Business Principles


Business principles and business goals are fundamental to the organization, and are usually defined much before the architecture activity was even conceived. But, in the preliminary phase, we need to restate them in a form relevant to the enterprise architecture. They are then further reviewed in the Architecture Vision Phase A.

Principles are often common across organizations. TOGAF standard proposes these set of Business Principles

Primacy of Principles


This is perhaps the most fundamental of all the principles. Essentially, It announces that the principles are primary source of any decision in the enterprise.

Statement


These principles of information management apply to all organizations within the enterprise.

Rationale


The only way we can provide a consistent and measurable level of quality information to decision-makers is if all organizations abide by the principles.

Implications


  • Without this principle, exclusions, favoritism, and inconsistency would rapidly undermine the management of information
  • Information management initiatives will not begin until they are examined for compliance with the principles
  • A conflict with a principle will be resolved by changing the framework of the initiative

Maximize Benefit to the Enterprise


We are here because of the enterprise. That has to be our goal. The second principle highlights this aspect.

Statement


Information management decisions are made to provide maximum benefit to the enterprise as a whole.

Rationale


This principle embodies "service above self". Decisions made from an enterprise-wide perspective have greater long-term value than decisions made from any particular organizational perspective. Maximum return on investment requires information management decisions to adhere to enterprise-wide drivers and priorities. No minority group will detract from the benefit of the whole. However, this principle will not preclude any minority group from getting its job done.

Implications


  • Achieving maximum enterprise-wide benefit will require changes in the way we plan and manage information — technology alone will not bring about this change
  • Some organizations may have to concede their own preferences for the greater benefit of the entire enterprise
  • Application development priorities must be established by the entire enterprise for the entire enterprise
  • Applications components should be shared across organizational boundaries
  • Information management initiatives should be conducted in accordance with the enterprise plan
  • Individual organizations should pursue information management initiatives which conform to the blueprints and priorities established by the enterprise. The plan will be changed as needed.
  • As needs arise, priorities must be adjusted; a forum with comprehensive enterprise representation should make these decisions

Information Management is Everybody’s Business


Information and information security are increasingly important for any enterprise. This principle highlights the fact that it is not a one man job. Everyone in the enterprise has to work towards achieving information security.

Statement


All organizations in the enterprise participate in information management decisions needed to accomplish business objectives.

Rationale


Information users are the key stakeholders, or customers, in the application of technology to address a business need. In order to ensure information management is aligned with the business, all organizations in the enterprise must be involved in all aspects of the information environment. The business experts from across the enterprise and the technical staff responsible for developing and sustaining the information environment need to come together as a team to jointly define the goals and objectives of IT.

Implications


  • To operate as a team, every stakeholder, or customer, will need to accept responsibility for developing the information environment
  • Commitment of resources will be required to implement this principle

Business Continuity


Interruptions are a part of life. We must live with, and in spite of these interruptions. This is the purpose of business continuity.

Statement


Enterprise operations are maintained in spite of system interruptions.

Rationale


As system operations become more pervasive, we become more dependent on them; therefore, we must consider the reliability of such systems throughout their design and use. Business premises throughout the enterprise must be provided with the capability to continue their business functions regardless of external events. Hardware failure, natural disasters, and data corruption should not be allowed to disrupt or stop enterprise activities. The enterprise business functions must be capable of operating on alternative information delivery mechanisms.

Implications


  • Dependency on shared system applications mandates that the risks of business interruption must be established in advance and managed Management includes but is not limited to periodic reviews, testing for vulnerability and exposure, or designing mission-critical services to ensure business function continuity through redundant or alternative capabilities.
  • Recoverability, redundancy, and maintainability should be addressed at the time of design
  • Applications must be assessed for criticality and impact on the enterprise mission, in order to determine what level of continuity is required and what corresponding recovery plan is necessary

Common Use Applications


Consistency is an asset. Consistency naturally eliminates several boundaries in the information flow. Such consistency is highlighted in this principle

Statement


Development of applications used across the enterprise is preferred over the development of similar or duplicative applications which are only provided to a particular organization.

