What it shows:
A direct mapping between specific Business Services and the high-level Information Entities or Data Objects they consume, create, or modify.
Why it’s needed:
Data governance and security context. This proves to Data Owners and InfoSec teams that the sensitive data being handled by the deployed solution is fully understood. It answers the critical security question: “If this service is compromised or goes offline, what specific corporate data is exposed or lost?”
When to use it:
Highly recommended for High-Level Designs (HLD) and SADs when deploying any system—whether COTS or Custom Dev—that will act as a System of Record or process regulated/confidential information. Even when deploying packaged COTS software, if that software is the primary engine for creating and storing sensitive business data, that information boundary should be defined for the security teams.
When NOT to use it:
Generally best to omit for pure infrastructure, networking, or compute hardware deployments (e.g., node expansions, deploying new load balancers, hypervisor upgrades). If the project only provides the underlying “plumbing” and does not directly interact with the semantic meaning of the business data, this diagram adds unnecessary bloat.
Example:
