An Application/Information Concept Matrix shows which application components allow access to which information concepts. As a result, the cross-mapping between application component and information concepts visualizes where an information concept is made available for consultation.
Applying the method
Creating an Application/Information Concept Matrix is a valuable complement to the Information Concept/Business Process Matrix. When the two matrices are combined, an overall picture of the use of information concepts emerges. Merging the two matrices provides insight into which application components are used to access specific information and which processes are used to do so. It also provides insight into where in the organization (within which departments or business units) these processes are being performed. By using these two matrices, for instance, it is possible to trace where and how information is used and accessed down to the departmental level.
Additional use of the matrix
An Application/Information Concept Matrix can also be used for additional purposes. One such additional purpose is to provide insight into which application components require additional security measures. This is typically done using the CIA score. Certain types of information (such as sensitive personal information) cannot be made available to everyone and often require additional security measures. In most organizations, application components that provide access to sensitive information are subject to additional integrity and confidentiality requirements. As a result, this will lead to a high CIA score in nine times out of ten.
An Application/Information Concept Matrix can help determine which application components should meet the additional requirements from a security perspective. The addition of the CIA score to the Application Portfolio Catalog is a useful tool in this regard.
The Application/Information Concept Diagram shows the relationship between the application components and the information concepts that can be accessed. To illustrate, Application component E enables the retrieval of historical medical data. This type of information falls into the category of sensitive personal information and has additional security requirements. The CIA score for this application component generates high values for confidentiality and integrity.
Of course, many more cross sections can be created based on the information captured in the Application Portfolio Catalog. The example shown above is just one of many uses of the Application Portfolio Catalog.
More information
For additional information about creating an Application/Information Concept Matrix, please refer to Chapter 8, Section 8.2.1.4, of my book Getting Started with Enterprise Architecture.