The Role of Open-Source Software: Enterprise Architecture - Chapter 6

The Role of
Open-Source Software
Enterprise Architecture | Chapter 6
The Role of Open-Source Software
is a type of computer software in which
source code is released under a license in
which the copyright holder grants users the
rights to use, study, change, and distribute
the software to anyone and for any purpose.
Open-source software may be developed in
a collaborative public manner.

Benefits include the following:
Multiplying the company’s investment

Open-source benefits from the famous principle: “The smartest people in every field are
never in your own company.” At best, an ecosystem of innovation will grow up around an
open project. Evidence that opening a project pays off financially comes from a recent
report prepared under World Bank auspices. Careful tracing of contributions to their
project—a form of geosptial software called GeoNode—showed that the World Bank’s
subsidiary had invested about one million dollars in the project but had benefited from an
estimated two million dollars invested by other organizations.

Benefiting from the most recent advances

The AI projects mentioned in the introduction are a good example. Your data scientists will
want implementations of the best and most up-to-date algorithms, and these
implementations will usually be open source. There is no need to reinvent the wheel in-
house. Furthermore, your company can innovate more quickly by using tools and existing
code that you can get with a simple download and installation process.

Spreading knowledge of the software

When the code is open and especially when a robust community grows up around it
adoption is broader. This initially takes effort on the company’s part, but it leads to more
people throughout the industry understanding the code and the contribution process.

Increasing the developer base

Broader adoption, along with wide discussion of the source code, translates into a larger
pool of talented developers from which the company can hire to work on the code and
related projects.

Upgrading internal developer skills

The spread of knowledge goes in many directions. Developers already recognize that the
best way to learn good coding skills is to work on an open-source project because they can
study the practices of the top coders in the field. These benefits spread to the company
that employs the open-source developers.

Building reputation
Most people want to work for organizations they can boast about. Adopting open source
—both the code and the practices that go with it—shows that your organization is cool.
And if you can release your own code as open source and win adoption for it, you prove
that your organization is a leader in your field, adept at the best development practices.

Recruiting and retaining developers

Good developers want to work on exciting projects that affect large groups of people.
They also want their skills and contributions to be widely recognized, and they enjoy the
interactions they can have with peers around the world. All these considerations lead
them to gravitate toward open-source projects, and if your competitors are more
successful than you in supporting such projects, developers will bring their talents and
reputations to those companies instead of yours.

Faster startup of new companies and projects

In the frenetic pace of today’s social and business environments, a startup or new division
needs to go from concept to product in months, not years. Working with a community,
both on existing software and on your own innovations, saves you time and lets you focus
limited employee time on critical competitive parts of your product.

Groundwork for
Understanding Open Source
Before discussing open-source software
from three angles—how to adopt software
developed elsewhere, how to contribute to a
project, and how to launch a project of your
own—let’s quickly try to dispel a few myths:

Groundwork for Understanding Open Source
Open-source software is low quality or less secure

Now that major companies are involved in open source, this myth is not cited so often, but
it persists in attitudes that often go unstated. People accustomed to typical procurement
processes have trouble believing that some‐ thing distributed without cost can be high
quality. In fact, open-source projects have replaced the need to charge for licenses
through a number of other funding strategies. But the key issue is that strong open-source
projects adopt strict quality processes, which your organization can also adopt for your
own benefit.

Open-source software is low quality or less secure

As for security, flaws occur in both open source and closed software. Neither is
guaranteed to avoid breaches. Experience suggests that transparency and a large
development community in open-source lead to faster fixes and faster distribution of the
fixed software.

