586
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − + − The Enterprise Architecture Framework enables the CIO of Canada to fulfill several responsibilities as stated in the Policy on Service and Digital: − 1. "Prescribing expectations with regard to enterprise architecture." The Enterprise Architecture Framework is an aspirational representation of the expectations for Enterprise Architecture which is also encapsulated in Service and Digital Target Enterprise Architecture.+ + − 2. "Establishing and chairing an enterprise architecture review board (EARB) that is mandated to define current and target architecture standards for the Government of Canada and review departmental proposals for alignment." The Enterprise Architecture Framework defines the target architecture standards for the Government of Canada. When presenting at GC EARB departments present how the proposed architectures intend to achieve the target architecture as outlined in the EA Framework. The GC Enterprise Architecture Review Board endorses departmental architectures based on the evaluation of alignment to the Enterprise Architecture Framework.+ + − 3. "Approving an annual, forward-looking three-year enterprise-wide plan that establishes the strategic direction for the integrated management of service, information, data, IT, and cyber security and ensuring the plan includes a progress report on how it was implemented in the previous year." The EA Framework and Service and Digital Target Enterprise Architecture provides a superstructure for the Strategic Actions in the revised Digital Operations Strategic Plan, spanning across the DOSP pillars. A progress report is annually reviewed by GC EARB to access the alignment of departmental architectures to the EA Framework.+ − The Enterprise Architecture framework has been organized based on the architectural domains of, Business, Information, Application, Technology, Security, and Privacy as defined within industry best practices.+ − + + + + + + + + + + + + + + + + + Line 33:
Line 50: − + Line 51:
Line 68: − + Line 60:
Line 77: − * <u>Ensure that combined data does not risk identification or re-identification of personal information – de-identification techniques should be considered prior to sharing personal information</u> Line 108:
Line 124: − +
GC Enterprise Architecture/Framework (view source)
Revision as of 15:40, 21 September 2020
, 15:40, 21 September 2020→Enterprise Architecture definition
{{OCIO_GCEA_Header}}
{{OCIO_GCEA_Header}}
== Appendix A: Enterprise Architecture Framework ==
== Appendix A: Mandatory procedure for the Enterprise Architecture Framework ==
=== Enterprise Architecture definition ===
Enterprise Architecture (EA) is a conceptual blueprint that defines the structure and operation of an organization considering and aligning business, information, application, technology, and security domains to support strategic outcomes.
=== The Enterprise Architecture Framework: ===
1. Prescribes expectations of the Chief Information Officer (CIO) of Canada regarding enterprise architecture.
2. Contributes to the Chief Information Officer (CIO) of Canada responsibility for establishing and chairing an enterprise architecture review board that is mandated to defines the current and target architecture standards for the Government of Canada.
3. Provides the criteria used by Government of Canada enterprise architecture review board and departmental architecture review boards when reviewing digital initiatives to ensure their alignment with enterprise architectures.
The EA Framework was presented at GC EARB on [https://gcconnex.gc.ca/file/view/67145496/gc-earb-2020-07-16-02-tbs-service-digital-target-enterprise-architecture-and-updates-to-the-ea-framework-pdf?language=en July 16th, 2020]. Additional feedback has been sought from the departments by August 31st, 2020, before it will return for an endorsement.
These procedures take effect on December 1, 2020. (proposed)
These procedures are an update and replacement of Appendix A. Mandatory Procedures for Enterprise Architecture Assessment.
=== Refences to the Policy on Service and Digital and to the Directive on Service and Digital ===
A.2.1 These procedures provide details on the requirements set out in sections:
4.1.2.3 of the Policy on Service and Digital (The Chief Information Officer (CIO) of Canada is responsible for: Prescribing expectations with regard to enterprise architecture.)
4.1.2.4 of the Policy on Service and Digital (The Chief Information Officer (CIO) of Canada is responsible for: Establishing and chairing an enterprise architecture review board that is mandated to define current and target architecture standards for the Government of Canada and review departmental proposals for alignment.)
4.1.1.1 of the Directive on Service and Digital. (The departmental Chief Information Officer (CIO) is responsible for: Chairing a departmental architecture review board that is mandated to review and approve the architecture of all departmental digital initiatives and ensure their alignment with enterprise architectures.
A.2.2 The Enterprise Architecture Framework prescribes the expectations of The Chief Information Officer (CIO) of Canada with regard to enterprise architecture, defines the current and target architecture standards for the Government of Canada and is the criteria used by the Government of Canada enterprise architecture review board and departmental architecture review boards when reviewing digital initiatives to ensure their alignment with enterprise architectures across business, information, application, technology, security domains to support strategic outcomes.
=== Status ===
The EA Framework was presented at GC EARB on [https://gcconnex.gc.ca/file/view/67145496/gc-earb-2020-07-16-02-tbs-service-digital-target-enterprise-architecture-and-updates-to-the-ea-framework-pdf?language=en July 16th, 2020]. Additional feedback has been sought from the departments by August 31st, 2020, before it will return to GC EARB for an endorsement in the fall of 2020.
== Business Architecture ==
== Business Architecture ==
== Information Architecture ==
== Information Architecture ==
Information architecture best practices and principles remain consistent, but their focus must accommodate the needs of a business service and business capability orientation. In order to share information across Government, information architecture must address the higher standards needed in terms of the awareness of the information handling needs of each piece of data – its source, quality, and associated policy obligations. <u>The collection, use and management of personal information requires adherence to the principles and requirements of GC privacy legislation and its related policies.</u>
Information architecture best practices and principles remain consistent, but their focus must accommodate the needs of a business service and business capability orientation. In order to share information across Government, information architecture must address the higher standards needed in terms of the awareness of the information handling needs of each piece of data – its source, quality, and associated policy obligations. C<u>ollection, use and management of personal information requires adherence to the principles and requirements of GC privacy legislation and its related policies.</u>
=== Collect data to address the needs of the users and other stakeholders <u>where permissible by law</u> ===
=== Collect data to address the needs of the users and other stakeholders <u>where permissible by law</u> ===
* Share data openly <u>(for example on Canada’s Open Data portal)</u> by default as per the Directive on Open Government and Digital Standards, while adhering to existing enterprise and international standards, including on data quality and ethics
* Share data openly <u>(for example on Canada’s Open Data portal)</u> by default as per the Directive on Open Government and Digital Standards, while adhering to existing enterprise and international standards, including on data quality and ethics
* Ensure data formatting aligns to existing enterprise and international standards on interoperability. Where none exist, develop data standards in the open with key subject matter experts, in consultation with the Enterprise Data Community of Practice
* Ensure data formatting aligns to existing enterprise and international standards on interoperability. Where none exist, develop data standards in the open with key subject matter experts, in consultation with the Enterprise Data Community of Practice
* Ensure that combined data does not risk identification or re-identification of sensitive or personal information
* <u>Ensure that combined data does not risk identification or re-identification of personal information – de-identification techniques should be considered prior to sharing personal information</u>
=== <u>Design with privacy in mind for the collection, use and management of personal Information</u> ===
=== <u>Design with privacy in mind for the collection, use and management of personal Information</u> ===
* <u>Design processes so personal information remains accurate, up-to-date and as complete as possible, and the ability to correct</u>
* <u>Design processes so personal information remains accurate, up-to-date and as complete as possible, and the ability to correct</u>
* <u>Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act</u>
* <u>Personal information should be collected directly from individuals but can be from shared sources where permitted by the Privacy Act</u>
* <u>Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records</u>
* <u>Personal information needs to be available to facilitate Canadians’ right of access to and correction of government records</u>
* <u>Conduct a Privacy Impact Assessment (PIA) to identify and mitigate privacy risks for new or substantially modified programs when personal information is identified</u>
* <u>Conduct a Privacy Impact Assessment (PIA) to identify and mitigate privacy risks for new or substantially modified programs when personal information is identified</u>
== Security Architecture <s>and Privacy</s> ==
== Security Architecture <s>and Privacy</s> ==
Security architecture <s>and privacy</s> has always been an important but often poorly addressed aspect of solution design. However, for the successful implementation of the GC Enterprise Ecosystem Target Architecture depends on a proper security architectural implementation. Legacy systems based on monolithic architectures often had simplistic approaches to mitigating security risks. The future digitally enabled GC services will support a diverse community and have interoperating components spread across multiple environments. It is critical that security be built in to all processes and across all architectural layers.
Security architecture <s>and privacy</s> has always been an important but often poorly addressed aspect of solution design. However, for the successful implementation of the GC Enterprise Ecosystem Target Architecture depends on a proper security architectural implementation. Legacy systems based on monolithic architectures often had simplistic approaches to mitigating security risks. The future digitally enabled GC services will support a diverse community and have interoperating components spread across multiple environments. It is critical that security be built into all processes and across all architectural layers.
=== Build Security into the System Life Cycle, Across All Architectural Layers ===
=== Build Security into the System Life Cycle, Across All Architectural Layers ===
