Contents

Business Principles.  

     1:Primacy of Principles.   

     2:Maximize Benefit to the Enterprise.   

    3:Information Management is Everybody's Business   

    4:Business Continuity. 

    5:Common Use Applications. 

    6:Compliance with Law.. 

    7:IT Responsibility. 

    8:Protection of Intellectual Property. 

Data Principles. 

    9:Data is an Asset 

    10:Data is Shared. 

    11:Data is Accessible. 

    12:Data Trustee. 

    13:Common Vocabulary and Data Definitions  

    14:Data Security. 

Application Principles. 

    15:Technology Independence.

    16:Ease-of-Use. 

Technology Principles. 

    17:Requirements-Based Change. 

    18:Responsive Change Management 

    19:Control Technical Diversity. 

    20:Interoperability. 

目录

业务架构原则 

    原则1：原则至上 

    原则2：企业利益最大化 

    原则3：信息管理涉及你我他 

    原则4：业务持续 

    原则5：应用系统通用化 

    原则6：合规 

    原则7：IT责任 

    原则8：保护知识产权 

数据架构原则 

    原则9：数据资产化 

    原则10：数据共享 

    原则11：数据可用 

    原则12：数据信托保管人 

    原则13：统一词汇和数据定义 

    原则14：数据安全 

应用系统架构原则 

    原则15：技术独立性 

    原则16：易用 

技术架构原则 

    原则17：应需而变 

    原则18：及时响应变更管理 

    原则19：控制技术多样性 

    原则20：互用性 

Business Principles

Principle 1:Primacy of Principles

Statement:

These principles of information management apply to all organizations within the enterprise.

Rationale:

The only way we can provide a consistent and measurable level of quality information to decision-makers is if all organizations abide by the principles.

Implications:

 Without this principle, exclusions, favoritism, and inconsistency would rapidly undermine the management of information.

 Information management initiatives will not begin until they are examined for compliance with the principles.

 A conflict with a principle will be resolved by changing the framework of the initiative.

业务架构原则

原则1：原则至上

说明:

信息管理原则适用于企业内部的所有机构。

原理:

所有机构都要遵守这些原则，这是我们能够向决策者提供一致的、可量化的、高质量的信息的唯一途径。

释义:

 没有这一原则，各种例外、倾向及互相矛盾的信息将很快冲蚀信息管理过程。

 只有按照原则进行合规检查，信息管理的举措才会落地。

 如与原则矛盾，要改变架构来解决冲突。

Principle 2:Maximize Benefit to the Enterprise

Statement:

Information management decisions are made to provide maximum benefit to the enterprise as a whole.

Rationale:

This principle embodies "service above self". Decisions made from an enterprise-wide perspective have greater long-term value than decisions made from any particular organizational perspective. Maximum return on investment requires information management decisions to adhere to enterprise-wide drivers and priorities. No minority group will detract from the benefit of the whole. However, this principle will not preclude any minority group from getting its job done.

Implications:

 Achieving maximum enterprise-wide benefit will require changes in the way we plan and manage information. Technology alone will not bring about this change.

 Some organizations may have to concede their own preferences for the greater benefit of the entire enterprise.

 Application development priorities must be established by the entire enterprise for the entire enterprise.

 Applications components should be shared across organizational boundaries.

 Information management initiatives should be conducted in accordance with the enterprise plan. Individual organizations should pursue information management initiatives which conform to the blueprints and priorities established by the enterprise. We will change the plan as we need to.

 As needs arise, priorities must be adjusted. A forum with comprehensive enterprise representation should make these decisions.

原则2：企业利益最大化

说明:

信息管理方面做出的任何决定，要保证企业整体利益最大化。

原理:

本原则体现了“超越自我”的服务精神。做任何决定，从企业全局的角度出发，比从任何特定组织的角度出发，有着更大的长期价值。投资回报最大化，要求信息管理方面的决策要服从企业全局的发展和优先级。局部利益不能损害整体利益，不过，本原则并不能阻止个别组织损害企业行为的发生。

释义:

 实现企业利益最大化，需要改变我们规划和管理的方式，单纯的技术是不能带来这个变化的。

 个别组织不得不为企业整体的更大利益而让出他们的优先权。

 制定应用系统的开发优先级，必须由企业且必须从企业整体角度来筹划。

 应用系统组件应该尽可能跨机构共享。

 信息管理措施应服从企业整体规划，局部组织在贯彻信息管理措施的过程中，要服从企业的蓝图和优先级。

 随着需求不断的产生，要及时调整优先级，调整决策应该由具有广泛代表性的论坛或会议来集体决定。

Principle 3:Information Management is Everybody's Business

Statement:

All organizations in the enterprise participate in information management decisions needed to accomplish business objectives.

Rationale:

Information users are the key stakeholders, or customers, in the application of technology to address a business need. In order to ensure information management is aligned with the business, all organizations in the enterprise must be involved in all aspects of the information environment. The business experts from across the enterprise and the technical staff responsible for developing and sustaining the information environment need to come together as a team to jointly define the goals and objectives of IT.

Implications:

 To operate as a team, every stakeholder, or customer, will need to accept responsibility for developing the information environment.

 Commitment of resources will be required to implement this principle.