Open-source software lacks support

Popular open-source projects have many sources of technical support from both
organizations and individuals. The open code is a great advantage because you are not
locked into a single company for support. Smaller and younger projects might not have yet
developed this ecosystem of support, so getting support here might require you to devote
more developer time and draw on informal help from the community. Likely enough, you
will stumble over a critical bug that requires immediate attention someday, and you will be
thankful that you can apply your own developers or a hire a developer to fix the bug
instead of waiting for an indifferent vendor’s fix.
Open-source software projects are unmanaged

and chaotic and free for the taking
Successful open-source projects have well-defined processes for decision-making, review
of code, and dealing with users like your organization. You must follow certain rules when
you use code developed by others. The code almost always has a license, but with
different rules from proprietary code. If one of your developers copies code found on the
internet into your own products, you will almost certainly be violating a license, and it’s a
bad practice for legal and other reasons. These points receive more discussion at the
Open -Source Initiative and Software Freedom Conservancy.
Using open-source software requires you

to open your code
This is something of a reverse of the previous myth. Certainly, you need to be aware of
what the license requires before you use open-source software. Some licenses have rules
for contributing back changes you make, and as you’ll see later, you benefit by doing so.
(These licenses are sometimes called “viral,” but their users dislike the negative
connotations of that word; “copy‐ left” is a more neutral term.)

Using open-source software requires you

to open your code
Most open-source projects, even those with rules for contributing back code, are
distributed as libraries that you can link into your own code without opening the functions
you write yourself (for instance, the GNU Lesser General Public License).

You can gain a user base and community by

releasing code on a public repository
Opening code out of laziness never works. Open-source projects do have an advantage
over proprietary ones in gaining adoption, but only if you treat the project as a respected
element of your business strategy. Open-source projects realize value only as part of an
active community. In many cases, the interactions inherent in that process are in and of
themselves highly valuable to participants. But open-source dynamics reward ongoing
investment. You’ll see more of how to do this during the course of the book. Inactive
projects produce declining benefits over time as the costs of stagnation add up.
An open-source project will occupy all your

developers’ time with support requests
In open-source, you trade the time you spend on support for the contributions you get
back from the community. Certainly, you must budget time for support, but your company
can control how much time to put in and can pull back in order to meet deadlines on
internal projects or control excessive support costs. In a successful open-source
community, all members engage in education, and your company is not solely responsible
for providing it.

Assess Potential Projects
There are plenty of places to find open-
source code. GitHub and GitLab are two
well-known code hosting sites (both use the
popular Git version control software
developed originally by Linus Torvalds).

Following is a list of typical things to check for:
Code quality
You can assess this by examining the code, checking the ratings (stars) if the project is on
GitHub, looking at the number of reported bugs, and seeing what people say about the
project online. All code has errors, and you want to see that people report them, so the
presence of bug reports is a good thing —so long as the important bugs get fixed.

Active development
Has the project put out any new releases recently, or at least bug fixes? Are there many
pull requests, which indicate interest in the code?

Project maturity
How long has the project been in existence? Is there an active community? Are there a
number of people maintaining the code? Does it have funding? Are books, videos, and
other forms of education available?

Level of support
Can you get help to install and maintain the software? Is there good docu‐ mentation for
the project?

Health of the community

Are the mailing lists active? Do developers respond quickly and positively when bugs are
reported? Are people polite and productive when responding to issues? A growing
community is a good sign but not a necessity, because a project that serves a small user
base might turn out to be just right for you. On the other hand, an inactive or declining
community is a warning sign.

Public decision making

Are all choices debated on the public list? If you get a sense that leaders make important
decisions privately and just report results to a mailing list or repository, it’s a red flag
indicating that you might not be able to influence the direction of the project. You might
not think such influence is important now, but as you become dependent on the software,
you might want to have a say in the future.

Governance/commit access
Is there a documented way for new contributors to gain commit access? If you invested
your time and expertise in contributing to the project, you will want it to support an
increase in your responsibilities.

The Role of
“By the time you hear the thunder,
it’s too late to build the ark”.
- Unknown
Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management
and Audit Compliance
I. What is business continuity
management (BCM)?
BCM is the development of strategies, plans
and actions that provide protection or
alternative modes of operation for those
activities or business processes which, if they
were to be interrupted, might otherwise bring
about a seriously damaging or potentially
significant loss to the enterprise.

BCM consists of three core elements:
A. Crisis management and communications is a

process designed to enable an effective
response to an event.
Crisis management processes focus on stabilizing the situation and preparing the business
for recovery operations through effective planning, leadership and communication
protocols.

