Web Governance Patricia Benoit, CISA, CIA April 2002.

Web Governance

Patricia Benoit, CISA, CIA

April 2002

Southern California Edison 2

In a Phased Approach

General Governance Principles

Why Govern?

At the Community

Level

What is Governance? Where?

In collaborationwith the Business,IT Infrastructure &IT Appl Services

Who? When?

Rules & TheirEnforcement

To Improve an Environment

via Planning

By Establishing & Monitoring adherence

with Standards, Guidelines & Processes

How do we Govern?


City Governance Analogy – Why Govern?

To help communities and regions grow in harmony with the natural environment and in

tune with public concerns.

1. Solving a community’s problems

2. Protecting important features

3. Guiding community growth in the future


Web Governance – Why Govern?

Web Governance’s helps portals and sites grow in harmony with a common

environment that is in tune with business concerns.

1. Solving a community’s problems

2. Protecting important features

3. Guiding community growth in the future


More Reasons for Web Governance

1. Automating business processes has created an environment that has evolved without Proper Safeguards

2. Companies make large Investments in the Web

3. Increased Vulnerabilities from Exposure to Outside World

4. Regulatory Issues Requiring Compliance (i.e. Privacy)

5. The Web is an Environment of Continuous Change




Why Govern?

At the Community

Level


Who? When?How do we Govern?

To Improve an environment

via Planning

Rules & Their Enforcement



When?




Web Governance Definition

Why Governance?

Governance improves Web Communities by providing Order and Predictability

around Outcomes

Expected Outcomes

Consistent and Reliable Web Communities that sustain and extend IT and Business Unit

Strategies & Initiatives

What is Governance?

Governance is the Development and enforcement of Standards,

Policies and Guidelines


Web Governance Major Areas

Security, Reliability &

Infrastructure

Web Application Processes &

Standards

Content Management

Web GovernanceRisk Risk

Safeguards

Branding/Logo Standards Content Look & Feel Standards Legal Compliance Reviews Corporate Content Reviews BU Content Reviews Portal Metrics Reviews

Security Standards Architecture & Tool Standards Service Level/Performance Stds Web Production Monitoring Infrastructure Standards Web Change Management

Development Process Standards Maintenance Process Standards Technical Stds & Guidelines “Best Fit” Technology Standards


Web Governance Major Area - Benefits

Security, Reliability &

Infrastructure

Web Application Processes &

Standards

Content Management

Web GovernanceRisk Risk

Benefits

+ Appropriate Branding/Logo+ Consistency Across a Portal+ Prevention of Legal Issues+ Approved Corporate Content + Approved Business Unit Content + Improved Quality of Portals

+ Reduced Development Costs + Consistent Deployment+ Reduced Maintenance Costs+ Appropriate Technology+ Consistent Web Environment+ Reduced Cost for Replacement

+ Protection of Assets+ Alignment with I*Net Architecture+ Alignment with Infrastructure + Reduced Downtime Costs+ Improved Portal Reliability+ Approved Web Applications




Why Govern?

At the Community

Level




via Planning







Unplanned Web Governance Landscape

Company.com

MyHR Site

Employee Site

eProcurement

B2C

B2B

B2E

Parent.com

BU 1Shared Services

ITBU 2Corp

CenterBU 3

Business Unit Governance

Board

• Look & Feel Standards• Application Technology Decision Matrix

• Style Guide• Web Master Manual• Standards & Guidelines for Communications

• Buysite Customization Standards & Guidelines

Portals

• Style Guide• Standards & Guidelines for Communications

• Style Guide• Application Technology Decision Matrix

Business Unit Governance Board

Business Unit Governance Board


Governance Boards

Planning works well when community members recognize how the parts of the community fit

together.


Web Governance Boards

Business UnitBoards

Web GovernanceBoards

Executive Level

BU 1Shared Services

IT

B2CPortal

B2BPortal

B2EPortal

ETC

BU 2Corp

Center

How do web communities fit together to align Business and IT Plans?

BU 3


Governance Boards

Good planning considers the needs of the entire community.

Once planners have helped the community create its plan, they work with many people and groups to carry out the plan.

They work with neighborhood groups, the mayor, the police, engineers, and business people, as well as many others to

make the community the best place to live.


