ISO standards for enterprise architects

isologoWhich are the most essential ISO-standards for enterprise architects today?

I suggest the following:

ISO/IEC/IEEE 42010:2011 – Architecture description

addresses the creation, analysis and sustainment of architectures of systems through the use of architecture descriptions. A conceptual model of architecture description is established. The required contents of an architecture description are specified. Architecture viewpoints, architecture frameworks and architecture description languages are introduced for codifying conventions and common practices of architecture description. The required content of architecture viewpoints, architecture frameworks and architecture description languages is specified.

42, because as it is said, architecture is the answer to life, the universe, and everything. Enough said.

ISO 26000:2010 – Guidance on social responsibility

provides guidance to all types of organizations, regardless of their size or location, on concepts, terms and definitions related to social responsibility; the background, trends and characteristics of social responsibility; principles and practices relating to social responsibility; the core subjects and issues of social responsibility; integrating, implementing and promoting socially responsible behaviour throughout the organization and, through its policies and practices, within its sphere of influence; identifying and engaging with stakeholders; and communicating commitments, performance and other information related to social responsibility.

Enterprise architects who don’t understand 3BL and CSR at large are fucked.

ISO/IEC 38500:2008 – Corporate governance of information technology

provides guiding principles for directors of organizations (including owners, board members, directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. ISO/IEC 38500:2008 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.

Here are your governance principles. Use them.

ISO/IEC 27000:2009 – Information security management systems

provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms. As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, government agencies and non-profit organizations) are expected to obtain an overview of the ISMS family of standards; an introduction to information security management systems (ISMS); a brief description of the Plan-Do-Check-Act (PDCA) process; and an understanding of terms and definitions in use throughout the ISMS family of standards.

Yeah, yeah. As long as you understand OODA and PDCA intersections.

ISO/IEC 20000-1:2011 – Service management system requirements

is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.

Not that ITIL2011 should be completely off the radar.

Of course, there are many other relevant standards. Which are your favorites?


About John Gøtze

Leave a Comment

EA3 News