B. Business resumption planning,

or business recovery planning,
involves the recovery of critical business functions and processes that
relate to or support the delivery of core products or services to a customer.

C. IT disaster recovery addresses

the recovery of critical IT assets,
including systems, applications, databases, storage and network assets

II. BCM seems to include many
different terms, some of which
appear to be very similar.
One of the more confusing aspects of business

continuity is the terminology. Some of this
confusion is the result of differences in the
BCM used by various industry and regulatory
groups. A number of terms are similar to BCM,
but with slightly different meanings.

How are they similar or different?
Disaster recovery
is a term reserved for the recovery and resumption of critical technology assets in the
event of a disaster. Disaster recovery can include tasks such as resuming individual
systems or recovering all critical aspects of the IT environment. Disaster recovery is a
component of an overall BCM program.

Resumption planning
is reserved for the recovery of critical business functions separate from IT. Examples of
resumption planning include resuming call center functions, manufacturing processes or
payroll operations after a serious incident has occurred.

Contingency planning
refers to tactical solutions addressing a core resource or process. As opposed to BCM,
contingency planning is typically an isolated action and does not resemble a program or
a series of related actions. An example of contingency planning is determining how to
handle the loss of a specific vendor, or creating processes to work around the loss of a
key piece of equipment on an assembly line.

Recovery planning
is most closely related to BCM. These two terms can be used interchangeably.

Emergency response
includes the immediate actions taken to preserve lives and safeguard property and
assets. Emergency response is often a subset of a broader crisis management program.
An example of an emergency response action is an evacuation plan.

III. Is there a best practice
approach to business continuity
planning (BCP)?
This question is often asked and while vague, is

actually quite valid. A company’s business
continuity approach and project scope may
vary widely, and are driven exclusively by
business requirements (and constraints).

Common project characteristics
BCM program design and deployment

including the definition of policies, standards and tools to support business continuity
efforts. In addition, an effective BCM program should include assigning accountability
and responsibility for each key area (e.g., crisis management, business resumption and
IT disaster recovery).

Business Impact Analysis (BIA)

establishing recovery objectives (business and technology),
as well as the associated justification for each.
Risk assessment
identifying and prioritizing threats and failure scenarios to which the organization may
be vulnerable.

Strategy design and implementation

identifying and implementing continuity strategies that best meet the organization’s needs,
based on a cost-benefit analysis and driven by the results of the BIA and risk assessment.
Plan documentation
documenting response, recovery and restoration procedures to enable
effective business continuity operations.

Testing
validating and continuously improving business continuity strategies and plans.
Training and awareness

increasing knowledge regarding business continuity operations, both in terms of
response/recovery team members, as well as employees in general.
Compliance monitoring and audit

establishing compliance with internal and third-party business continuity standards.

IV. What is the relationship
between business continuity
and enterprise risk
management (ERM)?

IV. What is the relationship between business continuity
and enterprise risk management (ERM)?
The definition reflects certain fundamental concepts.

ERM is:
• A process, ongoing and flowing through an entity
• Affected by people at every level of an organization
• Applied in strategy-setting
• Applied across the enterprise, at every level and unit, and includes
taking an entity-level portfolio view of risk

The definition reflects certain fundamental concepts.

ERM is:
• Designed to identify potential events that, if they occur, will affect
the entity, and to manage risk within the entity’s risk appetite
• Able to provide reasonable assurance to an entity’s management and
board of directors
• Geared toward achievement of objectives in one or more separate but
overlapping categories

BCM is one component of an effective

enterprise program designed to manage risk
and is therefore a core aspect within ERM.
BCM is included under or part of ERM

EXECUTIVE MANAGEMENT SUPPORT AND SPONSORSHIP

Organizations typically provide leadership to the BCM program through three roles:
1. Sponsorship – providing or ensuring organizational and financial support
2. Ownership – direct responsibility for ensuring support,

as well as overall program execution
3. Custodianship – responsibility for the coordination of BCM tasks

executed throughout the organization

Sponsorship and BCM program ownership roles

typically trend toward organizational elements with
visibility across the entire business, as well as
experience with risk management.