原则3：信息管理涉及你我他

说明:

企业内所有组织应该参与信息管理的决定，以保证决策符合业务目标。

原理:

信息的使用者是关键干系人，或者说是应用系统的客户，他们负责确定业务需求。为保证信息管理与业务发展方向保持一致，企业的所有组织都应该参与所有的信息化建设活动，那些负责制定并维护信息系统的企业业务专家和技术人员，需要以团队的形式共同合作来制定IT目标和指标。

释义:

 以团队方式工作，每一个干系人或客户都对信息化建设负有责任。

 落实本原则需要有资源承诺。

Principle 4:Business Continuity

Statement:

Enterprise operations are maintained in spite of system interruptions.

Rationale:

As system operations become more pervasive, we become more dependent on them; therefore, we must consider the reliability of such systems throughout their design and use. Business premises throughout the enterprise must be provided with the capability to continue their business functions regardless of external events. Hardware failure, natural disasters, and data corruption should not be allowed to disrupt or stop enterprise activities. The enterprise business functions must be capable of operating on alternative information delivery mechanisms.

Implications:

 Dependency on shared system applications mandates that the risks of business interruption must be established in advance and managed. Management includes but is not limited to periodic reviews, testing for vulnerability and exposure, or designing mission-critical services to assure business function continuity through redundant or alternative capabilities.

 Recoverability, redundancy, and maintainability should be addressed at the time of design.

 Applications must be assessed for criticality and impact on the enterprise mission, in order to determine what level of continuity is required and what corresponding recovery plan is necessary.

原则4：业务持续性

说明:

要保证企业在系统中断期间业务正常运行。

原理:

鉴于IT系统变得无处不在，人们越来越依赖IT，因此，必须从开始设计一直到使用全程考虑可靠性。在业务合同中要写明，无论发生什么事情，要提供业务持续运行的能力。硬件故障，自然灾害，数据冲突不允许中断或停止企业活动，必须提供替代手段以保障企业业务活动的持续运行。

释义:

 那些依赖共享应用系统的业务，必须建立中断风险管控体系，包括并不限于阶段性审核、薄弱点识别与测试、以及为保障核心关键业务持续而设计的冗余能力或者替代方案。

 设计阶段必须确定灾难恢复、冗余、和可维护等方案。

 要定量评估应用系统对企业影响的严重程度和影响范围，以确定采用与严重级别相对应的恢复计划。

Principle 5:Common Use Applications

Statement:

Development of applications used across the enterprise is preferred over the development of similar or duplicative applications which are only provided to a particular organization.

Rationale:

Duplicative capability is expensive and proliferates conflicting data.

Implications:

 Organizations which depend on a capability which does not serve the entire enterprise must change over to the replacement enterprise-wide capability. This will require establishment of and adherence to a policy requiring this.

 Organizations will not be allowed to develop capabilities for their own use which are similar/duplicative of enterprise-wide capabilities. In this way, expenditures of scarce resources to develop essentially the same capability in marginally different ways will be reduced.

 Data and information used to support enterprise decision-making will be standardized to a much greater extent than previously. This is because the smaller, organizational capabilities which produced different data (which was not shared among other organizations) will be replaced by enterprise-wide capabilities. The impetus for adding to the set of enterprise-wide capabilities may well come from an organization making a convincing case for the value of the data/information previously produced by its organizational capability, but the resulting capability will become part of the enterprise-wide system, and the data it produces will be shared across the enterprise.

原则5：应用系统通用化

说明:

尽量开发在企业内都通用的应用系统，避免为个别组织开发相似的或重复的程序。

原理:

重复开发不仅浪费，而且会使互相矛盾的数据量激增。

释义:

 如果某些组织依赖一些不是为全企业服务的系统，这些系统必须修改，由企业级应用来替换。要建立政策来保障这一原则得到遵守。

 不允许个别组织为自己开发单独的应用系统（与企业级应用相似/重复的应用）。这样，就能避免和降低重复开发的浪费。

 支持企业决策的数据和信息应该扩大标准化范围，这是因为产生不同数据的小组织的功能（不能共享的），终将被企业级的功能所替换。增加企业级应用的动力，源于有说服力的案例，即企业级的应用系统，有能力将个体组织产生的数据/信息，跨组织机构地共享给集体，从而为企业带来更大的价值。

Principle 6:Compliance with Law

Statement:

Enterprise information management processes comply with all relevant laws, policies, and regulations

Rationale:

Enterprise policy is to abide by laws, policies, and regulations. This will not preclude business process improvements that lead to changes in policies and regulations.

Implications:

 The enterprise must be mindful to comply with laws, regulations, and external policies regarding the collection, retention, and management of data.

 Education and access to the rules. Efficiency, need, and common sense are not the only drivers. Changes in the law and changes in regulations may drive changes in our processes or applications.

原则6：合规

说明:

企业信息管理流程需符合相关的法律法规。

原理:

企业政策要符合国家的法律法规以及行业规范，本原则并不限制业务流程改进－前提是这些改进会促使规章制度的变化。

释义:

 企业必须注意遵守关于数据收集、保留和管理的法律、法规和政策，包括企业内部的和外部的规定。

 要培训和执行这些规定。效率、需求和常识不是唯一的驱动因素，法律法规的变化会促使应用系统和管理流程的改变。

Principle 7:IT Responsibility

Statement:

The IT organization is responsible for owning and implementing IT processes and infrastructure that enable solutions to meet user-defined requirements for functionality, service levels, cost, and delivery timing.

