Believe it or not, many people in IT and business are still struggling with the concept of Enterprise Architecture, and the actual value it provides to the organisation. The theory is clear, less so how it translates into real value in practice.
The need for well articulated and clear Requirements, however, is well understood. And people generally understand that designing and implementing IT Systems to satisfy requirements generates value to the firm.
Rather than EA and Architecture Standards, I prefer to talk about Minimum Enterprise Requirements (MERs).
Enterprise Requirements are requirements that exist beyond the boundary of a project or program. They are Minimum when satisfying them is not discretionary. Typically, requirements deriving from a security policy, regulatory demands or strict business constraints are good candidates for MERs.
A MER is a requirement coupled with a clear applicability trigger criteria. This is important, because designing and implementing MERs can (and normally is) expensive. Whether a MER applies to a specific IT System needs to make business sense. Implementing Security MERs to provide a very high level of assurance, for example, makes only sense if the IT System stores/processes/displays data that is classified as strictly confidential.
I often use the example of Building Regulations to explain MERs and triggers. Building regulations contain the rules for building work in new and altered buildings to make them safe and accessible and limit waste and environmental damage. People carrying out building work must usually arrange for their work to be checked by an independent third party to make sure that their work meets the required standards. In some cases the installer can certify themselves that their work complies (https://www.gov.uk/government/policies/providing-effective-building-regulations-so-that-new-and-altered-buildings-are-safe-accessible-and-efficient). In other words, if you’re building a hospital, there is a MER for disabled access. It’s applicable to all hospitals, and is not discretionary!
To evaluate whether a MER is a good MER I have devised a TUSIV test. As such, MERs must be:
- Traceable (to a business approved firm policy, standard or directive)