List of effective sponsors and owners:
Finance – The chief financial officer (CFO) or a direct report, to include risk
management or loss prevention.
Executive council – A member of the senior management team, to include

the general counsel, director of human resources (HR), or manager of
corporate communications.
Operations – The chief operating officer (COO) or a direct report, to include

security and EHS.

List of effective sponsors and owners:
Risk management – A chief risk officer (CRO) or a designated, qualified

business continuity resource within an organization’s risk management
function.
IT – The chief information officer (CIO) or a direct report in data center

operations (some organizations have a program/project management office
where BCM may reside).

What is the value to an
organization in designing and
deploying BCM programs?

What is the value to an organization in
designing and deploying BCM programs?
In the wake of several recent catastrophic natural

disasters, business and IT leaders are more mindful than
ever of the need to plan for and respond to potential
business disruptions and outages, and to evaluate the
location of the backup facilities.

Organizations design and deploy business continuity solutions to manage:
• Regulatory risk
• Financial risk
• Reputation risk

Regulatory risk is a key driver of BCM. A growing number of corporations

are held accountable by regulatory bodies to maintain tested BCPs.
Organizations that do not employ BCPs could be fined, and in some cases,
prohibited from operating or delivering products or services.

Financial risk
The next risk category that drives BCM programs is financial risk.
Companies choose to mitigate financial risk by focusing on factors that
minimize financial loss and maintain market share, including:
• Responding to customer demands
• Understanding officer liability
• Minimizing single points of failure and critical external dependencies

If the company’s directors and officers can be held liable for a company’s
response to a business interruption, they are more likely to develop and
enforce an effective BCM program. Companies want to minimize the
existence of single points of failure and critical external dependencies.
For example, a company can face huge costs if it utilizes only one supplier
and that supplier is suddenly unable to provide core products or services. A
company may implement BCM solutions to make sure operations can be
resumed quickly in this case.

Reputation risk is the third main risk category that influences

business continuity decision-making. The drivers that relate to
reputation risk include:
• Protecting the company’s brand in the face of growing
competition
• Maintaining the public’s approval for the way the company
handles a crisis

What are the critical elements of a
business continuity policy?

What are the critical elements of a business continuity policy?
A growing number of organizations rely on a formal, documented

business continuity policy to drive the BCM program.
Although the content and format of business continuity policies differ
based on existing standards and the culture of the organization, we
recommend the inclusion of key elements to drive this process toward
an optimal level of maturity and preparedness.

Key elements:
Accountability – Names the executive or executives accountable for

BCM program planning and execution, to include responsibility for
resourcing and strategy decision-making.
Roles and responsibilities – In addition to the executive sponsor, the

policy establishes roles and responsibilities for all employees regarding
planning, as well as activities before, during and after a disaster.

Key elements:
Analysis – Establishes the need for and standards associated with risk
assessments and business impact analyses (the cornerstones of the
planning effort). Also establishes the criteria for the type and scale of
incidents to be addressed.
Legal, regulatory and contractual assessment – Requires the

participation of the organization’s general counsel in the analysis of
federal, state and local regulations, as well as customer contractual
requirements impacting business continuity strategies.

Key elements:
Business continuity execution – Identifies specific actions necessary

to develop optimal business continuity strategies that meet business
requirements, as well as how the organization intends to manage crises
and business interruptions.
Business continuity strategy and plan maintenance – Specifies the

standards regarding the review and maintenance of business continuity
analysis, strategies and documentation.

Key elements:
Testing (exercising) – Defines test types, frequency of testing activities,

and standards associated with planning for testing (e.g., setting
objectives, success criteria).
Training and awareness – Sets specific standards regarding the

training of personnel named in the response and recovery plans, as
well as general awareness for employees affected by the business
continuity strategies.

Key elements:
Internal audit participation – Requires the participation of internal

audit in the planning process and/or the review of compliance with the
requirements set forth in the BCM policy.
Reference – Provides linkage to other standards, guidelines,

regulations or policies that the BCM program should consider within
the organization.