Rationale:

Effectively align expectations with capabilities and costs so that all projects are cost-effective. Efficient and effective solutions have reasonable costs and clear benefits.

Implications:

 A process must be created to prioritize projects.

 The IT function must define processes to manage business unit expectations.

 Data, application, and technology models must be created to enable integrated quality solutions and to maximize results.

原则7：IT责任

说明:

明确IT组织是IT流程和基础设施的责任主体，负责流程的实施和基础设施建设，从而保证解决方案在功能、服务水平、成本和交付时间等方面满足用户需求。

原理:

根据自身的能力和成本，有效调整用户期望值，基于项目的性价比，选择成本合理、收益显著、高效和有效的解决方案。

释义:

 必须建立管理项目优先级的流程。

 IT组织必须定义好流程，用以管理业务部门的期望值。

 必须预先建立好数据、应用系统和技术架构模型，以指导实施高质量的集成解决方案，从而达到价值最大化。

Principle 8:Protection of Intellectual Property

Statement:

The enterprise's Intellectual Property (IP) must be protected. This protection must be reflected in the IT architecture, implementation, and governance processes.

Rationale:

A major part of an enterprise's IP is hosted in the IT domain.

Implications:

 While protection of IP assets is everybody's business, much of the actual protection is implemented in the IT domain. Even trust in non-IT processes can be managed by IT processes (email, mandatory notes, etc.).

 A security policy, governing human and IT actors, will be required that can substantially improve protection of IP. This must be capable of both avoiding compromises and reducing liabilities.

原则8：保护知识产权

说明:

企业知识产权必须得到保护，保护措施必须落实在IT规划、建设和治理等活动中

原理:

这是企业知识产权在IT领域中的组成部分。

释义:

 虽然保护知识产权是所有人的工作，但大部分实际工作是在IT领域进行的，甚至一些非IT流程中的信任管理也是可以通过IT流程进行管理（如电子邮件、强制性记录等等）。

 要从根本上改善知识产权保护，需要安全政策、人事管理和IT措施共同发力，必须兼顾，避免妥协和减少负债。

Data Principles

Principle 9:Data is an Asset

Statement:

Data is an asset that has value to the enterprise and is managed accordingly.

Rationale:

Data is a valuable corporate resource; it has real, measurable value. In simple terms, the purpose of data is to aid decision-making. Accurate, timely data is critical to accurate, timely decisions. Most corporate assets are carefully managed, and data is no exception. Data is the foundation of our decision-making, so we must also carefully manage data to ensure that we know where it is, can rely upon its accuracy, and can obtain it when and where we need it.

Implications:

 This is one of three closely-related principles regarding data: data is an asset; data is shared; and data is easily accessible. The implication is that there is an education task to ensure that all organizations within the enterprise understand the relationship between value of data, sharing of data, and accessibility to data.

 Stewards must have the authority and means to manage the data for which they are accountable.

 We must make the cultural transition from "data ownership" thinking to "data stewardship" thinking.

 The role of data steward is critical because obsolete, incorrect, or inconsistent data could be passed to enterprise personnel and adversely affect decisions across the enterprise.

 Part of the role of data steward, who manages the data, is to ensure data quality. Procedures must be developed and used to prevent and correct errors in the information and to improve those processes that produce flawed information. Data quality will need to be measured and steps taken to improve data quality - it is probable that policy and procedures will need to be developed for this as well.

 A forum with comprehensive enterprise-wide representation should decide on process changes suggested by the steward.

 Since data is an asset of value to the entire enterprise, data stewards accountable for properly managing the data must be assigned at the enterprise level.

数据架构原则

原则9：数据是资产

说明:

数据是企业有价值的资产，要得到相应的管理。

原理:

数据是具有实际的、可衡量价值的公司资源，简单地讲，数据用于支持决策，准确的、及时的数据对准确的、及时的决策非常关键，多数公司的其他资产都会被小心翼翼地保护，数据也不能例外。数据是决策的基础，我们必须精心管理，保证无论何时何地需要，我们都准确知道在哪里能够拿到。

释义:

 本原则是关于数据紧密相关的三原则之一，数据是资产，数据要共享，数据要易于拿到。这意味着需要进行宣传教育，让企业内所有组织都理解数据价值、数据共享、数据易于取得三者之间的关系。

 数据负责人必须有明确的授权和方法管理数据。

 我们必须从文化上转变观念，从“数据拥有”思维向“数据保管”思维转换。

 数据保管角色非常重要，不完整、不正确、不一致的数据，非常不利于企业做出正确的决策。

 数据保管者责任的一个重要部分，是保证数据的质量，必须制定相应的制度，防止发生错误和纠正错误，并改进产生错误的流程，作为推荐，企业应该有定量评估数据质量、启动改进措施的制度或流程。

 数据保管者关于流程变更的建议，应该由企业中具有广泛代表性的集体来做决定。

 由于数据是对企业整体有价值的资产，数据保管者管理数据的责任和义务，必须在企业层面进行规定。

Principle 10:Data is Shared

Statement:

Users have access to the data necessary to perform their duties; therefore, data is shared across enterprise functions and organizations.

