SOA is a distributed approach to architecture that crosses lines of business and IT, there is a greater need for effective SOA governance and a strong control framework for the reuse and sharing of services, key value drivers for leveraging SOA.

SOA governance ensures that:

  • services deliver expected results based on well-defined business goals, and
  • services are published and managed throughout their lifecycle according to company rules for design, deployment, access control, and audit, as well as compliance with regulatory requirements

As organisations adopt SOA more heavily, they will encounter new challenges when they realise that an SOA’s distributed nature makes managing and controlling it difficult. Without both internal and external controls, an SOA may result in chaos instead of creating greater efficiencies - hence the need for governance throughout the lifecycle of services in an SOA.


Realising a shared business services infrastructure relies heavily on using the right SOA governance model to meet both business and IT needs. Predefined, enterprise-wide, standardised, governance models are required.

Issues that the governance model will address in IT terms include:

  • How reusable shared services will be defined, and by whom
  • How services will be built, by whom, and the software engineering approach
  • Who uses the services, and in what ways
  • How the associated service deployment and operations will run
  • Who co-ordinates the four activities above, and the guiding principles to ensure success.

Issues that the governance model will address in business terms include:

How time-to-market efficiencies and return on investment will be measured and at what level of granularity (composite application or service-by service) in order to maintain accountability for the SOA initiative and also perform ongoing cost-benefit analysis on the program

  • How the groups of services orchestrated into business solutions (composite applications) will be managed across a product lifecycle, so that the integrity of the business solution is appropriately maintained throughout, irrespective of the lifecycle of the services that comprise it
  • How longer-term domain engineering will be performed to continue to optimise the business processes represented in IT via the services repository.

Actual governance models will vary greatly from enterprise to enterprise and therefore the approach used will be customised to the specific needs of the organisation.