SOA Governance and Service Lifecycle Management, Bill Brown, IBM, March 2009; refer to: ftp:/ Introduction to SOA
45、 Governance: The official IBM definition and why you need it, Bobby Woolf, IBM developerWorks, July 2007; refer to: Navigating the SOA Open Standards Landscape Around Architecture”, Joint White Paper from OASIS, OMG, and The Open Group, July 2009 (W096); refer to: www.opengroup.org/bookstore/catalo
46、g/w096.htm OASIS Reference Model for SOA (SOA RM), Version 1.0, OASIS Standard, 12 October 2006; refer to: docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf OECD Corporate Governance Principles 2004, Organization for Economic Cooperation and Development; available from: www.oecd.org SOA Source Book, C. Har
47、ding (editor), The Open Group, 2009; refer to: www.opengroup.org/bookstore/catalog/g093.htm The Open Group Architecture Framework (TOGAF); refer to: www.opengroup.org/architecture/togaf9 The Open Group SOA Integration Maturity Model (OSIMM), Technical Standard, August 2009 (C092); refer to: www.open
48、group.org/bookstore/catalog/c092.htm See also Appendix D. ISO/IEC 17998:2012(E) ISO/IEC 2012 All rights reserved BS ISO/IEC 17998:2012 SOA Governance Framework 1 1 Introduction 1.1 Objective This document describes a framework that provides context and definitions to enable organizations to understa
49、nd and deploy SOA governance. This document defines: SOA Governance, including its relationship between Business, IT, and EA governance; this assists organizations in understanding the impact that the introduction of SOA into an organization has on governance An SOA Governance Reference Model (SGRM) and its constituent parts, which assists o
