Overview Enterprise Architecture is focused on the alignment of people, process, technology, and information across an organization.
Enterprise Architecture (EA) ensures the effective alignment of people, processes, technology, and information across the Commonwealth. It guides technology decisions throughout the full lifecycle—from strategic planning and pre‑procurement activities through solution selection, architectural review, exception management, and ongoing governance.
EA publishes statewide technology standards that define required behaviors and controls, and it maintains technology roadmaps to help agencies plan for modernization and manage technology lifecycles.
The authority for the Commonwealth’s EA program is established in Code of Virginia § 2.2-2007 and § 2.2-2011, which mandate statewide oversight of IT strategy, standards, and architecture governance.
Architecture Governance
The Commonwealth of Virginia’s Enterprise Architecture (EA) Governance framework provides a unified, standards‑driven structure that ensures all technology services, systems, and solutions across executive branch agencies operate in a consistent, secure, and strategically aligned manner.
Guided by the Virginia Information Technologies Agency (VITA), the EA governance model establishes the policies, standards, review processes, and lifecycle oversight necessary to evaluate the technical integrity, architectural soundness, and enterprise compatibility of proposed and existing IT services. This governance ensures that all architecture decisions support statewide business objectives, maintain compliance with the Commonwealth’s ITRM Policies and Standards, and adhere to established quality, security, interoperability, and accessibility requirements.
The Commonwealth’s Enterprise Architecture Policy (EA200) establishes the authoritative framework that guides how executive branch agencies acquire, use, and manage information technology resources. It defines statewide enterprise architecture direction and technical requirements, ensuring IT investments comply with Commonwealth laws, standards, and the technical governance established by the Chief Information Officer (CIO). The policy’s purpose is to provide a structured IT decision‑making framework that documents the current and target architecture, ensures alignment of IT solutions with business strategy and performance goals, eliminates redundancy, improves interoperability and security, and links agency IT portfolios to the overall Commonwealth mission.
Under EA‑200, VITA, at the direction of the CIO, develops, maintains, and updates technical and data policies, standards, and guidelines, while agencies must comply with these requirements or request exceptions when necessary. The policy defines the four components of the Commonwealth’s enterprise architecture (Business, Information, Solutions, and Technical Architectures) and establishes a governance process for managing changes and exceptions. This includes structured review, research, and CIO decision‑making for proposed deviations or updates to the EA. By standardizing technologies and guiding future-state architectural direction, EA‑200 ensures statewide consistency, security, and efficiency in how agencies plan, procure, and implement IT solutions.
The Commonwealth’s Enterprise Architecture Standard (EA225) establishes the mandatory technical direction, requirement statements, and technology roadmaps that agencies must follow when planning, acquiring, developing, or modifying IT solutions. These standards operationalize the Enterprise Architecture Policy by defining the specific technologies, practices, and architectural expectations that ensure consistency, security, interoperability, and long‑term sustainability across executive branch agencies. EA225 sets requirements for all four components of the Commonwealth’s enterprise architecture—Business, Information, Solutions, and Technical Architectures—ensuring that agency initiatives align with statewide models for data governance, solution design, shared services, and infrastructure.
EA standards are developed collaboratively through inputs from EA workgroups, business leaders Agency Information Technology Resources (AITRs), and governance forums such as the Architecture & Innovation Governance Forum (AIGF) and Platform Service Delivery Forum (PSDF). Requirement statements within EA225 are mandatory, and agencies must request and obtain approved exceptions through the Enterprise Architecture Change/Exception Request process in Archer before pursuing any procurement or implementation that deviates from established standards. Technology roadmaps within the standard guide agencies on when technologies may be acquired, upgraded, or retired, helping to reduce redundancy and ensure a unified, future‑ready technical environment across the Commonwealth.
Clear and well‑defined requirements are essential for enterprise architecture within the Commonwealth of Virginia because they create a shared understanding of what services, systems, and outcomes executive branch agencies must support. In general, state agencies operate in complex environments with statutory obligations, public accountability, and diverse stakeholders. Requirements ensure that architecture decisions align with legal mandates, budget constraints, cybersecurity standards, and long‑term strategic goals. Without them, architectural efforts risk drifting toward technically interesting, but operationally irrelevant solutions.
Requirements also act as the foundation for consistency, interoperability, and reuse across the Commonwealth enterprise. In a government environment where multiple agencies rely on shared platforms and must exchange data securely, well-crafted requirements guide technology while reducing duplication, improving service delivery, and helping ensure taxpayer-funded systems remain scalable, maintainable, and resilient. By grounding architectural decisions in clearly defined business and policy needs, state agencies can deliver solutions that are both technically sound, mission‑aligned, and more helpful for the citizenry.
