Keeping a SOA environment running smoothly involves managing a lot of moving parts: APIs, microservices, middleware,...
mobility and, increasingly, IoT. On top of that, you have security, privacy, regulatory compliance and more.
It's quite difficult to stay on top of each of those and coordinate them to run as seamlessly as needed. This is even harder if they are addressed one project at a time, which often leads to inconsistencies over time as lessons learned are eventually forgotten. This happens too often because so many departments are -- or, at least, should be -- involved in developing and maintaining individual applications, starting with IT.
As a response, let's explore the notion of applying a heavy dose of case management to tackle that challenge -- not a software application of the same name, but rather a function as it is performed by the likes of healthcare and social workers.
Practical proven principles to apply
According to The Case Management Society of America, case management is "a collaborative process of assessment, planning, facilitation and advocacy for options and services to meet an individual's health needs through communication and available resources to promote quality cost-effective outcomes."
Substitute "organization's business needs" for "individual's heath needs" and you will see exactly how this relates to a SOA environment and GRC. It is a soup-to-nuts approach to a coordination aimed at achieving a high-quality outcome.
The National Association of Social Workers took this several steps further by outlining one dozen standard attributes a professional case manager must exhibit. Each of these applies to SOA and GRC as well:
- Ethics and values
- Cultural and linguistic competence
- Service planning, implementation and monitoring
- Advocacy and leadership
- Interdisciplinary and interorganizational collaboration
- Practice evaluation and improvement
- Record keeping
- Workload sustainability
- Professional development and competence
A sample job description
Translating these principles into the context of a SOA-Centered GRC is fairly straightforward -- and when everything is said and done, you will be left with a pretty good facsimile of a new job description, such as shown below:
The GRC Case Manager for SOA will be responsible for orchestrating technologies, processes, policies, and compliance of XYZ Corp.'s SOA infrastructures. This role will focus on cross-functional collaboration and capability development to ensure that operational and business goals are met.
- Serve as a person primarily responsible for maximizing the efficiency and interoperability of our SOA infrastructures and ensuring that they meet our stated business requirements.
- Act as a liaison between business functions regarding needs analysis, success metrics, compliance support and technology implementation.
- Ensure technology and information are controlled and managed in a compliant manner throughout their lifecycle as governed by company procedures, regulatory requirements and industry standards.
- Create, amend as necessary, and execute upon organizational and technology road maps so that such compliance is perpetually maintained.
- Establish SOA-oriented technical and policy implementation best-practices and standards across the enterprise.
- Partner with HR to create training programs to educate employees and new hires on these best-practices and standards.
The lesson here is twofold. First, applying the principles of case management to GRC in the land of SOA environment can give you a new and needed perspective on all its moving parts. My recommendation is to separate this role from project-related work to ensure proper time and attention are given to the task. Otherwise, you will be asking for trouble as some poor soul has to balance the time he can devote to maintaining GRC with another work schedule.
The second lesson is that it's OK to look at other industries and practice areas for inspiration when it comes to dealing with complexity. Enterprise computing is not the only place practitioners have to deal with complexity, yet our tendency is not to look beyond our own horizons when it comes to seeking creative solutions. That's a shame considering that nurses and social workers, among others, also have plenty of experience keeping multiple plates spinning.
Learn how SOA is used to support warfighters
Discover a new approach to GRC systems for SOA
Learn how SOA governance tools keep things on track