gea-nz v3.1 application and ict services reference model and taxonomy

Government Enterprise

Architecture

GEA-NZ v3.1 Application and ICT Services Reference Model and Taxonomy

Approved July 2015

GEA-NZ v3.1 Application and ICT Services Reference Model and Taxonomy of 71

Crown copyright ©. This copyright work is licensed under the Creative Commons Attribution 3.0 New Zealand licence. In essence, you are free to copy, distribute and adapt the work, as long as you attribute the work to the Department of Internal Affairs and abide by the other licence terms. To view a copy of this licence, visit http://creativecommons.org/licenses/by/3.0/nz/. Please note that neither the Department of Internal Affairs

emblem nor the New Zealand Government logo may be used in any way which infringes any provision of the Flags, Emblems, and Names Protection Act 1981 or would infringe such provision if the relevant use occurred within New Zealand. Attribution to the Department of Internal Affairs should be in written form and not by reproduction of the Department of Internal Affairs emblem or New Zealand Government logo.

Published by the Department of Internal Affairs www.ict.govt.nz

http://creativecommons.org/licenses/by/3.0/nz/

http://www.legislation.govt.nz/act/public/1981/0047/latest/whole.html#dlm52216

http://www.ict.govt.nz/

http://creativecommons.org/licenses/by/3.0/n


Document

Purpose The Government Enterprise Architecture for New Zealand (GEA-NZ) Reference Models outline the following artefacts for each dimension of the architecture:

- Reference taxonomy

- Structure and description

- Context within the GEA-NZ v3.1

- Description of artefacts and relationships with other artefacts across all dimensions

The objective of a Reference Model is to provide widely accepted core taxonomy, and an appropriate visual representation of that taxonomy. A Reference Taxonomy defines the terminology, and provides a useful, coherent, consistent, and structured description of the components of an Enterprise Architecture. The need for reference architectures and associated taxonomies as part of a Government Enterprise Architecture is described in the GEA-NZ v3.1 Context Document.

There are eight architecturally significant dimensions within the Government Enterprise Architecture for New Zealand v3.1 framework (GEA-NZ v3.1). Each of these dimensions has a Reference Model which includes relevant reference artefacts and relationships. Where appropriate the Reference Model has an associated Reference Taxonomy.

GEA-NZ v3.1 uses reference taxonomies to provide categorisation terms to describe the architecture of capabilities for use across All of Government (AoG), sectors, clusters, and agencies. Reference taxonomies reduce complexity by abstracting, organising and simplifying complex information sets.

The overall consistency and cohesiveness of cross government services, shared services and common capabilities, can be improved when government entities apply common reference taxonomies to deliver consistent and aligned views of commonly required operational and technological services.

The usage of the GEA-NZ reference taxonomy, at government, agency and sector level, will help drive ICT efficiencies and Transformation programmes through identification of opportunities for development or and reuse of common solutions. This will enable the implementation of the Government ICT Strategy and Action Plan to 2017 and Better Public Services: Results for New Zealanders.

Use of the GEA-NZ v3.1 reference model will:

- Provide common language to promote service, information, system and technology interoperability

- Promote the identification and demand aggregation of sharable and common capabilities to improve the efficacy, utility and cost effectiveness of ICT across government

- Foster traceability of features to meet requirements

- Support the re-use of solutions and services

- Support the development and delivery of coherent AoG Common Capabilities portfolio

- Support the AoG Data Governance initiatives


Scope This document provides a description of the GEA-NZ v3.1 Application and ICT Services Reference Model and Taxonomy. This will provide the basis for developing specific Application and ICT Services reference architectures and patterns. These reference architectures and patterns can be more readily used across government where the terms from the reference taxonomy are used consistently.

This document does not include the description of the Application and ICT Services reference architecture or the use of software tools to construct and manage GEA-NZ v3.1 models.

References to related documents are contained within the context of the document.

Audience The intended audience of this document is (but not limited to):

- Agencies’ Enterprise, Application and Solution Architects

- Agencies and Business partners involved in development and delivery of business and technology solutions

- ICT and Architect Managers

- ICT Security Specialists for Certification & Accreditation activities (C&A)

Authors Regine Deleu – All-of-Government Enterprise Architect

Jim Clendon – Senior Enterprise Architecture Modeller

Approval This document has been created following engagement with the Chief Architect Forum (CAF) and the Government Enterprise Architecture Group (GEAG). The content will be subject to yearly review and improvement. The Government Enterprise Architect team will manage revisions and will indicate priorities for this work. Approval for changes will be sought through the GEAG.

Acknowledgements This version of the GEA-NZ Application and ICT Services Reference Model and Taxonomy was developed by the Government Enterprise Architecture team, part of System Transformation Team, Department of Internal Affairs, New Zealand. It was peer-reviewed and approved by GEAG members.

Additionally, feedback received from a number of experts from various agencies was greatly appreciated.


Version Control

Version Date Comment Modified by Approved by Next Review Date

V3.0 November 2014 Initial version Regine Deleu GEAG June 2015

V3.1 July 2015 Major Changes1

: Regine Deleu

Jim Clendon GEAG June 2016

- A1 Corporate Applications

- Name change to:

o A1.06.05 Asset Booking from A1.06.05 Media and Facilities Reservations

o A1.06.06 Service Centre from A1.06.06 Issue Tracking

- Added A1.14 Stakeholder Relationship Management

- Added A1.02.09 Financial Reporting

- Added A1.02.10 Financial Risk Management

- Added A1.10.03.01 Web conferencing

- Added A1.10.09.01 On-demand Video Streaming, A1.10.09.02 Video Chat, and A1.10.09.03 Video Conferencing.

- A3 End User Tools

- A3.02.07 PDF Reader changed to A3.02.07 Document Reader.

- A4 Data and Information Management Services

- Added A4.10 Web Content Management

- A6 Security Services

- Name change to A6.02 Network Security Services from A6.02 Network Security Service

- A7 ICT Components, Services and Tools

- Added:

o A7.03.11 CASE Tools added to A7.03 ICT Development Environment and Tools.

o A7.04.10 ICT Service Level Management added to A7.04 ICT Management Tools

o A7.04.11 ICT Capacity Management

o A7.04.12 Service Desk

o A7.04.13 Server Management

- Corrected name of A7.06 from Core ICT Operation Services to Server Configuration Types

- Removed the Appendix – GEA-NZ v3.0 Application and ICT Services Reference Taxonomy in Context with Other Artefacts. The relationships between the GEA-NZ Reference Models and the other artefacts have been implemented into a GEA-NZ Reference Models / Artefacts matrix.

1 A detailed ‘What’s Changed - GEA-NZ v3.0 vs v3.1” overview can be requested.


Table of Contents

Document ..................................................................................................................................... 3

Purpose ............................................................................................................................................ 3

Scope ................................................................................................................................................ 4

Audience .......................................................................................................................................... 4

Authors ............................................................................................................................................ 4

Approval ........................................................................................................................................... 4

Acknowledgements ......................................................................................................................... 4

Version Control ................................................................................................................................ 5

Table of Contents ............................................................................................................................. 6

Executive Summary ....................................................................................................................... 7

Application and ICT Services Reference Model and Taxonomy ....................................................... 8

Introduction ..................................................................................................................................... 8

Principles .......................................................................................................................................... 9

Context within GEA-NZ v3.1 .......................................................................................................... 10

Benefits .......................................................................................................................................... 10

Development ................................................................................................................................. 12

Background .......................................................................................................................... 12

Approach ............................................................................................................................. 12

Tools .................................................................................................................................... 13

Application and ICT Services Reference Model ............................................................................. 14

Structure ........................................................................................................................................ 14

Application and ICT Services Domains ........................................................................................... 15

Corporate Applications ........................................................................................................ 16

Common Line of Business Applications ............................................................................... 29

End User Computing ............................................................................................................ 34

Data and Information Management Services ..................................................................... 38

Identity and Access Management Services ......................................................................... 46

Security Services .................................................................................................................. 52

ICT Components, Services and Tools ................................................................................... 57

Interfaces and Integration ................................................................................................... 67

Specialist Line of Business Applications .............................................................................. 70


Executive Summary The Government Enterprise Architecture for New Zealand (GEA-NZ) Reference Models outline the following artefacts for each dimension of the architecture framework:

- Reference taxonomy

- Structure and description

- Context within the GEA-NZ v3.1

- Description of artefacts and relationships with other artefacts across all dimensions

The objective of a Reference Model is to provide widely accepted core taxonomy, and an appropriate visual representation of that taxonomy. A Reference Taxonomy defines the terminology, and provides a useful, coherent, consistent, and structured description of the components of an Enterprise Architecture.

The GEA-NZ Application and ICT Services Reference Taxonomy consistently categorise and describe the government –wide Application and ICT that support business capabilities. It is used for identifying opportunities for cost reduction, collaboration, shared services, common capabilities and solution reuse in ICT portfolios within and across agencies to effectively and efficiently support citizen centric service transformation.

The usage of the GEA-NZ reference taxonomy, at government, agency and sector level, will help drive ICT efficiencies through identification of opportunities for development or and reuse of common solutions. This will ultimately support the implementation of the Government ICT Strategy and Action Plan to 2017 and Better Public Services: Results for New Zealanders.

Use of the GEA-NZ v3.1 reference model will:

- Provide common language to promote service, information, system and technology interoperability

- Promote the identification and demand aggregation of sharable and common capabilities to improve the efficacy, utility and cost effectiveness of ICT across government

- Foster traceability of features to meet requirements

- Support the re-use of solutions and services

- Support the development and delivery of coherent AoG Common Capabilities portfolio

- Support the AoG Data Governance initiatives


Application and ICT Services Reference Model and Taxonomy

Introduction The GEA-NZ Application and ICT Services describes business applications, including ‘X as a Service’, that support the business processes. It includes core business, corporate and specialist line of business applications, end user computing, data and information management, identity and access management and security services. It also includes ICT components, services and tools, interfaces and integration.

At an All-of-Government level, the model facilitates a common understanding of application assets and ICT services, identifying opportunities for sharing, reuse, and consolidation or renegotiation of licenses. It also assists the GCIO assurance function by identifying application assets that will require maintenance or renewal within the business planning horizon.

At an agency level, the model describes the application assets and ICT services of the agency, and helps application portfolio management. Mapping their current and planned Information Systems to the Application and ICT Services Reference Taxonomy categories should help agencies and sectors identify opportunities for sharing, reuse, and consolidation or renegotiation of licenses.

The GEA-NZ Application and ICT Services Reference Taxonomy provide the basis for categorising applications and their components. It categorises software that supports business. It does not include operating systems that are used to operate hardware, as these are contained in the Infrastructure Reference Model.


The GEA-NZ Application and ICT Services Reference Taxonomy is an integral part of the Government Enterprise Architecture for New Zealand v3.1 (GEA-NZ v3.1).

Principles The value of reference models comes from applying them as part of business as usual practices and capability acquisition across agencies in a consistent manner. They are used to provide a consistent view across a complex system of business services and supporting ICT so that the delivery of government services can become customer centric, and that investments can be made that benefits the system as a whole, not just specific agencies in accordance with the guiding principles of the Government ICT Strategy and Action Plan to 2017:

- Centrally led, collaboratively delivered The Strategy and Action Plan will be led by the GCIO and delivered in collaboration with agency chief executives.

- Customer centricity Customer insights must inform service design and delivery. Customers should be shielded from the internal complexities of Government.

- Trust and Confidence Build public trust and confidence in government’s ability to maintain the privacy and security of information. This underpins our ability to use digital channels.

- Simplify by design Remove complexity, fragmentation and duplication, and reengineer business processes end–to-end.

- Share by default Capabilities must be shared by default rather than by exception.


Context within GEA-NZ v3.1 The GEA-NZ Application and ICT Services Reference Taxonomy is a core part of the GEA-NZ Application and ICT Services Reference Model within the GEA-NZ v3.1 framework. The GEA-NZ Application and ICT Services Reference Model provides the basis for categorising Application and ICT Services assets at a department or agency level as well as Sector and AoG levels.

The following table shows the GEA-NZ Application and ICT Services Reference Model in context with the other GEA-NZ reference models.

Ap

plic

atio

n a

nd

ICT

Serv

ices

represents a key mechanism for realising strategic goals, through adoption of agile core business applications and industry standard corporate support functions

Strategy, Investment, and Policy

provides the ICT services that enables performance measurement and governance controls, and offers opportunities to improve business efficiency through sharing and reuse

Governance and Performance

provides the application and ICT services that support business services, processes, capabilities, information sharing, and reuse

Business

sets requirements and provides the tools to manage, model, structure, share, and exchange data and information

Data and Information

provides the application and ICT service requirements for technology and infrastructure services, and supporting applications for infrastructure management (e.g. CMDB)

Infrastructure

provides the application and ICT service controls needed to support security and privacy requirements

Security and Privacy

sets the application and ICT service requirements that drive development and scope of corresponding standards

Standards

In the Appendix you can find tables showing the GEA-NZ Application and ICT Services Reference Taxonomy in context with other artefacts.

Benefits The GEA-NZ Application and ICT Services Reference Model will provide the following benefits to agencies, sectors and their business partners involved in the delivery of public services and joint capabilities:

- Drives standardisation at the technology layer, improving the overall manageability, ensuring technologies are directly referenced to business outcomes, and making understanding the impact of changes more unambiguous.

- Provides a government wide common language for applications and ICT services.

- Identification of opportunities for sharing, re-use and consolidation of services to improve efficiencies and effectiveness of current capabilities. To guide change towards shared common services.

- It will enable both ‘horizontal’ assessments of where multiple products are delivering the same business service (consolidation and sharing opportunities), and ‘vertical’ assessments of where different technology products have been implemented for the same or similar services (standardisation and re-use opportunities.

- Provides a basis for the objective review of ICT investment by the government.


- For agencies’ Four Year Plan to help show what they will achieve and how it will be achieved aligning to Better Public Services and all-of-government shared services.

- Enables more cost-effective and timely delivery of ICT services through a repository of standards, principles and templates that support repeatable and consistent design and delivery of ICT capability, as well as business and operational support services.

- Identification of opportunities for the consolidation and standardisation of applications and ICT services.

- Baseline for agencies’ Services and API Catalogue and their Application portfolio and Catalogue;

- An engagement framework that translates a high-level logical view for capability definition and delivery. From a practical perspective, to provide a tool kit for Enterprise Architects to use in their daily work.

This will ultimately result in increased collaboration between agencies, reduced risks, reduced number of incompatible systems across and within agencies, and it contributes to government-wide interoperability commitments in an affordable manner.

In real terms, this will allow the Government to realise savings in two key areas:

Financial Management

Aligning the GEA-NZ Application and ICT Services Reference Model within the broader architectural framework enables explicit links to be established from the governance and performance layer through to the data and application and infrastructure layers.

This will facilitate continuous, robust analysis of the relationship between ICT investments and the associated impact on governance and performance against required business outcomes.

Once established, these linkages will support evidence-based decision making around which technologies and standards are most essential to ensure the continued provision of priority, fit-for-purpose and value for money systems, services and applications.

User Productivity

Standardisation and rationalisation of diverse set of technical standards will improve productivity for not only the user community and those responsible for the management and delivery of ICT services, but also those involved with capability definition, development, acquisition, and delivery and integration (introduction into service, and integrated logistics support management).

Improved standardisation will reduce existing barriers to workforce interoperability, service availability and sharing, and data access and sharing capabilities, and deliver improved consistency across communication and collaboration platforms.

ICT will realise increases in productivity driven by the reduced complexity which flows from having a standardised, agreed set of application and ICT services.

Additionally, as a more standardised suite of approved technologies and platforms develops over time, the number of applications which are supported by bespoke or specialised technologies will fall, reducing the requirement to maintain highly specialised skills to support legacy applications.


Development The GEA-NZ Application and ICT Services Reference Taxonomy has been adapted for New Zealand based on

the United States Federal Enterprise Architecture version 2 (US FEAF v2)2 Application and ICT Services

Reference Model combined with content developed for the NZ Defence Technology Reference Model. NZ Defence based the development of their Technology Reference Model on the following sources:

- GEA-NZ v2.0 AoG Common Operating Environment (COE) and NZDF COE

- NATO C33 Taxonomy

- Australian Department of Defence (DoD) Integrated Defence Architecture4 (IDA)

- US Information Exchange Architecture (IEA).

- UK Government ICT Strategy, End User Device Programme – Conceptual Framework dated Apr 12.

The GEA-NZ v3+ framework separates Application and ICT Services from Applications and ICT Services, so only content from the NZ Defence Technical Reference Model that relates to Application and ICT Services have been included.

We have deliberately used the term ICT services to remove any confusion between the services delivered by government to customers / New Zealand, and what are ICT services which support the delivery of services by government to customers / New Zealand.

Background

The GEA-NZ v3+ Application and ICT Services Reference Taxonomy replaces the GEA-NZ v2.0 Service Reference Taxonomy which re-used the NZ FEAF Service Reference Model.

The Service Reference Model abstracted ICT services from the underlying applications. While this approach has merit in a Service Oriented Architecture for the most part applications are delivering the services directly. This Service Reference Taxonomy was originally approved as part of the NZ FEAF, back in 2008, and was essentially the same as the taxonomy in the US FEAF Service Reference Model developed in 2006 – 8 years ago.

There has been some adoption of this within agencies. However 8 years is a long time in the fast moving world of ICT and technology so it is missing some concepts. As a result agencies have in turn adapted and expanded the taxonomy to the extent that it no longer provides a common set of terms. For example the GEA-NZ v2.0 COE Reference Architecture was defined using a new set of terms, with very few terms from the older reference taxonomies being reused.

Approach

Our approach is to reuse and adapt reference taxonomies from other jurisdictions. Three major sources for GEA-NZ v3+ are the Australian Government Architecture v3.0 (AGA v3.0), the UK Reference Architecture (UK-RA 2012), and the US FEAF v2.0.

Representatives from the Chief Architects Forum (CAF) and the Government Enterprise Architecture Group (GEAG), and other agencies review and contribute to the taxonomies.

2 http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf

3 NATO C3 = North Atlantic Treaty Organisation Command, Control and Co-ordination Agency

4 Note: The ADF IDA closely follows the US FEAF model.

http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf


Tools

The GEA-NZ v3.1 Application and ICT Services Reference Model has been developed using Sparx Systems

Enterprise Architect5 modelling tool. The diagrams are published using .png files, Sparx packages, and

Microsoft Excel.

5 Sparx Systems Enterprise Architect, Ultimate Edition, has been selected by Government Enterprise Architecture in August 2014 as the go forward tool for developing and maintaining GEA-NZ.


Application and ICT Services Reference Model

Structure The GEA-NZ Application and ICT Services Reference Taxonomy model is a simple hierarchical structure made up of application domains, which are divided into application areas, which have categories. Application categories may have multiple levels where more detail is required.

The diagram below shows the structure of the taxonomy and an approach for implementation using the

Open Group ArchiMate6 elements and relationships.

6 ArchiMate is an emerging standard for enterprise architecture modelling in the GEA-NZ Standards.

Agency Implementation (Using

ArchiMate 2.1 Specification elements)

Categorisation

GEA-NZ v3.1 Application and ICT Services Reference Taxonomy Structure

A1.01-A9.99

A1-A9

A1.01.01-A9.99.99

Note: The GEA-NZ Application and ICT Services

Reference Taxonomy covers all software except

operating system (which are categorised in the

GEA-NZ Infrastructure Reference taxonomy).

ArchiMate Application

Component

Application Category

Application Domain

ArchiMate Data Object

(Information Asset)

Application Area

Application and

ICT Services

Reference

Taxonomy


Function

ArchiMate Application Service

AchiMate System SoftwareArchiMate Infrastructure

Function

ArchiMate Infrastructure

Service

ArchiMate Application Interface


Interface

1

«generalisation»

1

«assignment»

1

«access»

1

1

«aggregation

»

«re

alis

atio

n»«access»

«generalisation»

«generalisation»

«u

se

d b

y»

«co

mp

ositio

n»

«re

alis

atio

n»

«assignment»

«u

se

d b

y»

«generalisation»

«generalisation»

«generalisation»

«generalisation»

«generalisation»


Function

GEA-NZ v3.1 Application and ICT Services Reference Taxonomy Structure

«generalisation»

«assignment»

«u

se

d b

y»

«u

se

d b

y»

«co

mp

ositio

n»

«generalisation»

«re

alis

atio

n»

«generalisation»

«generalisation»

«generalisation»

«generalisation»


Service

ArchiMate Application Interface


Interface

AchiMate System Software

Note: The GEA-NZ Application and ICT Services

Reference Taxonomy covers all software except

operating system (which are categorised in the

GEA-NZ Infrastructure Reference taxonomy).

Application Area

Application Domain

Application and

ICT Services

Reference

Taxonomy

1

11

1

1

Categorisation

Agency Implementation (Using

ArchiMate 2.1 Specification elements)

Application Category

ArchiMate Data Object

(Information Asset)ArchiMate Application

Component«assignment»«access»

«generalisation»

«aggregation

»

A1-A9

A1.01-A9.99

A1.01.01-A9.99.99


Function

ArchiMate Application Service

«re

alis

atio

n»«access»

«generalisation»


Application and ICT Services Domains The GEA-NZ Application and ICT Services Reference Model include nine domains that can be used as a common language to classify Application and ICT Services. The domains are:

- Corporate Applications - Standard corporate applications to support internal facing functions.

- Common and Specialist Line of Business Applications - These are business applications to support outward facing functions for managing touch-points with customers, partners and others.

- End User Computing - Brings together the various applications and ICT services needed to support a range of end user computing devices.

- Data and Information Management Services - Software and or services that support management of government data and information and the alignment with standards, quality initiatives, good practice accessibility, etc.

- Identity and Access Management Services - Software and services to support Identity and access management (IAM), identifying, controlling and auditing interactions with government assets.

- Security Services - The Security Services domain defines the methods of protecting information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide integrity, confidentiality and availability.

- ICT Components, Services and Tools - Software and services for operational management and maintenance of applications, ICT components and services.

- Interfaces and Integration - The Interfaces and Integration application area refers to the collection of software and services that support how agencies will interface and integrate both internally and externally.


Corporate Applications

Note: Detailed diagrams are available as .png files, and this table is available as an Excel file.

Name Description

A1 Corporate Applications These are standard corporate applications within government to support the internal facing functions for managing staff, money and the way government agencies run their business. Note: The applications found in this domain can also be used as ICT services or application components. Many commercial applications may contain elements of applications listed here and specific software solutions may offer a mix of these in one suite.

A1.01 Enterprise Resource Planning (ERP)

Enterprise resource planning (ERP) is business management software; usually a suite of integrated applications, that an organisation can use to collect, store, manage and interpret data from many business activities. In the past ERP solutions focused on back office functions but modern solutions often include some key front office functions as well. Note: Application Categories for ERP can be found under the Corporate Applications and Core Business Applications areas. Example ERP Modules are: - Financial Accounting: General ledger, fixed asset, payables including vouchering, matching and payment, receivables cash application and collections, cash management, financial consolidation. - Management Accounting: Budgeting cost management; activity based costing - Human Resources: Recruiting, training, rostering, payroll, benefits, diversity management, retirement, and separation. - Manufacturing: Engineering, bill of materials, work orders, scheduling, capacity, workflow management, quality control, manufacturing process, manufacturing projects, manufacturing flow, product life cycle management. - Order Processing: Order to cash, order entry, credit checking, pricing, available to promise, inventory, shipping, sales analysis and reporting, sales commissioning. - Supply Chain Management: Supply chain planning, supplier scheduling, product configurator, order to cash, purchasing, inventory, claim processing, and warehousing (receiving, put away, picking and packing). - Project Management: Project planning, resource planning, project costing, work breakdown structure, billing, time and expense, performance units, activity management. - Customer Relationship Management: Sales and marketing, commissions, service, customer contact, call center support - CRM systems are not always considered part of ERP systems but rather Business Support systems (BSS). - Self Service: Various "self–service" interfaces for customers, suppliers and/or employees.


A1.02 Financial and Asset Management

Applications, software or services that support financial and asset management. Financial management refers to the efficient and effective management of money (funds) in such a manner as to accomplish the objectives of the organisation. It is the specialised function directly associated with the top management. It includes how to raise the capital, how to allocate it i.e. capital budgeting. Not only about long term budgeting but also how to allocate the short term resources like current assets. It also deals with the dividend policies of the shareholders.

A1.02.01 Budget Planning and Execution

Software that supports all activities undertaken to determine priorities for future spending and to develop an itemised forecast of future funding and expenditures during a specified period of time. This includes the collection and use of performance information to assess the effectiveness of programs and develop budget priorities and the legal (apportionment) and managerial (allotment and sub-allotment) distribution of budget authority to achieve results consistent with the formulated budget.

A1.02.02 General Ledger Software that supports accounting for assets, liabilities, fund balances, revenues and expenses associated with the maintenance of government funds and expenditure of government appropriations (salaries and expenses, operations and maintenance, procurement, working capital, trust funds, etc.), in accordance with applicable standards.

A1.02.03 Accounts Payable Software that manages and pays the funds owed.

A1.02.04 Accounts Receivable

Software that supports collections and receivables, including deposits, fund transfers, and receipts for sales or service.

A1.02.05 Asset Management Software that supports the tracking of information related to deploying, operating, maintaining, upgrading, and disposing of assets cost-effectively. Includes an inventory of assets.

A1.02.06 Expense Management

Support the management and reimbursement of costs paid by employees or an organisation.

A1.02.07 Financial Audit Software used to track and manage financial audit and support the examination and verification of records for accuracy.

A1.02.08 Portfolio Management

Software or services that provide the set of capabilities to support the administration of a group of investments held by an organisation.

A1.02.09 Financial Reporting Software or services that support the preparation of accurate and timely financial reports.

A1.02.10 Financial Risk Management

Software or services that support financial risk management.


A1.03 Human Resource Management

Applications, software or services that support human resource management. Human resource management (HRM or simply HR) is a function in organisations designed to maximize employee performance in service of their employer’s strategic objectives. HR is primarily concerned with how people are managed within organisations, focusing on policies and systems. HR departments and units in organisations are typically responsible for a number of activities, including employee recruitment, training and development, performance appraisal, and rewarding (e.g., managing pay and benefit systems). HR is also concerned with industrial relations, that is, the balancing of organisational practices with regulations arising from collective bargaining and governmental laws.

Note: Health and Safety often is a module in an HR suite but is under A1.09 Business Continuity in this framework.

A1.03.01 Recruitment Software that supports the procedures for attracting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles. This includes developing a staffing strategy and plan, and establishing an applicant evaluation.

A1.03.02 Education / Training

Software that supports the design, development, and implementation of a comprehensive employee development and training approach to ensure that agency employees have the right competencies.

A1.03.03 Personnel Administration

Support the matching between an organisation’s employees and potential opportunities as well as the modification, addition and general upkeep of an organisation’s employee-specific information.

A1.03.03.01 Employee Records Software that manages employee personnel records and files.

A1.03.03.02 Time and Attendance Software that supports the set of capabilities to support the submission, approval and adjustment of employee hours.

A1.03.03.03 Career Development and Retention

Support the monitoring of performance as well as the professional growth, advancement and retention of an organisation's employees.

A1.03.04 Staff Directory Software that supports the listing of employees and their whereabouts.

A1.03.05 Payroll Software that supports the administration, calculation and payment of employee wages, bonuses, and deductions including tax.

A1.03.05.01 Salary Management Software and or services that support the calculation and payment of salaries and payroll taxes.

A1.03.05.02 Benefits Software that supports the design, development, and implementation of benefits programs for agency employees. This includes establishing and communicating benefits programs, processing benefits actions, and interacting as necessary with third party benefits providers.

A1.03.05.03 Awards Software that supports the administration of employee bonus and monetary awards programs. Also includes software used to design, develop, and implement pay for performance compensation programs to recognize and reward high performance, with both base pay increases and performance bonus payments.

A1.03.06 Team and Organisation Management

Software that supports the hierarchy structure and identification of employees within the various sub-groups of an organisation.


A1.03.07 Skills Management Software that supports the proficiency of employees in the delivery of an organisation's products or services.

A1.03.08 Emergency Notification

Software that enables designated individuals to communicate critical information to many individuals across multiple devices.

A1.04 Workforce Capability Management

Applications, software or services supports workforce management. Workforce capability management encompasses all the activities needed to maintain a productive workforce. It can be part of or overlap with HR management and ERP systems.

A1.04.01 Resource Planning and Allocation

Software that supports the processes for identifying the workforce competencies required to meet the agency’s strategic goals and for developing the strategies to meet these requirements. The software also supports procedures for attracting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles. This includes developing a staffing strategy and plan; establishing an applicant evaluation approach; announcing the vacancy, sourcing and evaluating candidates against the competency requirements for the position; initiating pre-employment activities; and hiring employees.

A1.04.02 Field Service Management

Software to optimally plan and dispatch field service technicians and their properly stocked vehicles to a customer's location in a timely manner in order to deliver against their service commitments.

A1.04.02.01 Demand Management Software to help forecast work orders to plan the number and expertise of staff that will be needed.

A1.04.02.02 Workforce Scheduler Software to predefined rules to automatically optimise the schedule and use of resources (people, parts, vehicles).

A1.04.02.03 Workforce Dispatcher Software to automatically assigning work orders within predefined zones to particular technicians.

A1.04.03 Contingent Workforce Management

Software that supports the continuity of operations for an organisation's business through the identification of surge or temporary personnel in addition to agency staff.

A1.05 Corporate Governance and Strategy

Applications, software or services that support corporate governance functions. Corporate governance broadly refers to the mechanisms, processes and relations by which corporations are controlled and directed. Governance structures identify the distribution of rights and responsibilities among different participants in the corporation (such as the board of directors, managers, shareholders, creditors, auditors, regulators, and other stakeholders) and include the rules and procedures for making decisions in corporate affairs. Corporate governance includes the processes through which corporations' objectives are set and pursued in the context of the social, regulatory and market environment. Governance mechanisms include monitoring the actions, policies and decisions of corporations and their agents. Corporate governance practices are affected by attempts to align the interests of stakeholders.

A1.05.01 Strategy and Planning

Software that allows setting up the activities of determining strategic direction, identifying and establishing programs, services and processes, and allocating resources (capital and labour) among those programs and processes.

A1.05.02 Governance Software that supports decisions, actions, business rules and other matters that govern an organisation.


A1.05.03 Compliance Management

Compliance Management software and or services provide a common framework and an integrated approach to manage all compliance requirements faced by an agency. It enables companies to manage cross-industry mandates and regulations such as SOX, OSHA, EH&S, and FCPA as well as industry focused regulatory guidelines from FDA, FERC, FAA, HACCP, AML, Basel II, and Data Retention laws.

A1.05.04 Internal Control Support the methods and procedures used by the organisation to safeguard its assets, produce accurate accounting data and reports, contribute to efficient operations, and encourage staff to adhere to management policies and mission requirements.

A1.05.05 Corporate Policy Software that supports development and enforcement of corporate policy within an organisation.

A1.05.06 Risk Management Software that allows planners to explicitly address uncertainty by identifying and generating metrics, setting parameters, prioritizing, and developing mitigations, and tracking risk.

A1.05.07 Corporate Performance Management

Software that allows setting up performance metrics, such as cost and profitability, for planners to explicitly address uncertainty by identifying and generating metrics, setting parameters, prioritizing, and developing mitigations, and tracking risk.

Note: May also be called Enterprise Performance Management

A1.06 Corporate Administration

Applications, software or services that support the day-to-day management and maintenance of the internal administrative operations.

A1.06.01 Legal Advice Software that supports giving legal advice.

A1.06.02 Facilities Management

Software that supports facilities management including the maintenance, administration, certification, and operation of office buildings that are possessions of the government / agency.

A1.06.03 Accommodation Management

Software that supports managing the accommodation needs of the workforce.

A1.06.04 Asset Booking Software that supports the processes for viewing availability, booking, and tracking the use of assets. Assets may include vehicles, media, and facilities.

A1.06.05 Travel Software that supports activities associated with planning, preparing, booking, and monitoring of business-related travel expenses. This may include employees and others supporting the work of the government.

A1.06.06 Service Centre Software that supports the management of a service centre to respond to government and contract employees' technical and administrative questions.

Note: The service centre software and services may be separate to A7.04.12 Service Desk software and services.

A1.07 Procurement Applications, software or services that supports procurement; the acquisition of goods, services or works from an outside external source.


A1.07.01 Supplier Management

Software used to manage the relationship and lifecycle of existing suppliers. The purpose of Supplier Management is to obtain value for money from suppliers and contracts. It ensures that underpinning contracts and agreements align with business needs, Service Level Agreements and Service Level Requirements. Supplier Management oversees process of identification of business needs, evaluation of suppliers, establishing contracts, their categorisation, management and termination. Note: This has a close link to "Partner Relationship Management" in the "Common Line of Business Application" area.

A1.07.01.01 Sourcing Management Support the supply of goods or services as well as the tracking and analysis of costs for these goods.

A1.07.01.02 Supplier Contract Management

Supplier Contract Management (SPM) is about defining what a supplier is to deliver in a contract.

A1.07.01.03 Supplier Performance Management

Supplier Performance Management (SPM) is about ensuring the supplier delivers what has been promised in the contract.

A1.07.01.04 Supplier Balanced Scorecard

A balanced scorecard includes a mixture of quantitative and qualitative measures, including how key participants perceive the quality of the relationship. These KPIs are shared between customer and supplier and reviewed jointly, reflecting the fact that the relationship is two-way and collaborative, and that strong performance on both sides is required for it to be successful. Advanced organisations conduct 360 degree scorecards, where strategic suppliers are also surveyed for feedback on their performance, the results of which are built into the scorecard.

A1.07.02 Ordering / Purchasing

Allow the placement of request for a product

A1.07.02.01 Supplier Catalogue Management

Support the listing of available products or services that an organisation offers and shopping cart / ordering functionality.

A1.07.02.02 Invoice Tracking and Approval

Software that manages inflow and outflows of "products", as well as data about the level of "products" on hand and support the identification of where a shipment or delivery is within the business cycle.

A1.07.02.03 Logistics and Transportation

Provide for efficient freight and traffic management to receive purchased goods and services.

A1.08 Business Intelligence and Analytics

Software or services to support Business intelligence (BI). It includes techniques and tools for the transformation of data and information into meaningful and useful information and knowledge for business analysis purposes. Common functions of business intelligence technologies are reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics and prescriptive analytics.

A1.08.01 Data Warehouse A data warehouse (DW, DWH), or an enterprise data warehouse (EDW), is a system used for reporting and data analysis. Integrating data from one or more disparate sources creates a central repository of data, a data warehouse (DW). Data warehouses store current and historical data and are used for creating trending reports for senior management reporting such as annual and quarterly comparisons. The data stored in the warehouse is uploaded from the operational systems (such as marketing, sales, etc.). The data may pass through an operational data store for additional operations before it is used in the DW for reporting.


A1.08.01.01 Data Mart A data mart is the access layer of the data warehouse environment that is used to get data out to the users. The data mart is a subset of the data warehouse that is usually oriented to a specific business line or team. Data marts are small slices of the data warehouse. Whereas data warehouses have an enterprise-wide depth, the information in data marts may pertain to a single department.

A1.08.01.02 Data Mining Software that provides for the efficient discovery of non-obvious, valuable patterns and relationships within a large collection of data.

A1.08.01.03 Decision Support Software or services that support business or organisational decision-making activities. Supports the management, operations, and planning levels of an organisation and helps to make decisions, which may be rapidly changing and not easily specified in advance.

A1.08.01.04 Online Analytical Processing (OLAP )

Software or services that support a process to swiftly answer multi-dimensional analytical (MDA) queries and enable users to interactively analyse multidimensional data from multiple perspectives. An OLAP consists of three basic analytical operations: consolidation, drill-down, and slicing and dicing.

A1.08.01.05 Online Transaction Processing (OLTP )

Online transaction processing (OLTP) is a class of information systems that facilitate and manage transaction-oriented applications, typically for data entry and retrieval transaction processing.

A1.08.01.06 Predictive Analysis Software and or services to provide predictive analysis. Predictive analysis is about finding and quantifying hidden patterns in the data using complex mathematical models that can be used to predict future outcomes. Predictive analysis is different from OLAP in that OLAP focuses on historical data analysis and is reactive in nature, while predictive analysis focuses on the future. These systems are also used to support Customer Relationship Management (CRM).

A1.08.02 Knowledge and Discovery Management

Software that supports knowledge and discovery management.

A1.08.02.01 Data and Information Analysis

Software and or services to support the analysis and inspection of data and information. This feeds into: - Data and Information Modelling - Data Categorisation - Data Cleaning - Data Transformation

A1.08.02.02 Information Retrieval Software that provides access to data and information for use by an organisation and its stakeholders.

A1.08.02.03 Knowledge Capture Software that facilitates collection of data and information.

A1.08.02.04 Knowledge Distribution and Delivery

Software that supports the transfer of knowledge to the end customer.

A1.08.02.05 Simulation Software or services that help manipulate information to identify patterns and create possible changes.

A1.08.02.06 Survey Data Collection Software or services that support methods to collect information from a sample of individuals in a systematic way for empirical research in social sciences, marketing and official statistics.

A1.08.03 Business Intelligence Reporting

Software and or services that supports analysis, reporting and statistics for Business Intelligence.


A1.08.03.01 Ad hoc Reporting Software tools or services that support the creation and display of individually designed and structured reports with self-service access to meaningful data.

A1.08.03.02 Balanced Scorecard A semi-standard structured report supported by proven design methods and automation tools that can be used by managers to keep track of the execution of activities by the staff within their control and to monitor the consequences arising from these actions.

A1.08.03.03 BI Dashboard A dashboard is "an easy to read, often single page, real-time user interface, showing a graphical presentation of the current status (snapshot) and historical trends of an organisation’s key performance indicators to enable instantaneous and informed decisions to be made at a glance. In real-world terms, "dashboard" is another name for "progress report" or "report." Often, the "dashboard" is displayed on a web page that is linked to a database which allows the report to be constantly updated. A dashboard can be created as a 'mashup' of data from different sources. Note: This is not to be confused with a balanced scorecard.

A1.08.03.04 On Demand Reporting Software tools or services that support on-demand reporting. An on-demand report is a formatted version of a report run with the currently available data and viewed immediately. When you run an on-demand report, you can specify the parameter values to use; the report is then formatted using the current data and displayed in the report viewer.

A1.08.03.05 Standardised / Canned Software or services that support the creation and display of standard reports with self-service access to meaningful data.

A1.08.04 Operational Data Store (ODS)

An operational data store (ODS) is a database designed to integrate data from multiple sources for additional operations on the data. Unlike a master data store the data is not passed back to operational systems. It may be passed for further operations and to the data warehouse for reporting. Because the data originates from multiple sources, the integration often involves cleaning, resolving redundancy and checking against business rules for integrity. An ODS is usually designed to contain low-level or atomic (indivisible) data (such as transactions and prices) with limited history that is captured "real time" or "near real time" as opposed to the much greater volumes of data stored in the data warehouse generally on a less-frequent basis.

A1.08.05 Statistical Analytics Software or services that support the study of a collection, organisation, analysis, and interpretation of data.


A1.08.06 Data Profiling Software that supports all forms of data analysis of extremely large, complex data sets (big data) that are manipulated for business consumption. Data profiling is the process of examining the data available in an existing data source (e.g. a database or a file) and collecting statistics and information about that data. The purpose of these statistics may be to: - Find out whether existing data can easily be used for other purposes. - Improve the ability to search the data by tagging it with keywords, descriptions, or assigning it to a category. - Give metrics on data quality including whether the data conforms to particular standards or patterns. - Assess the risk involved in integrating data for new applications, including the challenges of joins. - Assess whether metadata accurately describes the actual values in the source database. - Understanding data challenges early in any data intensive project, so that late project surprises are avoided. Finding data problems late in the project can lead to delays and cost overruns. - Have an enterprise view of all data, for uses such as master data management where key data is needed, or data governance for improving data quality.

A1.09 Business Continuity Software or services to support the business continuity. This includes Health and Safety Management, Disaster Management.

A1.09.01 Health & Safety Software and or services that support the security and physical well-being of an organisation's employees.

Note: This is often part of an HR suite.

A1.09.02 Disaster Management

Software and or services that support the emergency processes and recovery of the physical facilities and people in case of a disaster.

A1.10 Unified Communications and Collaboration

Software and or services that support unified communications and collaboration.

A1.10.01 Calendaring Software and or services that provide users with an electronic version of a calendar, an appointment book, address book, and/or contact list.

A1.10.02 Communications Integration

Software and or services that support the integration and coordination between different communication types that delivers the value of unified communications. It includes the ability to contact people with a range of different types of communications technology as appropriate for the situation and person, presence across different communication types, and follow-me functionality across different communication types.

A1.10.03 Electronic Meeting and Collaboration

Software and or services for sharing presentations, electronic whiteboards, screens with other meeting participants. These may be delivered bundled as part of video conferencing tools, or delivered separately.


A1.10.03.01 Web Conferencing Web conferencing is made possible by Internet technologies, particularly on TCP/IP connections. Services may allow real-time point-to-point communications as well as multicast communications from one sender to many receivers. It offers data streams of text-based messages, voice and video chat to be shared simultaneously, across geographically dispersed locations. Applications for web conferencing include meetings, training events, lectures, or presentations from a web-connected computer to other web-connected computers and mobile devices.

Note: A distinction has been drawn between Web conferencing which typically involves people using their desktop or mobile devices and Video Conferencing (A1.10.09.03) involving specialised equipment.

A1.10.04 Email Server Software and or services for delivering, storing and managing e-mail. Electronic mail, commonly referred to as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Email systems are based on a store-and-forward model. Email servers accept, forward, deliver and store messages.

A1.10.05 Event / News Management

Software and or services that provides users with frequently updated content to which they subscribe.

A1.10.06 Instant Messaging Software and or services that provides Instant messaging (IM). These technologies support a form of communication over the Internet that offers quick transmission of text-based messages from sender to receiver. In push mode between two or more people using personal computers or other devices, along with shared clients, instant messaging basically offers real-time direct written language-based online chat. The user's text is conveyed over a network, such as the Internet. It may address point-to-point communications as well as multicast communications from one sender to many receivers. More advanced instant messaging allows enhanced modes of communication, such as live voice or video calling, video chat and inclusion of hyperlinks to media.

A1.10.07 Social Software Software that supports the capturing, storing and presentation of communication, usually written but may include audio and video as well. Interactive tools handle mediated interactions between a pair or group of users. They focus on establishing and maintaining a connection among users, facilitating the mechanics of conversation and talk.

A1.10.08 Syndication Management

Software and or services that supports web feed formats used to publish frequently updated works, such as blog entries, news headlines, audio, and video, in a standardised format. This can include ATOM feeds, RSS etc.

A1.10.09 Video Software and or services for communicating with people using video. Video is the technology of electronically capturing, recording, processing, storing, transmitting, and reconstructing a sequence of still images representing scenes in motion.

A1.10.09.01 On-demand Video Streaming

On-demand Video Streaming (Also called Video on demand - VOD) are systems which allow users to select and watch/listen to video (and audio) content when they choose to, rather than having to watch at a specific broadcast time.

A1.10.09.02 Video Chat Video Chat is designed for individuals to set up real time connection with audio and video.


A1.10.09.03 Video Conferencing Video Conferencing (also known as Videoconferencing - VC) is designed to serve a conference by a set of telecommunication technologies which allow two or more locations to communicate by simultaneous two-way video and audio transmissions.

Note: A distinction has been drawn between Video Conferencing involving specialised equipment and Web conferencing (A1.10.03.01) which typically involves people using their desktop or mobile devices.

A1.10.10 Voice Software for communicating with people using voice or audio channels.

A1.10.11 Voicemail Software for storing voicemail, delivering notifications and managing access to stored messages. Voice-mail is a computer based system that allows users and subscribers to exchange personal voice messages; to select and deliver voice information; and to process transactions relating to individuals, organisations, products and services, using an ordinary telephone.

A1.10.99 Other Unified Communications and Collaboration

Other Unified Communications and Collaboration software.

A1.11 Enterprise Content Management (ECM)

Software and or services that support Enterprise Content Management. ECM is an umbrella term covering document management, Web content management, search, collaboration, records management, digital asset management (DAM), workflow management, capture, and scanning. ECM is primarily aimed at managing the life-cycle of information from initial publication or creation all the way through archival and eventually disposal. Note: The underlying modules / applications components / services are found in "Records and Content Management".

A1.12 Business Process Management System (BPMS)

The Business Process Management System (BPMS) is considered a critical component of operational intelligence (OI) solutions to deliver real-time, actionable information. This real-time information can be acted upon in a variety of ways - alerts can be sent or executive decisions can be made using real-time dashboards. OI solutions use real-time information to take automated action based on pre-defined rules so that security measures and or exception management processes can be initiated. Note: BPM is viewed as a bridge between Information Technology (IT) and Business. Note: The components that make up BPMS are found in the application area "Business Process Management Tools". For the purposes of the ART we have taken this approach as while BPMS is a recognised application system or suite the components can be found in many other applications as core building blocks for those applications.


A1.13 Business Transformation and Improvement

Software and or services that supports business transformation. Business transformation is about making fundamental changes in how business is conducted. Business improvement is about making evolutionary changes, and includes the practice of Business Process Improvement (BPI). This application area covers the software tools to manage both transformation and improvement. Business transformation is achieved by realigning the way staff work, how the organisation is structured and how technology is used. Typically organisations go through several stages in transforming themselves: - Recognising the need to change and gaining consensus amongst stakeholders that dramatic change is necessary. - Agreeing what form the change should take the objectives of the change and a vision that describes a better future. - Understanding what the organisation is changing from and what needs to change in detail. - Designing the new organisational way of working and its support and management. - Testing and implementing changes, usually in waves, typically over a number of years. - Bedding in the change so that the organisation cannot move back to how it was and achieves the intended benefits. Business Process Improvement is a systematic approach to help an organisation optimize its underlying processes to achieve more efficient results.

A1.13.01 Business Change Management

Software and or services that support Change Management. Change Management is the process, tools and techniques to manage the people-side of change to achieve the required business outcome. It also incorporates the organisational tools that can be utilised to help individuals make successful personal transitions resulting in the adoption and realisation of change. - Process: Planning for change, Managing change, Reinforcing change. - Tools: Individual change model, Communications, Sponsorship, Coaching, Training, Resistance management.

A1.13.02 Portfolio Management

Software and or services that support the centralized management of processes, methods, and technologies used by project managers and project management offices to analyse and collectively manage current or proposed projects based on numerous key characteristics.

A1.13.03 Programme Management

Software and or services that support Program Management. Programme Management is the process of managing several related projects. It provides oversight of the purpose and status of the projects in a program and can use this oversight to support project-level activity to ensure the program goals are met by providing a decision-making capacity that cannot be achieved at project level.

A1.13.04 Project Management

Software and or services that provides capabilities for cost estimation and planning, scheduling, cost control and budget management, resource allocation, collaboration, communication, quality management and documentation or administration systems, which are used to deal with the complexity of large projects. Project management is the application of knowledge, skills, tools and techniques to project activities to meet project requirements. Project management is accomplished through the application and integration of the project management processes of initiating, planning, executing, monitoring and controlling, and closing.

A1.13.05 Requirements Management

Software and or services used to document, analyse, trace, prioritize and agree on requirements for an initiative and communicate with the relevant stakeholders.


A1.14 Stakeholder Relationship Management

Stakeholder Relationship Management enables agencies to enter and group the people and institutions that have an interest in the agency, both internally and externally, and provide them with information about the agency. It gives the agency the means to track and manage what information and communication was provided to each stakeholder.


Common Line of Business Applications


Name Description

A2 Common Line of Business Applications

These are standard business applications within government to support the outward facing functions for managing touch-points with customers, partners and anyone who interacts with government. Note: The applications found in this domain can also be used as ICT services or application components. Many commercial applications may contain elements of applications listed here and specific software solutions may offer a mix of these in one suite.

A2.01 Product and Service Management

Software and or services that facilitate the creation and maintenance of products and services.

A2.01.01 Product and Service Lifecycle Management

These applications are used to manage the lifecycle of a product from idea through to retiring a product. Features include: managing product requirements, modelling products, providing detailed product specifications, introducing new products, managing existing products, retiring products, forecasting, and implement marketing and offer strategies.

A2.01.02 Product and Service Catalogue Management

Product and Service Catalogue Management is the ability to create and maintain products that can be offered to customers. More specifically, it is the ability to explicitly model the structure of a product, then create and centrally manage the instances (or “catalogue”) of products based upon that structure. Products are not always discreet, single items. A product can be a number of components associated together and sold as a single purchasable entity. Therefore the product may be comprised of multiple components, tangible or intangible, such as services, features, devices, etc., that are “assembled” together to form a single sellable entity. Some of the components within a product will be enabled by shared / common / reusable services (e.g., location finder). Some of the components within a product will be enabled by shared / common / reusable resources. These underlying services and resources may be managed by different parts of the organisation.

A2.01.03 Product and Service Performance Management

These applications are used to manage the performance of products and services. Features include: campaign tracking, revenue reporting, cost reporting, capacity analysis, cost management, inventory optimisation, and sourcing determination.

A2.02 Marketing Software and or services to facilitate marketing and promotion of products and services.

A2.02.01 Sales and Marketing Management

Software and or services to manage promotions of a product or service and capture of new business.


A2.02.02 Brand Management Software and or services to support the application of a trade name to a product or service as well as developing an awareness for the name

A2.02.03 Marketing Surveys Software and or services to support surveys to collect useful information from an organisation's customers.

A2.02.04 Campaign Management

Software and or services to manage the lifecycle of marketing campaigns. Ideally this should leverage a single consistent view of the customer data. It provides design, execution, analytics and refinement.

A2.03 Customer Relationship Management

Software and or services to support customer relationship management (CRM). Software used to plan, schedule, and control the activities between the customer and the enterprise, both before and after a product or service is offered.

A2.03.01 Customer Contact and Profile Management

Software and or services to provide a comprehensive view of all customer interactions, including calls, e-mail, correspondence and meetings; also provides for the maintenance of a customer’s account, business and personal information. It can automatically synchronize suitable appointment dates, times, and methods for customer contact.

A2.03.02 Customer Order and Registration Management

Software and or services to support customer order and registration that allows order creation and tracking.

A2.03.03 Customer Account Management

Software and or services to support the retention and delivery of a service or product to an organisation's clients.

A2.03.04 Customer Self-Management

Software and or services to support customer self-management that can include: - Browsing the product and services catalogue. - Viewing product and services eligibility. - Shopping cart driven order management. - Reporting problems and troubleshooting. - Setting preferences, alerts and notifications. - Access to guidelines and tutorials. - Access to Call center agents. - Account management. - Self registration to online services. - Service requests management. - Service request submission. - Service request amendment. - Service request closure.

A2.03.05 Customer Problem Management

Software and or services to support customer problem management that allows problem qualification & reception.

A2.03.06 Customer Analytics Software and or services that supports the analysis of an agency’s customers, customer experiences, as well as the scoring of third-party information as it relates to customers. This also includes handling comments and feedback from customers.


A2.04 Partner Relationship Management

Software and or services that supports the effective collaboration between an organisation and its business partners, providers, particularly members of the distribution chain (e.g. channel and alliance partners, resellers, agents, brokers and dealers) and other third parties that support operations and service delivery to an organisation’s customers; includes performance evaluation of partners, if necessary. This becomes increasingly important as government products and services are delivered through non-agency channels.

A2.04.01 Partner Contract and SLA Management

Software and or services that support partner contract and SLA management including features such as: issue reception, collection, analysis, violation management, and reporting.

A2.04.02 Partner Account Management

Software and or services that support the retention and delivery of a service or product to an agency's partners.

A2.04.03 Partner Contact and Profile Management

Software and or services that provides a comprehensive view of all partner interactions, including calls, e-mail, correspondence and meetings; also provides for the maintenance of a customer’s account, business and organisational information.

A2.04.04 Partner Problem Management

Software and or services that support partner problem qualification & reception features such as: ID validation, reception of problems from various sources, problem triage, and access to a complete partner problem history database... It also includes problem lifecycle management, problem resolution, problem reporting.

A2.04.05 Partner Analytics Software and or services for the analysis of an agency's partners, partner collaboration, partner engagement, as well as the scoring of partner information. This also includes handling comments and feedback from partners.

A2.05 Customer Accounting Software and or services for financial interactions with the customers of Government, business and individuals.

A2.05.01 Customer Financial Account Management

Software and or services that support financial account management for customer financial transactions with the agency.

A2.05.02 Customer Invoicing and Statement Management

Software and or services that support the management of customer invoices and statements produced by the agency.

A2.05.03 Customer Collections

Software and or services that is concerned with financial transactions which include receipts and payments from / to Customers.

A2.05.04 Customer Debts and Recovery

Software and or services that handles customer debts and recovery.

A2.06 Customer Service Software and or services that supports activities associated with providing an agency’s customers with information regarding the agency’s service offerings and managing the interactions and relationships with those customers. These tools can also be used by partners involved in providing service to customers.

A2.06.01 Contact Centre / Help Desk

Software and or services that support activities associated with providing an agency’s customers with information regarding the agency’s service offerings and managing the interactions and relationships with those customers.


A2.06.02 Contact Centre Management

Software and or services that support Contact Centre Management. Contact Centre Management handles telephone sales and/or service to the end customers. Application services include; contact centre workforce management (including virtual operators that may work outside the call centre), queue management (including call backs where customer choose to be called back rather than wait, and automatic call distributing queuing (ACDQ), quality monitoring, analysis, and reporting.

A2.06.03 Contact Centre Knowledge Base

Software and or services that support a Contact Centre Knowledge base. This provides instant, reliable answers to agents, for example process guides, product guides, frequently asked questions, escalation etc. Includes; search, ability to collaborate with other departments, and reporting on knowledge base usage.

A2.06.04 Case Management Software and or services that support the management of the life cycle of a particular claim or investigation within an agency to include creating, routing, tracing, assignment and closing of a case as well as collaboration among case handlers. Note: The terms case management is fairly generic, and we can find specific instances of case management for example order management, problem management, grant management etc.

A2.06.05 Online Interactive Assistance

Software and or services that provide an electronic interface for customers receive assistance from customer service personnel.

A2.06.06 Online Guidelines Software and or services that provide an electronic interface to educate and assist customers.

A2.06.07 Translation Software

Software and or services that supports or enables translation functionality. This does not include software for other purposes that can be used in multiple languages. Also known as multi-lingual support.

A2.06.08 Payment Systems Software and or services that support the use of credit cards or electronic funds transfer for payment and collection of products or services. Examples: PayPal, cash, Bitcoin, etc. Also known as point of sale systems (POS).

A2.07 Emergency Management

Software that supports delivery of emergency management services.

A2.07.01 Emergency Management Information System (EMIS)

Software that supports emergency management information collection and management. For continuity and inter-operability between emergency management stakeholders, EMIS supports an infrastructure that integrates emergency plans at all levels of government and non-government involvement for all four phases of emergencies. Common features of the software include Geographic Information Systems (GIS), weather and plume modelling, resource management, and Command, Control, and Communication (C3) functions.

A2.07.02 Hospital Incident Command System (HICS)

A Hospital Incident Command System (HICS) is an incident command system (ICS) designed for hospitals and intended for use in both emergency and non-emergency situations. It provides hospitals of all sizes with tools needed to advance their emergency preparedness and response capability—both individually and as members of the broader response community.


A2.07.03 Emergency Communications System (ECS)

An Emergency Communication System (ECS) is any system (typically, computer-based) that is organised for the primary purpose of supporting one-way and two-way communication of emergency messages between both individuals and groups of individuals. These systems are commonly designed to integrate the cross-communication of messages between varieties of communication technologies, forming a unified communication system intended to optimize communications during emergencies.

A2.08 Grants Management Software that supports grants management, where a grant of money is made to an organisation or individual for a specific purpose.

A2.08.01 Grant Receipt of Proposals

Portal for the receipt of grant proposals.

A2.08.02 Grant Administration

Software that supports the administration and monitoring of grants.

A2.08.03 Grant Review Software that supports the review process for grants.

A2.08.04 Grant Announcement

Portal that posts and publishes announcements of grants to be funded.


End User Computing


Name Description

A3 End User Computing The End User Computing application domain brings together the various applications and ICT services needed to support a range of end user computing devices, from traditional PC's through to smart phones and tablets and personalisation services.

A3.01 End User Device Management

Software and or services that controls the hardware and software environments, as well as documents of end users (individuals and or organisations). Note: Security aspects are covered under "Security Services".

A3.01.01 Application Compatibility Testing

Tool to automate the analysis of applications to determine compatibility with device operating systems.

A3.01.02 Application Deployment

Mechanism to install packaged applications to workstations and other end user devices running locally installed applications. See also "Packaging Tools".

A3.01.03 Application Discovery

Application Discovery is a tool that can be used to discover which applications are being used within an agency. Discovery tools may be agent-less or require agents and may use a variety of means to discover applications.

A3.01.04 OS Deployment The OS Deployment tools are used to deploy (patched) operating system images. See also "Packaging Tools".

A3.01.05 Packaging Tools Tools or solution set for packaging applications for delivery to an end user device. See also" OS Deployment" and "Application Deployment".

A3.01.06 Patch Manager Tools to automatically remediate manage installation of and report on operating system and application software patches. The applicability of this functional component is mainly focussed on fat device desktop and fat device laptop.

A3.01.07 Persona Manager Persona Manager tools maintain information relevant to a particular user (settings, preferences, and configuration) and determine how it is managed across devices and contexts.

A3.01.08 Policy Compliance Manager

Policy Compliance Manager tools monitor configuration against policy for compliance and initiates action if the configuration does not comply with the relevant policy. Note: Policy Compliance Manager, Policy Manager and Security Configuration Manager are often, though not always, implemented using the same software technology.


A3.01.09 Policy Manager Tools to manage deployment and enforcement of policy on the configuration and settings of devices and their operating systems. NB: Policy Compliance Manager, Policy Manager and Security Configuration Manager are often, though not always, implemented using the same software technology.

A3.01.10 Security Configuration Manager

Tools to manage, report on and enforce required security configuration of client devices. NB: Policy Compliance Manager, Policy Manager and Security Configuration Manager are often, though not always, implemented using the same software technology.

A3.01.11 Self Service Application Store

A Self-Service App Store allows users to self-select, and automatically provision applications onto their devices. This may include workflow functionality to allow for line-management approval or to control expenditure, license consumption and financial approval.

A3.01.12 User Data Manager User Data Manager tools provide access to users’ files regardless of their environment. This functional building block does NOT guarantee off-line access, but may deliver that as an additional feature.

A3.01.13 Virtualisation Compatibility Testing

Tool to automate the analysis of applications to determine compatibility with application virtualisation. Note: these tools are often implemented in combination with Application Compatibility Testing.

A3.01.14 Virtual Desktop Manager

Virtual Desktop Manager tools manage the allocation and configuration of virtual desktops and virtual desktop pools to PC's and other end user devices.

A3.01.15 Privacy and Policy Enforcement Management

Tools to manage, report on and enforce required privacy and policy configuration of client devices.

A3.01.99 Other End User Configuration Management

Other End User Configuration Management tools.

A3.02 End User Tools End User Tools consists of all of the utility applications that are available for use by the users of the Standard Operating Environment (SOE). There will be a variance of the utilities required between devices. In addition, some operating systems deliver these capabilities as part of the operating system’s native capabilities. Therefore care needs to be taken not to merely provide a utility because it is in this list, but instead to ensure that these capabilities are delivered by the complete SOE while minimising the number of utilities delivered as separate applications. Note: Productivity, Mobile Applications, Unified Communications and Collaboration, and Visualisation have specific application areas and are not include here.

A3.02.01 Additional Language Support

Software and or services that support additional languages. This gives the use the ability to enter, display and spell-check additional languages as required. Māori should be installed as a default.

A3.02.02 Audio Tools Audio Tools are required to adjust and tune audio components installed in the devices. There are some tools resident in the OS, but advanced functionality can be gained from using the native tools that are provided with the audio components.

A3.02.03 File Compression and Extraction

File compression software and or services. File Compression is the capability to compress files for storage or transit and extract files that have been compressed. There are formats that are commonly used such as ZIP, which require an additional software component or could be supported natively in the Operating System being run.


A3.02.04 File Screen Saver An application that displays an image on and end user device display after a pre-set time to hide applications and the information they display when running on that device to minimise the opportunity for unauthorised access. Screen Savers include the ability to auto-lock a device.

A3.02.05 Display Tools Display Tools are required to attach additional monitors / projectors and to change resolution states etc. Some display tools are resident in the OS, but advanced functionality can be gained by using the native tools that are provided with the display adapter.

A3.02.06 Legacy Browser Support

Legacy Browser Support services provide the ability to display web applications that require legacy browsers, for example some applications require Internet Explorer 6 proprietary extensions.

A3.02.07 Document Reader A document reader is software required to read documents such as PDF files. This is a basic tool that does not allow editing of the document. This software is subject to regular version updates which can be problematic for users and cause issues in locked down environments. Because of this, the software is a perfect candidate for Application Virtualisation technology.

A3.02.08 Power Management Tools

Power Management Tools allow changes to be made to the power scheme on the device. This can reduce the energy consumption on the device or ensure power saving doesn't affect expected operation. As an example, users would turn off hibernation if they were going to be doing a presentation. Power settings have the potential to save an organisation a substantial amount of money, when the savings per device are multiplied by the number of devices installed.

A3.02.09 Runtime Environment

Runtime Environments (also known as Development frameworks) such as a Java runtime environment or .NET are required to allow applications or applets based on those frameworks to execute. Incompatibility issues can arise when different versions of the frameworks are required on a single device. This can be resolved using Application Virtualisation Client and its associated backend technologies, as each virtual bubble forms an isolation barrier.

A3.02.10 Web Application Frameworks

Web Application Frameworks are required to run web application components developed in that framework. Examples of these frameworks are Adobe Flash and Air or Microsoft Silverlight.

A3.02.11 Web Browser Web Browser provides the interface to all web based content, be it on the Internet or Intranet. Often the delivery of web applications is underestimated because of a perception that it’s simply browser based. Web applications often require additional applets or plug-ins for the application to work or to be displayed for the visually impaired. These factors need to be considered to ensure usability and security is not compromised.

A3.02.12 Secure Remote Access

Solution providing secure access from outside the boundaries of the agency to a user’s end user computing environment. Enables authorised individuals to remotely access the user interface of a computing resource for the purpose of installation, configuration, auditing or process management.

A3.02.99 Other End User Tools

Other end user tools without a defined application category.

A3.03 Mobile Applications Mobile applications are deployed on mobile devices such as smart phones and tablets.


A3.04 Productivity Suite Productivity Suite is the core suite of bundled applications that support the most commonly used office activities such as; Word processor, Spreadsheet, Email clients, Presentation software, Drawing tools, Publishing software, and Database application.

A3.04.01 Image Manipulation

Software used to create or edit images. Includes: vector and raster drawings, colour manipulation, image filtering, etc.

A3.04.02 Email Clients Email Clients also known as Mail User Agents - MUA.

A3.04.03 Presentation Software used to display information, normally in the form of a slide show.

A3.04.04 Publishing Software used to publishing.

A3.04.05 Spreadsheet Software used to create, update and/or read a two-dimensional matrix of rows and columns.

A3.04.06 Word Processing Software used for the composition, editing, formatting and/or possibly printing of print material.

