software governance

From GM-RKB
Jump to navigation Jump to search

A Framework Governance Policy is a software governance policy that establishes framework approval processes, framework compliance requirements, and framework lifecycle management procedures for third-party software framework utilization.

  • AKA: Framework Control Policy, Framework Management Policy, Framework Compliance Policy, Framework Oversight Policy, Framework Usage Policy.
  • Context:
    • It can typically mandate Framework Approval Workflows requiring architectural reviews and security assessments.
    • It can typically enforce Framework Compliance Standards including licensing requirements and regulatory constraints.
    • It can typically govern Framework Lifecycle Procedures from adoption through deprecation phases.
    • It can typically define Framework Authority Structures specifying decision rights and accountability roles.
    • It can often establish Framework Audit Mechanisms for usage monitoring and compliance verification.
    • It can often specify Framework Exception Processes allowing justified deviations from standard policies.
    • It can often maintain Framework Registry Databases tracking approved frameworks and version statuses.
    • It can range from being a Permissive Framework Governance Policy to being a Restrictive Framework Governance Policy, depending on its control strength.
    • It can range from being a Centralized Framework Governance Policy to being a Federated Framework Governance Policy, depending on its authority model.
    • It can range from being a Static Framework Governance Policy to being an Evolving Framework Governance Policy, depending on its update frequency.
    • It can range from being a Minimal Framework Governance Policy to being a Comprehensive Framework Governance Policy, depending on its coverage scope.
    • ...
  • Examples:
    • Control-Level Framework Governance Policies, such as:
      • Strict Framework Governance Policy requiring formal approval boards.
      • Flexible Framework Governance Policy allowing team-level decisions.
      • Hybrid Framework Governance Policy combining central and local controls.
    • Domain-Specific Framework Governance Policies, such as:
      • Security Framework Governance Policy emphasizing vulnerability management.
      • Open-Source Framework Governance Policy managing license compliance.
      • Cloud Framework Governance Policy controlling vendor dependencies.
    • Organization-Type Framework Policies, such as:
      • Enterprise Framework Governance Policy with formal review processes.
      • Agile Framework Governance Policy supporting rapid adoptions.
    • ...
  • Counter-Examples:
    • Development Guideline, which suggests practices rather than mandating policies.
    • Technical Standard, which specifies requirements rather than governance processes.
    • Best Practice Document, which recommends approaches rather than enforcing rules.
  • See: Framework Strategy, Software Architecture Policy, Framework Risk Assessment, Organizational Framework, Software System Architecture, Architecture Review Board, Framework Selection Criterion, Framework Evaluation Matrix, Architecturally Significant Requirement.
Retrieved from "http://www.gabormelli.com/RKB/index.php?title=software_governance&oldid=976665"