Data requirements for "What is our application portfolio?"

This business question examines the application portfolio. The visualization is a master list of all applications and their attributes and relationships to other aspects of the IT architecture.

MM_Overview 

To have meaningful data for the business question What is our application portfolio?, you must capture the following information about the applications in your company.

Column Mandatory Explanation

Name

x

The application name.

Short Name

A short name to identify the application.

Version

x

The application version.

Description

A short description of the application.

Start Date

x

The start date is the date when the application is actively used.

End Date

x

The end date is the date when the application is no longer used.

Object State

x

Describes the use of the application in the real word. This can be understood as the operational status of the application. Possible values are:

  • Plan: The application is proposed to be used and still in the stages of planning and building.
  • Active: The application is currently being used. The active period begins with the application's start date and stops with the end date.
  • Retired: The application is no longer used.

The object state should be changed from Plan to Active once the application's start date is reached. It should be changed to Retired when the application's end data is reached.

Status

x

Specifies the approval status of an application and determines whether or not the application can be edited or deleted. Possible values are:

  • Draft: The application has only mandatory data defined.
  • Under Review: The application is documented and being reviewed. An application with this release status cannot be deleted.
  • Approved: The application has been approved by the responsible stakeholders. An application cannot be deleted when it has an approved release status. An application with this release status cannot be deleted.
  • Data imported: The data regarding this application has been imported from an external system. Additional changes may be required to improve the data quality. An application with this release status can be deleted.
  • Trash: The application is no longer valid and can be deleted.
Architecture Type

The architecture type of the application: Possible values are:

  • Client-Server: The application divides tasks or workloads between the providers and consumers of a resource or service.
  • Cloud-Based: The application runs on SaaS cloud environments. The cloud infrastructure could be local or remote to the organization.
  • Distributed: The application runs on multiple computers within a network. The network boundary can extend from private intranets to public clouds.
  • External Webpage: The application is an external resource represented through a web link.
  • Mainframe: The application is used by large organizations to carry out critical processing tasks such as bulk processing of data, transactions, planning or statistical activities.
  • Stand-Alone: The application is a self-contained application that does not rely on external entities to complete a task.
  • Unknown: The architecture type has not yet been assessed.

Development Type

The application development type.

  • Bespoke: The application was created specifically to address a unique use case.
  • COTS - Configured: A commercial off-the-shelf application that has been configured or supports configuration to fulfill the requirements of the enterprise and is fully supported and upgrade-stable.
  • COTS - Customized: A commercial off-the-shelf application that is customized or contains organization-specific code/programming to suit the requirements of the enterprise.
  • Unknown: The application development type has not yet been assessed.

Authentication

The authentication method used for the application.

  • Autonomous: The application supports autonomous methods such as Direct Autonomous Authentication (DAA) for authentication. This can be carried out through mobile or remote authentication systems.
  • Basic Access: The applications support basic authentication based on a username and password. Protocols and layers such as HTTPS, SSL. or TLS could be used to enhance security, but these are not mandatory.
  • Multi-Factor: The application requires more than one method of authentication from independent verification sources to verify the transactional identity.
  • Multi-Factor & SSO: The application supports both multi-factor authentication (MFA) and single sign-on (SSO) authentication methods.
  • No Authentication: The application does not support authentication.
  • Single Sign-On: The application supports the use of a single ID and password to gain access to several related or unrelated systems.
  • Unknown: The authentication mode has not yet been assessed.

Alias

A unique suffix used to identify this application.

Recommendation

The strategic recommendation regarding future investment for the application. Possible values are:

  • Tolerate: Invest in the application.
  • Invest: Consider the application as a migration candidate.
  • Migrate: Sundown the application.
  • Eliminate: Discontinue the application.

Strategic

Indicates whether the application is strategic for the business.
Pace-Layered Governance

Classification of application according to the Pace-Layered Application Strategy. Possible values are:

  • System of Differentiation: The application enables unique company processes or industry-specific capabilities. The application has a medium-length lifecycle (one to three years) but needs to be reconfigured frequently to accommodate changing business practices or customer requirements.
  • System of Innovation: The application is built on an ad-hoc basis to address new business requirements or opportunities. The application typically has a short lifecycle (zero to 12 months) using departmental or outside resources and consumer-grade technologies.
  • System of Record: The application is an established packaged application or legacy homegrown system that supports core transaction processing and manages the organization's critical master data. The rate of change is low because the processes are well-established and common to most organizations and often are subject to regulatory requirements.

Predecessor

The application's predecessor application.

Successor

The application's successor application.

Cloud Migration Strategy

The strategy to migrate the application to the cloud. Possible values include:

  • Rehost: The application is SaaS-enabled but is either outdated or would require rehosting to the cloud platform.
  • Rebuild: The application could be made cloud ready but would require a change in the build process to ensure seamless delivery. The concepts of CI/CD (continuous integration/continuous delivery) could be leveraged for these applications.
  • Rearchitect: The application requires additional effort to make it cloud enabled. For example, this might be due to application health monitoring, application security, data backup and policies, scalability and replication zones, disaster recovery, network utilization, multi-channel communication, or identity management.
  • Refactor: The application requires some changes in code to be eligible for migration to the cloud. The application can be modular or a self-contained application with services that can easily be refactored.
  • Retain/Retire: The application supports a business capability for which the Business Relevant indicator is set to Business Enabling or Business Operating and the application cannot be migrated to the cloud immediately. Or the application is at the end of its lifecycle and is about to be retired.
  • Unknown: The cloud migration strategy is not specified for the application.

Subject to Compliance Regulation

Indicates whether the application is bound to compliance regulations. This is relevant for cloud migration analytics.

Authorized User Group

The user groups who have access permissions to the application.

Organization: Business Owner

An organization who owns the application and is responsible for managing the functional requirements.

Organization: IT Owner

An IT organization owning the application and thus typically responsible for approval decisions.

Organization: Operations

An IT organization responsible for the operations of the application.

Organization: Stakeholder

An organization that has an interest in the application and therefore requires read-only access permissions.

Person / User: Application Manager

A person who is the subject matter expert for the application from a functional and technical point of view.

Person / User: Architect

A person who is responsible for the governance of the application.

Person / User: Business Owner

A person who owns the application and is responsible for managing the functional requirements.

Person / User: IT Owner

A person owning the application and thus typically responsible for approval decisions.

Person / User: Stakeholder

A person that has an interest in the application and therefore requires read-only access permissions.

Application Assessment: Geographical Reach

An application's area of usage and distribution reach. This allows you to determine the geographical reach of your portfolio based on application local, regional, or global usage. .

  • 0- Local
  • 1- Regional
  • 2- Global

Application Assessment: Mobile Capability

Mobile capability is used to determine whether an application is complaint for mobile platforms. An application that fully supports all mobile platforms (Smartphones, Tablets, Smart TVs, Smart Watches, etc.) is considered to be fully mobile-compliant. An application supporting one or many but not all of the mobile platforms is considered to partially mobile-compliant.

  • 0- Not Supported
  • 1- Only Mobile Website
  • 2- Partially Supported
  • 3- Fully Supported

Application Assessment: Multi Language Support

Indicates the level of support an application provides for multiple languages: 0- Unknown, 1- No, 2- Yes

Application Assessment: Number of Users

Indicates the number of users using this application.

  • 0: 0
  • 1: 1-10
  • 2: 11-100
  • 3: 101-1.000
  • 4: 1.001-10.000
  • 5: >10.000

Application Assessment: SCA Compliance

Strong Customer Authentication (SCA) is a European regulatory requirement to reduce fraud and make online payments more secure. SCA requires authentication to use at least two of the following three elements: 1. Something the customer knows (PIN/Password), 2. Something the customer has (Phone/Hardware token), 3. Something the customer is (Fingerprint/Face recognition). Possible values are: 0- Not required, 1- No but required, 2- Yes

Application Classification: 1 Confidentiality

1-Not Critical 2-Essential 3-Critical.

Application Classification: 2 Integrity

1-Not Critical 2-Essential 3-Critical.

Application Classification: 3 Availability

1-Not Critical 2-Essential 3-Critical.

Application Classification: DPIA Rating

A data protection impact assessment (DPIA) is a privacy-related assessment whose objective is to identify and analyze certain actions or activities that might affect data privacy. Under the GDPR regulations, data protection impact assessments are mandatory in certain cases such as when profiling activities are carried out using personal data. Possible values are: 5- Very High, 4- High, 3- Medium, 2- Low, 1- Very Low, 0- Not Required

Disaster Recovery: Recovery Point Objective (Hrs)

Indicates the recovery point objective in hours: 0-< 1 Hr 1-1-2 Hr 2-2-3 Hrs 3-3-5 Hrs 4-5-12 Hrs 5-> 12 Hrs.

Disaster Recovery: Recovery Time Objective (Hrs)

Indicates the recovery time objective in hours: 0-< 1 Hr 1-1-2 Hr 2-2-3 Hrs 3-3-5 Hrs 4-5-12 Hrs 5-> 12 Hrs.

Cloud Assessment: Does the app have peaks in the workload?

1-No 2-Yes (Exceptionally) 3-Yes (Regularly).

Cloud Assessment: Is the license eligible for cloud?

1-No 2-Yes.

Plan Start Date

This is the start date of the lifecycle phase Plan. The end date will be set to the minimum of the next maintained lifecycle phase's start date and the lifecycle end date.

Pilot Start Date

This is the start date of the lifecycle phase Pilot. The lifecycle phase will be set to the minimum of the next maintained lifecycle phase's start date and the lifecycle end date.

Production Start Date

This is the start date of the lifecycle phase Production. The lifecycle phase will be set to the minimum of the next maintained lifecycle phase's start date and the lifecycle end date.

Sunset Start Date

This is the start date of the lifecycle phase Sunset. The lifecycle phase will be set to the minimum of the next maintained lifecycle phase's start date and the lifecycle end date.

Retired Start Date

Start Date of "Retired" Phase. The End Date of the "Retired" Phase will be set to the Lifecycle End Date.

This is the start date of the lifecycle phase Retired. The end date will be set to the lifecycle end date.

Lifecycle End Date

This is the end date of the last lifecycle phase.

Business Process

The business processes that the application supports.

supported Business Capability

 x

The business capabilities that the application provides.

using Business Capability

The business capabilities that use the application.

using Organization

 x

The organizations that use the application.

Application Group

The application groups that the application is assigned to.

Component

x

The components that help provide the application.

Vendor

The vendors that indirectly provide the application via the components that the vendor provides.

Physical Server, Virtual Server

 x

The virtual and physical servers that the application runs on.

Location

The location of the application based on the location of the physical/virtual server that it runs on.

upstream Application

 x

Indirect reference via an incoming information flow.

downstream Application

 x

Indirect reference via an outgoing information flow

Business Data

x

Indirect reference via business data usage.