A3.04.07 Follow-me Printing A service for sending documents to a print queue that can be accessed by any networked printer when the user authenticates with that printer.

A3.04.99 Other Productivity Suite

Other Productivity Suite software that does not have an existing application category.

A3.05 Graphics and Multimedia

Software and or services that supports visualisation.

A3.05.01 Charting Software to develop graphical representation of data in which the data is represented by symbols such as bars, lines, slices, dots, size, etc.

A3.05.02 Computer Aided Design (CAD)

Software that supports the use of computer technology for the process of design and design-documentation and includes software or environments which provide the user with input-tools for the purpose of streamlining design processes; drafting, documentation, and manufacturing processes.

A3.05.04 Idea Mapping Software that is used to create diagrams of relationships between concepts, ideas or other pieces of information.

A3.05.05 Multimedia Software to manage, develop and manipulate content from a combination of different content forms such as text, audio, still images, animation, video, or interactivity.

A3.05.06 Photographic Software that supports the capture, storage, and manipulation of photographic images.

A3.05.07 Video Editors Software that enables a person to manipulate animated or video visual images on a computer.

A3.05.99 Other Visualisation Applications

Other visualisation software that does not have an existing application category.


Data and Information Management Services


Name Description

A4 Data and Information Management Services

Software and or services that support management of government data and information and the alignment with standards, quality initiatives, good practice accessibility, etc. This includes the development, execution and supervision of plans, policies, programmes and practices that control, protect, deliver and enhance the value of data and information assets.

A4.01 Data and Information Architecture

Software and or services that support data and information architecture which is composed of models, policies, rules or standards that govern which data is collected, and how it is stored, arranged, integrated, and put to use in data systems and in organisations. Data and Information is one of the architecture dimensions that form the pillars of an enterprise architecture or solution architecture

A4.01.01 Data and Information Categorisation

Software and or services that supports the creation and maintenance of relationships between data entities, naming standards and categorisation and allows classification of data and information into specific layers or types to support an organisation.

A4.01.02 Data and Information Modelling

Software and or services to support data and information modelling to define and analyse data requirements needed to support the business.

A4.01.03 Data Representation Languages

Software languages used for data representation, such as XML, JSOW, SDL, GSML and other markup languages.

A4.01.04 Metadata Management

Software that supports the maintenance and administration of data that describes data.

A4.02 Data and Information Interoperability

Software and services that support data and information interoperability. Interoperability is the ability of making systems and organisations work together (inter-operate) to allow for information exchange,

A4.02.01 Data and Information Catalogue

Software and or services that support the cataloguing of data and information assets.

A4.02.02 Data Extraction, Transformation and Loading

Software that supports the extraction of data from a data source, the manipulation and change of data to a different format and the population of data destination with the transformed data.

A4.02.03 Data Integration and Exchange

Software services that enable elements of distributed business applications to interoperate and the software development necessary to facilitate such integration. These elements can share function, content, and communications across heterogeneous computing environments. Includes data import and export between systems and or services.


A4.02.04 Data Mapping Software that supports the process of creating data element mappings between two distinct data models. Data mapping is used as a first step for a wide variety of data integration tasks.

A4.02.05 Metadata Extraction

Software and or services that support metadata extraction. It includes: - Automatically extracts preservation-related metadata from digital files. - Output metadata in a standard format (XML) for use in preservation activities. Can be used for preservation data processes and activities, resource discovery and other.

A4.02.06 Records Linking / Association

Software and or services that support the correlation between logical data and information sets.

A4.03 Data and Records Governance

Software and or services that supports data and records governance. Data governance encompasses the people, processes, and information technology required to create a consistent and proper handling of an organisation's data across the business enterprise. It is a set of processes that ensures that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient. Data governance also describes an evolutionary process for a company, altering the company’s way of thinking and setting up the processes to handle information so that it may be utilised by the entire organisation. It’s about using technology when necessary in many forms to help aid the process. Note: Note: In New Zealand (Australia and Canada) we have a view that something is inherently a record because it provides evidence of a transaction; therefore almost all content including data and documents are also records. However most software has been developed to support the US model where records only becomes records only after someone or some process has formally declared them to be a record. Note: "Data Quality Management" can be part of "Data Governance".

A4.03.01 Data Lifecycle Management

Software and or services that support a policy-based approach to managing the flow of an information system's data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted.

A4.03.02 Master Data Management

Software and or services that supports a set of processes and tools that consistently define and manage the non-transactional data entities of an organisation, which may include reference data. It has the objective of providing processes for collecting, aggregating, matching, consolidating, quality-assuring, and distributing such data throughout an organisation to ensure consistency and control in the ongoing maintenance and application use of this information.


A4.03.03 Records Disposal Software and or services that supports the process of records disposal. In records management there are five possible disposal outcomes under the NZ Public Records Act 2005 Subsection 20: - Destruction. - Transfer to another government agency. - Transfer to Archives NZ for long term preservation and availability. - Discharge to another entity, e.g. another government department. - Sale. Disposal supports these steps: > Step 1 - A record becomes inactive because a passive or active trigger: - No person or mechanism is continuing to alter it – we observe the lack of activity, and after a period of time we conclude that it is inactive. - A later version has been created and/or a record has been superseded and this record should No longer be in current use. - In some cases a person or mechanism closes/finalises the record to prevent any further changes to the content and to some attributes. > Step 2 - The record is retained for a period of time after last alteration. This period could be seconds (keep the sent data packet until recipient acknowledges receipt) through to decades. > Step 3 - The record disposal action occurs – destruction or transfer to an archival authority, discharge.

A4.03.03.01 Records Transfer to Chief Archivist

Software and or services that support the transfer of control of the record to the chief archivist. This may, or may not, involve transfer of the actual records. Note: In records management the term 'archival' is not a proxy for storage.

A4.03.03.02 Records Destruction Software and or services that supports the destruction of records.

A4.03.03.03 Records Discharge Software and or services that supports the discharge of records.

A4.03.03.04 Records Transfer Software and or services that support the transfer of the control of records from one government agency to another. This may, or may not, involve transfer of the actual records.

A4.03.03.05 Records Sale Software and or services that support the sale of the records from a government agency to a buyer.

A4.03.04 Controlled Vocabulary

Software and or services that provides a way to organize knowledge for subsequent retrieval. They are used in subject indexing schemes, subject headings, thesauri, taxonomies and other forms of knowledge organisation systems. Controlled vocabulary schemes mandate the use of predefined, authorised terms that have been preselected by the designer of the vocabulary, in contrast to natural language vocabularies, where there is no restriction on the vocabulary.

A4.04 Data Quality Management

Software and or services to ensure that data are fit for their intended uses in operations, decision making and planning and to ensure internal consistency of the data.

A4.04.01 Data Cleansing Software and or services that support the cleaning of data and information. Cleansing can including merging data, removing duplicates, identifying authoritative sources, fixing data entry errors, marking suspect records.

A4.04.02 Data Enrichment Software and or services that support data enrichment. Data enrichment is a general term that refers to processes used to enhance, refine or otherwise improve raw data. This idea and other similar concepts contribute to making data a valuable asset for almost any modern business or organisation.


A4.04.03 Data Integrity Software and or services that support data integrity. Data integrity refers to maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data.

A4.04.04 Data Quality Assurance

Software and or services that support data quality assurance. Data quality assurance is the process of profiling the data to discover inconsistencies and other anomalies in the data, as well as performing data cleansing activities (e.g. removing outliers, missing data interpolation) to improve the data quality. These activities can be undertaken as part of data warehousing or as part of the database administration of an existing piece of applications software.

A4.05 Data Protection Software and or services that support data security and protection. Note: Other aspects of data security are covered under the application domain "Security Services".

A4.05.01 Data Access Levels Software and or services that support adding access levels to data entities, attributes and record level content.

A4.05.02 Data Archiving Software and or services that support data archiving. Data archiving is the process of moving data that is no longer actively used to a separate data storage device for long-term retention. Data archives consist of older data that is still important and necessary for future reference, as well as data that must be retained for regulatory compliance. Data archives are indexed and have search capabilities so that files and parts of files can be easily located and retrieved. Note: Data archives are often confused with data backups, which are copies of data. Data backups are used to restore data in case it is corrupted or destroyed. In contrast, data archives protect older information that is not needed for everyday operations but may occasionally need to be accessed.

A4.05.03 Data Erasure Software and or services that support data erasure (also called data clearing or data wiping) is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment. New flash memory–based media implementations, such as solid-state drives or USB flash drives can cause data erasure techniques to fail allowing remnant data to be recoverable.

A4.05.04 Data Masking Software and or services that support the masking of data entities at attribute and record level to support privacy of information such as a credit card number, passwords, and for the creating of test data.

A4.05.05 Data Replication Software and or services that support the replication of data so that data is not lost in the event of a failure of the storage hardware. This is related to but different from backup and restore.

A4.06 Database Management

Software and or services that support database management.


A4.06.01 Database Management System (DBMS)

Database management systems (DBMSs) are computer software applications that interact with the user, other applications, and the database itself to capture and analyse data. A general-purpose DBMS is designed to allow the definition, creation, querying, update, and administration of databases. Note: Database Management System covers database, administration, tuning, backup, recovery, upgrades, etc.

A4.06.02 Database Administration

Registering and monitoring users, enforcing data security, monitoring performance, maintaining data integrity, dealing with concurrency control, and recovering information if the system fails.

A4.06.03 Database Backup and Recovery

Software and or services that creates copies of databases which may be used to restore the original after a data loss event or to restore and stabilize data sets to a consistent, desired state.

A4.06.04 Database Tuning Database maintenance includes software tools and or services to monitor, tune, upgrade, migrate and optimise databases. It also includes tablespace maintenance.

A4.07 Additional Data and Information Services

Software and or services that supports data and information services. Note: "Enterprise Content Management" is in the "Corporate Applications" domain. "Data Mining" and "Data Profiling" are covered in the "Business Intelligence and Analytics" in area A1.

A4.07.01 Auto Categorisation Auto Categorisation is an approach to use technology to automatically determine what a piece of electronic content is and how to address it. In the context of records management, auto categorisation can be helpful in two areas: determining whether a piece of content is a record or not and then assigning that record to its logical spot in the classification scheme. The technology analyses the record to determine what it is and where it goes. In most cases this analysis is based on the content of the record itself. For a record that contains text-type information, such as Microsoft Word, email, PDFs, project files, and others, the text can be analysed. For records that are images, some solutions can use character recognition technologies like OCR and barcodes to extract meaning from the image and analyse that. For other types of content, and even for some of these types as well in some systems, the application analyses the metadata of the record. For email this might include date sent and address of the sender, while for a Word document it might include the title of the document or its author. Even the file format itself could provide initial analysis; for an engineering firm, for example, the mere fact that a document is a CAD drawing or a .dwg file could be enough to start the classification process (though it would almost certainly not end there).

A4.07.02 Digital Rights Management

Software and or services that support the claim and ownership of intellectual capital and artefacts belonging to an organisation.

A4.07.03 Digital Conversion Software that supports scanning and the interpretation into digital formats. Depending on the reason for an image being scanned there may be special requirements as to the quality of the image. For example scanning a tax invoice does not need to be high quality whereas LINZ scanning a map for a record of a property needs to have a very high quality image. Includes 3D scanning of objects.


A4.07.04 Enterprise Search Software and or services that support the search information within an enterprise (though the search function and its results may still be public). Enterprise search can be contrasted with web search, which applies search technology to documents on the open web, and desktop search, which applies search technology to the content on a single computer. Enterprise search systems index data and documents from a variety of sources such as: file systems, intranets, document management systems, e-mail, and databases. Many enterprise search systems integrate structured and unstructured data in their collections. Enterprise search systems also use access controls to enforce a security policy on their users.

A4.07.05 Optical Character Recognition (OCR)

Software that supports scanning and the interpretation of images into digital formats. Depending on the reason for an image being scanned there may be special requirements as to the quality of the image. For example scanning a tax invoice does not need to be high quality whereas LINZ scanning a map for a record of a property needs to have a very high quality image. Includes 3D scanning of objects.

A4.07.06 Data and Information Analytics

Software and or services to support text, voice, video, sound analytics. This involves information retrieval, lexical analysis to study word frequency distributions, pattern recognition, tagging/annotation, information extraction, data mining techniques including link and association analysis, visualisation, and predictive analytics. The overarching goal is, essentially, to turn text, voice, video, sound into data for analysis, via application of natural language processing (NLP) and analytical methods.

A4.07.07 Version Control Software and or services to support version control. Most commonly run as stand-alone applications, but revision control is also embedded in various types of software such as word processors and spreadsheets. Note: It is also covered by the "Content Control" application category within the "Content Management" application area and in various content management systems.

A4.07.99 Other Data and Information Services

Other Data and Information Services without a defined application category.

A4.08 Geospatial Information

Software and or services that supports geospatial information. Geospatial information is information describing the location and names of features beneath, on or above the earth's surface.

Note: May be known as GIS short for Geospatial Information System or Geographic Information System.

A4.08.01 Cartography Software that supports the creation of maps. Includes hydrography.

A4.08.02 Collection and Manipulation of Satellite and Aerial Photographs

Software which supports the modification or analysis of imagery information.

A4.08.03 Geometric Networks

Software that supports modelling of common networks and infrastructures found in the real world. Water distribution, electrical lines, gas pipelines, telephone services, and water flow in a stream are all examples of resource flows that can be modelled and analysed using a geometric network.


A4.08.04 Geocoding (Forward Geocoding)

Software that supports Geocoding. This is sometimes called forward geocoding and is the process of enriching a description of a location, most typically a postal address or place name, with geographic coordinates from spatial reference data such as building polygons, land parcels, street addresses, ZIP codes (postal codes) and so on. Geocoding facilitates spatial analysis using Geographic Information Systems and Enterprise Location Intelligence systems.

A4.08.05 Geospatial Data Analysis

Supports the application of statistical analysis and other informational techniques to geographically based data. Also known as Geostatistics.

A4.08.06 Geospatial Data Collection

Software that supports the collection or management of geospatial information. Includes hydrographic data collection

A4.08.07 Hydrological Modelling

Software that supports Hydrologic modelling. They are primarily used for hydrologic prediction and for understanding hydrologic processes.

A4.08.08 Imagery Software that supports the collection of information via satellite and aerial photography.

A4.08.09 Reverse Geocoding Software that supports Reverse Geocoding. Reverse geocoding is the process of enriching geographic coordinates with a description of the location, most typically a postal address or place name.

A4.08.10 Spatial Data Infrastructure

Software that supports linking online spatial data and allowing it to be discovered, accessed and used.

A4.08.11 Topological Modelling

Software that supports modelling utilising the topological properties of spatial objects. Topology is one of the mechanisms to describe relationships between spatial objects. Thus, it is the basis for many spatial operations.

A4.08.12 Spatial Data Modelling

Software that supports modelling of spatial data. This includes: - Vector data representation as discrete points, lines, and polygons. - Raster data representation of landscapes as a rectangular matrix of square cells. - Projections - Tiling. It supports the Geo Service Standards.

A4.09 Content Management System

A content management system (CMS) is application software and or services that allow publishing, editing and modifying, organising, and deleting content. Content management systems are generally replacing the older Document Management Systems (DMS), and Enterprise Content Management (ECM) is in turn subsuming Content Management.

A4.09.01 Content Categorisation

Software and or services that support the categorisation of content, both electronic and physical, and artefacts using metadata for aggregation,

A4.09.02 Content Control Software and or services that support the control of content and artefacts used by an organisation and its stakeholders. Content control is used to put in place defined processes around the development, publication and withdrawal/retirement of documents.

A4.09.03 Content Library On line repository of content, documents, letters, speeches, web sites, books, or articles to be shared.


A4.09.04 Content Publishing Software and or services that supports the collection, managing, and publishing of information in any form or medium, including intranet, internet, etc. When stored and accessed via computers, this information has come to be referred to, simply, as content or, to be precise, digital content. Digital content may take the form of text (such as electronic documents), multimedia files (such as audio or video files), or any other file type that follows a content lifecycle requiring management.

