Rescinded [2022-05-04] - Directive on Service and Digital - Appendix A: Mandatory Procedures for Enterprise Architecture Assessment

Date modified: 2019-08-02

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

More information



Print-friendly XML

Note to reader

The Mandatory Procedures for Enterprise Architecture Assessment has been updated to the Enterprise Architecture Framework which is the criterion used by the Government of Canada enterprise architecture review board and departmental architecture review boards when reviewing digital initiatives to ensure their alignment with enterprise architectures across business, information, application, technology and security domains to support strategic outcomes. The EA framework can be found at Government of Canada Enterprise Architecture Framework -

Appendix A. Mandatory Procedures for Enterprise Architecture Assessment

A.1 Effective date

  • A.1.1These procedures take effect on December 1, 2018.

A.2 Procedures

  • A.2.1These procedures provide details on the requirements set out in section of the Directive on Service and Digital .
  • A.2.2These procedures will be used by departmental enterprise architecture review boards and the Government of Canada enterprise architectural review board as an assessment framework to review digital initiatives to ensure the Government of Canada acts as a single enterprise and to ensure departmental alignment with the Government of Canada digital direction.
  • A.2.3Mandatory procedures are as follows:

    Business Architecture

    • A.2.3.1Align to the GC Business Capability model
      • A. program services as business capabilities to establish a common vocabulary between business, development, and operation
      • A. capabilities that are common to the GC enterprise and can be shared and reused
      • A. business processes using Business Process Management Notation (BPMN) to identify common enterprise processes
    • A.2.3.2Design for users first and deliver with multidisciplinary teams
      • A. on the needs of users, using agile, iterative, and user-centred methods
      • A. to both accessibility and official languages requirements
      • A. all skillsets required for delivery, including for requirements, design, development, and operations
      • A. across the entire application lifecycle, from development and testing to deployment, and operations
      • A. quality is considered throughout the software development lifecycle
      • A. accountability for privacy is clear
      • A. and adopt Test Driven Development (TDD) to improve the trust between business and IT
    • A.2.3.3Design systems to be measurable and accountable
      • A. performance expectations for each IT service
      • A. an audit trail available for all transactions to ensure accountability and non repudiation
      • A. business and IT metrics to enable business outcomes
      • A. oversight and lifecycle management to digital investments through governance

    Information Architecture

    • A.2.3.4Data Collection
      • A. data is collected in a manner that maximizes use and availability of data
      • A. data collected aligns to existing enterprise and international standards
      • A. enterprise or international standards don't exist, develop standards in the open with key subject matter experts
      • A. collection of data yields high quality data as per data quality guideline
      • A. data is collected through ethical practices supporting appropriate citizen and business-centric use
      • A. should only be purchased once and should align with international standards
      • A. necessary, ensure collaboration with department/ agency data stewards/ custodians, other levels of government, and Indigenous people
    • A.2.3.5Data Management
      • A. alignment with enterprise and departmental data governance and strategies
      • A. accountability for data roles and responsibilitie
      • A. to maximize data use and availability
    • A.2.3.6Data Storage
      • A. data is stored in a secure manner, using appropriate safeguards in accordance with the National Cyber Security Strategy and the Privacy Act
      • A. existing retention and disposition schedules
      • A. data is stored in a way to facilitate easy data discoverability, accessibility, and interoperability
    • A.2.3.7 Data Sharing
      • A. should be shared openly by default as per the Directive on Open Government
      • A. government-held data can be combined with data from other sources enabling  interoperability  and interpretability through for internal and external use
      • A. the collection of redundant data
      • A. existing data where possible
      • A. data sharing and collaboration

    Application Architecture

    • A.2.3.8Use Open Standards and Solutions by Default
      • A. possible, use open standards and open source software first
      • A. an open source option is not available or does not meet user needs, favour platform-agnostic COTS over proprietary COTS, avoiding technology dependency, allowing for substitutability and  interoperability
      • A. a custom-built application is the appropriate option, by default any source code written by the government must be released in an open format via Government of Canada websites and  services designated by the Treasury Board of Canada Secretariat
      • A. source code must be released under an appropriate open source software license
      • A. public data to implement Open Data and Open Information initiatives
    • A.2.3.9Maximize Reuse
      • A. and reuse existing solutions, components, and processes
      • A. enterprise and cluster solutions over department-specific solutions
      • A. simplification by minimizing duplication of components and adhering to relevant standards
      • A. the GC EARB about departmental investments and innovations
      • A. code publicly when appropriate, and when not, share within the Government of Canada
    • A.2.3.10Enable  Interoperability
      • A. all functionality as  services
      • A. microservices built around business capabilities. Scope each  service  to a single purpose
      • A. each IT  service  in its own process and have it communicate with other  IT services through a well-defined interface, such as an HTTPS-based application programming interface (API) as per Appendix B: Mandatory Procedures for Application Programming Interfaces
      • A.  applications  in containers
      • A. the GC Digital Exchange Platform for components such as the API Store, Messaging, and the GC  Service  Bus

    Technology Architecture

    • A.2.3.11Use Cloud first
      • A. Enforce this order of preference: Software as aService (SaaS) first, then Platform as a  Service(PaaS), and lastly Infrastructure as a  Service(IaaS)
      • A. this order of preference: Public cloud first, then Hybrid cloud, then Private cloud, and lastly non-cloud (on-premises) solutions
      • A. for cloud mobility and develop an exit strategy to avoid vendor lock-in
    • A.2.3.12Design for Performance, Availability, and Scalability
      • A. for resiliency
      • A. response times meet user needs for availability
      • A. zero-downtime deployments for planned and unplanned maintenance
      • A. distributed architectures, assume failure will happen, handle errors gracefully, and monitor actively

    Security Architecture and Privacy

    • A.2.3.13Design for Security and Privacy
      • A. security across all architectural layers
      • A. data properly to determine appropriate safeguards
      • A. a privacy impact assessment (PIA) and mitigate all privacy risks when personal information is involved
      • A. user and business needs with proportionate security measures and adequate privacy protections.
Date modified: