Information Systems Architecture

Information systems architecture pairs data and application views so an enterprise can say what information exists, who governs it, and which systems carry responsibility for it.

TOGAF 10 Phase C, data and application architecture together

Information systems architecture is the description of what information an enterprise holds, who governs it, and which systems carry responsibility for it. It is the layer where strategy and business design become concrete enough to argue about, because it names the data that matters and the applications that store, move, and publish it. Without it, each system team optimises its own corner and the enterprise loses sight of what its information actually means.

This stage builds two paired views at once. Data architecture describes the information itself, its domains, owners, and authority. Application architecture describes the systems that hold, integrate, and publish that information. The two are kept together because a decision in one almost always constrains the other, and separating them tends to lock in problems that are expensive to undo.

The stage opens by explaining why the two views are paired, then maps information into domains, settles where authority really sits, and works through master data, asset and network data, metadata, and analytics. It closes on the application side with building blocks and the integration choices that decide how easily the whole enterprise can change.

The stage builds up in this order. Read it straight through on the first pass, or jump to any concept.

  1. Paired layer
  2. Information domains
  3. Information authority
  4. Master data
  5. Asset data quality
  6. Metadata
  7. Analytics fit
  8. Building blocks
  9. Integration

Data and applications as one paired layer

When a retailer designs how its order data is owned, it has to settle in the same breath which application stores that data and which one publishes it. That is why this stage develops data architecture and application architecture as one effort rather than two: authority, integration, and publication choices are coupled, and a clean answer in one view is worthless if it contradicts the other. Holding them together is what keeps the architecture coherent at enterprise scale rather than locally tidy and globally broken.

It is tempting to run the data work and the application work as separate initiatives on their own timelines, since they involve different specialists and tools. The trouble is that application boundaries drawn before information ownership is clear tend to bake in duplicated or ambiguous data, and that makes integration, publication, and governance harder once the systems exist. Running the two views as a single effort is the safer order, because the boundaries you draw will commit you long after the project ends.

Phase C runs data and applications as two parallel tracks, not in serial A converging two-track flow for TOGAF Phase C. A wide blue input panel holds the Phase B handover: baseline, target and the agreed gap list. Two arrows labelled feeds split down to two equal side-by-side tracks: Data architecture (domains, source-of-truth, models, lineage) and Application architecture (portfolio, components, interfaces), which a central note says run in parallel. Two arrows labelled converge merge them into one red panel, the joint gap analysis, a single integrated data-and-application gap report owned by Phase C. An arrow labelled signs off leads to a blue output panel of signed-off architecture handed to Phase D. A red note names the joint gap the Phase C signature. Shared inputs from Phase B Business architecture handoverBaseline, target and the agreed business gap listPhase B feeds feeds Track one Data architectureInformation domains and source-of-truth mapLogical and physical data models, lineageArchitect Track two Application architecturePortfolio, logical components and interfacesApplication-to-data mapping, integrationsArchitect run in parallel converge converge Joint gap analysisOne integrated data-and-application gap reportPhase C signs off Handover to Phase D Signed-off architectureApproved data and application architecture, ready for Phase DPhase D The joint gap is the Phase C signature.One report to Phase D, not a data gap and an application gap negotiated separately.
Data and application architecture developed as one paired layer rather than two separate initiatives.
Go deeper in the module

Information domains

A hospital that wants to understand its information might name patient, clinician, appointment, billing, and outcomes as domains, each with an owner and a set of dependencies, rather than listing the databases it happens to run. That is what an information map is: a grouping of the enterprise's information into business-relevant domains, broader than any schema and more structured than a loose glossary. It gives you a unit of information responsibility that survives even when the underlying systems are replaced.

The common slip is to treat the map as an inventory of the current databases and tables, which simply mirrors the accidental shape of legacy systems. A map built that way stops being an enterprise view and becomes a technical catalogue that ages with the estate. The better approach is to define each domain as a unit of business information responsibility, independent of where it is stored today, so the map keeps describing what the enterprise needs to know rather than what its systems happen to hold.

Information domains group data by business responsibility A stack of five hospital information domains. Patient holds identity, history, and consent. Clinician holds staff, roles, and rotas. Appointment holds scheduling and capacity. Billing holds charges and payers. Outcomes holds results and measures. Each domain is a unit of business information responsibility independent of any single system. PatientIdentity, history, and consent ClinicianStaff, roles, and rotas AppointmentScheduling and capacity BillingCharges and payers OutcomesResults and measures
Information grouped into business-relevant domains with owners and dependencies, not a list of databases.
Go deeper in the module

Information authority versus a single source of truth

In a bank, the onboarding system may be authoritative for a customer's verified identity while the servicing system is authoritative for their current balance, and both matter to the truth of the same customer without either being the whole truth. Authority is usually attribute-specific or lifecycle-specific, so the real architecture question is who owns which attributes and how conflicts are resolved, not which single system is declared the truth. Seeing authority this way is more honest about how enterprises actually work.

The slogan that every entity must have exactly one source of truth for all of its attributes sounds disciplined but hides this reality, and it becomes dangerous when two systems are each authoritative for different parts of one entity. A better record is an explicit authority map that states which system or role is authoritative for which attributes and lifecycle states. That map is harder to write than a one-line claim, but it tells consumers what they can actually rely on and how disagreements get settled.

The information authority chain from source of truth to downstream record A horizontal chain of five rounded panels joined by labelled flow arrows, under a top axis arrow reading authority flows one way, source to record. From the left: Source of truth, the authoritative store held by a named owner, emphasised in red; an arrow labelled validated to Validation, a quality gate; an arrow labelled published to Publication, the feed published once; an arrow labelled subscribed to Distribution, where consumers receive it; an arrow labelled stored to Downstream record, the read-only copy each consumer keeps, marked as tracing back to source. A red note beneath states that any break between two steps is an authority gap. Authority flows one way, source to record Source of truthAuthoritative storeHeld by a named owner ValidationQuality gate clears itSchema, freshness, rules PublicationFeed published onceDocumented endpoint DistributionConsumers receive itDelivered by subscription Downstream recordRead-only copy heldIn the consumer system Traces back to source validated published subscribed stored Any break between two steps is an authority gap.A record sourced outside this chain, or a stale copy treated as current, is no longer traceable to the sourceof truth.
An authority map showing which system owns which attributes and lifecycle states of one entity.
Go deeper in the module

Customer master data management

An airline that wants a single view of a traveller across booking, loyalty, and service first has to agree what the customer entity even means and how duplicate records are matched, long before it claims a golden record. Customer master data management is that set of architecture decisions about identity, golden records, authority, stewardship, matching, and publication. It is a way of controlling customer information across channels, not a box to be bought and switched on.

Programmes often promise one master system as a one-time clean-up, which skips the identity logic and authority boundaries that make the result trustworthy. The work succeeds when it is tied to specific high-value decisions and authority problems, with identity, matching, and stewardship rules settled before any golden-record claim is made. Approached that way, master data thinking controls customer information without flattening the genuine differences across the enterprise.

The customer master data lifecycle closes: create, match, merge, govern, retire Five stage panels form a clockwise ring around a central label reading The master data lifecycle. Stage 1 Create, owned by the channel, sits at the top. Blue arrows carry the verbs candidates, consolidate, approve and lifecycle end clockwise through Stage 2 Match and Stage 3 Merge, both owned by the MDM engine, then Stage 4 Govern and Stage 5 Retire, both owned by the data steward. A single red arrow labelled recognise, not recreate closes the ring from Retire back to Create. A legend separates channel and MDM engine stages from data steward stages, and a red note states that dropping the closing loop fills the master with duplicates and dead records. CreateNew record enters intakeOwner: channelStage 1 MatchCandidates against the masterOwner: MDM engineStage 2 MergeConfirmed matches, one master IDOwner: MDM engineStage 3 GovernSteward signs off, arbitratesOwner: data stewardStage 4 RetireTombstone dormant or closedOwner: data stewardStage 5 The master data lifecycle A record loops through five stages and never ends in a dead record candidates consolidate approve lifecycle end recognise, not recreate Channel and MDM engineData steward owned The closing loop is the lifecycle.Drop it and a returning customer is created afresh, so the master fills with duplicates and dead records.
The customer master-data lifecycle from source systems through matching and stewardship to publication.
Go deeper in the module

Asset and network data quality and model authority

For an asset-heavy operator such as a national railway or a telecoms network, the condition of assets, the topology of the network, and the telemetry coming off it drive planning, safety, resilience, and reporting. That makes model authority and data quality architecture concerns rather than technical housekeeping, because the same data feeds decisions that carry operational and regulatory weight. Sector reality reshapes the architecture problem here in a way generic teaching tends to miss.