A4.09.05 Content Workflow Software and or services that supports routing documents (or pages) between users responsible for working on them. This is often used to implement a review and sign-off process for new or updated content. Workflow is the management of who exactly is working on a ContentElement or ContentTemplate, what exactly they are doing, and when. The workflow reporting system sends messages to others working on a page, with details of actions taken. Different workers can have assigned roles. Notification may be sent to the roles rather than the individuals. Typical roles are writers, copy editors, editors, illustrators, graphic artists, rights clearance managers, lawyers, (multilingual) localizers, and publishers. Note: This is specialised workflow software. Generic workflow software and services can be found in the ICT Service Components domain.

A4.10 Web Content Management

Web Content Management is software and or services that provide website authoring, collaboration, and administration tools designed to allow users with little knowledge of web programming languages or mark-up languages to create and manage website content with relative ease. A robust Web Content Management System provides the foundation for collaboration, offering users the ability to manage documents and output for multiple author editing and participation.

Note: Enterprise Content Management Systems may include Web Content Management but often this has been considered a specialist application alongside Content Management Systems so it has its own category in this taxonomy.


Identity and Access Management Services


Name Description

A5 Identity and Access Management Services

Software and services to support Identity and access management (IAM), identifying, controlling and auditing interactions with government assets. This enables the security discipline of authorised access to the right resources at the right times for the right reasons.

A5.01 Identity Governance and Accountability

Software and or services at which entities create, monitor, and enforce rules, guidelines, and requirements for executing the IDESG functional elements across communities or actors. Unlike the administration and operations layer, the governance and accountability layer is specifically intended to address cross entity efforts rather than enterprise or internal governance.

A5.01.01 Policy / Rule / Requirements Development

Software and or services for creating a trust framework including identifying or adopting rules, requirements, and policy for governing the use of identities and identity technology within a specific community.

A5.01.02 Identity Accreditation

Software and or services for the evaluation, approval and formal recognition that an entity is capable of carrying out certification or assessment activities for a trust framework.

A5.01.03 Identity Certification

Software and or services for the evaluation, approval and formal recognition that an entity is capable of carrying out certification or assessment activities for a trust framework of assessing, validating, and determining that a product or service provider meets the defined requirements of a trust framework.

A5.01.04 Identity Reporting Software and or services to support identity performance reporting; such as revocation lists, user accounts list, incidents, recovery, redress etc.

A5.01.05 Role / Persona Engineering & Modelling

Software and or services to support modelling of personas and roles within an organisation.

A5.01.06 Separation of Duties (SoD) Compliance

Software and or services to enforce separation of duties for tasks where additional fail safes are required or advisable to prevent loss due to fraud or mistake.

A5.01.07 Identity Conformance

Software and or services to support the process of reviewing and collecting evidence of an entity’s conformance with enterprise rules, policies, and requirements.

A5.02 Identity Administration and Operations

Software and or services to administer and support the basic operations and functions that may occur in online identity-related interactions — grouped into core operations. Not all elements will be invoked in every identity interaction, and some may be invoked multiple times. While logically some functions are likely to occur before or after others, there is no explicit order specified in the model.


A5.02.01 Role Management Software and or services providing centralised or federated role management function to a single set of organisations and services regardless of geographic location.

A5.02.02 Identity Workflow Design and Implementation

Software and or services to design and implement workflow solutions to Identity & Access Management requirements.

A5.02.03 Identity Provisioning

Software and or services supporting the provisioning of approved identities and access controls such as the creation of accounts on target enterprise applications in response to a user profile.

A5.02.04 Identity Updates (Periodic & Event Based)

Software and or services by which an entity updates accounts, attributes, credentials, and other identity information to determine eligibility for an entitlement; may be periodic in nature or event based (e.g., marriage, end of subscription, etc.), including revocation.

A5.02.05 Identity Recovery Software and or services to support identity recovery; this includes the continuity of credentials, attributes, and other identity services following a security or privacy event (e.g., data breach, disruption of services, etc.) All ecosystem participants are responsible for executing recovery activities.

A5.02.06 Identity Redress Software and or service that support reconciliation of errors that occur during the operations and processes of an identity system. All ecosystem participants must execute redress activities.

A5.02.07 Identity Assurance Software and or services to determine, with some level of certainty, that a claim to a particular identity by some entity can be trusted to be the claimant's "true" identity.

A5.02.08 Identity Entitlement & Access Audit

Software and or services to enable an organisation to certify users, and support the process of reviewing and collecting evidence of an entity’s conformance with the rules, policies, and requirements for a trust framework or community. This is essentially an audit of the entitlements that personnel hold to ensure they do not have entitlements that they should not hold.

A5.03 Authentication Services

Software and or services used to confirm the identity of a user.

A5.03.01 Adaptive Authentication

Software and or service that support a risk based approach to authentication where the complexity of the authentication "challenge" is determined by the risk of the transaction. Factors considered in determining the risk include the profile of the user, connection type, IP geolocation and keystroke dynamics)

A5.03.02 Authentication Brokerage

Software and or service that support centralised responsibility for authenticating the consumer and issuing them with a credential that can be used to access services.

A5.03.03 Multi-factor Authentication

Software and or service that supports multi-factor authentication that requires the presentation of two or more of the three authentication factors, being the knowledge factor (something the user "knows), the possession factor (something the user "has") and the inherence factor (something the user "is").

A5.03.04 Out of Band Authentication

Software and or service that supports authentication performed over a network or channel separate from the primary network or channel - used in multi-factor authentication. An example of this is sending users a one-time password via their cell phone, which is required to complete the authentication process.


A5.03.05 Biometrics Software and or service that supports biometrics; biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric authentication is used as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are often categorised as physiological versus behavioural characteristics. - Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent. - Behavioural characteristics are related to the pattern of behaviour of a person, including but not limited to typing rhythm, gait, and voice.

A5.03.06 Simple Key Management Protocol (SKIP)

Software and or services that support Simple Key Management Protocol (SKIP) - a protocol developed by Sun Microsystems to handle key management across IP networks and VPNs. (http://www.networksorcery.com/enp/rfc/rfc2356.txt)

A5.03.07 Web Services Security (WS Security)

Software and or services that support Web Services Security (WS Security); describes enhancements to SOAP (Simple Object Access Protocol) messaging to provide message integrity, message confidentiality and single message authentication.

A5.04 Authorisation and Access Management Services

Software and or services to provide authorised access management to resources.

A5.04.01 Enterprise SSO SSO = Single Sign On. Software and or services to store and transmit encrypted user credentials across local and network boundaries, including domain boundaries. SSO stores the credentials in the credential database. Because SSO provides a generic single sign on solution, middleware applications and custom adapters can take advantage of SSO to securely store and transmit user credentials across the environment. End users do not have to remember different credentials for different applications.

A5.04.02 Federation Services Software and or services to maintain the relationship between identity providers and service providers whereby authentication is performed by the identity provider and is then used by service providers to make authorisation decisions.

A5.04.03 Access Control Software and or services to support provisioning of user access rights based on their assumed roles or attributes.

A5.04.04 Web Access Management

Software and or services to control access to web resources, providing authentication management, policy based authorisations, and reporting services.

A5.04.05 Web SSO SSO = Single Sign On. Software and or services to support users to access resources over the internet using a single set of user credentials. The user provides a set of credentials to log onto different web sites that belong to different organisations.

A5.04.06 Delegation Services Software and or services to support a delegation service, such as where consent is provided for legal or financial liable transactional activities.


A5.05 Directory Service Software and or services that store, organize and provide access to information held within a directory, which can be considered a map between ‘objects’ and information about those objects, typically described as ‘attributes’. Attributes of objects can be made secure so that only users with the available permissions are able to access it. Examples of directory services include Active Directory, Open LDAP, e-Directory and other implementations of the X.500 ISO/IEC 9594 directory services standards.

A5.06 Identity Functional Core Components

Software and or services that provide the basic identity operations that may occur in online identity-related interactions — grouped into core operations. Not all elements will be invoked in every identity interaction, and some may be invoked multiple times. While logically some functions are likely to occur before or after others, there is no explicit order specified in the model.

A5.06.01 Registration Components

Components that support the process that establishes a digital identity for the purpose of issuing or associating a credential.

A5.06.01.01 Identity Application Supports process by which an entity or agent requests initiation of registration.

A5.06.01.02 Registration Attribute Control

Supports process of managing and releasing attributes for the purposes of registration.

A5.06.01.03 Registration Attribute Verification

Supports process of confirming or denying that claimed identity attributes are correct and meet the pre-determined requirements for accuracy, assurance, etc.

A5.06.01.04 Registration Decision Supports decision that an entity does or does not meet the pre-determined eligibility requirements for a digital identity or credential.

A5.06.02 Credentialing Components

Components that support the process to bind an established digital identity with a credential.

A5.06.02.01 Credential Provisioning Supports process by which ownership of a credential is conferred, confirmed, or associated with a digital identity.

A5.06.02.02 Token Binding Supports process of binding a physical or electronic token to a credential.

A5.06.02.03 Attribute Binding Supports process of binding attributes to a credential.

A5.06.02.04 Identity Revocation Supports process by which an issuing authority renders a digital identity, issued credential, token, or verified attribute invalid for authentication or authorisation.

A5.06.03 Authentication Components

Components that support the process determining the validity of one or more credentials used to claim a digital identity.

A5.06.03.01 Authentication Request Supports process by which authentication is initiated by an entity.

A5.06.03.02 Credential Presentation

Supports process by which an entity submits a credential for the purposes of authentication.

A5.06.03.03 Credential Validation Supports process of establishing the validity of the presented credential.

A5.06.03.04 Authentication Decision

Supports decision to accept or not accept the results of the credential validation process.

A5.06.04 Authorisation Components

Components that support the process of granting or denying specific requests for access to resources.


A5.06.04.01 Authorisation Request Supports process by which authorisation is initiated by an entity.

A5.06.04.02 Authorisation Attribute Control

Supports process of managing and releasing attributes for the purposes authorisation.

A5.06.04.03 Authorisation Attribute Verification

Supports process of confirming or denying that claimed attributes are correct and meet the pre-determined requirements for authorisation; typically, these attributes for authorisation have not been bound to the credential or previously available to the organisation making the authorisation decision.

A5.06.04.04 Authorisation Decision Supports decision to grant and deny access to a resource based on the results of the authorisation processes and policies.

A5.06.05 Transaction Intermediation

Processes and procedures that limit linkages between transactions and facilitate credential portability.

A5.06.05.01 Identity Blinding Support process by which service providers involved in a transaction are prevented from observing each other (i.e., a relying party does not know which credential service provider an entity is utilizing in a transaction or vice versa). Based upon the transaction type and the number of service providers involved, blinding may be done to prevent a single, multiple, or all transactional partners from viewing the other participating services.

A5.06.05.02 Identity Pseduonymisation

Supports process by which an intermediary prevents service providers from linking a digital identity with a particular person or entity.

A5.06.05.03 Transaction Consent Supports process by which consent is granted to an intermediary, such as in conducting liability transactions (Land Online, Lawyers, Accountants etc.), or sharing personal information.

A5.07 Identity Interoperability

Software and services to support processes and procedures that limit linkages between transactions and facilitate credential portability. This allows entities in the identity ecosystem establish and maintain the ability to communicate and exchange identity data.

A5.07.01 Identity Mapping Software and or service to support the mapping of different identities on various platforms, user repositories and applications to a single identity. It can be used with a range of authentication mechanisms to allow one repository to authenticate the user and for this to be passed to another platform for authorisation even when the identities differ.

A5.07.02 Identity Credential Exchange

Software and or service to support the process of facilitating technical (including semantic) interoperability to support credential portability between participants within a specific community or across the identity ecosystem.

A5.07.03 Identity Policy / Rule Exchange

Software and or service to exchange policy and rules for governing the use of identities and identity technology.

A5.07.04 Identity Translation Software and or service by which one identity format is translated to another for consumption by different entities involved in a transaction.

A5.07.05 Security Assertion Markup Language (SAML)

Software and or services that support Security Assertion Markup Language (SAML) - an XML-based framework for exchanging security information expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. SAML is expected to play a key role in the federal-wide e-Authentication initiative and is supported by both the Liberty Alliance and WS Security.


A5.99 Other Identity Services

Other identity service and or software without a specific application area or application category.


Security Services


Name Description

A6 Security Services The Security Services domain defines the methods of protecting information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction in order to provide integrity, confidentiality and availability. That is, protecting the assets at rest and in-transit.

A6.01 Encryption Services Software and or services that ensure network protection and information assurance through encryption and decryption. Defines the methods of protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability. Biometrics, two-factor identification, encryption, and technologies based on the NIST FIPS-140 standards are particular areas of focus.

A6.01.01 Crypto Key Management

Software and or services that support Crypto Key Management (CKM) or Key Variable Management (KVM) which includes all of the activities involved in the handling of cryptographic keys during the entire life cycle of the keys, in accordance with an agreed security policy. These can be used in addition to certificates and digital signatures.

A6.01.02 Drive Encryption Encryption of data stored on local drives or encryption of the complete local drive for thick clients.

A6.01.03 Information Encryption

Software and or services to protect the information that is exchanged across organisations networks, and/or externally with other organisations. Includes protection of information at rest, particularly in Cloud architecture. Includes products used to apply cryptographic protection to a data set, file or drive.

A6.01.04 Network Encryption

Software and or services used to apply crypto services at the network transfer layer.

A6.01.05 Removable media encryption

Software that provides device encryption for portable storage devices.

A6.02 Network Security Services

Software and or services to support security requirements in and across ICT networks. Note: Network Encryption is covered under the Encryption Services.

A6.02.01 Infrastructure Guard

Connect networks of different security policy and usage areas to control traffic flow in-between the networks following a set of predefined rules for Infrastructure Services.

A6.02.02 Internet Protocol Security (IPSec)

Software and or services that support Internet Protocol Security (IPSec).


A6.02.03 Network Access Control

Software and or services that provides the configuration of devices connecting to the network based on endpoint security (such as OS patch level, antivirus updates, host IPS, etc.) user and system authentication and network security enforcement. The NAC will protect the network by preventing non-compliant clients from accessing the network at the IP-level. In case of non-compliance a remote user will be redirected to a network quarantine segment where the client can be updated to the level of required compliancy. Includes VLAN assignment.

A6.02.04 Secure Multipurpose Internet Mail Extensions (S/MIME)

Software and or services that support Secure Multipurpose Internet Mail Extensions (S/MIME); provides a consistent way to send and receive secure MIME data. Based on the Internet MIME standard, S/MIME provides cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and data confidentiality (using encryption). S/MIME is not restricted to mail: it can be used with any transport mechanism that transports MIME data, such as HTTP.

A6.02.05 Secure Sockets Layer (SSL)

Software and or services that support Secure Sockets Layer (SSL); an open, non-proprietary protocol for securing data communications across computer networks. SSL is sandwiched between the application protocol (such as HTTP, Telnet, FTP and NNTP) and the connection protocol (such as TCP/IP, UDP). SSL provides server authentication, message integrity, data encryption and optional client authentication for TCP/IP connections.

A6.02.06 Secure Shell (SSH) Software and or services that support Secure Shell (SSH); a strong method of performing client authentication. Because it supports authentication, compression, confidentiality and integrity, SSH is used frequently on the Internet. SSH has two important components: RSA certificate exchange for authentication and Triple DES for session encryption.

A6.02.07 Transport Layer Security (TLS)

Software and or services that support the Transport Layer Security (TLS) standard for the next generation SSL. TLS provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering or message forgery.

A6.03 Public Key Infrastructure (PKI) Services

Software and or services that manage Public Key Infrastructure (PKI) that includes policies and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

A6.03.01 Digital Certificate Management

Software and or services to manage and use certificates to secure access to information.

A6.03.01.01 Client Authentication (Personal Certificates)

Software and or services to provide authentication of personal certificates for client applications during the handshake in order to confirm their identity.

A6.03.01.02 Digital Certificate Revocation

Software and or services to support the revocation of digital certificates.

A6.03.01.03 Digital Certificate Issuing

Software and or services used by a certification authority (CA) to issue digital certificates and secure access to information.

