EA Standards

The references NORA builds on: global frameworks, Saudi government business capabilities, and national controls for technology, data, and security.

Overview

Where this page sits: standards referenced by NORA (FEAF V2.0, TOGAF 10, Saudi government entity capabilities) and the domain-specific standards.
NORA draws on a defined set of national and international references; the guideline links each one to one or more EA domains.
General frames the guideline cites: FEAF V2.0, TOGAF 10, alongside core digital transformation standards and benchmarks against advanced countries.
Each domain has its own references on top of these, from Saudi business capabilities to NCA cybersecurity controls and SDAIA data policies.

General References

The organisational framework for digital government work.

Core standards for digital transformation.

Benchmarks against several countries advanced in national EA.

Federal Enterprise Architecture Framework, second version (FEAF V2.0).

The Open Group Architecture Framework, tenth version (TOGAF 10).

References by Domain

Domain	References cited by the guideline
Business Architecture	APQC business-capability framework, plus a reference list of business capabilities drawn from multiple Saudi government entities.
Beneficiary Experience Architecture	Centralised beneficiary policy, the service-lab establishment document (World Government Summit, UAE), the U.S. Federal Customer Experience system, the GSA Customer Experience Excellence handbook, and beneficiary-experience practices observed across Saudi government entities.
Application Architecture	DGA regulations on comprehensive government platforms, the guide for defining platforms, products, and digital services, a review of national solutions such as those from the National Center for Government Resource Systems, and a reference list of application components drawn from Saudi entities.
Data Architecture	SDAIA policies and controls on data management and governance, the national data governance policies document from the National Data Management Office, the data management and governance controls including personal data protection, and national initiatives such as the National Data Bank.
Technology Architecture	DGA cloud computing adoption guide for government entities (09/08/2023), the risk management and business continuity controls, and the Risk and Business Continuity Management guideline for digital government.
Security Architecture	ISO/IEC 27001:2022 for information security management, NIST SP 800-207 for Zero Trust Architecture, and the National Cybersecurity Authority controls (Essential, Sensitive Systems, Data, Cloud Computing, Telework, Social Media Accounts of Entities, and Operational Systems).

How an Entity Builds Its List

Step	Description
Inventory and assess	List the national and international standards adopted per domain, with the type of obligation (mandatory or optional) and the issuing body.
Engage stakeholders	Bring business and technology stakeholders together with domain owners to review the list and close gaps before approval.
Approve the list	Derive an approved EA standards list, document and code it, and tie every item to one of the six domains.
Periodic review	Review the list on a regular cycle and refresh it in step with business shifts and regulations issued by the DGA and other regulators.

Why Standards Matter

Consistent design, implementation, and compliance with national regulations.

Higher integration and interoperability across systems via shared interfaces and protocols.

Lower exposure to data breaches and technical gaps once cybersecurity controls are enforced.

Less duplication and complexity, with a direct effect on running costs and spend efficiency.

Stronger EA governance through checklists and periodic audits.

Compliance Governance

Compliance is measured against the standards list on technical specifications, RFP documents, designs, and vendor proposals, with one of the states: compliant, non-compliant, partially compliant, not applicable, or unknown.

Key takeaway

Outputs: an approved list that ties each standard to its domain among the six, and working templates for compliance verification inside the entity.

Ready to start?

Book a free consultation. We walk through your priorities and recommend the right starting point.

Overview

Where this page sits: standards referenced by NORA (FEAF V2.0, TOGAF 10, Saudi government entity capabilities) and the domain-specific standards.
NORA draws on a defined set of national and international references; the guideline links each one to one or more EA domains.
General frames the guideline cites: FEAF V2.0, TOGAF 10, alongside core digital transformation standards and benchmarks against advanced countries.
Each domain has its own references on top of these, from Saudi business capabilities to NCA cybersecurity controls and SDAIA data policies.

References by Domain

Domain	References cited by the guideline
Business Architecture	APQC business-capability framework, plus a reference list of business capabilities drawn from multiple Saudi government entities.
Beneficiary Experience Architecture	Centralised beneficiary policy, the service-lab establishment document (World Government Summit, UAE), the U.S. Federal Customer Experience system, the GSA Customer Experience Excellence handbook, and beneficiary-experience practices observed across Saudi government entities.
Application Architecture	DGA regulations on comprehensive government platforms, the guide for defining platforms, products, and digital services, a review of national solutions such as those from the National Center for Government Resource Systems, and a reference list of application components drawn from Saudi entities.
Data Architecture	SDAIA policies and controls on data management and governance, the national data governance policies document from the National Data Management Office, the data management and governance controls including personal data protection, and national initiatives such as the National Data Bank.
Technology Architecture	DGA cloud computing adoption guide for government entities (09/08/2023), the risk management and business continuity controls, and the Risk and Business Continuity Management guideline for digital government.
Security Architecture	ISO/IEC 27001:2022 for information security management, NIST SP 800-207 for Zero Trust Architecture, and the National Cybersecurity Authority controls (Essential, Sensitive Systems, Data, Cloud Computing, Telework, Social Media Accounts of Entities, and Operational Systems).

How an Entity Builds Its List

Step	Description
Inventory and assess	List the national and international standards adopted per domain, with the type of obligation (mandatory or optional) and the issuing body.
Engage stakeholders	Bring business and technology stakeholders together with domain owners to review the list and close gaps before approval.
Approve the list	Derive an approved EA standards list, document and code it, and tie every item to one of the six domains.
Periodic review	Review the list on a regular cycle and refresh it in step with business shifts and regulations issued by the DGA and other regulators.

Why Standards Matter

Consistent design, implementation, and compliance with national regulations.

Higher integration and interoperability across systems via shared interfaces and protocols.

Lower exposure to data breaches and technical gaps once cybersecurity controls are enforced.

Less duplication and complexity, with a direct effect on running costs and spend efficiency.

Stronger EA governance through checklists and periodic audits.

Compliance Governance

Key takeaway

Outputs: an approved list that ties each standard to its domain among the six, and working templates for compliance verification inside the entity.

EA Standards

Overview

General References

References by Domain

How an Entity Builds Its List

Why Standards Matter

Compliance Governance

Related

EA principles

Reference models

Specifications and artifacts

Ready to start?

EA Standards

Overview

General References

References by Domain

How an Entity Builds Its List

Why Standards Matter

Compliance Governance

Related

EA principles

Reference models

Specifications and artifacts

Ready to start?