The mistake is to treat asset and network data as operational details left to the systems that produce them to govern in isolation. When operational-system boundaries are allowed to dictate the enterprise information architecture, the data becomes hard to publish, analyse, or govern coherently. Treating asset and network data as enterprise domains in their own right keeps publication and analysis aligned across the whole organisation rather than trapped inside the systems that happen to generate it.

Asset and network data: store, model, and consumer per domain A matrix for an asset-heavy railway operator with three data domains as rows: network topology, asset condition, and live status. Columns are the store of record, the model it conforms to, and the operational consumer. Network topology is stored in the route database, conforms to the track and signalling model, and is consumed by timetable planning. Asset condition sits in the asset register, conforms to the asset class model, and feeds maintenance. Live status sits in the control system, conforms to the live state model, and feeds operations control. Data domain Store of record Conforms to Operational consumer NetworktopologyRoute databaseTrack andsignalling modelTimetableplanning AssetconditionAsset registerAsset classmodelMaintenancescheduling Live statusControl systemLive statemodelOperationscontrol
Asset, network, planning, and telemetry data treated as enterprise domains rather than system-local details.
Go deeper in the module

Metadata and information publication

A government department publishing open statistics needs each dataset to carry its owner, its refresh date, and the definitions behind the numbers, not just the figures themselves. Metadata architecture provides exactly that: it answers meaning, stewardship, provenance, lifecycle, and the conditions under which data may be published, so a consumer can tell what the data means and whether it can be relied on. Discoverability and trust are architectural outcomes, which is why metadata belongs in this stage.

Metadata is often postponed as administrative paperwork to be added once the data is already being published. The cost shows up later, when publication and analytics turn out to be far harder without it and the consumer base has already grown. Building metadata in from the start treats trust and discoverability as design goals rather than afterthoughts, and the more consumers a dataset has, the less optional that discipline becomes.

The same publication thinking carries two further Phase C concerns that are easy to defer and costly to retrofit. A government department releasing open statistics still has to decide who may see and receive which figures and under what controls, so data security and dissemination are design decisions taken alongside the metadata, not bolted on once consumers appear. The paired baseline-to-target data view is the other: it states how each domain moves from today's stores to the target without loss or duplication, so migration is designed rather than discovered when the systems change.

Metadata publication pipeline: a catalogue entry from draft to subscribed version A vertical pipeline of five numbered stages joined by downward flow arrows, each with a named owner. Step 1 Draft, owned by the analyst, validates to Step 2 Schema check, owned by the catalogue tool, which checks structure and required fields. It routes for review to Step 3 Steward review, owned by the data steward, who confirms definitions and lineage. The steward approves and publishes to Step 4 Published, owned by the catalogue, where a version is cut and a change log appended, then notifies subscribers at Step 5 Consumed. A version chip beside each stage rises from v0.1 to v1.0. A red note adds that published metadata is versioned, so consumers subscribe to a version and roll back. Version v0.1 v0.1 v0.2 v1.0 v1.0 1DraftAnalyst writes the catalogue entryAnalyst 2Schema checkStructure and required fields validatedCatalogue tool 3Steward reviewDefinitions and lineage confirmedData steward 4PublishedVersion cut, change log appendedCatalogue 5ConsumedDownstream catalogues subscribe by versionSubscriber Validates Routes for review Approves and publishes Notifies subscribers Published metadata is versioned, so it can be rolled back.Consumers subscribe to a specific version and roll back when a definitionchanges, the discipline a code release pipeline uses.
Metadata travelling with information through stewardship and publication so consumers can judge what to trust.
Go deeper in the module

Analytics fit and decision support

A streaming service can present a polished retention chart that is still misleading if the semantics behind the metric and the logic that refreshes it have never been settled. Analytics architecture is concerned with information quality, semantic consistency, latency, access, and the decision context behind each view, which means a dashboard is an output of the architecture, not the architecture itself. The visual layer is only as sound as the foundations it sits on.