A6.03.01.04 Digital Certificate Authentication

Software and or services to support Digital Certificate Authentication; authentication implementation for controlling access to network and Internet resources through managing user identification. An electronic document (digital certificate) is issued and used to prove identity and public key ownership over the network or Internet.


A6.03.02 Digital Signature Management

Software and or services that support Digital Signature Management that specifies a digital signature algorithm (DSA) appropriate for applications requiring a digital, rather than written, signature. The DSA authenticates the integrity of the signed data and the identity of the signatory. The DSA may also be used to prove that data was actually signed by the generator of the signature. Digital signatures can provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.

A6.03.02.01 Document Signing Software and or services to create a digital signature for a document using such data as account numbers, transaction amounts and timestamp. This is to preserve data integrity and ensure authenticity, rendering any changes made to a document after it has been electronically signed, and invalid. This cryptographically binds an electronic identity to an electronic document.

A6.03.02.02 Time Stamping Service Software and or services to provide a trusted time stamping service. Digital signatures can also provide non-repudiation; some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.

A6.03.02.03 Transaction Signing Software and or services to create a digital signature for a transaction using such data as account numbers, transaction amounts and timestamp. This is to preserve data integrity and ensure authenticity, rendering any changes made to a transaction after it has been electronically signed, and invalid. This cryptographically binds an electronic identity to an electronic transaction.

A6.03.05 Key Generation Software and or services to generate keys.

A6.04 Security Controls Software that supports security controls.

A6.04.01 Application Whitelisting

Software and or services to only allow approved applications to run on user’s device.

A6.04.02 Content Security Control

Software used to control information content received or sent via web, email or other means, between networks, organisations, or domains/zones (especially over the Internet). Includes content filtering and application of censorship or classification rules on material (files, documents).

A6.04.03 Decommissioning and Disposal

Software and or services to support system decommissioning, media sanitisation destruction and disposal.

A6.04.04 Device Port Manager

Controls read & write access to external ports & portable storage devices (USB devices at a minimum).

A6.04.05 Perimeter Protection

Software and or service to securely control network access to and/or from a device, or between network zones/domains includes host firewalls, gateways, data diodes, cross domain solutions.

A6.04.06 Physical Access Security Services

Software to regulate entry to facilities, turnstiles, gates, campuses, doors, equipment rooms, racks, server and network devices, and cabling infrastructure, etc.

A6.04.07 Radio Spectrum Security Controls

Software to or services that protect information and assets implying RF spectrum devices such as mobile phone jammers, electronic counter measures (ECM) equipment, remote controlled improvised explosive devices (RCIED).


A6.04.08 Virus Protection Software used to prevent, detect, and remediate infection or self-replicating programs that run and spread by modifying other programs, files or operating systems of government computing assets. Anti-virus Tools provide protection against viruses and other threats at the device level. Common components that are included are real time, scheduled and manual scans.

A6.04.99 Other Security Controls

Other security control software and or services that do not have a specific application category.

A6.05 Digital Forensics Software or services that support the practice of gathering, retaining, and analysing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

A6.05.01 Computer Forensics Software and or services that support computer forensics. Computer forensics explains the current state of a digital artefact; such as a computer system, storage medium or electronic document. The discipline usually covers computers, embedded systems (digital devices with rudimentary computing power and on-board memory) and static memory (such as USB pen drives). Computer forensics can deal with a broad range of information; from logs (such as internet history) through to the actual files on the drive.

A6.05.02 Mobile Device Forensics

Software and or services that support mobile device forensics. Mobile device forensics is a sub-branch of digital forensics relating to recovery of digital evidence or data from a mobile device. It differs from Computer forensics in that a mobile device will have an inbuilt communication system and proprietary storage mechanisms. Mobile devices are also useful for providing location information; either from inbuilt gps/location tracking or via cell site logs, which track the devices within their range.

A6.05.03 Network Forensics Software and or services that support network forensics. Network forensics involves monitoring and analysis of computer network traffic, both local and WAN/internet, for the purposes of information gathering, evidence collection, or intrusion detection.

A6.05.04 Forensic Data Analysis

Software and or services that support forensic data analysis. Forensic data analysis examines structured data with the aim to discover and analyse patterns of fraudulent activities resulting from financial crime.

A6.05.05 Database Forensics Software and or services that support database forensics. Database forensics is a branch of digital forensics relating to the forensic study of databases and their metadata. Investigations use database contents, log files and in-RAM data to build a timeline or recover relevant information.

A6.06 Enterprise Security Management

Software and or services that supports security management for an organisation.

A6.06.01 Intrusion Prevention

Software and or service to prevent unauthorised access to a government network or information system.


A6.06.02 Intrusion Detection Software products that gather and analyse information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisations) and misuse (attacks from within the organisations.) Products that monitor network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some services may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention services are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organisations use them for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.

A6.06.03 Security Audit Trail and Capture

Software that supports the set of capabilities to support the identification and monitoring of activities within an application, system, or network.

A6.06.04 Security Configuration Manager

Software and or services to manage, report on and enforce required security configuration of client devices. Also known as audit logging, where it describes the set of capabilities to support the identification and monitoring of activities within an application, system, or network.

A6.06.05 Security Incident Management

Software that supports the set of capabilities to provide active response and remediation to a security incident that has allowed unauthorised access to a government information system. Covers the detection, reporting, and resolution management of information security incidents.

A6.06.06 Security Intelligence and Analysis

Software and or services that support security intelligence and analysis.

A6.06.07 Security Metrics Software and or services to support the key performance indicators measuring effective security management such as event detection, incidents, and vulnerabilities addressed.

A6.06.08 Security Reporting Software and or services to support reporting across incidents, intrusions, threats etc. in order to track conformance of security services against organisational security and privacy policy.


ICT Components, Services and Tools


Name Description

A7 ICT Components, Services and Tools

Software and services for operational management and maintenance of applications, ICT components and services.

A7.01 Business Process Management Tools

Software and or services that allows organisations to abstract business process from technology infrastructure and support the managerial approach through enabling technology, bridging organisational and technology silos.

A7.01.01 Business Activity Monitoring (BAM)

Business activity monitoring (BAM) is Software and or services that aids in monitoring of business activities, as those activities are implemented in computer systems. One of the most visible features of BAM solutions is the presentation of information on dashboards that contain key performance indicators (KPIs) used to provide assurance and visibility of activity and performance. This information is used by technical and business operations to provide visibility, measurement, and assurance of key business activities. It is also exploited by event correlation to detect and warn of impending problems. Although BAM systems usually use a computer dashboard display to present data, BAM is distinct from the dashboards used by business intelligence (BI) insofar as events are processed in real-time or near real-time and pushed to the dashboard in BAM systems, whereas BI dashboards refresh at predetermined intervals by polling or querying databases. Depending on the refresh interval selected, BAM and BI dashboards can be similar or vary widely. Note: Some BAM solutions additionally provide trouble notification functions, which allow them to interact automatically with the trouble ticket system. For example, whole groups of people can be sent e-mails, voice or text messages, according to the nature of the problem. Automated problem solving, where feasible, can correct and restart failed processes.

A7.01.02 Business Process Modelling and Simulation

Process modelling tools provide business users with the ability to model their business processes, implement and execute those models, and refine the models based on as-executed data. As a result, business process modelling tools can provide transparency into business processes, as well as the centralisation of corporate business process models and execution metrics. Process Modelling and simulation functionality allows for pre-execution “what-if” modelling and simulation. Post-execution optimisation is available based on the analysis of actual as-performed metrics.

A7.01.03 Business Process Engine (BPE)

A business process engine (BPE) is a software framework that enables the execution and maintenance of process workflows. It provides business process interaction and communication between different data/process sources spread across one or more IT applications and services. BPE automates linking processes and their activities in an enterprise IT environment.


A7.01.04 Business Process Monitoring

Business process monitoring tools provide real-time scrutiny of an activity or set of activities that have been set up to accomplish a specific organisational goal. As part of a larger business process management initiative, business process monitoring enables an organisation to measure and analyse process performance to identify critical process problems pro-actively, using data to make decisions that will improve the speed, quality and efficiency of business processes.

A7.01.05 Workflow Engine A workflow engine is a software application that defines a process, the rules governing process decisions, and routes information. It is a key component in workflow technology and typically makes use of a database server. A workflow engine manages and monitors the state of activities in a workflow, such as the processing and approval of a loan application form, and determines which new activity to transition to according to defined processes (workflows). The actions may be anything from saving an application form in a document management system to sending a reminder e-mail to users or escalating overdue items to management. A workflow engine facilitates the flow of information, tasks, and events. Workflow engines may also be referred to as a Workflow Orchestration Engines. Workflow engines mainly have three functions: - Verification of the current status: Check whether the command is valid in executing a task. - Determine the authority of users: Check if the current user is permitted to execute the task. - Executing condition script: After passing the previous two steps, workflow engine begins to evaluate condition script in which two processes are carried out, if the condition is true, workflow engine execute the task, and if execution successfully complete, it returns the success, if not, it reports the error to trigger and roll back the change. A workflow engine is a core technique for task allocation software application, such as BPM in which the workflow engine allocates task to different executors with communicating data among participants. A workflow engine can execute any arbitrary sequence of steps, for example, a healthcare data analysis.

A7.02 ICT Components ICT Components that can be used to make new business applications and services or is used in business processes.

A7.02.01 Alerts Components that generate alerts based upon settings or rules.

A7.02.02 Inbound Correspondence Component

Components to support externally initiated communication between an organisation and its stakeholders.

A7.02.03 Notifications Component that sends a notification based upon an alert or rules.

A7.02.04 Outbound Correspondence Component

Components to support internally initiated communication between an organisation and its stakeholders.

A7.02.05 Personalisation Personalisation allows a user or customer to change preferences about user interfaces / portals in terms of the way that data is displayed, levels of detail, and even language.

A7.02.06 Rating Engine Component that rates atomic events or transactions based on upon rules applied to data associated with the event or transaction. Rates can be event or transaction specific, for example each lookup of a database cost $x.xx, or that can use customer specific rates, so that each lookup of a database, for customer xyz cost $x.xx.


A7.02.07 Storefront / Shopping Cart

Component to support the online equivalent of the supermarket cart, where orders and merchandise are placed.

A7.02.08 Subscriptions Allow users to subscribe and unsubscribe to a service.

A7.02.99 Other ICT Components

Any other ICT Components for which there no applicable application category. Note: Components may be found in a number of the application areas.

A7.03 ICT Development Environment and Tools

Software and or services that forms development environments and related tools.

A7.03.01 Development Frameworks

Development frameworks such as a Java runtime environment or .NET are required to allow applications or applets based on those frameworks to execute. Incompatibility issues can arise when different versions of the frameworks are required on a single device. This can be resolved using Application Virtualisation Client and its associated backend technologies, as each virtual bubble forms an isolation barrier.

A7.03.02 Development Resource Libraries

A collection of resources used to develop software which may include pre-written code and subroutines, classes, values or type specifications.

A7.03.03 Forms Management

Software and or services that support the creation, modification, and usage of physical or electronic documents used to capture information within the business cycle.

A7.03.04 Integrated Development Environment

Software and or services that provides comprehensive facilities to computer programmers for software development.

A7.03.05 Mash-up Editor Software and or services that uses and combines data, presentation or functionality from two or more sources to create new services. The main characteristics of the mash-up are combination, visualisation, and aggregation.

A7.03.06 Software Configuration Management

Software to track and control changes in the software including the establishment of baselines and revision control.

A7.03.07 Software Development Kit

Software development tools that allow for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar platform.

A7.03.08 Testing Tools Software and or services that support testing of infrastructure, software, and services against requirements.

A7.03.08.01 Security Testing Tools Software and or service to support security testing, for example penetration testing of web portals, networks, ICT assets.

A7.03.08.02 Test Automation Tools Software and or services that support automated testing of infrastructure, software, and services against requirements.

A7.03.09 User Innovation Toolkit

Software toolkit based on the idea that manufacturers possess the knowledge of the solution possibilities, while the users possess the knowledge about needs.

A7.03.10 Validation Tools Software tools that check web pages for accessibility and syntactical correctness of code.


A7.03.11 CASE Tools Computer-aided software engineering (CASE) is the domain of software tools used to design and implement applications. CASE tools are similar to and were partly inspired by Computer Aided Design (CAD) tools used to design hardware products. CASE tools are used to develop software that is high-quality, defect-free, and maintainable.

A7.03.99 Other Development Environment and Tools

Any other development environment or tools without a suitable application category.

A7.04 ICT Management Tools

ICT Management tools support the day to day operations and management of ICT. It includes tools enabling the ICT support organisation to quickly resolve or escalate issues and problems, improve root cause isolation, and provide higher levels of business user satisfaction. Using this business view, IT support organisations manage incidents, problems and service requests throughout their life cycles at a more efficient and effective rate.

A7.04.01 Fault Management Software and or services that detects, isolates, and corrects malfunctions in a telecommunications network and compensates for environmental changes. This includes maintaining and examining error logs, accepting and acting on error detection notifications, tracing and identifying faults, carrying out sequences of diagnostics tests, correcting faults, reporting error conditions, and localizing and tracing faults by examining and manipulating database information.

A7.04.02 ICT Configuration Management Database (CMDB)

A configuration management database (CMDB) is a repository that acts as a data warehouse for information technology (IT) organisations. Its contents are intended to hold a collection of IT assets that are commonly referred to as configuration items (CI), as well as descriptive relationships between such assets. When populated, the repository becomes a means of understanding how critical assets such as information systems are composed, what their upstream sources or dependencies are, and what their downstream targets are. CMDBs are used to keep track of the state of different things that are normally referred to as assets, such as products, systems, software, facilities, and people as they exist at specific points in time, as well as the relationships between such assets. The maintenance of such state related information allows for things like the reconstruction of such assets, at any point in their existence, as well as for things such as impact analysis, in the cases of root cause analysis or change management.

A7.04.03 ICT Definitive Media Library (DML)

A Definitive Media Library (DML) is a secure Information Technology repository in which an organisation's definitive, authorised versions of software media are stored and protected. Before an organisation releases any new or changed application software into its operational environment, any such software should be fully tested and quality assured. The Definitive Media Library provides the storage area for software objects ready for deployment and should only contain master copies of controlled software media Configuration Items (CIs) that have passed appropriate quality assurance checks, typically including both procured and bespoke application and gold build source code and executables. In the context of the ITIL best practice framework, the term Definitive Media Library supersedes the term Definitive Software Library referred to prior to version ITIL v3. In conjunction with the Configuration Management Database (CMDB), it effectively provides the DNA of the data center i.e. all application and builds software media connected to the CMDB record of installation and configuration. The Definitive Media Library (DML) is a primary component of an organisation's release and provisioning framework and service continuity plan.


A7.04.04 Monitoring Software and or services that continuously records performance, capacity use, throughput of computer hardware or software and provides notification about deviations from normal. Note: This includes utilities that are deployed down to the infrastructure level to monitor hardware performance and generate log files etc.

A7.04.05 Software Asset Management

Software and or services that supports license management. Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilisation, and disposal of software applications within an organisation. The goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity. Note: A software license manager is different from a software asset management tool, which end-user organisations employ to manage the software they have licensed from many software vendors.

A7.04.06 Software Distribution

Software and or services that supports distribution of software, propagation, installation and upgrade of written computer programs, applications and components.

A7.04.07 Software License Manager

A software license manager is a software management tool used by Independent software vendors or by end-user organisations to control where and how software products are able to run. License managers protect software vendors from losses due to software piracy and enable end-user organisations to comply with software license agreements. License managers enable software vendors to offer a wide range of usage-centric software licensing models, such as product activation, trial licenses, subscription licenses, feature-based licenses, and floating licensing from the same software package they provide to all users. Note: A software license manager is different from a software asset management tool, which end-user organisations employ to manage the software they have licensed from many software vendors.

A7.04.08 ICT Diagnostic Tools Diagnostic tools to examine the state and configuration of ICT infrastructure, network, and software applications.

