Putting an asset management model in place for enterprise architecture will provide the structure and basis for ownership needed for architecture design and governance programs.
But the model has to be put in motion so that it isn’t just an intellectual exercise.
It also needs to be done in a way which can be tracked and measured over time so that progress can be assessed and governance effectiveness improved.
Building an Asset Classification Model
The first step is to build a classification model for assets. This approach will likely be new for the organization if architecture assets, which were described in the post, Maximizing Value in IT and Architecture Assets, are new.
But hopefully there is already something in place for technology assets (e.g., hardware inventory tracking), following an ITIL ITAM–based approach.
If there is, try to build from that classification model, even if redefining things is necessary. If not, then you’ll need to define something completely new for the organization.
A classification model for asset management can be done in a few ways, with a common goal for each of having a tiered model that you can manage assets within.
There may be others, but I have found two approaches work well:
- Value-Based Asset Classification
- Compliance-Based Asset Classification
Value-Based Asset Classification in Enterprise Architecture
With value-based asset classification, you are essentially trying to establish importance, a hierarchy—an ordinal scale like high, medium, low—that defines where you focus your efforts as a business.
For instance, maybe data or application assets are most important (i.e., classified as “High”) given the products and services the organization produces and provides.
Classifying assets based on value provides a way to establish guidelines and parameters for asset reviews (e.g., frequency of reviews determined by asset classification). But it doesn’t tell you much about the assets other than their level of importance.
Compliance-Based Asset Classification for Governance and Control
With compliance-based asset classification, you are tying assets to an operational state based on a trust model that’s rooted in privacy, security, and compliance or other related concerns.
The classifications should highlight the existing state of each asset and what that means relative to what’s being targeted.
I prefer compliance-based asset classification because it ties to control, urgency, and maturity.
I find that value-based classification could be ambiguous in terms of meaning and impact. It could also be used to subvert architectural governance (e.g., “My asset isn’t important enough for architectural governance (even though it generates most of the company’s revenue).”).
Asset Tiering and Maturity in Enterprise Architecture
For compliance-based asset classification, tiers should signal alarm for assets on the low end, signal that assets on the high end are ideal, and show meaningful progression through clear steps in between. The labels for each tier should resonate within your organization.
For Level 0 (or 1, if you prefer), I like the label Untrusted. It means we don’t know enough about the asset to say anything other than it should be viewed with uncertainty.
Other examples, to name a few, are Unsafe, Unverified, and Unauthorized. You can use soft or strong language, whichever is best for the organization and the results you are working to achieve.
While it’s tempting to use a label like Unsafe, the truth is we don’t know whether or not it’s safe without some sort of review, so that’s a bit presumptuous. There could also be a political angle to calling something a bad thing if it turns out to be something else. We don’t want that.
From there, the remaining tiers are really a matter of how you want to establish the governance program and what makes sense for your organization. But it’s some version of Reviewed, Safe and Managed at whatever level of granularity you need, such as:
We haven’t covered architecture policy and rule frameworks yet, but for now, just keep in mind that each tier in the asset classification model will tie to a phased construct of architectural review criteria.
Combining Value and Compliance in Asset Classification Models
Lastly, it is also possible to combine value- and compliance-based asset classification models.
It’s essentially a compliance-based model that further classifies assets by importance. This additional dimension shows both where assets are from a governance standpoint and also how important each asset is.
In the next post, The Role of Asset Management in Enterprise Architecture, we will cover strategic and operational alignment to this asset management model and how its use provides a remedy for “shadow IT.”
The Computer Is Going to Do Something
Join me in an ongoing, practical examination of enterprise architecture, systems engineering, and technology operations.
Notes:
1. Image generated by Google’s Gemini 2.5 Flash.
Leave a Reply