It is easy to take a well-designed dashboard as evidence that the analytics architecture beneath it is sound, but a confident chart can rest on unsettled semantics, unclear authority, and missing metadata. The safer sequence is to settle semantics, authority, metadata, and refresh logic before the visual layer is built, because trustworthy decision support depends on foundations a chart alone can never guarantee. Good analytics architecture is judged by the decisions it supports, not by how the numbers look.

The BI chain from raw source data through to a named board decision A left-to-right chain of five BI stages joined by labelled flow arrows. Stage 1 Source produces raw operational data from operational systems. An arrow labelled models leads to Stage 2 Model, a dimensional model in the data warehouse. An arrow labelled serves leads to Stage 3 Dashboard, served visuals from the BI tool. An arrow labelled interprets leads to Stage 4 Insight, a surfaced finding from the analyst. A red arrow labelled decides leads to Stage 5 Decision, action taken by the board, shown in red as the genuine outcome. A red note below states that stopping at a dashboard leaves only decoration, and the chain only pays off when it reaches the named board decision. Stage 1Stage 2Stage 3Stage 4Stage 5 SourceRaw operationalOperational systems ModelDimensional modelData warehouse DashboardServed visualsBI tool InsightA surfaced findingAnalyst DecisionAction takenBoard models serves interprets decides Stop at a dashboard and you have decoration.The chain only pays off when it reaches the named board decision it was built to support, so every analytics workstream must run end to end.
The chain from trusted source information through a semantic layer to a decision, with a chart as the final output.
Go deeper in the module

Architecture building blocks and solution building blocks

A scale-up that needs a way to send transactional notifications first defines that responsibility, its interfaces, and its constraints as an architecture building block, then weighs candidate products against it. An architecture building block states a logical application responsibility; a solution building block is the concrete product chosen to satisfy it. Naming the responsibility first is where application architecture meets the marketplace of possible solutions without surrendering to it.

The failure is to treat the selected vendor product as the architecture, as though naming the product were the same as defining the responsibility. That skips the layer where capability, interfaces, and reuse should have been reasoned about. Naming the building block and its required capability and constraints before choosing a product keeps the enterprise able to reason about what it needs, and it preserves the independence that procurement pressure would otherwise erode.

ABB to SBB selection hierarchy: from architecture pattern to delivered solution A vertical abstraction ladder of four steps with a left-hand axis labelled more concrete and flow arrows carrying the trace verbs between steps. From the top: L1 ABB pattern, the abstract capability the architecture needs; an arrow labelled select leads to L2 ABB selected, the named pattern from the catalogue; an arrow labelled evaluate leads to L3 SBB candidate, a vendor product or in-house build under review; an arrow labelled realise leads to L4 SBB realised, chosen, contracted and integrated, marked in red. A right-hand bracket groups the top two steps as ABB and the bottom two as SBB. A red note states there is no SBB without an ABB above it, since only the realised step incurs cost. More concrete From pattern to delivered solution L1ABB patternAbstract capability the architecture needsArchitect L2ABB selectedNamed pattern chosen from the catalogueArch board L3SBB candidateVendor product or in-house build under reviewArchitect L4SBB realisedChosen, contracted, integrated into deliveryDelivery Select Evaluate Realise ABB: architecture SBB: delivery No SBB without an ABB above it.The realised solution is the only step that incurs cost and lock-in, so it must trace up the ladder to apattern the architecture chose.
A logical building block defining a responsibility, with candidate products evaluated against it.
Go deeper in the module

Integration and coupling decisions

When a music streaming firm keeps each domain's data owned by one team behind a defined interface, it stops any single team's system from becoming a hard dependency for everyone else. Integration choices about interoperability, coupling, latency, ownership, and failure handling shape how easily the enterprise can change, which makes them enterprise decisions rather than implementation details. The way systems connect decides how brittle or how adaptable the whole estate becomes.

