I'm interested in both governance and the mainframe, so I was immediately attracted by an announcement from SOA Software; it now "Extends Mainframes Applications to the API Economy". In other words, it lets you (via its Lifecycle Manager, which now supports mainframe environments) manage, document and enforce service APIs across the whole organisation and eliminate those silo'd backwaters which, in effect, can make a nonsense of overall governance. It is essential that mainframe-based systems share, as a first-class partner, the same overall governance processes as distributed systems.
Of course, any tool is only an enabler - for good governance, it's essential that there's a level of customer maturity which recognises portfolio rather than project management; whole lifecycle cost rather than delivery cost; and which rewards rather than pays lip service to desired behaviours.
The key characteristics of SOA Software's approach, aside from the fact that it seems well thought through and can be enforced where appropriate (stressing "appropriate") are that (as Brent Carlson, Senior Vice President, Technology, confirmed when talking to me) it recognises the importance of "just enough" governance or process (the sort of thing I explore here). The aim is to make the business more effective and let the business be more innovative more successfully (and more safely); not just to tick compliance check boxes and stop the business doing anything new and exciting. Real freedom to do innovative business comes from working within a framework that protects innovators from disaster - and that is what good governance should achieve.
More prosaically, perhaps, SOA Software recognises the importance of role-based governance and of allowing documented, controlled, time-limited exception to compliance rules, in order to meet real business deadlines - where this is legal - and this is supported in the software.
SOA Software provides a rich SOA/API governance solution including Portfolio Manager (which aligns APIs with the business); Lifecycle Manager (helps you build APIs that match business needs, now and to come); Policy Manager (policy-based governance services); and, Service Manager (runtime security, monitoring, mediation and other runtime capabilities). I only wish I'd had tools like this available when I was involved with IT Governance in banking in the last century!