Enterprise Architecture Review Process
Process Owner: Manager, Solutions Development and Support
Note: An owner must be a PCES-level manager.
This process establishes standard tools and processes for the enterprise architecture (EA) review within the Postal Service Technical Environment.
The purpose for the EA Review Process is to ensure the full and proper use of Postal Service information resources and technologies, including Information Technology (IT) human resources, IT processes, and infrastructure.
The EA Technology Initiative Prioritization Assessment (TIPA) review process applies to all Postal Service personnel and contracted vendors and applies to all projects introducing new or expanded use of IT services, technology solutions, commercial off-the-shelf (COTS) software, or freeware, as well as requests for free trials, evaluation copies, and new tools used in proof-of-concept evaluations.
The TIPA review process also applies to projects that require upgrades to software previously approved for inclusion in the Infrastructure Tool Kit (ITK), when additional features or functionality are added, or when the tool has undergone significant changes, such as a change to a subscription or cloud service platform.
The Enterprise Architecture team, in conjunction with departments under the Chief Information Officer (CIO) and the Privacy Office (when applicable), reviews every new or expanded use of IT services or technology solutions.
The TIPA review activities begin when a new tool has been identified by a project team or end user during the Sprint 0 phase of the Technology Solution Life Cycle (TSLC). If new tools that are not currently listed on the ITK are identified, the Enterprise Architecture / IT Solution Architecture teams are engaged to determine if existing tools offer the same capability. If there is a business need and justification for addition of the new tool, the EA team will provide support to the requestors in completing the TIPA template for review by the IT Leadership Team (ITLT).
Throughout the TIPA review process, there is a sequence of submit, review, stakeholder comments, recommendations, and record outcome that are facilitated by the EA team. Any requests for clarifications or additional information to support a request by TIPA reviewers are conveyed to the project teams through the IT Program Manager who supports the portfolio sponsoring the project.
Once the TIPA has completed vetting by the reviewers, it will be scheduled for review by the ITLT at the ITLT TIPA meeting where a vote is recorded. Approved TIPAs are routed to the Vice President, Information Technology, for signature. When the TIPA process is completed, the ITK is updated to include the new tool, the EA team archives a copy of the signed TIPA and a copy in PDF format is provided to the IT Program Manager and project team.
As with any project requiring technology support, business customers must initiate a conversation with their IT Business Relationship Program Manager using a documented business need. Business needs must be documented using the standard Business Needs Statement (BNS) template.
The IT Business Relationship Program Manager assists the business customer in evaluating solutions appropriate for the documented business need. When a tool that is not currently listed on the ITK is identified as a technology solution or a portion of an overall technology solution, the following steps are followed:
- A request for usage is submitted to EA using the Technology Initiative Prioritization Assessment (TIPA) template.
- The TIPA is submitted to the Enterprise Architecture team. The Enterprise Architecture team collaborates with Solutions Architecture, Information Security and other stakeholders, as applicable, including the Privacy and Records Office, to determine if any additional, nonstandard security and privacy requirements apply to the proposed solution. Based on the completion of their review, the Enterprise Architecture team coordinates clarifications and facilitates review with the ITLT.
- The ITLT TIPA meeting is utilized to provide a recommendation to the VP, Information Technology, who provides final approval for the addition to the ITK of reviewed solutions.
- If approved, IT Acquisition Support assists the IT program manager and business customer in documenting any contractual requirements and provides advice on procurement procedures. The TIPA review process is a review of business need and technical merit to ensure that selected technology and software tools can be implemented and supported within the enterprise.
- The TIPA review process does not supersede Supply Management procurement policies. Requestors must follow normal funding and procurement processes for purchasing. However, when submitting an eBuy for new COTS software tools that are not listed on the ITK, the eBuy must include a copy of the signed TIPA as indication that the request has undergone a formal technical review by the ITLT and has been approved by the VP, Information Technology.
The template is completed jointly by the IT program manager and the business owner (customer), in consultation with contracted project management support and with the support of IT Acquisition Support. It is important that no commitment be implied to a supplier or project support team during this step as usage of the technology has not yet been approved.
- Technology Initiative Prioritization Assessment (TIPA) template
- Business Needs Statement
- Technology Solution Design Detailed Design Document
- TIPA – signed by VP, Information Technology
- Business owner (customer) provides the business need requiring a technology solution. The business owner (customer) documents the business need in a BNS that includes objectives, client usages, intended options, and associated support aspects pertinent to the solution being sought.
- IT Business Relationship Management Manager and IT program manager are responsible for aligning technology solutions to customer business needs and facilitating the implementation of any technology solution.
- Enterprise Architecture (EA) team is responsible for initially evaluating the TIPA and consolidating stakeholder comments in order to determine when it is appropriate to move forward with a formal review. The EA team is also responsible for facilitating the ITLT TIPA meeting in conjunction with other stakeholders. The EA team prepares final documentation for the VP, Information Technology.
- IT Leadership Team (ITLT), during the ITLT TIPA meeting and in conjunction with Engineering Systems, the Corporate Information Security Office (CISO), and the Privacy and Records Office, is responsible for evaluating the business need justification and providing TIPA approval when appropriate. After securing approval, the initiative is reviewed by the VP, Information Technology, whose concurrence is required to move forward with the procurement process.
- IT Service Management is responsible for assisting the business customer and IT program manager in defining goals, capabilities, security requirements, and performance metrics; and for ensuring that all of these are satisfied through the life of the contract. As applicable, this includes compliance with a negotiated agreement between the Postal Service and the supplier that defines categories and types of security events, change events, incident events, level of severity, and metrics for notification and escalation from the provider to the Postal Service. IT Service Management is responsible for monitoring Service Level Agreements (SLAs) and ensuring workflow processes are required for user access and authentication, data access and portability, and application retirement. SLAs must also provide for departure from standard operating processes when it is necessary to meet legal requirements. In addition, IT Service Management supports and manages the definition and execution of event management for all internal Postal Service escalation procedures.
- Chief Privacy Officer (CPO) provides guidance on privacy issues associated with the implementation of technology solutions that include personally identifiable information (PII), and verifies Postal Service compliance with the Privacy Act of 1974, the Freedom of Information Act, and relevant postal policies and procedures. The CPO must be consulted when any PII will be stored in or processed by a technology solution.
- Supply Management, contracting officers, and designated contracting officer representatives manage the purchase of all technology solutions. Supply Management ensures that the appropriate terms and conditions, standards, privacy, and security clauses are included in computing contracts and that pricing is fair and reasonable.
- Corporate Information Security Office (CISO) is responsible for consulting on information security requirements and evaluating all technology implementations against USPS information security requirements. As applicable, CISO is also responsible for completion of the Certification and Accreditation (C&A) process to determine the sensitivity and criticality of utilized data, to categorize the solution’s confidentiality, integrity and availability, and to validate that the appropriate security controls are implemented.
- IT Program Manager – EA is responsible for facilitating and managing the TIPA review process.
- IT Solutions Architecture team is responsible for enforcing reference architectural compliance and approving or denying proposals for new or updated architectural processes, templates, and patterns based on requests for new technological solutions.
- IT Service Managers are responsible for reviewing requests to use restricted-class technology solutions within their respective service domains and assessing requests for applicability. IT Service Managers are also responsible for notifying the EA of decisions affecting pending requests and formulating alternative technology solutions when required or desirable. In addition, IT Service Managers are responsible for submitting requests for updated technology solutions within their respective service domains to the EA team for review through the TIPA process.
- IT Portfolio Management is responsible for developing TIPA review documentation, presenting functional organization business requirements, and acting as the liaison between business owners (customers), EA, and IT Services.
There is no supporting documentation for this process.
Description of Change
|2.0||FY12/Q3||This document was made Section 508 compliant and was converted to HTML.|
|3.0||06.26.2015||Annual Review: The annual review for functional accuracy
and current PCI DSS requirements has been completed. CR 84641|
Updated to incorporate the TIPA review process.
|3.0.1||03.14.2016||Annual Review: No changes. The annual review for functional accuracy and current PCI requirements has been completed. CR 154951|
|3.0.2||10.31.2016||Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 223948|
|3.0.3||03.29.2017||Non-substantive update. Scope: Updated IT Tool Kit to Infrastructure Tool Kit. CR 260480|
|3.0.4||10.04.2017||Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 311546|