Designing integration one service-to-service interface at a time feels pragmatic, but it loses sight of cross-system dependency risk and publication discipline. A better practice is to record each integration decision with its authority boundaries, latency expectations, failure consequences, and coupling, and to explain why the chosen pattern is the least harmful option. The strongest integration architectures justify not just how systems connect but why that connection style serves the enterprise best.

Integration coupling on two axes: synchrony and contract strength A two-by-two matrix of integration coupling on two blue axis rails: a vertical Synchrony rail, asynchronous to synchronous, and a horizontal Contract strength rail, loose to strong, along the bottom. Each quadrant names one combination, marked green for what it gains and amber for what it sacrifices. Synchronous plus loose is REST polling: simple, but with latency. Synchronous plus strong, marked in red, is RPC or gRPC: fast with a clear contract, but the tightest coupling. Asynchronous plus loose is an event bus with no schema: decoupled, but unsafe. Asynchronous plus strong adds a schema registry: resilient and safe, but delivery semantics to manage. The choice belongs to the use case. Synchrony: async to sync Contract strength: loose to strong Synchronous, loose REST polling Simple to build and reason about Latency and wasted calls Synchronous, strong RPC, gRPC Fast, with a clear contract Tightest coupling on the board Asynchronous, loose Event bus, no schema Fully decoupled producers No safety on the payload Asynchronous, strong Event bus and registry Resilient and schema-safe Delivery semantics to manage What the combination gainsWhat it sacrifices Sync and strong is the tightest coupling.RPC is fast and clear, but it binds caller to callee. Choose it only when the use case truly cannottolerate delay.
A decision view weighing coupling, latency, ownership, and failure handling for each integration choice.
Go deeper in the module

Practise with the stage's tools

Printable, fillable artefacts for putting this stage to work. Each cites its source, opens in the diagram workspace, and downloads as it stands.

Phase B, Business Architecture

Architecture Decision Record: adopting the IEC CIM for the LTDS

A Nygard-format record reads as a spine: the context flows into the decision, the one emphasis anchor, which then branches into the consequences it accepts and the alternatives it set aside.

Phase G, Implementation Governance

The TOGAF Architecture Repository: a framed estate of eight partitions

The Architecture Metamodel frames the work from the top and the Architecture Capability governs it from the bottom. Between them sit six content partitions, each answering one question about the architecture.

ADM-wide

Phase B, Business Architecture

Phase C, Information Systems Architecture

TOGAF iteration cycles run as a loop, not a one-way line

The ADM runs as four iteration cycles that pass work round a ring: Capability frames Development, Development feeds Transition Planning, planning is held by Governance, and Governance reopens the next round. The planner picks how many phases run inside each cycle.

ADM-wide

ADM-wide

ADM-wide

Information domains flow from a single owner of truth to their consumers

Four domains, each traced left to right: the domain, the one accountable owner whose system is the source of truth, and the downstream systems that consume it.

Phase C, Information Systems Architecture

Phase C, Information Systems Architecture

Phase C, Information Systems Architecture

Asset and network data: each domain mapped from store of record to model to consumer

Four data domains each trace the same path: the system of record that holds them, the model or standard they must conform to, and the operational consumers that read them back.

Phase C, Information Systems Architecture

Phase C, Information Systems Architecture

Phase C, Information Systems Architecture

Integration coupling profile scored across five coupling dimensions

Each row scores how tightly two systems are coupled on one dimension, from data and timing through to platform and transaction, on a shared one-to-five scale. The lower the bars, the looser and more resilient the integration.

Phase C, Information Systems Architecture

Application portfolio strategy on the Gartner TIME quadrant

Each application is placed by business value against technical quality and fit, sorting the estate into the TIME quadrants: invest in strong high-value systems, migrate valuable systems on weak technology, tolerate sound but low-value systems, and eliminate the rest.

Phase C, Information Systems Architecture

The LTDS information journey: from operator data to a published product

Six steps move the data from the operator's systems to the regulator: raw operator data, CIM model, validation, package, publication and regulator consumption, each owned by a different team.

Phase C, Information Systems Architecture

Phase C, Information Systems Architecture

Test yourself on this stage

Check what has landed. The practice set gives instant feedback as you go; the timed assessment mirrors a real sitting, with a pass record and a breakdown by domain.