Enterprise Architecture Body of Knowledge
Developing an EA

Standards

Authors: Brenda Yu and Saurabh Mittal, PhD

Standards define rules governing the specification of enterprise architectures, the arrangement, interaction, and interdependence of parts or elements of an EA, or the process of developing an EA. There does not exist a single universal standard for an enterprise architecture.

Standards come in the form of policies, guidelines, constraints, or conformance criteria. In addition, standards applicable to different domains need to be considered depending on the project; these standards may include:

  • Security Standards – password policy; authentication; authorization; information classification; encryption
  • Legal Standards – Sarbanes-Oxley Act; General Data Protection Regulation (GDPR); country-specific crypto; Open Source
  • Development Standards – coding style guides; design patterns; application development guides; Web technologies; UI design guidelines; naming standards (databases, message queues, files, variables)

In an EA development context, standards may include: the use of architecture data representations or architecture description languages that prescribe a modeling notation, semantics, and model kinds or architecture description artifacts; the use of an EA framework that prescribes a set of views and viewpoints and the development of a set of architecture description artifacts; the use of standardized names and taxonomies for architecture data; or a set of design patterns. Use of a standard EA development methodology, framework, or modeling/architecture description language is often employed to facilitate EA development and collaboration, and/or to result in the architecture subject or system of interest's interoperability.

In addition to modeling standards, various standards exist and are applicable at the enterprise, business, and technical solution levels, and provide the rules upon which architecture decisions are made, common building blocks are identified, and solutions are developed. Standards include industry standards, implementation conventions, rules, and criteria that can be organized into profiles that govern solution elements for a given architecture. Architecture domain standards serve to ensure that a solution satisfies a specified set of requirements.

Standards prescribed at the EA level are based on a holistic view of the enterprise’s needs; the enterprise architect is well positioned to recognize the common IT needs of the enterprise and identifies appropriate standards to address those needs. Formalizing EA standards is a continuous and balancing process, however. The top-down and bottom-up approaches have unique benefits and risks and thus, a combined approach might be best. The enterprise architect seeks to minimize the number of adopted technologies to improve manageability of the environment and to deliver a consistent set of IT services. In effect, EA plays a key role in balancing the need for consistency in scalable system implementations with the need for diversity in business solutions.

Further Reading

  1. Commonwealth of Virginia, (2010) Enterprise Architecture Standard, EA225-05, Virginia Information Technologies Agency. Online. Available here.
  2. Tom, G., (2016) Towards a Whole-enterprise Architecture Standard. Online. Available at: http://weblog.tetradian.com/2016/06/01/towards-a-whole-enterprise-architecture-standard-worked-example/
  3. Ross, R., Dempsey, K., Viscuso, P., Riddle, M., Guissanie, G., (2015) Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, National Institute of Standards and Technology, US Dept. of Commerce
  4. Woodill, G., (2016) There is No Single Standard for Enterprise Security, Online. Available at: https://gowithfloat.com/2016/08/there-is-no-single-standard-for-enterprise-security/
Developing an EA