Rationale:

Timely access to accurate data is essential to improving the quality and efficiency of enterprise decision-making. It is less costly to maintain timely, accurate data in a single application, and then share it, than it is to maintain duplicative data in multiple applications. The enterprise holds a wealth of data, but it is stored in hundreds of incompatible stovepipe databases. The speed of data collection, creation, transfer, and assimilation is driven by the ability of the organization to efficiently share these islands of data across the organization.

Shared data will result in improved decisions since we will rely on fewer (ultimately one virtual) sources of more accurate and timely managed data for all of our decision-making. Electronically shared data will result in increased efficiency when existing data entities can be used, without re-keying, to create new entities.

Implications:

 This is one of three closely-related principles regarding data: data is an asset; data is shared; and data is easily accessible. The implication is that there is an education task to ensure that all organizations within the enterprise understand the relationship between value of data, sharing of data, and accessibility to data.

 To enable data sharing we must develop and abide by a common set of policies, procedures, and standards governing data management and access for both the short and the long term.

For the short term, to preserve our significant investment in legacy systems, we must invest in software capable of migrating legacy system data into a shared data environment.

 We will also need to develop standard data models, data elements, and other metadata that defines this shared environment and develop a repository system for storing this metadata to make it accessible.

 For the long term, as legacy systems are replaced, we must adopt and enforce common data access policies and guidelines for new application developers to ensure that data in new applications remains available to the shared environment and that data in the shared environment can continue to be used by the new applications.

 For both the short term and the long term we must adopt common methods and tools for creating, maintaining, and accessing the data shared across the enterprise.

 Data sharing will require a significant cultural change.

 This principle of data sharing will continually "bump up against" the principle of data security. Under no circumstances will the data sharing principle cause confidential data to be compromised.

 Data made available for sharing will have to be relied upon by all users to execute their respective tasks. This will ensure that only the most accurate and timely data is relied upon for decision-making. Shared data will become the enterprise-wide "virtual single source" of data.

原则10：数据共享

说明:

用户要有数据存取权限以完成他们的工作，因此，企业内跨组织的数据要实现共享。

原理:

及时拿到准确的数据，对于改进企业决策的质量和效率非常重要，与在多个系统中维护多重数据相比较，在单一系统中维护然后共享，其成本、及时性、准确性的指标要好。企业拥有数据财富，但数据通常保存在数以百计的互不兼容的竖井型数据库中，企业数据采集、建立、传输和消化吸收的效率，取决于孤岛型数据在组织间分享的能力。

数据共享可以改善决策，因为企业将依靠较少的资源（极端情况下就一个虚拟环境）获取及时、准确的、受管理的数据来进行决策。如果现有的数据不需要重新录入、不需要重新创建新实体就可使用，提高效率是显然的。

释义:

 这是数据三原则之一：数据是资产，数据要共享，数据要易于存取。这意味着要在企业内部进行宣贯，让大家都理解数据的价值、数据共享以及易于存取数据的关系。

 要使数据能共享，我们必须制定并遵守一系列政策、流程和标准，无论是短期的还是长期的数据，都要对数据管理和存取进行规范化治理。

 短期而言，为保护在主机系统上的巨大投资，我们在软件上的投资必须要能够把主机系统上的数据迁移到共享的数据环境中。

 我们也需要开发标准的数据模型、数据元素以及元数据，从而定义共享环境，并为存储这些元数据开发资源库，以方便数据存取。

 长期而言，主机系统迟早要被替换的，对于新系统开发，我们必须导入并强制推行通用的数据存取方针和指导意见，以保证新系统的数据是可以在未来的共享环境中可用的。

 同时考虑短期和长期需要，我们必须导入通用的方法和工具，用于在企业内部建立、维护和存取共享数据。

 共享数据需要改变企业文化。

 数据共享原则与数据安全原则是一对矛盾体，数据共享原则的前提是假设不会发生数据泄露。

 共享数据的可用性，要保障所有用户可以执行自己的任务。这将保证决策建立在最准确和最及时的数据基础上，共享的数据将被当成企业范围内数据的“虚拟单一来源”。

Principle 11:Data is Accessible

Statement:

Data is accessible for users to perform their functions.

Rationale:

Wide access to data leads to efficiency and effectiveness in decision-making, and affords timely response to information requests and service delivery. Using information must be considered from an enterprise perspective to allow access by a wide variety of users. Staff time is saved and consistency of data is improved.

Implications:

 This is one of three closely-related principles regarding data: data is an asset; data is shared; and data is easily accessible. The implication is that there is an education task to ensure that all organizations within the enterprise understand the relationship between value of data, sharing of data, and accessibility to data.

 Accessibility involves the ease with which users obtain information.

 The way information is accessed and displayed must be sufficiently adaptable to meet a wide range of enterprise users and their corresponding methods of access.

 Access to data does not constitute understanding of the data. Personnel should take caution not to misinterpret information.

 Access to data does not necessarily grant the user access rights to modify or disclose the data. This will require an education process and a change in the organizational culture, which currently supports a belief in "ownership" of data by functional units.

原则11：数据可用性

说明:

用户工作所需的数据应该是可存取的。

原理:

进行决策时，存取大量的数据会导致系统效率和有效性问题，以及响应信息请求与服务交付的及时性问题。必须站在企业的角度，考虑大量用户如何存取大量数据的问题，从而节省员工时间并改善数据的一致性。

释义:

 本原则是数据三原则之一：数据是资产，数据要共享，数据易于使用。这意味着要进行宣贯，让大家都理解数据的价值、数据共享以及易于存取数据的关系。

 可存取性包含用户获得数据的方便性在内。

 信息存取与显示的方式必须有广泛的适用性，以满足企业内各种用户大量的不同存取方式的需求。

 数据存取权不等同于对数据的理解权，每个人应当注意不要曲解信息。

 允许用户存取数据，并非等同于授权用户修改和披露数据，这需要在组织文化方面进行教育和修改，以往的文化是组织单元拥有绝对的数据操控权。

Principle 12:Data Trustee

Statement:

Each data element has a trustee accountable for data quality.

Rationale:

One of the benefits of an architected environment is the ability to share data (e.g., text, video, sound, etc.) across the enterprise. As the degree of data sharing grows and business units rely upon common information, it becomes essential that only the data trustee makes decisions about the content of data. Since data can lose its integrity when it is entered multiple times, the data trustee will have sole responsibility for data entry which eliminates redundant human effort and data storage resources.

Note:

A trustee is different than a steward - a trustee is responsible for accuracy and currency of the data, while responsibilities of a steward may be broader and include data standardization and definition tasks.

Implications:

 Real trusteeship dissolves the data "ownership" issues and allows the data to be available to meet all users' needs. This implies that a cultural change from data "ownership" to data "trusteeship" may be required.

 The data trustee will be responsible for meeting quality requirements levied upon the data for which the trustee is accountable.

 It is essential that the trustee has the ability to provide user confidence in the data based upon attributes such as "data source".

It is essential to identify the true source of the data in order that the data authority can be assigned this trustee responsibility. This does not mean that classified sources will be revealed nor does it mean the source will be the trustee.

 Information should be captured electronically once and immediately validated as close to the source as possible. Quality control measures must be implemented to ensure the integrity of the data.

 As a result of sharing data across the enterprise, the trustee is accountable and responsible for the accuracy and currency of their designated data element(s) and, subsequently, must then recognize the importance of this trusteeship responsibility.

原则12：数据信托保管人

说明:

从数据质量角度出发，每一个数据元素都是应当有信托责任人（保管人）

原理:

架构良好的环境的一个好处，就是企业内部的数据共享（如，文本、视频、音频，等等），随着数据共享程度的提高，业务部门会越来越依赖公共信息，仅由数据托管人来更改数据内容这一原则变得十分重要。如果数据被重复录入，就有可能失真，因此，仅由数据保管人负责数据输入，还可减少人工浪费和数据存储的浪费。

备注:

信托保管人不同于一般的管理人，数据信托保管人对数据的准确和传播负责，而管理者的责任可以更宽泛，包括数据标准化和定义等工作。

释义:

 真正的数据托管会消解数据“拥有”的问题，允许数据为满足用户需要而被使用。这意味着需要在文化上从数据“拥有”到“托管”的改变。

 数据保管人负责其托管的数据质量，以满足用户需求。

 数据托管人要有能力向其他用户证明其为可信的“数据源”，这一点很重要。

 确定数据的真实来源非常重要，据此可以来授权指派数据托管者的责任，这不意味着保密的来源会被揭露，也不意味着该来源就是托管人。

 信息应该以电子数据方式被收集，应该在最接近源头的地方，只收集一次并立即生效。

 作为在企业内共享数据的结果，托管人对其受托数据元素的准确性和传播负有责任，并且在此之后，必须对其作为托管人所负责任进行背书。

Principle 13:Common Vocabulary and Data Definitions

Statement:

Data is defined consistently throughout the enterprise, and the definitions are understandable and available to all users.

Rationale:

The data that will be used in the development of applications must have a common definition throughout the Headquarters to enable sharing of data. A common vocabulary will facilitate communications and enable dialogue to be effective. In addition, it is required to interface systems and exchange data.

Implications:

 We are lulled into thinking that this issue is adequately addressed because there are people with "data administration" job titles and forums with charters implying responsibility. Significant additional energy and resources must be committed to this task. It is key to the success of efforts to improve the information environment. This is separate from but related to the issue of data element definition, which is addressed by a broad community - this is more like a common vocabulary and definition.

 The enterprise must establish the initial common vocabulary for the business. The definitions will be used uniformly throughout the enterprise.

 Whenever a new data definition is required, the definition effort will be co-ordinated and reconciled with the corporate "glossary" of data descriptions. The enterprise data administrator will provide this co-ordination.

 Ambiguities resulting from multiple parochial definitions of data must give way to accepted enterprise-wide definitions and understanding.

 Multiple data standardization initiatives need to be co-ordinated.

 Functional data administration responsibilities must be assigned.

原则13：统一词汇和数据定义

说明:

在企业内部，数据定义要保持一致，对所有用户，这些定义都应该是易于理解和可用的。

原理:

将要在应用程序开发中使用的数据，必须在整个企业范围内有共同的定义，以使数据能够共享。共用的词汇表将利于沟通，使之有效率。此外，对于系统接口和交换数据，共用词汇表也是需要的。

释义:

 我们经常会麻痹地认为，这个问题早已解决了，因为我们有不少冠以“数据管理员”的头衔和类似职责的集体。但是，企业必须要为此项工作投入大量额外的精力和资源，这是信息化环境改进成功的关键，它是独立的工作，但也是与数据定义直接相关的工作，应由具有广泛代表的委员会来确定，这更像一个共同的词汇和定义。

 企业必须为业务制定公共词汇，其定义要在企业范围内规范化使用。

 无论何时需要一个新定义，定义工作必须进行协商，要与企业现行的“词汇表”保持一致，企业的数据管理员负责提供协商的舞台。

 多重含义的数据定义会导致歧义，这种情况要以企业现行的定义和理解为准。

 如果有多个数据标准化工作并行，需要协调以保持一致。

 必须为功能性数据分配管理责任。

Principle 14:Data Security

Statement:

Data is protected from unauthorized use and disclosure. In addition to the traditional aspects of national security classification, this includes, but is not limited to, protection of pre-decisional, sensitive, source selection-sensitive, and proprietary information.

Rationale:

Open sharing of information and the release of information via relevant legislation must be balanced against the need to restrict the availability of classified, proprietary, and sensitive information.

Existing laws and regulations require the safeguarding of national security and the privacy of data, while permitting free and open access. Pre-decisional (work-in-progress, not yet authorized for release) information must be protected to avoid unwarranted speculation, misinterpretation, and inappropriate use.

Implications:

 Aggregation of data, both classified and not, will create a large target requiring review and de-classification procedures to maintain appropriate control. Data owners and/or functional users must determine whether the aggregation results in an increased classification level. We will need appropriate policy and procedures to handle this review and de-classification. Access to information based on a need-to-know policy will force regular reviews of the body of information.

The current practice of having separate systems to contain different classifications needs to be rethought. Is there a software solution to separating classified and unclassified data? The current hardware solution is unwieldy, inefficient, and costly. It is more expensive to manage unclassified data on a classified system. Currently, the only way to combine the two is to place the unclassified data on the classified system, where it must remain.

 In order to adequately provide access to open information while maintaining secure information, security needs must be identified and developed at the data level, not the application level.

 Data security safeguards can be put in place to restrict access to "view only", or "never see". Sensitivity labeling for access to pre-decisional, decisional, classified, sensitive, or proprietary information must be determined.

 Security must be designed into data elements from the beginning; it cannot be added later. Systems, data, and technologies must be protected from unauthorized access and manipulation. Headquarters information must be safeguarded against inadvertent or unauthorized alteration, sabotage, disaster, or disclosure.

 Need new policies on managing duration of protection for pre-decisional information and other works-in-progress, in consideration of content freshness.

原则14：数据安全

说明:

数据要防止非授权使用，要上升到国家安全的角度，保护内容包括并不限于决策数据、敏感数据、敏感源和产权信息等等。

原理:

信息开放共享以及通过相关立法进行信息发布，必须综合考虑对分级的、专有的、敏感的信息进行限制使用的要求。

在鼓励数据自由开放存取的同时，现行的法律法规要求对妨碍国家安全和个人隐私的信息进行保护，尚未决定的（正在决策中、目前还没有授权发布）信息必须得到保护，以避免不必要的猜测、误解和不恰当地使用。

释义:

 随着数据的汇集，无论是分级的还是未分级的，将形成规模庞大的数据集合，要有审核和解密的流程，以维持恰当的控制，在汇集将增加分级层次的时候，必须由数据拥有者以及/或者数据的功能性使用者来决定是否汇集。需要适当的政策和程序来处理这种审查和解密。仅凭需要知晓的政策去获取数据信息，将强制触发常规的信息内容审查。

 当前让系统分别获取不同分级数据的做法需要重新思考，有没有一种软件解决方案可以区分分级的和未分级的数据？当前的硬件解决方案是不方便的、低效的和昂贵的。在一个分级的系统上管理未分级的数据，是更昂贵的做法，目前，合二为一的唯一做法，还是把未分级的数据放到分级的系统上，系统必须存留下来。

 在保护机密数据的同时，尽大限度地放开数据存取，信息安全需要且必须在数据层面去识别和定义其密级，不能仅在系统层面定义。

 数据的保密措施可以做到让数据“仅供浏览”或者“永不可见”，必须定义敏感程度标签以控制存取那些决策前、已决定、已分级、敏感的或专用的信息。

 安全，必须从开始就设计进数据元素中，安全不能是后加的，系统、数据和技术必须受到保护，防止未授权的存取和处理。总部信息必须得到保护，防止意外或未经授权的修改，破坏，灾难，或披露。

 对于预决策信息保护期间的管理，其他进行中的工作信息的保护，以及相关内容的过期问题，需要制定新的政策。

Application Principles

Principle 15:Technology Independence

Statement:

Applications are independent of specific technology choices and therefore can operate on a variety of technology platforms.

Rationale:

Independence of applications from the underlying technology allows applications to be developed, upgraded, and operated in the most cost-effective and timely way. Otherwise technology, which is subject to continual obsolescence and vendor dependence, becomes the driver rather than the user requirements themselves.

Realizing that every decision made with respect to IT makes us dependent on that technology, the intent of this principle is to ensure that Application Software is not dependent on specific hardware and operating systems software.

Implications:

 This principle will require standards which support portability.

 For Commercial Off-The-Shelf (COTS) and Government Off-The-Shelf (GOTS) applications, there may be limited current choices, as many of these applications are technology and platform-dependent.

 Application Program Interfaces (APIs) will need to be developed to enable legacy applications to interoperate with applications and operating environments developed under the enterprise architecture.

 Middleware should be used to decouple applications from specific software solutions.

 As an example, this principle could lead to use of Java, and future Java-like protocols, which give a high degree of priority to platform-independence.

应用系统架构原则

原则15：技术独立性

说明:

要坚持应用系统的技术独立性，从而保证企业在技术平台方面有较大的选择空间。

原理:

应用系统独立于技术平台，会让应用系统的开发、升级和运行得到最大的性价比和及时性。否则，将不是业务需求，而是过时的或依赖供应商的技术，变成了应用系统改进的驱动力。

鉴于IT做出的每一个决定都会让我们产生技术依赖，这一原则的目的是为了确保应用软件不依赖于特定的硬件和操作系统软件。

释义:

 本原则强调可移植性的标准。

 对于商品化或政府发行的应用系统，由于它们是依赖于技术和平台的，选择空间可能会受到限制。

 在企业架构下，要统一为老的主机系统开发应用接口（API），以实现与开放式系统的互通。

 尽量使用中间件，将应用系统与软件平台松耦合。

 作为例子，本原则可能会导向Java的应用，从而实现高度的平台独立性。

Principle 16:Ease-of-Use

Statement:

Applications are easy to use. The underlying technology is transparent to users, so they can concentrate on tasks at hand.

Rationale:

The more a user has to understand the underlying technology, the less productive that user is. Ease-of-use is a positive incentive for use of applications. It encourages users to work within the integrated information environment instead of developing isolated systems to accomplish the task outside of the enterprise's integrated information environment. Most of the knowledge required to operate one system will be similar to others. Training is kept to a minimum, and the risk of using a system improperly is low.

Using an application should be as intuitive as driving a different car.

Implications:

 Applications will be required to have a common "look and feel" and support ergonomic requirements. Hence, the common look and feel standard must be designed and usability test criteria must be developed.

 Guidelines for user interfaces should not be constrained by narrow assumptions about user location, language, systems training, or physical capability. Factors such as linguistics, customer physical infirmities (visual acuity, ability to use keyboard/mouse), and proficiency in the use of technology have broad ramifications in determining the ease-of-use of an application.

原则16：易用

说明:

应用系统要易于使用，采用的技术对用户应该是透明的，从而让用户聚焦自身的业务。

原理:

用户需要了解的底层技术越多，其工作的效率就越低。易于使用是从正向激励用户接受系统。它鼓励用户在一个集成的环境中工作，不要去开发信息孤岛，让用户在企业集成环境之外做工作。如何操作系统的知识通常都是相似的，这就把培训费用降到最低，也降低了不当使用系统的风险。

使用系统，应该像驾驶不同轿车那样直观易用。

释义:

 应用系统要有一个共同的“外观与感受”，并符合人机工程学。因此，必须先开发“外观与感受”的标准和易用性测试准则。

 用户界面指南不应受限于狭隘的假设，包括用户所在地域、语言、系统培训或者身体条件。在定义一个系统的易用性时，要广泛考虑技术使用时的种种因素，如语言、用户身体强弱（视力，使用键盘/鼠标的能力）以及熟练程度等等。

Technology Principles

Principle 17:Requirements-Based Change

Statement:

Only in response to business needs are changes to applications and technology made.

Rationale:

This principle will foster an atmosphere where the information environment changes in response to the needs of the business, rather than having the business change in response to IT changes. This is to ensure that the purpose of the information support - the transaction of business - is the basis for any proposed change. Unintended effects on business due to IT changes will be minimized. A change in technology may provide an opportunity to improve the business process and, hence, change business needs.

Implications:

 Changes in implementation will follow full examination of the proposed changes using the enterprise architecture.

 We don't fund a technical improvement or system development unless a documented business need exists.

 Change management processes conforming to this principle will be developed and implemented.

 This principle may bump up against the responsive change principle. We must ensure the requirements documentation process does not hinder responsive change to meet legitimate business needs. The purpose of this principle is to keep us focused on business, not technology needs - responsive change is also a business need.