Taken together, the elements of a business continuity policy mentioned

above will assist an organization’s planning team in gathering the
necessary support and resources to manage the BCM program
effectively.

What are the most common approaches
to executing a risk assessment?

What are the most common approaches to executing a risk assessment?
Most risk management disciplines utilize a risk assessment to identify

and prioritize threats, risks and failure scenarios. BCM is no different.
Within BCM, a wide variety of risk management processes are used;
most identify and prioritize risk using a combination of likelihood
(probability) and severity (impact).

In addition to likelihood and severity, additional characteristics that may

be factored into the prioritization effort are:
Detectability
Will the organization have advance warning of the threat with enough
time to react, or is there a control in place to prevent or mitigate this
risk?
Velocity to impact
How quickly will downtime lead to a high-severity impact?

An important distinction from other risk management disciplines is that

BCM-related risk assessments take into account risk mitigation controls.
Regardless of the process used to prioritize, a data-gathering process

must be defined to obtain information regarding likelihood, severity and,
possibly, detectability and velocity to impact. Data can come from a wide
variety of sources. Historical research and interviews are two of the more
effective data-gathering techniques for the risk assessment.

Business Continuity, Risk Management
and Audit Compliance
Enterprise Content Management
Enterprise Architecture

| Enterprise Architecture
ECM Defined
Abbreviated as ECM, Enterprise Content
Management has been adopted as the market
definition formerly occupied by vendors of
Document Management Systems (DMS).

ECM Defined
Initially, DMS vendors concentrated on
extensions to basic file management
capabilities provided by their operating
systems. As such, they were interested in the
file (irrespective of its source) and
storage/indexing/retrieval mechanisms to allow
the user to classify and retrieve documents in
an organized, library-like manner.

What is a Document?
Documents are more than just files. They are files that are uniquely
characterized and named such that they may be unambiguously identified,
referred to, and retrieved. Consider the term “documentary evidence” as a
clue to their uniqueness and status.

ECM Capabilities
Enterprise Content Management (ECM)
comprises the technologies used to capture,
manage, store, preserve, and deliver content,
and documents related to organizational
processes. ECM tools and strategies enable the
management of an organization's unstructured
information, wherever that information exists.

Content at Work
Content must be managed so that it is used to achieve business goals.

Central to this strategy are the tools and technologies of ECM, which
manage the complete lifecycle of content, birth to death.

Compliance
The key to a successful compliance strategy is integrating the idea of compliance success
into your business-not viewing compliance as a project that can be completed and then
considered "finished." While painful, complying with regulations should be viewed as an
opportunity to improve common business processes and not just an ongoing cost to the
business.
The tools of ECM, if properly used, can help reduce the overall cost of compliance to the
business.

Collaboration
Collaboration is the art of working together. The key to strong collaboration is utilizing the
set of technologies-instant messaging, whiteboards, online meetings, email, etc.-that allow
work to take place wherever and whenever needed. It's good business; groups can
accomplish more than individuals

Cost
While ECM can be a costly initiative, what are the costs of not properly managing your
content? The cost of not implementing ECM tools is too often left unmeasured until too
late. Things like the cost of long legal proceedings, the loss of repeat business through the
inability to perform simple customer service interactions, and the cost of typical business
process delays are easy to measure after the fact-lawyers' time, the cost to acquire new
customers, and FTE salaries.

Paperless or Paper-efficient
Many companies are seeking to deploy ECM to support a reduction of paper end-to-end.
In some industries this is expressed as a desire to become ‘paperless’. Clearly in industries
where the paper document is the information transport medium or method of interacting
with the end customer, e.g. insurance claims processing, then parallel processing of the
claim cannot occur while there is still paper in the loop. In this mode the document
interface on the front and the back end may be hardcopy, but the intermediate processing
may be entirely electronic.

Continuity
Keeping a business going 24x7 is the task of business continuity planning. While often
mentioned with disaster recovery, business continuity planning is the overall strategy for
ensuring that operations continue in the event of any disruption-natural or man-made.
Disaster recovery is more Paperless or Paper-efficient Many companies are seeking to
deploy ECM to support a reduction of paper end-to-end.

