What it shows:
A map of how data physically or logically moves from a central authoritative source out to consuming applications and external systems. Crucially, it defines the flow direction, the interaction type (e.g., Push, Pull, Stream), and the permission model (e.g., Read-Only, Read/Write) for each integration.
Why it’s needed:
Integration governance and Data Loss Prevention (DLP). It should be proven to security and data owners that the central system will not leak confidential or regulated data to unapproved downstream systems. It provides the absolute baseline for firewall rules, API design, and cross-domain gateway configurations.
When to use it:
Highly recommended for Solution Architecture Documents (SAD) and High-Level Designs (HLD) when deploying a platform that acts as a “Single Source of Truth” integrated with other enterprise tools. It is required for both COTS and Custom Dev if the solution is sharing data outside its own immediate boundary.
When NOT to use it:
Generally best to omit for isolated, zero-trust, or standalone systems that have no external software integrations. Furthermore, skip this for pure infrastructure hardware swaps (e.g., migrating a VM to a new host) where the application-level data flows remain completely unchanged.
Example:
