Enterprise Architecture Review Process
Process Owner: Manager, Solutions Development and Support
Note: An owner must be a PCES-level manager.
This process establishes standard tools and processes for the enterprise architecture (EA) review within the Postal Service Technical Environment.
The purpose for the EA Review Process is to ensure the full and proper use of Postal Service information resources and technologies, including Information Technology (IT) human resources, IT processes, and infrastructure.
The EA Technology Initiative Prioritization Assessment (TIPA) review process applies to all Postal Service personnel and contracted vendors and applies to all projects introducing new or expanded use of IT services, technology solutions, commercial off-the-shelf (COTS) software, or freeware, as well as requests for free trials, evaluation copies, and new tools used in proof-of-concept evaluations.
The TIPA review process also applies to projects that require upgrades to software previously approved for inclusion in the IT Tool Kit (ITK), when additional features or functionality are added, or when the tool has undergone significant changes, such as a change to a subscription or cloud service platform.
The Enterprise Architecture team, in conjunction with departments under the Chief Information Officer (CIO) and the Privacy Office (when applicable), reviews every new or expanded use of IT services or technology solutions.
The TIPA review activities begin when a new tool has been identified by a project team or end user during the Requirements/Sprint 0 phase of the Technology Solution Life Cycle (TSLC). If new tools that are not currently listed on the ITK are identified, the Enterprise Architecture / IT Solution Architecture teams are engaged to determine if existing tools offer the same capability. If there is a business need and justification for addition of the new tool, the EA team will provide support to the requestors in completing the TIPA template for review by the IT Leadership Team (ITLT).
Throughout the TIPA review process, there is a sequence of submit, review, stakeholder comments, recommendations, and record outcome that are facilitated by the EA team. Any requests for clarifications or additional information to support a request by TIPA reviewers are conveyed to the project teams through the IT Program Manager who supports the portfolio sponsoring the project.
Once the TIPA has completed vetting by the reviewers, it will be scheduled for review by the ITLT at the ITLT TIPA meeting where a vote is recorded. Approved TIPAs are routed to the Vice President, Information Technology, for signature. When the TIPA process is completed, the ITK is updated to include the new tool, the EA team archives a copy of the signed TIPA and a copy in PDF format is provided to the IT Program Manager and project team.
As with any project requiring technology support, business customers must initiate a conversation with their IT Business Relationship Program Manager using a documented business need. Business needs must be documented using the standard Business Needs Statement (BNS) template.
The IT Business Relationship Program Manager assists the business customer in evaluating solutions appropriate for the documented business need. When a tool that is not currently listed on the ITK is identified as a technology solution or a portion of an overall technology solution, the following steps are followed:
- A request for usage is submitted to EA using the Technology Initiative Prioritization Assessment (TIPA)
The template is completed jointly by the IT program manager and the business owner (customer), in consultation with contracted project management support and with the support of IT Acquisition Support. It is important that no commitment be implied to a supplier or project support team during this step as usage of the technology has not yet been approved.
- The TIPA is submitted to the Enterprise Architecture team. The Enterprise
Architecture team collaborates with Solutions Architecture, Information
Security and other stakeholders, as applicable, including the Privacy and
Records Office, to determine if any additional, nonstandard security and
privacy requirements apply to the proposed solution. Based on the completion
of their review, the Enterprise Architecture team coordinates clarifications
and facilitates review with the ITLT.
- The ITLT TIPA meeting is utilized to provide a recommendation to the VP,
Information Technology, who provides final approval for the addition to the
ITK of reviewed solutions.
- If approved, IT Acquisition Support assists the IT program manager and
business customer in documenting any contractual requirements and provides
advice on procurement procedures. The TIPA review process is a review of
business need and technical merit to ensure that selected technology and
software tools can be implemented and supported within the enterprise.
- The TIPA review process does not supersede Supply Management procurement policies. Requestors must follow normal funding and procurement processes for purchasing. However, when submitting an eBuy for new COTS software tools that are not listed on the ITK, the eBuy must include a copy of the signed TIPA as indication that the request has undergone a formal technical review by the ITLT and has been approved by the VP, Information Technology.
