This is one of the frequently asked questions to me. While my answer depends on the background and motive of the person asking this question, let me state the general-purpose answer to this question in this blog.
SOA Governance is a subset of IT governance. Peter Weill and Jeanne Ross from MIT have given the definition of IT Governance as "Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT." On similar lines, we can define SOA governance as specifying the decision rights and accountability framework to realize the full value of SOA adoption in an organization.
To better understand SOA governance, let's categorize it as design-time governance and run-time governance. Design-time governance primarily includes business services portfolio planning but sometimes also includes SOA Platform planning. The business services portfolio planning involves establishing answers for following questions:
* Which services to develop?
* Which services to develop first?
* Is this really a new, reusable service?
* Who is going to pay for the development and maintenance of this service?
* Who owns this service?
By establishing answers to these questions, the reuse potential of SOA adoption can be fully exploited thus giving rise to cost reduction and IT flexibility.
The run-time SOA governance involves definition and enforcement of policies for security, SLA monitoring, routing and transformation. While design-time governance focuses on developing right services, run-time governance focuses on ensuring smooth execution of these services as per the expectations.
While governance is more to do with people behavior, some tools can be used to aid the people responsible for governance. One can use service repository as the tool for design-time governance as it stores all metadata related to services at a central location. For run-time governance, one can use a service registry and/or services management tools. Many Enterprise Service Bus (ESB) products also provide the functionality for run-time governance.