Rationale


Duplicative capability is expensive and proliferates conflicting data.

Implications


  • Organizations which depend on a capability which does not serve the entire enterprise must change over to the replacement enterprise-wide capability; this will require establishment of and adherence to a policy requiring this
  • Organizations will not be allowed to develop capabilities for their own use which are similar/ duplicative of enterprise-wide capabilities; in this way, expenditures of scarce resources to develop essentially the same capability in marginally different ways will be reduced
  • Data and information used to support enterprise decision-making will be standardized to a much greater extent than previously This is because the smaller, organizational capabilities which produced different data (which was not shared among other organizations) will be replaced by enterprise-wide capabilities. The impetus for adding to the set of enterprise-wide capabilities may well come from an organization making a convincing case for the value of the data/information
  • previously produced by its organizational capability, but the resulting capability will become part of the enterprise-wide system, and the data it produces will be shared across the enterprise.

Service Orientation


This provides an approach to splitting the enterprise into a set of smaller elements. Among the many different ways of doing that, TOGAF recommends the service oriented approach.

Statement


The architecture is based on a design of services which mirror real-world business activities comprising the enterprise (or inter-enterprise) business processes.

Rationale


Service orientation delivers enterprise agility and Boundaryless Information Flow.

Implications


  • Service representation utilizes business descriptions to provide context (i.e., business process, goal, rule, policy, service interface, and service component) and implements services using service orchestration
  • Service orientation places unique requirements on the infrastructure, and implementations should use open standards to realize interoperability and location transparency
  • Implementations are environment-specific; they are constrained or enabled by context and must be described within that context
  • Strong governance of service representation and implementation is required
  • A "Litmus Test", which determines a "good service", is required

Compliance with Law


This is a must - unless you are working on digitization project for the underworld! Any enterprise wants to comply with the law to ensure sustenance

Statement


Enterprise information management processes comply with all relevant laws, policies, and regulations.

Rationale


Enterprise policy is to abide by laws, policies, and regulations. This will not preclude business process improvements that lead to changes in policies and regulations.

Implications


  • The enterprise must be mindful to comply with laws, regulations, and external policies regarding the collection, retention, and management of data
  • Education and access to the rules.
  • Efficiency, need, and common sense are not the only drivers. Changes in the law and changes in regulations may drive changes in our processes or applications.

IT Responsibility


The IT organization is only a small part of any enterprise - with a defined set of impacts and responsibilities. This principle highlights the responsibilities of the IT organization.

Statement


The IT organization is responsible for owning and implementing IT processes and infrastructure that enable solutions to meet user-defined requirements for functionality, service levels, cost, and delivery timing.

Rationale


Effectively align expectations with capabilities and costs so that all projects are cost-effective. Efficient and effective solutions have reasonable costs and clear benefits.

Implications


  • A process must be created to prioritize projects
  • The IT function must define processes to manage business unit expectations
  • Data, application, and technology models must be created to enable integrated quality solutions and to maximize results

Protection of Intellectual Property


Intellectual property is perhaps the most valuable, hardest to acquire and easiest to loose. Protection of IP is an important aspect of any enterprise, especially the IT domain.

Statement


The enterprise’s Intellectual Property (IP) must be protected. This protection must be reflected in the IT architecture, implementation, and governance processes.

Rationale


A major part of an enterprise’s IP is hosted in the IT domain.

Implications


  • While protection of IP assets is everybody’s business, much of the actual protection is implemented in the IT domain — even trust in non-IT processes can be managed by IT processes (email, mandatory notes, etc.)
  • A security policy, governing human and IT actors, will be required that can substantially improve protection of IP; this must be capable of both avoiding compromises and reducing liabilities.
  • Resources on such policies can be found at the SANS Institute (refer to https://www.sans.org/security-resources/policies)

Note that these principles seem to be the most common sense - "In know that" kind. But it is important to list them down. They cover the various domains of work and help us with kind of a very high-level checklist to make sure we refer to each aspect of the business when we make any decision.