Enterprise Architecture (EA) was formally introduced in to the Commonwealth of Pennsylvania in late 2003. Previously the Commonwealth had centralized several key architecture components: email, telecom services, desktop operating systems, PCs, and SAP as the back office system. It is upon this infrastructure that EA initiatives were built, and with this foundation, have constructed a collaborative approach to EA governance and standards pertaining to security.
The EA governance structure is part of a broader IT governance model that reports to the IT Governance Board. The purpose of the IT Governance Board is to oversee the investment and performance of information solutions across Commonwealth's agencies and to advise and counsel the governor on the development, operation, and management of the Commonwealth's IT investments, resources and systems.
Governance continues to be an important part of Commonwealth initiatives. The Enterprise Governance Council (EGC) and the Enterprise Architecture Standards Committee (EASC), both comprised of senior agency Directors and CIOs, provide leadership, prioritization of initiatives and recommendations of standards. Domain teams, comprised of agency technologists, architects, and thought-leaders, realize these initiatives by creating Commonwealth standards, establishing IT policies, and specifying Enterprise Architecture models and blueprints.
This governance structure ensures support and the rapid adoption of enterprise strategic initiatives that meet the diverse needs of Commonwealth agencies. Additionally, with the establishment of ten domain teams (see diagram below), participation has been solicited from all agencies and levels of staff. This has established a new way of doing business for the Commonwealth. Enterprise Architecture is now an institutionalized agent for both innovation and standardization across the Commonwealth.
One of the most important Commonwealth initiatives is security. Enterprise Architecture is responsible for several far-reaching, critical security initiatives. These initiatives specify standard security approaches and blueprints for many aspects of cyber security awareness and identity protection and access management.