Using SOA to Create Better Compliance

February 18, 2009

Okay, okay, so SOA isn’t easy. And no one (well, perhaps auditors, governments or shareholders) like compliance. But good compliance can make SOA easier to implement–at least that the gist of Jaimin Patel’s article in Computer Technology Review. Patel, director of business development at WebLayers, a company that focuses on automating SOA, Mainframe and SDLC governance, makes a number of good points in his recent article on “Breaking Down the Barriers to Compliance through SOA.”

In fact, you have to like his opening paragraph–

“Why is it that when we hear the word compliance we tense up anticipating that we’ve done or are about to do something wrong? Perhaps it’s the widespread misperception of the role that compliance plays in the organization. Or maybe it’s because we’ve experienced challenging or even unsuccessful attempts at enforcing compliance at various levels in the company.”

In my experience, compliance does make people tense up–it make both IT and business people cringe a little. Often times talking about compliance is like someone running their fingernails down a chalkboard–it’s jarring, and instantly your mind turns to other things you would like to be doing, or other places you’d like to be.

But Patel’s point in the article isn’t just that compliance is unpleasant–it’s that compliance may actually be easier than you think. From his perspective, if done right, there’s no need to actually tense up after hearing the word compliance. No need to protect your ears from the chalkboard sound.

Instead, he argues, a SOA infrastructure can actually be the enabling connection between IT and business:
“Successful organizations will tell you that the speed and efficiency of implementing and enforcing compliance is directly proportional to the health of their IT infrastructure. Ideally, a standards-based service oriented architecture (SOA) can be the bridge that enables IT to meet business goals. In this case, the goal is compliance.

With SOA as the foundation, a company can move from a weak IT infrastructure that doesn’t support business goals to an organization that has a more flexible architecture that ensures adherence to regulations and policies required by both internal and external forces.”

Okay–so that doesn’t necessarily mean that SOA (or compliance) is easy–but he does make a good point that when an organization has a strategy plan that encompasses SOA and compliance, they can work synergistically to enable each other. The end result? A far better connection between business and IT, and corporate goals that are being met, instead of being ignored.

“By driving compliance and governance across lines of business through an SOA, companies can ensure greater consistency and reuse of best practices. These capabilities become increasingly more important as the SOA evolves and new policies are introduced.

Ensuring a successful governance solution requires analysis, tracking, and improvement of enterprise policies and architecture as a company’s initiatives change and evolve. A policy-based approach to SOA governance will help establish strong auditing and conformance mechanisms that limit corporate liabilities, ensure business continuity, and reduce integration costs and complexities.”

Share

Leave a Comment

Previous post:

Next post: