FEAF 2.0 provides the Consolidated Reference Model (CRM) for Portfolio Management and Shared Services which is used across the agencies, and provides consistency in investments planning and reporting. At the same time, CRM describes the business capabilities and services, data assets, IT systems, and technology platforms. Those building blocks are not explicitly prescribed by FEAF, and each non-DOD agency is trying to define them in a silo. DODAF, TOGAF and Archimate do provide metamodels to describe such building blocks.
Scott Bernard published an article “The Importance of Formal Documentation In Enterprise Architectures” in the Journal of Enterprise Architecture, August 2009, where he proposed a Metamodel of Artifact Relationships in the EA3 Cube Approach, but it was not included into the official FEAF 2.0.
HHS EA built own metamodel based on the changing guidance and initiatives from OMB which eventually become too cumbersome to maintain. Other agencies share the similar story.
The lack of the standard metamodel creates inconsistency and confusion not only in collecting and storing the EA data, but also in generating reports and getting value out of EA.
Here I am proposing a draft of the metamodel that includes FEAF CRM and common building blocks. It uses the concepts commonly used in CPIC and Cybersecurity, as well as OMB policy and CIO Council. I used Archimate as a modeling language and Archi as a modeling tool.
An organization has a set of goals. Each goal has a set of objectives.
To reach a goal and its objectives an organization needs to define a strategy. A strategy is an approach to change the architecture using different business capabilities and different initiatives.
Goals, objectives, strategies, capabilities, and initiatives define a Strategic Plan.
To implement a strategic plan, an organization needs to define the Current State of its architecture in terms of its Business, Data, Application, Infrastructure, Security, and Investment domain portfolios.
Next, an organization needs to gather requirements for the Future State. It includes a Strategic Plan, an analysis of the Current State, Department’s Business and IT (IRM) goals, objectives, and initiatives to align to.
In order to facilitate domain portfolio management, a set of FEAF Reference Models is applied to the Current State in order to identify duplications and gaps:
- Business Reference Model (BRM)
- Application Reference Model (ARM)
- Data Reference Model (DRM)
- Infrastructure Reference Model (IRM)
- Security Reference Model (SRM)
After all requirements are identified, an organization develops a Vision of the Future State, and details in the same terms as the Currents State: Business, Data, Application, Infrastructure, and Security domain portfolios.
Next, the Gap Analysis determines the difference between the Future State and the Current State. Those gaps need to be addressed via projects (Projects Portfolio). Projects will be funded by Investments. The list of the proposed investments (Investment Portfolio) will be submitted to the Investment Review Board for approval.
To justify the proposed investments, an organization needs a business case and the architectural description, including a Transition Plan in terms of planned projects and the timeline.
The first step to establish EA in an org is to start managing portfolios.
Application Portfolio contains IT Systems, which are different from the cybersecurity “systems” also known as Security Authorization Boundary (a.k.a. ATO). ATO can have one or more IT Systems.
Application Portfolio enables Mission and Business Services to realize Business Capabilities of the agency.
Technology Portfolio contains Software Product Versions. Each Software Product Version has a vendor support Lifecycle and user licenses. Technology realizes IT Systems. An org can establish an approved list of its Technology Portfolio in order to limit duplicative technology proliferation (IT Technology Standard).
CRM describes different portfolios in order to identify duplication and gaps, and thus enables Portfolio Management, for examples, promoting reuse of the existing technology, and so, limit IT cost.
The shared metamodel across government agencies helps to mature further OCIO capability to manage and align IT to business by providing clarity and interoperability between various tools, helping to speed up time-to-market decision support data, and establishing a consistent common language for executives.