|
|
Line 80: |
Line 80: |
| <span style="font-size: 1.5em;">[[GC_Application_Enterprise_Architecture | 3. Application Architecture]]</span> <br><br> | | <span style="font-size: 1.5em;">[[GC_Application_Enterprise_Architecture | 3. Application Architecture]]</span> <br><br> |
| | | |
− | <b>Use Open Standards and Solutions by Default</b> | + | <b><I><u>Use Open Source Solutions hosted in the Cloud</b> |
− | * Where possible, use open source standards, and open source software first
| + | * Select existing solutions that can be reused over custom built |
− | * <I><u>When using Open Source remain at the latest and greatest version to ensure any security vulnerabilities are patched</u></I>
| + | * Contribute all improvements back to the communities |
− | * <I><u>Ensure any extension or change to the Open Source item is contributed back to the community</u></I> | + | * Register Open Source software to the Open Resource Exchange |
− | * If an Open Source option is not available or does not meet user needs, favour platform-agnostic COTS over proprietary COTS, avoiding technology dependency, allowing for substitutability and interoperability
| |
− | * If a custom-built application is the appropriate option, by default any source code written by the government must be released in an open format via Government of Canada website and services designated by the Treasury Board of Canada Secretariat | |
− | * All Open Source code must be released under an appropriate open source software license | |
− | * <I><u>Ensure valid license and legal requirements are met for use of Open Source items</u></I>
| |
− | * Expose public data to implement Open Data and Open Information initiatives
| |
| | | |
| + | <b>Use SaaS hosted in the Cloud</b> |
| + | * Choose SaaS that are extendable |
| + | * Align with SaaS capabilities; extend as Open Source modules |
| + | * Configuration over customization |
| | | |
− | <b>Design for Users First and Deliver with Multidisciplinary Teams</b> | + | <b>Design for [https://www.gcpedia.gc.ca/wiki/En/GCinterop Interoperability]</b> |
− | * Focus on the needs of users, using agile, iterative, and user-centred methods | + | * Design systems to be highly modular, loosely coupled and aligned to Business Capability Model 2.0 |
− | * Conform to both accessibility and official languages requirements | + | * Use micro services scoped to a single purpose and API-led connectivity |
− | * Include all skillsets required for delivery, including for requirements, design, development, and operations | + | * Expose functionality as services, make services available through APIs and make the APIs discoverable |
− | * Work across the entire application lifecycle, from development and testing to deployment and operations
| |
− | * Ensure quality <u><i>and security</i></u> is <u><i>underpinning</i></u> the Software Development Lifecycle
| |
− | * <I><u>Total Cost of Ownership (TCO) should include the cost for design, construction, operation, and maintenance of a system. For example Training, Support, Disaster Recovery, and Retirement Cost</I></u>
| |
| | | |
− | | + | <b>Use DevOps / Continuous Integration to ensure maintainability and AB Testing</b> |
− | <b><u>Design Systems to be Measurable and Accountable</b></u> | + | * Work with multidisciplinary teams |
− | * Publish performance expectations for each business service and supporting application and technology service(s)
| + | * Ensure testing and QA is completed |
− | * Make an audit trail available for all transactions to ensure accountability and non-repudiation
| + | * Work in the open; Release source code developed via GC website and GC services |
− | * Establish business and IT metrics to enable business outcomes
| + | </u></I> |
− | * Apply oversight and lifecycle management to digital investments through governance
| |
− | * <u><I>Complete an Algorithmic Impact Assessment (AIA) for systems automating decisions as per the [https://tbs-sct.gc.ca/pol/doc-eng.aspx?id=32592 Directive on Automated Decision-Making].</u></I>
| |
− | | |
− | | |
− | <b>Maximize Reuse</b>
| |
− | * <I><u> Reduce integration Complexity - design systems to be highly modular and loosely coupled to be able to reuse components. </I></u> | |
− | * Leverage and reuse existing solutions, components, and processes | |
− | * Select enterprise and cluster solutions over department-specific solutions | |
− | * Achieve simplification by minimizing duplication of components and adhering to relevant standards
| |
− | * Inform the GC EARB about departmental investments and innovations
| |
− | * Share code publicly when appropriate, and when not, share within the Government of Canada
| |
− | * <u>Use micro services scoped to a single purpose <I>and made available for cross-business use</u></I>
| |
− | | |
− | | |
− | <b>Enable [https://www.gcpedia.gc.ca/wiki/En/GCinterop Interoperability]</b>
| |
− | * Expose all functionality as services
| |
− | * <u><I>Make all </i></u> services <I><u>available </u></i> through a well-defined interface, such as a HTTPS-based [https://www.canada.ca/en/government/publicservice/modernizing/government-canada-standards-apis.html application programming interface (API)]
| |
− | * <u><I> Design APIs according to the Mandatory Procedures for Application Programming Interfaces (Government of Canada API Standards)
| |
− | * All APIs with potential for cross-departmental, inter-jurisdictional, or public consumption must be published to [https://api.canada.ca/en/homepage | the GC API Store]
| |
− | * Use the [gccollab:groups/profile/1238235/engovernment-of-canada-digital-exchangefru00c9change-numu00e9rique-du-gouvernement-du-Canada | Canadian Digital Exchange Platform (CDXP)] for data exchange where suitable (e.g. GC Event Broker for asynchronous messaging)
| |
− | | |
− | | |
− | <b>Develop with Security in mind</b>
| |
− | * Applications that store, process, handle, or have network access to sensitive information should be developed with security in mind from the start, and should be audited and assessed before use
| |
− | * Ensure sensitive data is protected appropriately when stored and transmitted (Duplicate D3)
| |
− | * Minimise the opportunity for accidental data leakage across application boundaries
| |
− | * Ensure only authorised parties can access sensitive information
| |
− | * Log access to facilitate audits and isolate unauthorized behaviour
| |
− | * Restrict access to sensitive data to those applications designed to handle such material in a secure manner</u></I>
| |
| |} | | |} |
| | | |