BU 1Intranet

Governance Board

Systems Engineering

IT Security

Web Production Support

Application Services

eBusiness

Enterprise Architecture

BU 2Intranet

Governance Board

IT Intranet

Governance Board

BU 3 Intranet

Governance

Corporate Center Intranet

Governance

Shared Services Intranet

Governance

System Quality Assurance

B2E Governance Board

BU 1Internet

Governance

BU 2 Internet

Governance

Public Affairs

Human Resources

SafetyCommunityInvolvement

B2C Governance Board

Corporate Finance

IT Support/Alignment

Law

Corporate Communications

Corporate Alignment

Web Governance Boards




Why Govern?

At the Community

Level




via Planning





with Standards,Guidelines & Processes


Governance Board Responsibility

As the population increases and becomes more concentrated in certain areas of the country,

carefully planned development is the only way to ensure that the quality of life in those areas is

maintained and enhanced.

Much of the responsibility for promoting and maintaining the good life in a community belongs

to the city and regional planners.


Web Governance Roles & Responsibilities

Web Governance Responsibilities

• Define Guiding Principles for Web Content & Design • Define Responsibilities of Content Owners• Establish Content Management / Approval Process• Perform Best Practice Research & Knowledge Sharing

IT Role:

Business Unit Role: Corporate Role:

IT

Web Governance

Corp.BusinessUnits

• Standards Establishment / Updates• Project Compliance Reviews & Quality Control Gate• Web Production Monitoring • Web Governance Knowledge Sharing & Communications

CONTENT MANAGEMENT

TECHNICALARCHITECTURE &

SUPPORT

WEB SITE&

CONTENTAPPROVAL


Governance Planning

Professional planners prepare comprehensive plans for development projects, neighborhoods, cities,

states and regions… a vision.

And they're responsible for developing a plan of action to turn their paper plans into reality - into

roads, buildings and open spaces.


Change Management

Processes/Standards

TechnologyContent

Organization/Strategy

• Advocacy/Funding• Education/Promotion• Communication Strategy

-Web Governance Site• Best Practices• Architecture Standards• Branding/Logo Standards• Look/Feel Standards• Development/Maintenance• Technical

Standards/Guidelines• Security Standards• Service Level Agreements

• Web Change Management• Standard Tools• Mobility Strategy• Developer’s Pool• Search Engine Enhancement• Single Sign-on• Personalization

• Strategic Alignment Plan• Operations

-Mission Statement of purpose-Objectives-Membership-Voting-Roles & Responsibilities-Decision Matrix for work-Meeting Manager

• Shared- Common Taxonomy- Usability- Search Intelligence- Design- Corporate Content Reviews- BU Content Reviews- Portal Metrics - ACT Compliance- Approval - Quality Control &

Monitoring• Business Unit

- Governance Boards- BU Content Review/Clean-up- Business Requirements

Portal Governance

Strategic Alignment – A Collaborative Vision


EDNA Actions - Improvement Initiatives

1. Governance Operations

2. Organizational Change Management / Common Vision

3. Intranet Site Clean-up

4. Intranet Organization & Search

5. Functional Design (Usability) and Style Guide Update

6. Web Content Management

7. Standard Automated Business Processes, Applications & Tools

8. Mobility Standards

9. Release Management

10. Governance Communications - Web Site




Why Govern?

At the Community

Level




via Planning







Web Governance Processes

Standards Establishment

Development Standards

Technical Standards & Guidelines

Content Management Standards

Architecture Standards

Security Standards

Maintenance Standards

Project Reviews

Development & Maintenance Standards Compliance Reviews

Technical Guidelines/Standards Reviews

Content Reviews

Architectural Alignment Reviews

Security Alignment Reviews

Web Production Monitoring

Security Monitoring

Service Level / Performance Metrics Monitoring

Web Applications Migration Monitoring

Web Tools Migration Monitoring

Trending & Improvement InitiativesQuality Control

Web Governance Approval Gate

Web Production Change Management

Content Approval Gate


Outputs:

Standards Road Map

Standards Development Plan

New/Updated Standards

Standards Deployment

Entry Criteria:

A need for a standard, or to update a standard, is Identified via a change in Web Strategy, Technology, Best Practices orRisk.

