Has anyone been able to create a scoring matrix to determine business criticality? Something like a series of 4 or 5 questions that will generate a score and let that determine the assigned criticality? Even kicking off an Excel spreadsheet?
Business Criticality scoring matrix
Page 1 / 1
what are you asking for? A diagram showing a business criticality rubric? Or the means to run a survey with multiple questions? Its a little unclear what your asking for.
We have used surveys (with calculated field ) options for Technical Fit/functional fit assessments.
https://docs-eam.leanix.net/docs/calculated-fields-in-surveys
Would this help?
I ask questions in these areas to get to the sensitivity of the business to outage or data loss:
- Permanent loss of revenue (that cannot be recovered post-incident)
- Loss of client satisfaction (loss of clients, need to discount to keep clients, new RFPs, etc.)
- Brand reputation impact (hard to earn, easy to lose)
- Business operations disruption impact (how many people, what scale of backlogs)
- One-off recovery costs (e.g. SLA payouts, paying for credit checks for a year)
- Litigation risks (breach of contract, sued for damages)
- Compliance impact (regulatory fines, restriction/suspension of license)
Generally businesses understand systems down (RTO) more intuitively than loss of data (RPO), but it’s important to test sensitivity in both dimensions.
Here is an article that proposes a tiered model from a Services view point. I found it quite interesting and there is something useful in there as a model to determine a business criticality classification for business applications in my opinion: https://www.linkedin.com/pulse/service-criticality-tiers-standard-architecture-sherif-samy/
I would however caution in going too deep into the model, as I believe this is an area where the threshold of the disminishing returns can be easily reached.
I am guessing you are trying to avoid the problem that everyone thinks their application is “Mission Critical” when in reality it is probably an “Administrative Service”. The killer questions to ask are how much they are willing to pay for the availability and how long can you manage without the application being available.
I am trying to achieve it with LeanIX for quite some time and defined relation fields in my sandbox environment. there could be multiple dimensions for criticality, if you see from business process PoV.
- Availability of application to run business process
- Time of criticality - When the process need application most
- Data criticality in terms of accuracy, timeliness and sensitivity
- Critical roles(human or non-human) need to access application
- Critical inter-dependencies in terms of other processes and/or applications
One of the way I believe is to define these attributes from Business process terminology with clear performance targets derived using SWOT analysis or a risk assessment.
Happy to collaborate and share my work so far 
Hi - When we were in the pre-sales phase, we had a configuration on the Application fact sheet that asked specific questions and then calculated an OOTB field. We decided we weren’t ready for that level of maturity for initial go-live so we did not carry that configuration into our Live environment. However, you can contact your CSM and they can direct you to who can help within LeanIX. Unfortunately, I thought I heard on a recent webinar that that service is now for-pay through Professional Services. But worth asking!
There is a roadmap item related to calculated fields: Inventory: Configure calculated fields - SAP LeanIX Product Roadmap | Product Roadmap
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.