Business Process
Management/Workflow
The tools that move content throughout an

identified business process, such as claims
processing. BPM solutions are frameworks that
can be used to develop, deploy, monitor, and
optimize multiple types of process automation
applications-including processes that involve
both systems and people.

Content and Documents
Unstructured content enters an organization's IT infrastructure from a variety of sources.

Regardless of how a piece of content enters, it has a lifecycle.
1. Electronic Unstructured Data: email, instant message, text document, spreadsheet, etc.
2. Electronic Forms
3. Paper Documents/Forms

Scanning
Paper generally enters the organization

through a scanner, or sometimes, a
multifunction device. In centralized scan
operations, large volumes of paper are put into
the system by dedicated workers. In distributed
operations, smaller volumes of documents are
captured with lower volume scanners or
multifunction devices closer to their point of
creation.

Document Imaging
Software captures the image of the paper

document. Increasingly, electronic document
images have the same legal status as a paper
document.

Forms Processing
Business forms are ingested into the system.

Most forms today are "structured" - the
location of the form elements are known. The
ability to process unstructured forms, those
without a pre-defined form template, is
improving

Recognition
Technologies that allow paper information to

be translated to electronic data without manual
data input. Recognition technologies have
progressive capabilities from optical character
recognition (OCR) to intelligent character
recognitions (ICR) and are important for
converting large amounts of forms or
unstructured data to usable information in a
content management system.

Categorization, Taxonomy
A taxonomy provides a formal structure for information, based on the individual needs of
a business. Categorization tools automate the placement of content (document images,
email, text documents, i.e., all electronic content) for future retrieval based on the
taxonomy.

Indexing
An essential part of the capture process that creates metadata from scanned documents
(customer ID number, for example) so the document can be found. Indexing can be based
on keywords or fulltext.

Document Management
Document management technology helps

organizations better manage the creation,
revision, approval, and consumption of
electronic documents. It provides key features
such as library services, document profiling,
searching, check-in, check-out, version control,
revision history, and document security.

Records Management
Content of long-term business value are

deemed records and managed according to a
retention schedule that determines how long a
record is kept based on either outside
regulations or internal business practices. Any
piece of content can be designated a record.

Email Management
As the de facto standard for business

communication, removing emails from the
server and saving them to a repository isn't
enough. Email must be classified, stored, and
destroyed consistent with business standards-
just as any other document or record.

Web Content Management
Web content management technology

addresses the content creation, review,
approval, and publishing processes of Web-
based content. Key features include creation
and authoring tools or integrations, input and
presentation template design and
management, content re-use management,
and dynamic publishing capabilities.

Digital Asset Management
Similar in functionality to document

management, DAM is focused on the storage,
tracking, and use of rich media documents
(video, logos, photographs, etc.). Roots of the
technology are in the media and entertainment
industry, currently experiencing growth,
especially in marketing departments. Digital
assets typically have high intellectual property
value.

Repositories
Structured and unstructured - the core of many ECM systems. This is where the data
resides and where much of a company's investment in ECM resides. A repository can be a
sophisticated system that costs hundreds of thousands of dollars, or as simple as a file
folder system in a smaller company. The key is to have information that can be found once
it is placed in the system.

Storage
Content needs to "live" somewhere. Storage technology (optical disks, magnetic, tape,
microfilm, RAID, paper) provide options for storing content online for rapid access or near-
or off-line for content that isn't needed often.
Content Integration
Enables disparate content sources to look and act as a single repository.

Migration
As storage media ages, content must be moved to new media for continued accessibility.
Backup/Recovery
Backing up content in various formats and/or locations helps to ensure business viability
in the face of a disaster.

Search/Retrieval
One of the greatest benefits of a strong ECM system is the ability to get out what you put
in. By having strong indexing, taxonomy, and repository services, locating the information
in your system should be a snap.
Syndication
Distribution of content for reuse and integration into other content.

Localization
Recasting content based on the needs and cultural mores of different global markets.
Personalization
Drawing on a taxonomy and based on established user preferences, various types and
subjects of content can be delivered via user-defined preferences.

