- Capabilities ↔ Applications ↔ Data ↔ Risks ↔ Controls ↔ Outcomes
- 1 Purpose
- 2 Design Principles
- 3 Core Node Types & Attributes
- 4 Canonical Relationships
- 5 Extended Relationship Types
- 6 Example Instance (Fragment)
- 7 Maturity Scales (per Node Type)
- 8 Ontology Governance Model
- 9 Versioning and Lineage
- 10 Implementation Schema (Neo4j / Cosmos Gremlin)
- 11 Cross-Domain Metrics
- 12 Benefits
- 13 Challenges & Mitigations
- 14 Visualization Views
- 15 Takeaway
Capabilities ↔ Applications ↔ Data ↔ Risks ↔ Controls ↔ Outcomes #
1 Purpose #
Every intelligent system needs a shared language.
EA 2.0’s canonical ontology gives that language to the enterprise — a connected schema that links business intent, technical assets, risks, and measurable outcomes in a single reasoning fabric.
This layer enables traceability from strategy → system → signal.
It turns architecture from documentation into computable knowledge.
2 Design Principles #
| Principle | Meaning |
|---|---|
| Modular | Each domain (capabilities, apps, data, etc.) can evolve independently. |
| Directional | Relationships have business semantics (supports, depends_on, mitigates). |
| Evidence-based | Every link can carry confidence, timestamp, and source_of_truth. |
| Machine-reasonable | Structure optimized for Cypher / Gremlin / SPARQL queries. |
| Governed | Changes require stewardship approval via ServiceNow or Graph UI. |
3 Core Node Types & Attributes #
| Node | Key Attributes | Description |
|---|---|---|
| Capability | id, name, domain, owner, priority, maturity, kpi_ref | Represents a business function or outcome. |
| Application | id, name, tech_stack, lifecycle, cost, cloud_provider, criticality | Implements or supports capabilities. |
| Data Entity | id, schema_ref, sensitivity, retention, source_system | Logical or physical data object. |
| Risk | id, category, probability, impact, residual_score | Threat or weakness associated with assets. |
| Control | id, type, status, evidence_ref, owner, coverage | Mitigating mechanism, manual or automated. |
| Outcome | id, metric, target, current, variance, timeframe | Business or operational result measured. |
All nodes carry:created_at, last_seen_at, source_system, confidence_score.
4 Canonical Relationships #
(:Capability)-[:SUPPORTED_BY]->(:Application)
(:Application)-[:USES]->(:DataEntity)
(:DataEntity)-[:HAS_RISK]->(:Risk)
(:Risk)-[:MITIGATED_BY]->(:Control)
(:Control)-[:INFLUENCES]->(:Outcome)
(:Outcome)-[:REALIZES]->(:Capability)
These six arcs form EA 2.0’s semantic backbone.
Every connector or dashboard query ultimately traverses this path.
5 Extended Relationship Types #
| Relationship | Use |
|---|---|
[:OWNED_BY] | Links any node → Person/Role for accountability. |
[:COSTS_TO] | Application → Outcome for value/cost mapping. |
[:VIOLATES] | Risk → Control for non-compliance events. |
[:FORECASTS] | Model → Outcome for predictive analytics. |
[:ALIGNED_WITH] | Capability → Strategic Goal for planning views. |
6 Example Instance (Fragment) #
(Capability: "Customer Onboarding")
↳ Application: "CRM Portal"
↳ Data Entity: "CustomerProfile"
↳ Risk: "PII Exposure"
↳ Control: "Encryption at Rest"
↳ Outcome: "Time-to-Onboard ≤ 5 Days"
A query like
“Show controls reducing PII risk in customer onboarding and their outcome impact”
returns this chain in seconds.
7 Maturity Scales (per Node Type) #
| Domain | Level 0 | 1 | 2 | 3 | 4 | 5 |
|---|---|---|---|---|---|---|
| Capabilities | Undefined | Named | Mapped | Measured | Optimized | AI-Simulated |
| Applications | Untracked | Inventoried | Rationalized | Integrated | Monitored | Autonomous |
| Data | Siloed | Cataloged | Tagged | Linked | Trusted | Adaptive |
| Risk/Control | Manual | Documented | Automated | Predictive | Dynamic | Self-Healing |
| Outcome | Absent | Defined | Measured | Correlated | Forecasted | Optimized |
These values feed Power BI’s “Maturity Heatmap.”
8 Ontology Governance Model #
- Stewards own domains (Capability Steward, App Owner, Risk Manager).
- All changes logged via EA 2.0 API (PATCH / PUT with JWT).
- Graph validation ensures referential completeness.
- Weekly review board checks drift > 10 %.
Governance policies define who can create, merge, or retire nodes.
9 Versioning and Lineage #
Each node and relationship has a lightweight version chain:
(:Application {id:'APP123', version:3})-[:SUPERSEDES]->(:Application {version:2})
This allows time-travel queries like:
“Show architecture topology as of Q2 2024.”
10 Implementation Schema (Neo4j / Cosmos Gremlin) #
Key Indexes
CREATE INDEX FOR (c:Capability) ON (c.id);
CREATE INDEX FOR (a:Application) ON (a.id);
CREATE INDEX FOR (d:DataEntity) ON (d.id);
CREATE INDEX FOR (r:Risk) ON (r.id);
CREATE INDEX FOR (ctrl:Control) ON (ctrl.id);
CREATE INDEX FOR (o:Outcome) ON (o.id);
Sample Query
MATCH (c:Capability)-[:SUPPORTED_BY]->(a:Application)
WHERE c.maturity >= 3
RETURN c.name, COUNT(a) AS apps, avg(a.cost) AS avg_cost
ORDER BY apps DESC LIMIT 10;
11 Cross-Domain Metrics #
- Capability Coverage % = # Capabilities linked to Applications / Total Capabilities.
- Data Lineage Completeness = # DataEntities linked to Risks and Controls / Total DataEntities.
- Outcome Traceability Score = # Outcomes connected back to Capabilities / Total Outcomes.
- Governance Confidence = avg(confidence_score per relationship).
These feed the Decision Latency and Trust Index dashboards.
12 Benefits #
✅ Full-stack traceability from goal to control.
✅ Natural-language queries become precise because relationships carry semantics.
✅ Predictive analytics operate on clean graph paths.
✅ Lineage and audit become native features of architecture.
✅ AI assistants can reason contextually without manual mapping.
13 Challenges & Mitigations #
| Challenge | Impact | Mitigation |
|---|---|---|
| Duplicate applications from multiple feeds | Fragmented graph | ID harmonization rules + hashing |
| Inconsistent taxonomy | Poor NLQ accuracy | Central term store governance |
| High relationship volume | Query latency | Graph partitioning and index tuning |
| Rapid schema evolution | Model breakage | Schema registry with version migration scripts |
14 Visualization Views #
- Capability Dependency Map – force layout showing business flows.
- Risk-Control Heatmap – color-coded risk mitigation strength.
- Outcome Impact Tree – linking KPI variance to applications.
- Data Lineage Lens – traces data from source to business outcome.
These visualizations are rendered through Power BI or the React NLQ UI for interactive exploration.
15 Takeaway #
The ontology is the operating system of EA 2.0.
Without it, AI has nothing to reason over; with it, every piece of data, every policy, every outcome becomes part of a single living model of the enterprise.