- Technology Initiative Prioritization Assessment (TIPA) template
- Business Needs Statement
- Technology Solution Design Detailed Design Document
- TIPA – signed by VP, Information Technology
- Business owner (customer) provides the business need
requiring a technology solution. The business owner (customer) documents the
business need in a BNS that includes objectives, client usages, intended
options, and associated support aspects pertinent to the solution being
- IT Business Relationship Management Manager and IT program manager
are responsible for aligning technology solutions to customer
business needs and facilitating the implementation of any technology
- Enterprise Architecture (EA) team is responsible for
initially evaluating the TIPA and consolidating stakeholder comments in order
to determine when it is appropriate to move forward with a formal review. The
EA team is also responsible for facilitating the ITLT TIPA meeting in
conjunction with other stakeholders. The EA team prepares final documentation
for the VP, Information Technology.
- IT Leadership Team (ITLT), during the ITLT TIPA meeting
and in conjunction with Engineering Systems, the Corporate Information
Security Office (CISO), and the Privacy and Records Office, is responsible for
evaluating the business need justification and providing TIPA approval when
appropriate. After securing approval, the initiative is reviewed by the VP,
Information Technology, whose concurrence is required to move forward with the
- IT Service Management is responsible for assisting the
business customer and IT program manager in defining goals, capabilities,
security requirements, and performance metrics; and for ensuring that all of
these are satisfied through the life of the contract. As applicable, this
includes compliance with a negotiated agreement between the Postal Service and
the supplier that defines categories and types of security events, change
events, incident events, level of severity, and metrics for notification and
escalation from the provider to the Postal Service. IT Service Management is
responsible for monitoring Service Level Agreements (SLAs) and ensuring
workflow processes are required for user access and authentication, data
access and portability, and application retirement. SLAs must also provide for
departure from standard operating processes when it is necessary to meet legal
requirements. In addition, IT Service Management supports and manages the
definition and execution of event management for all internal Postal Service
- Chief Privacy Officer (CPO) provides guidance on privacy
issues associated with the implementation of technology solutions that include
personally identifiable information (PII), and verifies Postal Service
compliance with the Privacy Act of 1974, the Freedom of Information Act, and
relevant postal policies and procedures. The CPO must be consulted when any
PII will be stored in or processed by a technology solution.
- Supply Management, contracting officers, and designated
contracting officer representatives manage the purchase of all technology
solutions. Supply Management ensures that the appropriate terms and
conditions, standards, privacy, and security clauses are included in computing
contracts and that pricing is fair and reasonable.
- Corporate Information Security Office (CISO) is
responsible for consulting on information security requirements and evaluating
all technology implementations against USPS information security requirements.
As applicable, CISO is also responsible for completion of the Certification
and Accreditation (C&A) process to determine the sensitivity and
criticality of utilized data, to categorize the solution’s confidentiality,
integrity and availability, and to validate that the appropriate security
controls are implemented.
- IT Program Manager – EA is responsible for facilitating
and managing the TIPA review process.
- IT Solutions Architecture team is responsible for
enforcing reference architectural compliance and approving or denying
proposals for new or updated architectural processes, templates, and patterns
based on requests for new technological solutions.
- IT Service Managers are responsible for reviewing
requests to use restricted-class technology solutions within their respective
service domains and assessing requests for applicability. IT Service Managers
are also responsible for notifying the EA of decisions affecting pending
requests and formulating alternative technology solutions when required or
desirable. In addition, IT Service Managers are responsible for submitting
requests for updated technology solutions within their respective service
domains to the EA team for review through the TIPA process.
- IT Portfolio Management is responsible for developing TIPA review documentation, presenting functional organization business requirements, and acting as the liaison between business owners (customers), EA, and IT Services.
There is no supporting documentation for this process.
Description of Change
|2.0||FY12/Q3||This document was made Section 508 compliant and was converted to HTML.|
|3.0||06.26.2015||Annual Review: The annual review for functional accuracy
and current PCI DSS requirements has been completed. CR 84641|
Updated to incorporate the TIPA review process.
|3.0.1||03.14.2016||Annual Review: No changes. The annual review for functional accuracy and current PCI requirements has been completed. CR 154951|
|3.0.2||10.31.2016||Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 223948|