e-Government Program (Yesser) Maturity Model Version 0.2 Date:1/1/2014 e-Government Program (Yesser) NEA Maturity Model Document Description Document Title Maturity Model Document version Document Status Author NEA Decision 0.2 Draft NEA Team Under Review Versioning Version 0.1 0.2 Date 11/25/2013 1/1/2014 Description of changes made Draft document Updated to add business initiation in level 2 of business linkage. Document Validation Version 0.1 0.2 Authors Review by SYED HUSAIN SYED HUSAIN Date Status DRAFT DRAFT Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 2 / 19 e-Government Program (Yesser) NEA Maturity Model References S/No Description & Location 1 FEA – FEDERAL ENTERPRISE ARCHITECTURE/ http://www.whitehouse.gov/omb/e-gov/FEA 2 TOGAF® 9.1/ http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap43.html 3 4 US DEPARTMENT OF COMMERCE MATURITY MODEL http://ocio.os.doc.gov/ITPolicyandPrograms/Enterprise_Architecture/PROD01_004935 ENTERPRISE ARCHITECTURE AS A STRATEGY – JEANNE W. ROSS, PETER WEIL, DAVID C. ROBERTSON Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 3 / 19 e-Government Program (Yesser) NEA Maturity Model Table of Contents 1. 2. 3. Executive Summary ............................................................................................................... 6 Introduction ......................................................................................................................... 7 Maturity Model Phases.......................................................................................................... 9 3.1. EA Level 0 – No EA Program ............................................................................................. 9 3.2. EA Level 1 – Initial or Informal EA ..................................................................................... 9 3.3. EA Level 2 – EA Under Development ............................................................................... 10 3.4. EA Level 3 – Defined EA ................................................................................................ 11 3.5. EA Level 4 – Managed EA ............................................................................................... 12 3.6. EA Level 5 – Optimizing ................................................................................................. 13 4. Measuring Maturity ............................................................................................................ 14 Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 4 / 19 e-Government Program (Yesser) NEA Maturity Model Table of Figures Figure 1 Maturity Model .............................................................................................................. 7 Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 5 / 19 e-Government Program (Yesser) NEA Maturity Model 1. Executive Summary Organizations cannot implement Enterprise Architecture as a single project. They must implement it as a coordinated program that evolves over time. An EA maturity model will enable organizations to identify what stage of maturity they have reached and what actions to take to reach the next level. Yesser has decided to adopt the U.S department of Commerce’s EA maturity model, a TOGAF 9 recommendation, as it’s EA maturity definition and assessment model. Key Findings • The maturity model consists of six stages, or levels. Organizations cannot skip stages or the associated activities without introducing weaknesses into their EA programs. • Agencies have to deal with two levels of maturity, maturity related to internal EA and maturity related to whole of government EA, these are complimentary and have synergistic effects on overall agency maturity. • Organizations encounter risk and inefficiency from poorly managed processes, such as lack of employee engagement, failure to comply with legal and regulatory requirements and dissatisfied customers. • Most enterprises are in the early stages of EA maturity, so IT leaders who are championing new ideas in their organizations will benefit most from using this model. Recommendations • Make the maturity model part of the effort to educate senior management, so they understand the phases of the EA journey. • To illustrate the risks of not having EA, look for examples where the organization has already failed because of poorly managed information and processes. • Create scenarios for the organization that illustrate the benefits to be achieved at each level of the maturity model. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 6 / 19 e-Government Program (Yesser) NEA Maturity Model 2. Introduction EA is the basic organizing principle of an organization, it describes the various layers of the organization and how they relate to each other. The benefit of having an EA is that the information EA typically consists of can be used to plan and develop the organization in a way that makes it more efficient and responsive to customer needs. Different organizations operate at different levels of maturity in terms of the processes and procedures they follow to execute their organizational goals and objectives. One of the tasks of the e-government authority of Saudi Arabia is to help government entities become more mature in terms of their capabilities and activities. The six maturity levels are as follows: 0. No EA Program 1. Initial or Informal EA 2. EA Under Development 3. Defined EA 4. Managed EA 5. Optimizing 0 None Mature 1 Initial 2 Under Development 3 Defined 4 Managed Maturity Gap and migration plans Explicit linkage are complete EA is part of org between all EA Ad hoc culture, quality artifacts processes and metrics are documentation captured. 