Application criticality assessments help organizations protect assets vital to business operations. It is a key part of an Application Portfolio Assessment.
An application criticality assessment is a process of evaluating the importance of applications based on their potential impact on business operations, data, and infrastructure.
Organizations rely on technology to function effectively. That is why running asset criticality assessments help IT architects predict and monitor the impact of potential failures.
Application or system criticality assessments can be done as part of a wider application portfolio assessment.
It’s important to know exactly which applications in your portfolio are critical to your organization. An assessment will help prioritize applications for any use case.
The assessment helps identify the criticality of an application, which in turn determines the level of protection and resources required for the application.
Some of the importance and benefits of application criticality assessment are:
📚 Related: Application portfolio management guide
An application criticality matrix is a way for IT architects and application owners to list and prioritize the applications in their portfolios.
The applications are ranked based on how critical they are to the organization. Thus, it’s easy to determine which are the most important.
Application landscape report with business criticality view available in LeanIX EAM.
The application criticality matrix is also known as asset criticality, system criticality, or business criticality matrix.
A new matrix can be created for various different assets. Hence, the names of each level will usually be specified for each industry or business.
But even if the names of the levels are different, the context stays the same.
The application criticality matrix is important because it allows everyone in your team to understand each level of the matrix.
From this starting point, processes can be defined that improve, enhance and protect the organization’s most vital assets from risk.
The application criticality matrix is made up of four quadrants—mission-critical applications, business-critical applications, business operational applications, and administrative applications.
Business Criticality Levels available in LeanIX EAM surveys.
Other industries or businesses can also use the matrix with two axes only. The x-axis represents the likelihood or probability of an application's failure, and the y-axis represents the impact or consequence of the failure on the organization.
Since the classifications in both options are very similar, we will only explain one - the four quadrants.
In an application portfolio assessment, mission-critical applications (MCAs) are software applications that perform an essential function in business operations. Mission-critical systems can consist of any kind of IT component including software, hardware, processes, applications, etc.
Organizations rely on mission-critical applications to run their business activities successfully, and any failure or disruption can be catastrophic. These applications must be available to run at any cost.
A business-critical application is a label given to business-critical processes, software, and services that require consistent availability. While breaks in service are not catastrophic, they are highly undesirable. Business-critical applications should be consistent and reliable.
Factors that determine business-critical applications are whether they can cause reputation damage, sensitive information loss, financial loss, or some kind of operational risk.
Business operational applications are the next label in our application criticality matrix. These are also fairly non-critical applications that contribute to running efficient business operations.
When they are disrupted it can cause problems within the organization. However, they are out of the direct line of service to the customer.
Business operational applications provide business functionality such as communication tools, CRM applications, finance services, and other applications that help the organization function.
Lastly, administrative service applications tend to be those that are low-priority and non-critical to everyday business operations. When these applications fail it can cause some problems but it will not affect the customer and can be tolerated a bit more.
Factors include applications for record keeping, mail services, and office upkeep.
The levels of your criticality matrix will depend on your business. When you begin the application criticality assessment, you will need to define each level that’s relevant to your assets and business needs.
From here, you can create the roadmap to identify applications and determine the levels of criticality for each one.
Then you can report and plan any maintenance or upgrades on applications vital to business operations.
The first step of any application criticality assessment is identifying all the criticality levels/quadrants that the applications will fall into.
Which applications will end up in each quadrant will depend on what the organization deems as critical to business operations.
It’s best to have a minimum of three levels. This is because large organizations will tend to utilize hundreds or thousands of applications and assets that vary in criticality levels.
✍️ Two levels are not enough to effectively communicate the importance an application plays in the organization.
If your organization is small enough you can list them using an Excel spreadsheet to document applications in your inventory.
However, this is not efficient for large organizations or enterprises. Enterprise architecture tools like the LeanIX EAM help leaders build a complete application inventory.
The EAM has a built-in Application Portfolio Management (APM) which is a specialized module to identify and manage a company’s applications.
Once all the applications have been gathered in the spreadsheet, the next step is to assign a level of criticality to each one.
When using LeanIX EAM, this is a collaborative effort through surveys sent to application owners.
This will give you a clear and concise overview of the applications that are vital to the success of the business.
Application portfolio reports can now be created for stakeholders. The LeanIX EAM allows users to view their portfolio from many different angles depending on what data is needed.
LeanIX EAM users can build multiple types of reports, depending on the stakeholder's needs.
Stakeholders can combine reports with other tags such as functional fit vs. technical fit, lifecycle, etc. all within certain business capability maps.
The goal of application criticality assessment is to help IT teams to prioritize an enterprise's assets and make better use of resources.
Assessing application portfolios with the LeanIX EAM is the starting point for application rationalization, application modernization, cloud migration, and other use cases.
By using the matrix you can reach the target architecture — and reduce the catastrophic consequences these systems can have if they fail.
Free White Paper
Reduce IT Complexity - Gain IT Portfolio Insights - Reduce Costs by up to 45%
How do you determine the criticality of an application?
How critical an application is to an organization depends on how vital it is to business operations. The organization cannot continue running as usual if the application is interrupted.
What are the three 3 steps in assessing criticality or severity?
The first step is to define each criticality level before you do anything else. Then, in the second step, you get to assign the appropriate level to each application based on its importance to the organization. The third step is to monitor these assets for issues and implement measures that protect mission-critical applications.
What are the criticality categories?
Categories of criticality in an application criticality matrix are Mission Critical, Business Critical, Business Operational, and Administrative.