In the context of a very productive discussion with NHS England colleagues, I keep looking for good references and ideas to support Enterprise Architecture governance. The basic framework is clear, considering we have great materials to guide us like the TOGAF standard; but as we progress in the conversation, it becomes increasingly clear that some of the preconditions of such standards are not applicable -at least not immediately- to our very complex organisation.
Other professionals, in different organisations and industries, will no doubt agree that a natural condition of EA is the existence of a unitary view of the organisation; that is, not only a desire or a drive to develop Architecture Governance, but also the real existence of a more or less cohesive organisational context.
I am not referring here to the common fact that a single organisation -for example a national or global bank- may have multiple divisions, regions and business lines, each of them with a different rhythm and a different technology change strategy. That is normal, and in fact TOGAF and other models can be adapted to those conditions.
In our case, the NHS is different not only in terms of organisational complexity only, but also due to the “diversity” of its business units-as we could provisionally call this fact: NHS England are not a single “going concern”, especially not in terms of decision making, IT services, technology procurement, data ownership and management and resource allocation authority. This entails that we are also not a single organisation in matters of project and programme initiation and delivery.
All these characteristics, which are not negative in themselves and represent just reality “as it is,” must be taken into account when we consider architecture governance and especially Enterprise Architecture. This ultimately means that EA in NHS England does not count on a single context of IT Governance and “transformation”.
Does this diminish the relevance of EA? In my view, it does not, and we could even say that such diversity and complexity actually demand the development of Enterprise Architecture to operate as a “guardian” of the long term business objectives and target architectures. The EA Architecture has to be stronger and uphold industry standards and business objectives despite the absence of all-encompassing IT and Business Architecture processes. As these may not effectively mature and probably can’t be expected to exist across so many decentralised decision-making centres, EA has to provide focus and emphasis on Principles, Guidelines and Recommendations, instead of the conventional more or less unitary “target architectures” which are viable only in other types of organisations.
This is particularly the case of EA for Identity and Access Management, a domain where unitary treatment of the architecture is not viable due to the multiple levels of Identity Data ownership, governance and control/management. As I like to emphasise always, Identity Management hinges ultimately on Identity Data Management and Standardisation. This being particularly important for the Authorisation workflows and the Identity Verification and User Onboarding. Other areas, e.g. User Authentication are less diversified, but even in that case the IT infrastructure is not monolithic and probably cannot be easily streamlined beyond what it is already.
In addition to that, Identity and Access Management, as a domain, is more sensitive to Governance development than any other area of the IT services and infrastructure. This, in turn, means that I&AM Enterprise Architecture depends more than any other Architecture domain -in my view- on a redoubled focus on Guidelines instead of “national” or “NHS-wide” architectures, and a realistic and pragmatic application of Principles and Recommendations so that the different levels and units of decision making are able to optimise their own processes of technology adoption and change.
So, how can we articulate I&AM Principles, Guidelines and Recommendations to support this very large, complex and diverse organisation in a positive and constructive manner? What are those Principles, Guidelines and Recommendations to begin with?
I will cover these points in my following articles in this medium.