5 Optimzing Concerted efforts to optimize and continuously improve EA Business Case for EA Immature YELAF NEA Figure 1 Maturity Model Some of the individual components that must be considered at the Enterprise level, as well as in the various Architecture disciplines include components of the following: 1. Architecture Process 2. Architecture Development 3. Business Linkage 4. Senior Management Involvement Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 7 / 19 e-Government Program (Yesser) NEA Maturity Model 5. 6. 7. 8. Architecture Communication IT Security Governance IT Investment and Acquisition Strategy . Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 8 / 19 e-Government Program (Yesser) NEA Maturity Model 3. Maturity Model Phases This section describes the Maturity Levels according to measurement areas. 3.1. EA Level 0 – No EA Program No Enterprise Architecture Program to speak of. 3.2. EA Level 1 – Initial or Informal EA Characteristics: Architecture Process - Processes are ad hoc and localized. Some Enterprise Architecture processes are defined. There is no unified architecture process across technologies or business processes. Success depends on individual efforts. Architecture Development - Enterprise Architecture processes, documentation, and standards are established by a variety of ad hoc means and are localized or informal Business Linkage - Minimal, or implicit linkage to business strategies or business drivers Senior Management Involvement - Limited management team awareness or involvement in the architecture process Architecture Communication - The latest version of the Operating Unit's Enterprise Architecture documentation is on the Web. Little communication exists about the Enterprise Architecture process and possible process improvements IT Security - IT Security considerations are ad hoc and localized Governance - No explicit governance of architectural standards IT Investment and Acquisition Strategy - Little or no involvement of strategic planning and acquisition personnel in enterprise architecture process. Little or no adherence to existing Standards Profile Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 9 / 19 e-Government Program (Yesser) NEA Maturity Model 3.3. EA Level 2 – EA Under Development Characteristics: Architecture Process - Basic Enterprise Architecture Process program is documented based on YELAF guidance. The architecture process has developed clear roles and responsibilities. Architecture Development - IT Vision, Principles, Business Linkages, Baseline, and Target Architecture are identified. Architecture standards exist, but not necessarily linked to Target Architecture. Technical Reference Model and Standards Profile framework established. EA team is aware of NEA. Business Linkage - Explicit linkage to business strategies, EA is involved in the initiation of any new business initiatives. Senior Management Involvement - Management awareness of Architecture effort Architecture Communication - The Enterprise Architecture Web Pages are updated periodically and is used to document architecture deliverables IT Security - IT Security Architecture has defined clear roles and responsibilities Governance - Governance of a few architectural standards and some adherence to existing Standards Profile IT Investment and Acquisition Strategy - Little or no formal governance of IT Investment and Acquisition Strategy. Operating Unit demonstrates some adherence to existing Standards Profile Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 10 / 19 e-Government Program (Yesser) NEA Maturity Model 3.4. EA Level 3 – Defined EA Characteristics: Architecture Process - The architecture is well defined and communicated to IT staff and business management with Operating Unit IT responsibilities. The process is largely followed Architecture Development - Gap Analysis and Migration Plan are completed. Fully developed Technical Reference Model and Standards Profile. IT goals and methods are identified. The architecture aligns with NEA. Business Linkage - Enterprise Architecture is integrated with capital planning & investment control and supports e-government. Senior Management Involvement - Senior-management team aware of and supportive of the enterprise-wide architecture process. Management actively supports architectural standards Architecture Communication - Architecture documents updated regularly on Enterprise Architecture Web Page IT Security - IT Security Architecture Standards Profile is fully developed and is integrated with Enterprise Architecture Governance - Explicit documented governance of majority IT investments IT Investment and Acquisition Strategy - IT acquisition strategy exists and includes compliance measures to IT Enterprise Architecture. Cost-benefits are considered in identifying projects Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 11 / 19 e-Government Program (Yesser) NEA Maturity Model 3.5. EA Level 4 – Managed EA Characteristics: Architecture Process - Enterprise Architecture process is part of the culture. Quality metrics associated with the architecture process are captured Architecture Development - Enterprise Architecture documentation is updated on a regular cycle to reflect the updated Enterprise Architecture. Business, Information, Application and Technical Architectures defined by appropriate de-jure and de-facto standards. The architecture continues alignment with NEA. An automated tool is used to improve the usability of the architecture and report to NEA. Business Linkage - Capital planning and investment control are adjusted based on the feedback received and lessons learned from updated Enterprise Architecture. Periodic re-examination of business drivers Senior Management Involvement - Senior-management team directly involved in the architecture review process Architecture Communication- Architecture documents are updated regularly, and frequently reviewed for latest architecture developments/standards IT Security - Performance metrics associated with IT Security Architecture are captured Governance - Explicit governance of all IT investments. Formal processes for managing variances feed back into Enterprise Architecture IT Investment and Acquisition Strategy - All planned IT acquisitions and purchases are guided and governed by the Enterprise Architecture Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 12 / 19 e-Government Program (Yesser) NEA Maturity Model 3.6. EA Level 5 – Optimizing Characteristics: Architecture Process - Concerted efforts to optimize and continuously improve architecture process Architecture Development - A standards and waivers process are used to improve architecture development process improvements Business Linkage - Architecture process metrics are used to optimize and drive business linkages. Business involved in the continuous process improvements of Enterprise Architecture Senior Management Involvement - Senior management involvement in optimizing process improvements in Architecture development and governance Architecture Communication - Feedback on architecture process from all Operating Unit elements is used to drive architecture process improvements. Architecture documents are used by every decision maker in the organization for every IT-related business decision IT Security - Feedback from IT Security Architecture metrics are used to drive architecture process improvements. Governance - Explicit governance of all IT investments. A standards and waivers process is used to improve governance-process improvements. IT Investment and Acquisition Strategy - No unplanned IT investment or acquisition activity. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 13 / 19 e-Government Program (Yesser) NEA Maturity Model 4. Measuring Maturity The table below is the evaluation matrix. For each of the eight characteristics, score your organization according to the definitions below. This score is an evaluation of where your organization is now. Appropriate artifacts that demonstrate the attainment of the maturity level should be available to substantiate your score. The score at each level depends on the level, for example a level 0 means a score of 0 while a level 4 means a score of 4. Evaluation 1. Architecture Process: Is there an established Enterprise Architecture process? Level 0: Architecture process not established. Score Level 1: Ad-hoc and localized architecture process defined. Level 2: Basic Enterprise Architecture Process program is documented based on YELAF. The architecture process has developed clear roles and responsibilities. Level 3: The architecture is well defined and communicated to IT staff and business management with Operating Unit IT responsibilities. The process is largely followed. Level 4: Enterprise Architecture process is part of the culture, with strong linkages to other core IT and business processes. Quality metrics associated with the architecture process are captured. These metrics include the cycle times necessary to generate Enterprise Architecture revisions, technical environment stability, and time to implement a new or upgraded application or system. Level 5: Concerted efforts to optimize and continuously improve architecture process. 2. Architecture Development: To what extent is the development and progression of the Operating Units' Enterprise Architecture documented? Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 14 / 19 e-Government Program (Yesser) NEA Maturity Model Level 0: No Enterprise Architecture documentation to speak of. Level 1: Enterprise Architecture processes, documentation and standards are established by a variety of ad hoc means, and are localized or informal. Level 2: IT Vision, Principles, Business Linkages, Baseline, and Target Architecture are documented. Architecture standards exist, but not necessarily linked to Target Architecture. Technical Reference Model and Standards Profile framework established. Level 3: Gap Analysis and Migration Plan are completed. Architecture standards linked to Business Drivers via Best Practices, IT Principles and Target Architecture. Fully developed Technical Reference Model and Standards Profile. Level 4: Enterprise Architecture documentation is updated on a regular cycle to reflect the updated Enterprise Architecture. Business, Information, Application and Technical Architectures defined by appropriate de-jure and de-facto standards. Level 5: Defined and documented Enterprise Architecture metrics are used to drive continuous process improvements. A standards and waivers process are used to improve architecture development process improvements. Evaluation Score 3. Business Linkage: To what extent is the Enterprise Architecture linked to business strategies or drivers. Level 0: No linkage to business strategies or business drivers. Level 1: Minimal, or implicit linkage to business strategies or business drivers. Level 2: Explicit linkage to business strategies or drivers. , EA is involved in the initiation of any new business initiatives. Level 3: Enterprise Architecture is integrated with capital planning and investment control. Explicit linkage to business drivers and information requirements. Level 4: Capital planning and investment control are adjusted based on the feedback received and lessons learned from updated Enterprise Architecture. Periodic re-examination of business drivers. Level 5: Architecture metrics are used to optimize and drive business linkages. Business involved in the continuous process improvements of IT Architecture. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 15 / 19 e-Government Program (Yesser) NEA Maturity Model Evaluation 4. Senior Management Involvement: To what extent are the senior managers of the Operating Unit involved in the establishment and ongoing development of an IT Architecture? Level 0: No management team awareness or involvement in the architecture process. Score Level 1: Limited management team awareness or involvement in the architecture process. Level 2: Occasional/selective management team involvement in the architecture process with various degrees of commitment. Level 3: Senior-management team aware of and supportive of the enterprisewide architecture process. Management actively supports architectural standards. Level 4: Senior-management team directly involved in the architecture review process. Level 5: Senior-management team directly involved in the optimization of the enterprise-wide architecture development process and governance. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 16 / 19 e-Government Program (Yesser) NEA Maturity Model Evaluation Score 5. Architecture Communication: To what extent are the decisions of Enterprise Architecture practice documented? Level 0: No documentation is available. Level 1: Little communication exists about the Enterprise Architecture process and possible process improvements. The DOC Enterprise Architecture Web Page contains the latest version of the Operating Unit’s Enterprise Architecture documentation. Level 2: The Operating Unit Architecture Home Page, which can be accessed from the DOC Enterprise Architecture Web Page is updated periodically and is used to document architecture deliverables. Communication about arch process via meetings, etc., may happen, but sporadic. Few tools (e.g., office suite, graphics packages) are used to document architecture. Level 3: Architecture documents updated and expanded regularly on DOC IT Architecture Web Page. Periodic presentations to IT staff on Architecture process, content. Tools are used to support maintaining architecture documentation. Level 4: Architecture documents are updated regularly, and frequently reviewed for latest architecture developments/standards. Regular presentations to IT staff on architecture content. Level 5: Architecture documents are used by every decision maker 6. IT Security: To what extent is IT Security integrated with the Enterprise Architecture? Level 0: No IT Security considerations in Enterprise Architecture. Level 1: IT Security considerations are ad hoc and localized. Level 2: IT Security Architecture has defined clear roles and responsibilities. Level 3: IT Security Arch is fully developed and is integrated with IT Architecture. Level 4: Performance metrics associated with IT Security Arch. are captured. Level 5: Feedback from IT Security Arch. metrics are used to drive arch process improvements. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 17 / 19 e-Government Program (Yesser) NEA Maturity Model 7. Governance: To what extent is an Enterprise Architecture governance (governing body) process in place and accepted by senior management ? Level 0: None. Everyone does their own thing. Level 1: No explicit governance of architectural standards. Limited agreement with governance structure. Level 2: Governance of a few architectural standards (e. g. operating systems, database management systems) and some adherence to existing Standards Profile. Various degrees of understanding of the proposed governance structure. Level 3: Explicit documented governance of majority IT investments. Formal processes for managing variances. Senior management team is supportive of enterprise-wide architecture standards and subsequent required compliance. Level 4: Explicit governance of all IT investments. Formal processes for managing variances feed back into Enterprise Architecture. Senior-management team takes ownership of enterprise-wide architecture standards and governance structure. Level 5: Explicit governance of all IT investments. A standards and waivers process is used to improve governance process improvements. 8. IT Investment and Acquisition Strategy: To what extent does the Enterprise Architecture influence the IT Investment and Acquisition Strategy? Level 0: No regard for Enterprise Architecture in formulation of strategic IT Acquisition strategy by Operating Unit. Level 1: Little or no involvement of strategic planning and acquisition personnel in enterprise architecture process. Little or no adherence to existing Standards Profile. Level 2: Little or no form al governance of IT Investment and Acquisition Strategy. Operating Unit demonstrates some adherence to existing Standards Profile. Level 3: IT acquisition strategy exists and includes compliance measures to IT Enterprise Architecture. Operating Unit adheres to existing Standards Profile. RFQ, RFI and RFP content is influenced by the Enterprise Architecture. Acquisition personnel are actively involved in Enterprise Architecture governance structure. Cost-benefits are considered in identifying projects. Level 4: All planned IT acquisitions and acquisitions are guided and governed by the Enterprise Architecture. RFI and RFP evaluations are integrated into the IT Architecture planning activities. Level 5: Operating Unit has no unplanned IT investment or acquisition activity. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 18 / 19 e-Government Program (Yesser) NEA Maturity Model The final score is calculated using this simple formula 𝑛 𝑆𝑐𝑜𝑟𝑒 = (∑ 𝑥)/𝑛 𝑥=0 Where x is the individual scores taken from the score column above. Confidential e-Government Program (Yesser) This document (either in whole or in part) cannot be modified or reproduced without the prior written permission of the e-Government Program (Yesser) Page 19 / 19