A structured 10-step approach to identify, document, and analyze vital services, their supporting applications, and worst-case scenarios for operational resilience.
This methodology provides a comprehensive framework for documenting and analyzing vital services within an organization. It covers the full lifecycle from identifying critical services to creating deployment diagrams for worst-case scenarios. Each step builds upon the previous one, ensuring traceability and complete coverage of the service landscape.
Each step includes detailed guidelines, modeling rules, and examples.
Evaluate the criticality of business activities. Document vital services as ArchiMate Business Services with attributes: name, category, owner, and description. Create a single view listing all vital services.
Map each vital service to RISK processes that realize them. Decompose generic processes into organized processes (2-5 per service). Service Owner accountable, relies on business and IT SMEs.
Break down organized processes into activities modeled as Business Functions. Follow an 8-step workshop approach: define scope, identify start/end events, identify activities, assign actors, map applications, and define process flow.
Identify applications used in each activity. Distinguish primary (critical) vs. supporting applications. Golden source: ServiceNow. Model as Application Components with AUID property. Color-code by criticality.
Define the worst-case scenario (Extreme Cyber Attack) and MTDT. Determine which activities are affected: performed as-is, done manually, deferred, or skipped. Classify impacted applications as "vital."
Create diagrams showing critical data flows between applications. Follow a 4-step workshop method. Add integration style and technology to each flow. Vital flows highlighted for worst-case scenario.
Uncover hard dependencies like master data repositories. Create Application Exchange Diagrams with the vital application in the center. Show incoming flows on the left, outgoing on the right.
Create Technical Architecture Diagrams focusing on components (databases, queues, schedulers) and call relationships with protocols. Distinct from Deployment Diagrams — no hosting nodes shown.
Optional step. Map applications to 7 categories of IT infrastructure services: Network, Security, Data, Collaborative, Operations, Compute, Communication. Identify critical vs. important services for WC scenario.
Create a specialized deployment diagram focused on the worst-case scenario. Based on application exchange and technical architecture diagrams. Specific guidance out of scope for this version.
Recurring conventions across all methodology steps.