Hi, interesting post. Please share the PDF :-)

Wanted to give a special thanks to @Jacques for publishing this. This is a great approach and reinforces the idea that customers “own their meta model”. Each organization is different and can require different processes/strategies. 

Thank you Jacques! Great information here!

@Jacques , thanks for posting!  Interesting approach with the Governance Factsheet.  On the surface, this feels like it has a bit of overlap with Governance, Risk and Compliance (GRC) tooling that most enterprises have...Do you have a GRC system as well?  (Or do you handle those sorts of aspects in LeanIX?)  If you have a GRC system, I”m guessing you integrate some of the data between the two?

@kkratochvil - As usual, a complicated answer.  

Yes, we have a GRC ‘tool’.  We also use some SaaS platforms for assessments.

The issue we have is Governance from an EA perspective.  On the one hand, we need to identify Applications (we call them Products), and IT Components that need to undergo assessments, or compliance to a policy (because of some criteria we search for in Lean. i.e. All SSO applications need Security Policy W etc.
We also using it to identify what Applications needs to undergo a Gen AI assessment (So high usage of AI for the EU AI act)

Once the assessments are completed it would not really work to integrate those tools to this, it’s a slow moving item, and creating a step to update LeanIX in the assessment process works.  After the assessments, it normally complies with some sort of Policy, which gets loaded against the assessed Application. 

The idea is to create resource links out to information about the policies, assessments etc in their systems, so LeanIX is just the conduit to the information.

There is always a small overlap with external systems (ServiceNow, GRC tools etc)

The benefits of having this tiny bit of info in LeanIX, is that we can see gaps in Policy compliance and the see the effects from a Business Context and Capability perspective.

For GenAI and related to the EU AI Act, it is very useful.

@Jacques please share PDF. We are managing governance in a less elegant way and very interested in your configuration and process. 

Thanks

~Michael Bogart

Thanks for the additional background on the governance pieces @Jacques, very helpful towards a better understanding of your context!

That looks very exciting. I would be interested in the PDF to find out more about it. Could you please share it?

No problem. 

The original scope for the Governance sub types was:

• Framework
• Assessment
• Policy
• Guideline
• Standard
• Process

(We removed the last three.  Guideline is better placed in a wiki style space, standards are better placed in a ‘Building Block’ fact sheet or managing in the Tech Category Fact Sheet and Process is covered in the Business Context Fact Sheet)

For those who want the PDF, please message me, and I will give you my email address.  The Post does not allow me to attach the PDF.

This is a great approach to solving for the governance “problem”.  We have taken a different approach:

We utilize fact sheets for policy, standards, and frameworks (we have logical and physical reference models).  These are related to Application and IT Component fact sheets with descriptions. 

We have extended the Application, IT Component, Project, and Provider FS with assessment fields and dates for our various teams (mostly security).  As soon as a new fact sheet is created or certain field values are selected it kicks off the assessment process.  Via the integration, the assessment progress is tracked in the fact sheet and the final assessment is linked as a resource.  Depending on the integration this is either an attached PDF (BCIC) or a link to the specific review in question (OneTrust).

For assessments of any type we integrate with our various other IT tooling using a service bus framework so we can get to a “Source of Truth”.  This includes our business continuity and disaster recovery system (BCIC), security audit system (OneTrust), and project management system (Planview Portfolios).

We also leverage the ServiceNow integration for IT Service Management / CMDB detail.

Thank you.  I am interested in received the PDF.

Hi - I would also like the PDF please - thank you in advance.

Hi @Jacques, 

could you please share the PDF? We are interested in implementing this within our organization, so any guidance would be useful. Many thanks in advance!

Hello @Jacques ,

Thank you for sharing. It is interesting. 

We have similar use case : GDPR, SOX, saas assessment…

I would be interested in the PDF to find out more about it. Could you please share it?

Thank you in advance

Thank you for this. Great info. I’ve just brought LeanIX into our enterpirse and this is also a critical need we have  Thank you for sharing. 

We have similar use case : GDPR, SOX, AI, Saas assessments…

Could you please share the PDF?

With much gratitude

Hi ​@Jacques - I would appreciate getting the pdf from you :)

Regards,

Anna 

Happy to share.  If you could pop me a private message with your email address, then I can share what I have shared with most of the users on this post.

​@Jacques  I know it has been 10 month ago but love to receive the PDF. 

Thanks in advance

Roald

Happy to share, send me your email in a PM and I’ll forward you the relevant info.

Hi ​@Jacques , could you please share the PDF?

My email: alan.souza@dex.co

Thanks and regards 

Hi ​@Jacques , I have seen your approach on Governance and it looks interesting. I had several discussions on how to model it with LeanIX directly, but your approach is promissing. 
Cloud you please share the PDF with me ?
My email: rolf.marliani@vorwerk.de
Thanks and regards,

Rolf

Hi ​@Jacques, could you please share the PDF, my email: tadej.trinko@petrol.si

Thanks in advance.

Hi ​@Jacques, ​@Tadej Trinko, ​@Rolf, ​@AlanCamilo ,

It’s a really good description on how we can extend the tool as per our needs. Great work ​@Jacques.

Can anyone(who already has it) or Jacques send me the pdf at surbhi.gupta@tietoevry.com? It would be really great to understand how can we make Lean IX as compliance tool as well.

Thanks,

Surbhi