print

Governance

Understanding Low-Code Governance

Low-code helps enterprises develop better software at speed and scale. As you scale up, governance will help you deliver business value at acceptable risk and cost and make the most of your Mendix platform.

Governance is about having oversight and maintaining control over both a landscape of applications and individual application development. The portfolio cycle involves identifying, developing, measuring, and optimizing your applications. The application cycle involves turning your priorities into value-driving solutions and then bringing the findings back to the portfolio. Governance encompasses both.

The Mendix Application Cycle Loop

Getting organizational governance right requires someone to be responsible for its execution. A Center of Excellence (CoE) can help lead the way for your governance strategy. CoEs generally ensure that stakeholders from throughout the business and IT collaborate, commit to, and execute plans, priorities, and guidelines that will drive business goals, while maintaining standards and best practices for development.

Low-code governance is the combination of tools, policies, and procedures your organization applies across your entire app landscape and development lifecycle. Mendix provides a low-code governance experience by providing ready-to-go tools and features that help you govern a portfolio of low-code applications.

Your governance objectives, stakeholders, and structure will be unique to your organization because not everyone has the same risk tolerance or definition of business value. Mendix provides low-code governance embedded in all parts of the platform, which can easily be adapted to your needs.

Context and responsibilities of the Center of Excellence

The governance objectives of a typical CoE are straightforward:

  • Risk Control: Build sustainable software with acceptable risk. Set common guidelines and standards for software development, security, operational continuity, user management, and data.
  • Investment Control: Maximize return on investment in your platform tooling. Proactively control costs and measure business outcomes.

A CoE is typically led by someone who is in charge of managing the entire Mendix program (and maybe also other non-Mendix initiatives). The rest of the team consists of people with varied skill sets, from portfolio managers and operations managers to security, integration, and architecture experts.

The CoE members are Mendix Admins and have access to the Mendix Control Center to support them in their work.

Introducing the Mendix Governance Value Framework

Governance is about optimizing value with an acceptable risk depending on your risk tolerance. The Governance Value Framework illustrated below aims to break down the broad scope of governance into specific value drivers. It is split into two parts: Investment Control and Risk Control.

  • Investment Control: Maximize return on investment on your platform tooling. This goal is common across industries, as every company wants to make the most of what they’ve got. This drills down to:

    • Value management: Measure business value outcomes
    • Cost management: Manage and optimize your operational costs

    In order to maximize the value minus the cost, you need transparency. The Mendix platform will help you with that.

  • Risk Control: Build sustainable software with acceptable risk. Acceptable risk is very company-specific, and the company’s leadership should define it. A bank has a different risk threshold than a local bakery, so they have different needs when managing risk.

    • Mitigate software risk: Make sure your software is tested and developed using best practices and reusable components. Ensure that your applications do not incur technical debt and are maintainable at an acceptable cost.
    • Mitigate security risk: Ensure your landscape doesn’t contain known vulnerabilities and follow policies to keep your software up to date.
    • Mitigate operational risk: Make sure your applications are available and resilient against potential disruptions.
    • Mitigate user risk: Control the identities and access of the platform’s developers and the app’s end-users.
    • Mitigate data risk: Manage the confidentiality, integrity, and availability of the data in your applications.

The Evaluation Guide will highlight key platform capabilities against these value drivers.