技术架构原则

原则17：应需而变

说明:

应用变更和技术变更，应该仅在有业务需求的情况下才处理。

原理:

本原则将营造这样的气氛，信息环境的变更是响应用户的需求，而不是让业务去变更来适应IT变更。信息系统是用于支持业务的这个目标，是所有变更的基石。要尽可能最小化由于IT变更引起的业务影响，如果一项技术改变，可以提供改进业务流程的机会，那么，通过修改业务需求发起这个变更。

释义:

 实施任何变更，都要按照企业架构所规定的，进行全面的变更检查。

 在没有拿到正式的业务需求之前，不能进行任何技术改变和系统开发。

 要编制并执行遵守本原则的变更管理流程。

 本原则可能会与及时响应原则冲突，我们必须保证需求文档控制流程不妨碍满足业务需求的及时性。本原则的目的是促使我们聚焦于业务需求，而不是技术需求，响应及时也应算作业务需求。

Principle 18:Responsive Change Management

Statement:

Changes to the enterprise information environment are implemented in a timely manner.

Rationale:

If people are to be expected to work within the enterprise information environment, that information environment must be responsive to their needs.

Implications:

 We have to develop processes for managing and implementing change that do not create delays.

 A user who feels a need for change will need to connect with a "business expert" to facilitate explanation and implementation of that need.

 If we are going to make changes, we must keep the architectures updated.

 Adopting this principle might require additional resources.

 This will conflict with other principles (e.g., maximum enterprise-wide benefit, enterprise-wide applications, etc.).

原则18：及时响应变更管理

说明:

企业要及时更新信息系统环境。

原理:

如果你期望用户在企业级信息环境中工作，你就必须及时满足他们的需求。

释义:

 我们编制的变更管理和实施流程，不应人为制造延误。

 当用户感觉需要一个变更时，他首先应该联系业务专家，对需求及其实现进行便于理解的说明。

 如果我们进行了变更，必须同时修改架构文档。

 导入本原则可能需要额外的资源。

 本原则可能与其他原则冲突（如企业利益最大化、企业级应用）

Principle 19:Control Technical Diversity

Statement:

Technological diversity is controlled to minimize the non-trivial cost of maintaining expertise in and connectivity between multiple processing environments.

Rationale:

There is a real, non-trivial cost of infrastructure required to support alternative technologies for processing environments. There are further infrastructure costs incurred to keep multiple processor constructs interconnected and maintained.

Limiting the number of supported components will simplify maintainability and reduce costs.

The business advantages of minimum technical diversity include: standard packaging of components; predictable implementation impact; predictable valuations and returns; redefined testing; utility status; and increased flexibility to accommodate technological advancements. Common technology across the enterprise brings the benefits of economies of scale to the enterprise. Technical administration and support costs are better controlled when limited resources can focus on this shared set of technology.

Implications:

 Policies, standards, and procedures that govern acquisition of technology must be tied directly to this principle.

Technology choices will be constrained by the choices available within the technology blueprint. Procedures for augmenting the acceptable technology set to meet evolving requirements will have to be developed and emplaced.

 We are not freezing our technology baseline. We welcome technology advances and will change the technology blueprint when compatibility with the current infrastructure, improvement in operational efficiency, or a required capability has been demonstrated.

原则19：控制技术多样性

说明:

控制技术多样性，目的在于最小化专家成本，避免由于使用多种处理环境而引发的非增值费用。

原理:

对于处理系统，每种替代方案，都会产生真实的、不会是简单的基础设施花费，如果建立并维持多个处理系统的互联互通，自然会需要更多的费用。

限制支撑组件的数量，会减少运维复杂度降低成本。

最小化技术多样性的业务优势包括：标准的打包组件；可预见的实施影响；可预期的价值和回报；定义好的测试方案；现成的工具以及适应技术进步的灵活性。在企业内使用公共的技术，会给企业带来大量的经济利益，当有限的资源集中用于这些共享的技术，企业就可以很好地控制技术管理和支持的成本。

释义:

 获取技术的治理方针、标准、流程必须直接采纳本原则。

 技术选择将受限于技术蓝图所规定的技术选项的数量。要编制和执行相关管理流程，以控制为满足需要而扩充技术选项的数量。

 我们不是冻结技术基准。我们欢迎技术进步，如果与现行基础设施技术的兼容性、运行效率提高，或所需能力等已被证明，我们应该修改技术蓝图。

Principle 20:Interoperability

Statement:

Software and hardware should conform to defined standards that promote interoperability for data, applications, and technology.

Rationale:

Standards help ensure consistency, thus improving the ability to manage systems and improve user satisfaction, and protect existing IT investments, thus maximizing return on investment and reducing costs. Standards for interoperability additionally help ensure support from multiple vendors for their products, and facilitate supply chain integration.

Implications:

 Interoperability standards and industry standards will be followed unless there is a compelling business reason to implement a non-standard solution.

 A process for setting standards, reviewing and revising them periodically, and granting exceptions must be established.

 The existing IT platforms must be identified and documented.

原则20：互用性

说明:

软件和硬件应该遵守已经定义好的标准，以实现数据、应用和技术的互用。

原理:

标准有助于保证一致性，从而提高系统管理能力和用户满意度、保护IT投资，以达到降低成本和最大化投资回报。互用性标准还有助于保证多个供应商的产品支持，以及供应链集成。

释义:

 要遵守互用性标准和行业标准，不得部署非标准解决方案，除非存在强烈的业务原因。

 要建立标准化的管理流程，管理标准的建立、审核、修订、例外处理等活动。

 必须识别和文档化现有的IT平台。