Publish
Contents gets where and to whom it needs to go through a number of tools. Content can
be delivered via print, email, websites, portals, text messages, RSS feeds.
Paper Electronic
Portal, Intranet, Extranet, Email, Fax

Security
Restricts access to content, both during its creation and management as well as when
delivered.
1. Digital Rights Management - prevents the illegal distribution of rights-managed

content by restricting access to content down to the sentence level as well as
granting/restricting permissions for forwarding and accessing content.
2. Digital Signatures - ensures the identity of a document sender, and the authenticity of
the message.
3. PKI - uses a public and private key pair held by a trusted third party to transact business
over the public Internet.
Collaboration
Collaboration technologies enable individual

users, such as employees or business partners
to easily create and maintain project teams,
regardless of geographic location. These
technologies facilitate collaborative, team-
based content creation and decision-making.

Long-Term Archival
Content that must be preserved over decades

must be saved to media, such as paper and
film-based imaging, with longevity to match.

The “Other” ECM: Engineering Content Management (EngCM)
Known as the “other” ECM, Engineering Document Management Systems (EDMS) were
primarily conceived to fulfill the same “container management” requirements as the more
traditional office document management systems, except that they specialized in the
unique requirements of engineering users.
In the same way that DMS systems evolved to ECM, EDMS systems have also evolved over
time to manage the engineering content, not just the engineering documents.
To differentiate Enterprise Content Management and Engineering Content Management,

we will refer to the latter as EngCM.

Differences Between ECM
and EngCM
While the primary goal of both ECM and EngCM

may be that of managing information, there
are business and technical requirements that
have resulted in functional differences between
the two types of systems.

Unstructured vs. Structured Information
One of the primary and most obvious differences between an ECM and an EngCM is that
the ECM is geared towards supporting unstructured information and
EngCM is geared towards structured information.
Of course, each of these types of systems may, to a greater or lesser extent, support both
unstructured and structured information, but it is their primary focus that determines the
features/functions that they support.


The Role of Open-Source Software: Enterprise Architecture - Chapter 6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The Role of Open-Source Software: Enterprise Architecture - Chapter 6

Uploaded by

Copyright:

Available Formats

The Role of

The Role of Open-Source Software

Multiplying the company’s investment

The Role of Open-Source Software

Benefiting from the most recent advances

The Role of Open-Source Software

Spreading knowledge of the software

The Role of Open-Source Software

Increasing the developer base

The Role of Open-Source Software

Upgrading internal developer skills

The Role of Open-Source Software

The Role of Open-Source Software

Recruiting and retaining developers

The Role of Open-Source Software

Faster startup of new companies and projects

The Role of Open-Source Software

The Role of Open-Source Software

Open-source software is low quality or less secure

The Role of Open-Source Software

Open-source software is low quality or less secure

The Role of Open-Source Software

Open-source software lacks support

Open-source software projects are unmanaged

Using open-source software requires you

The Role of Open-Source Software

Using open-source software requires you

The Role of Open-Source Software

You can gain a user base and community by

An open-source project will occupy all your

The Role of Open-Source Software

The Role of Open-Source Software

The Role of Open-Source Software

The Role of Open-Source Software

The Role of Open-Source Software

The Role of Open-Source Software

Health of the community

The Role of Open-Source Software

Public decision making

The Role of Open-Source Software

The Role of Open-Source Software

Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management and Audit Compliance

A. Crisis management and communications is a

Business Continuity, Risk Management and Audit Compliance

B. Business resumption planning,

Business Continuity, Risk Management and Audit Compliance

C. IT disaster recovery addresses

Business Continuity, Risk Management and Audit Compliance

One of the more confusing aspects of business

Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management and Audit Compliance

Business Continuity, Risk Management and Audit Compliance

This question is often asked and while vague, is

Business Continuity, Risk Management and Audit Compliance

BCM program design and deployment

Business Continuity, Risk Management and Audit Compliance

Business Impact Analysis (BIA)

Business Continuity, Risk Management and Audit Compliance

Strategy design and implementation