A7.04.09 Network Management Tools

Tools that pertain to the operation, administration, maintenance, and provisioning of networked systems. Network management is essential to command and control practices and is generally carried out of a network operations centre.

A7.04.10 ICT Service Level Management

ICT Service Level Management (SLM) is software and or services that manage ICT service levels in accordance with the ITIL processes. This includes Service Level Agreements (SLA's), underpinning contracts, and monitoring and reporting on service levels.

A7.04.11 ICT Capacity Management

Software and or services that support the process of capacity management.

A7.04.12 Service Desk Software and or services that support the operation and processes of a service desk.

Note: Service Desk software and services may be provided in some cases by A1.06.06 Service Centre.

A7.04.13 Server Management

Software and services that support the management of physical and virtual servers.


A7.04.99 Other ICT Management Tools

Any other ICT Management Tools that do not have an application category.

A7.05 Cloud Services The Cloud Services area contains a range of ICT services that are provided externally to the agency such as cloud service and XaaS (X as a Service).

A7.05.01 Cloud Computing Services

Cloud computing services are large groups of remote servers networked to allow the centralised data storage, and online access to computer services or resources. Cloud computing services can support various "X as a Service" models such SaaS, PaaS, IaaS, UCaaS.

A7.05.01.01 Community Cloud Community cloud shares infrastructure between several organisations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing are realised.

A7.05.01.02 Hybrid Cloud Hybrid cloud is a composition of two or more clouds (private, community or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud can also mean the ability to connect collocation, managed and/or dedicated services with cloud resources. Gartner, Inc. defines a hybrid cloud service as a cloud computing service that is composed of some combination of private, public and community cloud services, from different service providers. A hybrid cloud service crosses isolation and provider boundaries so that it can’t be simply put in one category of private, public, or community cloud service. It allows one to extend either the capacity or the capability of a cloud service, by aggregation, integration or customisation with another cloud service.

A7.05.01.03 Personal Cloud Personal cloud is a collection of digital content and services which are accessible from any device. The personal cloud is not a tangible entity. It is a place which gives users the ability to store, synchronize, stream and share content on a relative core, moving from one platform, screen and location to another. Created on connected services and applications, it reflects and sets consumers’ expectations for how next-generation computing services will work. The four primary types of personal cloud in use today are: Online cloud, NAS device cloud, server device cloud, and home-made clouds.

A7.05.01.04 Private Cloud Private cloud is cloud infrastructure operated solely for a single organisation, whether managed internally or by a third-party, and hosted either internally or externally. Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment, and requires the organisation to re-evaluate decisions about existing resources. When done right, it can improve business, but every step in the project raises security issues that must be addressed to prevent serious vulnerabilities. Self-run data centres are generally capital intensive. They have a significant physical footprint, requiring allocations of space, hardware, and environmental controls. These assets have to be refreshed periodically, resulting in additional capital expenditures. They have attracted criticism because users "still have to buy, build, and manage them" and thus do not benefit from less hands-on management, essentially lacking the economic model that makes cloud computing such an intriguing concept.


A7.05.01.05 Public Cloud A cloud is called a "public cloud" when the services are rendered over a network that is open for public use. Public cloud services may be free or offered on a pay-per-usage model. Technically there may be little or no difference between public and private cloud architecture, however, security consideration may be substantially different for services (applications, storage, and other resources) that are made available by a service provider for a public audience and when communication is effected over a non-trusted network. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure at their data centre and access is generally via the Internet. AWS and Microsoft also offer direct connect services called "AWS Direct Connect" and "Azure ExpressRoute" respectively, such connections require customers to purchase or lease a private connection to a peering point offered by the cloud provider.

A7.05.02 Infrastructure as a Service (IaaS)

In the most basic cloud-service model & according to the IETF (Internet Engineering Task Force), providers of IaaS offer computers – physical or (more often) virtual machines – and other resources. (A hypervisor, such as Xen, Oracle VirtualBox, KVM, VMware ESX/ESXi, or Hyper-V runs the virtual machines as guests. Pools of hypervisors within the cloud operational support-system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.) IaaS clouds often offer additional resources such as a virtual-machine disk image library, raw block storage, and file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles.[49] IaaS-cloud providers supply these resources on-demand from their large pools installed in data centres. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems and the application software. Cloud providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed.

A7.05.03 Platform as a Service (PaaS)

In the PaaS models, cloud providers deliver a computing platform, typically including operating system, programming language execution environment, database, and web server. Application developers can develop and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software layers. With some PaaS offers like Microsoft Azure and Google App Engine, the underlying computer and storage resources scale automatically to match application demand so that the cloud user does not have to allocate resources manually. The latter has also been proposed by an architecture aiming to facilitate real-time in cloud environments.

A7.05.04 Software as a Service (SaaS)

Software as a service (SaaS) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software". SaaS is typically accessed by users using a thin client via a web browser. SaaS has become a common delivery model for many business applications, including office & messaging software, payroll processing software, DBMS software, management software, CAD software, development software, accounting, collaboration, customer relationship management (CRM), enterprise resource planning (ERP), invoicing, human resource management (HRM), enterprise content management (ECM) and service desk management. Note: A New Zealand Government Common Capability is called Enterprise Content Management as a Service (ECMS) and is an example of SaaS.


A7.05.05 Unified Communications as a Service (UCaaS)

In the UCaaS model, multi-platform communications over the network are packaged by the service provider. The services could be in different devices, such as computers and mobile devices. Services may include IP telephony, unified messaging, video conferencing and mobile extension etc.

A7.05.99 Other ICT Services Any other ICT services which do not have an applicable application category.

A7.06 Server Configuration Types

Different types of server configuration types used to support Applications and ICT Services.

A7.06.01 Application Server In a three-tier environment, a separate computer (application server) performs the business logic, although some part may still be handled by the user's machine. After the popularity of the Web exploded in the mid-1990s, application servers became Web-based. An application server's function is dedicated to the efficient execution of procedures (programs, routines, scripts) for supporting its applied applications. It acts as a set of components accessible to the software developer through an API defined by the platform itself.

A7.06.02 Communications Server

Communications servers are open, standards-based computing systems that operate as a carrier-grade common platform for a wide range of communications applications and allow equipment providers to add value at many levels of the system architecture.

A7.06.03 Compute / Simulation Server

High performance servers used in simulation and modelling synthetic environments such as gaming, defence, mining, and medical industries.

A7.06.04 Database Server Refers to a collection of information organised in such a way that a computer program can quickly select desired pieces of data. A database management system (DBMS) is a software application providing management, administration, performance, and analysis tools for databases.

A7.06.05 File Server A file server is a computer attached to a network that has the primary purpose of providing a location for shared disk access, i.e. shared storage of computer files (such as documents, sound files, photographs, movies, images, databases, etc.) that can be accessed by the workstations that are attached to the same computer network.

A7.06.06 Mail Server A mail server is a computer that serves as an electronic post office for email. Mail exchanged across networks is passed between mail servers that run specially designed software. This software is built around agreed-upon, standardised protocols for handling mail messages and any data files (such as images, multimedia or documents) that might be attached to them.

A7.06.07 Management Server

A centralised device that receives information from sensors or agents on devices from around the network, allowing specialist personnel to analyse and manage the performance of those devices via a management console.

A7.06.08 Media Server Provide optimised management of media-based files such as audio and video streams and digital images.


A7.06.09 Name Server / DNS A name server is a computer hardware or software server that implements a network service for providing responses to queries against a directory service. It translates an often humanly-meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request. An example of a name server is the server component of the Domain Name System (DNS), one of the two principal name spaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names and hostnames into the corresponding numeric Internet Protocol (IP) addresses, the second principal name space of the Internet which is used to identify and locate computer systems and resources on the Internet.

A7.06.10 Portal Server Portals represent focus points for interaction, providing integration and single-source corporate information.

A7.06.11 Print Server A print(er) server is a device that connects printers to client computers over a network. It accepts print jobs from the computers and sends the jobs to the appropriate printers, queuing the jobs locally to accommodate the fact that work may arrive more quickly than the printer can actually handle it.

A7.06.12 Proxy Server A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems. Today, most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity.

A7.06.13 Storage Server Storage devices are designed to provide shared storage access across a network. These devices provide extended storage capabilities to the network with reduced costs compared to traditional file servers.

A7.06.14 Web Server A computer that provides World Wide Web services on the Internet. It includes the hardware, operating system, Web server software, TCP / IP protocols, and the Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an "intranet server."

A7.06.99 Other Server Configurations

Other server applications types not defined.

A7.07 Business Rules Management Tools

Software and or services that allows organisations to abstract and execute business rules from technology infrastructure and support the managerial approach through enabling technology, bridging organisational and technology silos.


A7.07.01 Business Rules Management System (BRMS)

A BRMS or Business Rule Management System is a software system used to define, deploy, execute, monitor and maintain the variety and complexity of decision logic that is used by operational systems within an organisation or enterprise. This logic, also referred to as business rules, includes policies, requirements, and conditional statements that are used to determine the tactical actions that take place in applications and systems. A BRMS includes, at minimum: - A repository, allowing decision logic to be externalised from core application code. - Tools, allowing both technical developers and business experts to define and manage decision logic. - A runtime environment, allowing applications to invoke decision logic managed within the BRMS and executes it using a business rules engine.

A7.07.02 Business Rules Engine

A business rules engine is a software system that executes one or more business rules in a runtime production environment. The rules might come from legal regulation ("An employee can be fired for any reason or no reason but not for an illegal reason"), company policy ("All customers that spend more than $100 at one time will receive a 10% discount"), or other sources. A business rule system enables these company policies and other operational decisions to be defined, tested, executed and maintained separately from application code. Rule engines typically support rules, facts, priority (score), mutual exclusion, preconditions, and other functions.


Interfaces and Integration


Name Description

A8 Interfaces and Integration

The Interfaces and Integration application area refers to the collection of software and services that support how agencies will interface and integrate both internally and externally. This includes interfaces and integration with back office / legacy assets as well as the use of gateways and portals as points with which to integrate.

A8.01 Integration Defines the software services enabling elements of distributed business applications to interoperate. In particular, service integration offers a set of architecture services such as platform and service location transparency, transaction management, basic messaging between two points, and guaranteed message delivery.

A8.01.01 Services Integration In SOA compliant systems/services, provides the application functionality to manage SOA-based integration, including the Services Registry.

A8.01.02 Enterprise Service Bus

In SOA compliant systems/services, the software layer used for designing and implementing the interaction and communication between mutually interacting software applications in SOA environments.

A8.01.03 Enterprise Application Integration (EAI)

Support the redesigning of disparate information systems into one system that uses a common set of data structures and rules.

A8.01.03.01 Broker Refers to software used to 'broker' interfaces; typically with legacy systems that are not SOA compliant. This includes integration with various protocol or software specific adapters. Also includes mapping of data as it passes from the source system to the destination system(s).

A8.01.03.02 Adapter Refers to a protocol or software specific interface, typically for integration to a legacy system that is not SOA-enabled. Examples of adapters include API wrapper, FTP, Database, Message queuing, Siebel adapter.

A8.01.03.03 File Transfer Refers to software or protocols specifically used for file transfer handling; such as FTP or SFTP protocols, and specialist utility applications.

A8.01.04 Legacy Integration Support the communication between newer generation hardware/software applications and the previous major generation of hardware/software applications.

A8.02 Data Interoperability Data Interoperability defines the software and or services for sharing data and services across disparate systems and vendors.

A8.02.01 Data Structure Dictionary

This service holds the data definition, structure, and metadata and mapping rules used by the data transformation service to map incoming messages to the required destination services or software.


A8.02.02 Data Transformation Service

The Data Transformation Service takes incoming messages and transforms and maps the data to the output format needed by the destination service or software.

A8.03 Interface Software or services supporting the communicating, transporting and exchanging information through a common dialog or method. Delivery Channels provide the information to reach the intended destination, whereas Interfaces allow the interaction to occur based on a predetermined framework.

A8.03.01 Service Discovery Software or services supporting the method in which applications, systems or web services are registered and discovered. For example: Universal Description, Discovery and Integration (UDDI) are a platform-independent, Extensible Markup Language (XML)-based registry by which businesses worldwide can list themselves on the Internet, and a mechanism to register and locate web service applications. UDDI is an open industry initiative, sponsored by the Organisation for the Advancement of Structured Information Standards (OASIS), for enabling businesses to publish service listings and discover each other, and to define how the services or software applications interact over the Internet.

A8.03.02 Service Description / Interface

Software or services supporting the method for publishing the way in which web services or applications can be used. For example: The Web Services Description Language (WSDL) is an XML-based interface definition language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also referred to as a WSDL file), which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns.

A8.03.03 API Software components that use an application programming interface (API) to communicate with each other. May include specifications for routines, data structures, object classes, and variables.

A8.03.04 Electronic Business eXtensible Markup Language (ebXML)

Electronic Business using eXtensible Markup Language, commonly known as e-business XML, or ebXML as it is typically referred to, is a family of XML based standards sponsored by OASIS and UN/CEFACT whose mission is to provide an open, XML-based infrastructure that enables the global use of electronic business information in an interoperable, secure, and consistent manner by all trading partners.

A8.03.05 RESTful APIs RESTful APIs do not require XML-based Web service protocols (SOAP and WSDL) to support their interfaces as they use HTTP. Representational State Transfer (REST) is a style of software architecture for distributed hypermedia systems such as the World Wide Web.

A8.03.06 Web API A Web API is a development in Web services where emphasis has been moving to simpler representational state transfer (REST) based communications. RESTful APIs do not require XML-based Web service protocols (SOAP and WSDL) to support their interfaces.

A8.03.07 Web Services (WS-*)

A Web service is a method of communication between two electronic devices over a network. It is a software function provided at a network address over the Web with the service always on as in the concept of utility computing. “WS-“is a prefix used to indicate specifications associated with Web Services and there exist many WS* standards including WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust, WS-SecureConversation, WS-Federation, WS-Authorisation, WS-Privacy, WS-Test.


A8.03.99 Other Application Interfaces

Other application interfaces.

A8.04 Gateways Software and or services used for information-layer gateways and automated electronic interfaces between networks or systems. Does not extend to boundary protection devices. Provides the various gateways that are used to provide automated electronic interfaces with external organisations or parties, and internally between communities of interest or network domains.

A8.04.01 B2B Software and or services that provides B2B (Business to Business) gateway functionality. Includes variations such as C2G (Citizen to Government), G2G (Government to Government), and B2G (Business to Government).

A8.04.02 Command and Control

Software and or services that provides system-system gateway interaction for the exchange of C2 critical information, such as Battle Management System 'tracks', obstacles, events, items of interest. Typical standard here would be the Multilateral Interoperability Programme (MIP) JC3IEDM (STANAG 2252).

A8.04.03 Formal Messaging Software and or services that provides system-system gateway interaction for official, mission critical messaging services that typically have attributes such as non-repudiation, full-traceability (audit tracking), guaranteed delivery timelines.

A8.04.04 Informal Messaging Software and or services that provide system-system gateway interaction for email services. This may just be an enterprise application, such as Microsoft Exchange, or an external providers own services.

A8.04.05 Remote Access Software and or services that provides system-system gateway functionality to manage user remote-access to the organisations networks or systems. Typically web-based using VPN protocol and thin-client delivery.

A8.04.06 SMS/MMS Software and or services that provides system-system gateway interaction for SMS or MMS messaging services.

A8.04.07 Web Access Software and or services that provides system-system gateway functionality to manage web-based access.

A8.04.99 Other Gateways Software and or services that provides other gateway types. For example: - Intelligence; provides system-system gateway interaction for exchange of intelligence-led information. Typical standard here would be the MAJIIC data model.


Specialist Line of Business Applications

The Specialist Line of Business Applications domain is intended to be used by agencies to add the unique business applications used to support specific functions within that agency, or could be a unique application supporting multiple agencies, for example within a sector such as health. Note: The specific line of business applications should have direct alignment to the Business Reference Taxonomy sub business functions or line of business. Note: This domain should not contain common business applications; a common application is where multiple agencies have an implementation of a business application category.

gea-nz v3.1 application and ict services reference model and taxonomy

Documents