EIA - Enterprise Information Architecture Requirements
- EIA Framework
- Electronic Records Management
- Enterprise Data Standards
- Enterprise Information Architecture (EIA)
- Health Information Exchange
ESA - Enterprise Solutions Architecture Requirements
- Application Domain
- Cloud Based Container Services
- Cloud Based Hosting Services
- Computer Based Signatures
- Data Availability
- Enterprise Systems Management (ESM)
- Integration Domain
- Legacy Information Technology Solutions
- Smart Device Use
- Service Oriented Architecture
- Web Systems
ETA - Enterprise Technical Requirements
Technology roadmaps published by the COV Enterprise Architecture team provide guidance for planning technology investments, upgrades, and lifecycle changes. They define which product versions are approved for use, when they should be updated, and when they must be retired, helping agencies and suppliers maintain alignment with statewide technical standards.
The purpose of version governance is to prevent last‑minute upgrades that disrupt service delivery while encouraging proactive lifecycle management. Regularly updating to current, supported versions improves productivity, strengthens security, and reduces the long‑term costs associated with maintaining outdated and legacy technologies.
These roadmaps enable agencies and suppliers to plan predictable, scheduled updates. Because roadmap assessments reflect the best information available at the time and must adapt to vendor and industry changes, they remain subject to revision as external conditions evolve.
Roadmaps are available for the following:
-
- Application Hosting Platforms
- Artificial Intelligence (AI) Technologies
- Cloud Services
- Data Management Technologies
- End User Computing Operating Systems (OS) Technologies
- End User Computing Productivity Software Technologies
- End User Computing Web Browser Technologies
- Enterprise Applications (Under Dev)
- Search Engine Technologies
- Server OS and Hypervisor Technologies
- Web and Application Server Technologies
Roadmap Classification and Definitions - Technology Roadmap Definitions
Reference Architectures
EA reference architectures provide standardized, reusable architectural models that guide the design and implementation of technology solutions across an organization. They establish common structures, terminology, and solution patterns for major domains such as security, data, applications, integration, cloud, and network services, ensuring systems are developed in a consistent, interoperable, and compliant manner. By defining the foundational components, required controls, and approved technologies for each domain, reference architectures help reduce complexity, accelerate solution development, and promote alignment with enterprise strategies and standards.
Within a large enterprise, reference architectures also function as authoritative blueprints that inform decision‑making throughout the IT lifecycle. They support agency teams, architects, and suppliers by clarifying how solutions must fit within the broader technical ecosystem, enabling predictable integration, improved security posture, and long‑term maintainability. Through the use of well‑defined reference architectures, organizations can reduce redundancy, strengthen governance, and ensure that technology investments remain sustainable, secure, and aligned with the enterprise’s strategic direction.
Patterns
Enterprise Architecture (EA) patterns provide reusable, proven approaches for designing and implementing technology solutions across an organization. They help architects solve recurring challenges in a consistent, efficient manner by offering standardized models for integration, security, data management, user access, and system design. By abstracting complex architectural concepts into repeatable templates, EA patterns reduce design time, promote best practices, and ensure solutions remain aligned with enterprise principles and technical standards.
Within a large enterprise environment - such as the Commonwealth of Virginia - EA patterns enable agencies to adopt consistent approaches for common capabilities like identity federation, network segmentation, cloud adoption, logging and monitoring, and high‑availability design. These patterns not only accelerate solution development but also improve interoperability, maintainability, and security across systems. By guiding technology decisions with well‑defined architectural patterns, the enterprise ensures that new solutions integrate seamlessly into the broader ecosystem while maintaining compliance with statewide governance, standards, and long‑term strategic direction.
Cloud Technical Reference Architecture
RAG Architecture Patterns Library
CI / CD Reference Architecture
Engage with the VITA EA Team
Getting the Enterprise Architecture (EA) team involved early helps projects avoid delays, unexpected requirements, and costly redesigns later in the process. When architects are included from the start, they can help ensure that the solution fits statewide standards, security rules, and long‑term technology plans. Early involvement also makes it easier to spot risks, plan for integration with other systems, and choose the right technologies before major decisions are locked in. This leads to smoother reviews, faster progress, and higher‑quality outcomes.
You can work with the VITA Enterprise Architecture (EA) team by using the information and tools they share on this VITA website. EA pages explain the rules, technology standards, and steps you need to follow when asking for help or submitting a project for review. Using these resources helps you know when to contact the EA team, what forms or details to send, and how your project will be checked. Reaching out through listed contacts, request forms, or through your AITR makes sure your project follows statewide rules and stays safe and secure.
By talking with the EA team early, you can avoid delays, get the right guidance, and build a better solution from the start.
If an agency or service operation cannot comply with the Commonwealth’s approved EA standards or technology roadmaps, an Archer exception request must be submitted to document the gap, its justification, and the planned path to remediation. Common examples of exceptions include:
- Use of software that is two or more versions behind the current supported release.
- Reliance on out‑of‑support or end‑of‑life hardware, or hardware older than five years that remains in active service.
- Inability to meet an enterprise requirement, such as mandated logging, data availability, or security controls.
Register your exceptions in Archer, the COV risk management system.
Under Executive Order 30, VITA is required to create and share an Artificial Intelligence (AI) policy and matching technology standard that every executive branch agency must follow. This policy ensures AI is used responsibly, ethically, and within the Commonwealth’s overarching governance framework. It covers all types of AI, whether standalone solutions, embedded systems, or generative models, and applies equally to agency-developed tools and those provided by external vendors.
As part of these requirements, all agencies and vendors are required to formally register both planned and active AI uses in their operational environments. This registration occurs through the Archer system and, for external AI, also in the Commonwealth Technology Portfolio (CTP) using Planview Portfolios. Registration allows VITA and the relevant secretariat to review AI proposals, assess risks, and verify adherence to statewide standards and controls before deployment.
For more detailed guidance, including step-by-step instructions for submitting records, visit VITA’s Artificial Intelligence section and use the Archer application to initiate or access your agency’s AI registrations.
Enterprise Architecture (EA) reviews ensure that proposed designs comply with VITA standards, meet required service expectations, and properly document any exceptions. During a review, architects evaluate the submitted materials, identify risks, assess architectural attributes such as scalability and performance, and raise questions or concerns where requirements, design logic, or compliance need clarification. EA may also provide technical recommendations when appropriate. Architects verify that all design requirements are fully addressed. Reviewers prepare approval or rejection comments based on completeness, accuracy, and alignment with Commonwealth principles, security requirements, and technical roadmaps.
The overall goal of EA reviews is to ensure that changes are well‑documented, conformant to standards, secure, compatible with the enterprise environment, and supportive of the Commonwealth’s long‑term architectural vision.
IT Strategic Plans (ITSPs) are required every two years by the Code of Virginia (§ 2.2‑2014 A). Agencies must document the IT initiatives they intend to pursue during the upcoming biennium. As part of the approval workflow, Enterprise Architecture (EA) reviews each plan to ensure alignment with standards, identify opportunities for reuse, confirm that outstanding exceptions are being addressed, and verify the clarity and feasibility of proposed initiatives.
The ITSP defines both strategic and operational technology needs over a six‑year horizon, including the agency’s current IT state, external factors affecting IT, and its proposed future IT solutions. EA focuses primarily on the Proposed IT Solutions section, as this is where agencies describe future initiatives, business value, dependencies, and required technology investments.
EA reviews for clarity of intent, potential risks, mandate‑driven requirements, business requirements (BRT/BRnT/BReT), and the presence of any redundancies or unsupported technologies. EA evaluates whether each proposal is clearly described, consistent with Commonwealth standards, aligned with enterprise hosting expectations, and free of conflicts with existing platforms or COV-Ramp approved products. EA also checks whether the plan accounts for any active EA or security exceptions. When clarification or additional details are needed, EA coordinates with the assigned IT Investment Management Division (ITIMD) representative, understanding that response times may vary depending on agency engagement.
Investment Business Cases (IBCs) serve as the Commonwealth’s formal mechanism for authorizing agencies to initiate procurement activities such as developing project charters, issuing RFPs, and allocating funds. As part of the IT Investment Management (ITIM) process, specifically the Pre‑Select and Select phases, IBCs document the business need, proposed solution, and anticipated value of the investment so that reviewers can assess whether the initiative aligns with agency priorities and Commonwealth strategic direction.
During IBC review, Enterprise Architecture (EA) evaluates whether the proposed investment is consistent with the agency’s IT Strategic Plan (ITSP), adheres to Commonwealth technology standards, and supports long‑term strategic goals. EA also examines whether the solution aligns with enterprise architecture expectations, including cloud‑appropriate design choices, modernization principles, and avoidance of duplicative platforms, reflecting ITIM’s objective to select investments that “best meet business needs” and leverage existing enterprise capabilities.
If an IBC is compliant and no architectural concerns are identified, EA will approve it. When clarifications or conditions are needed, such as addressing risks, ensuring adherence to standards, or validating alignment with enterprise direction, EA may return the IBC for additional information or approve it with stated conditions. This approach supports ITIM’s goals of selecting the right investments, reducing risks, ensuring alignment with agency and Commonwealth strategy, and maximizing business value across the investment lifecycle.
A Procurement Governance Request (PGR) is a formal submission that state agencies must make to the Virginia Information Technologies Agency (VITA) when seeking Commonwealth CIO approval for certain IT-related investments. PGRs are required for technology purchases or upgrades administered through VITA’s IT Partnership program if the total one-time cost is $250,000 or more, and for activities such as cloud services, sole-source procurements, or cooperative contracts.
Agencies must submit PGRs via the Commonwealth Technology Portfolio (CTP) system (Planview Portfolios), typically through their Agency IT Resource (AITR) or procurement staff. These requests undergo a review aligned with Code of Virginia §§ 2.2‑2012 and 2.2‑2018.1, ensuring the CIO evaluates the investment for compliance with statewide technology strategy, security mandates, and enterprise objectives.
A Project Governance Request (PGR) follows an approved Investment Business Case (IBC), once the agency is ready to fund the proposed solution. Similar to the IBC review, Enterprise Architecture (EA) evaluates the PGR for compliance with EA standards and alignment with the Commonwealth’s IT strategy. Following the review, an enterprise architect (EA) will either approve the PGR or request additional information before approval. EA may also contact agency representatives for clarification as needed during this process.