Inputs:

Industry Best Practices

Existing Strategies

Existing Standards

Business Unit Initiatives

Standards Establishment Function

Standards Establishment Function





Security Standards


Resources

Web Governance

Process Management


Systems Engineering

IT Security

Infrastructure


Exit Criteria:

Standards Road Map & Development Plan Approval

Standards are Deployed

Dependencies:

Architectural StrategyWeb Strategy


Project Review Function

Resources

Web Governance

System Quality Assurance

Systems Engineering


Project Reviews Function

Development & Maintenance Stds Compliance Reviews


Content Reviews



Entry Criteria:

A project requires a review to verify compliance with standards.

Inputs:

Web Development Projects



Technical Standards & Guidelines,Architectural and Security Standards

SQA Review Checklists

Dependencies:

Established StandardsWeb Projects

Outputs:

Exit Criteria:

Deviations identified and addressed prior to migration tothe Production Environment

Web Content Issues Log

Application Development Project Issues Log

Findings & Recommendations Report

Action Plans for Issues requiring resolution for Project Implementation



Resources

Web Governance


IT Security Management



Web Production Monitoring Function

Security Monitoring

Service Level / Performance Metrics Monitoring



Trending & Improvement Initiatives

Entry Criteria:

Reports are published and it istime for scheduled Governance Monitoring activities.

Inputs:

Security Reports

SLAs & Metrics Reports

Web Content Issues Log

Governance Board Issues Log

Web Governance Reports

Dependencies:

SLAs Issues Log & Reports

Outputs:

Web Governance Monitoring Summary including an Issues Logwith Recommended Actions

Web Content Issues Report

Improvement Initiatives

Exit Criteria:

Web Governance MonitoringSummary and Improvement Initiatives published

Issues are addressed


Quality Control Function

Quality Control Function




Resources

Web Governance




Entry Criteria:

A Web Application requires migration to production.

Inputs:

Web Migration Request

SDM & Client Approval (UAT) forRelease to Production

Web Production Content Approval for Release to Production

Inventory of Web Applications in Production

Web Migration Activity Reports

Dependencies:

Change RequestApproval for Migration Web Production Reports

Outputs:

Approved Application is Migrated toWeb Production

Approved Content is Migrated toWeb Production

Inventory of Web Applications in Production

Archived Web Content History

Exit Criteria:

Application or Content is successfully migrated to the Web Production Environment




Why Govern?

At the Community

Level


Who? When?How?


via Planning




When?

By establishing & monitoring adherence

with Standards, Guidelines& Processes


Web Governance in a Phased Approach

Standards Establishment





Security Standards


Governance Establishment

Develop Governance Model

Communications Plan

Standards Gap Analysis

Implementation Plan

Governance Boards

Obtain Sponsorship & Mgt Support

Identify Content Owners

Develop Charter & Vision

Define Roles & Responsibilities

Define Board Structure & Operations


Security Monitoring

Service Level / Performance Metrics

Monitoring



Trending & Improvement Initiatives

Project Reviews

Development & Maintenance Stds

Compliance Reviews


Content Reviews



Quality Control




Phase 1

Phase 5*Phase 4Phase 3

Phase 2

* - Note: Dependencies on a Security Framework, SLAa and a controlled Web Production Environment exist in this area.


Web Governance Operations

1. Annual Planning - Risk Assessment & Review of Industry Trends

2. Alignment of IT & BU Strategies

3. Develop/Refine Safeguards to Eliminate Risk

Web Policies Standards & Processes Development Project Reviews Production Environment Monitoring Change Control Gate

4. Measure Performance / Compliance

5. Report on Results & Create Improvement Initiatives

6. Educate, Communicate and Inform IT & BUs in Web Governance Practices

7. Continuously Improve Web Governance


Web Governance Key Success Factors

1. Ensure that Executive Management supports Governance

2. Ensure that well defined Business & IT Strategies exist

3. Ensure alignment of Strategies at the Portal Level with Boards that represent the appropriate individuals in each portal community

4. Ensure that Standards are Comprehensive, Developed by Subject Matter Experts and are Approved

5. Ensure that reviews are conducted at High Risk points in the SDLC (i.e. Requirements, Design, Testing, etc.)

6. Ensure that Web Production is monitored for security risks & reliability and proper escalation processes & recovery plans exist

7. Ensure that well defined processes for Web Change Management exist


Web Governance

"Never doubt that a small group of thoughtful committed citizens can change the world; indeed, it's the only thing that ever has. "

~Margaret Mead

Web Governance Patricia Benoit, CISA, CIA April 2002.

Documents

Transcript of Web Governance Patricia Benoit, CISA, CIA April 2002.