Most digital solutions are poorly documented — not because teams don’t care, but because documentation feels difficult, time is always short, and there’s rarely a shared understanding of what complete documentation actually requires. Without that, teams document what they know how to document and skip the rest. The result is gaps that only become visible when something goes wrong, a key person leaves, or a regulator asks a question nobody can answer.
This is well-trodden ground. The 4+1 architectural view model, ArchiMate, TOGAF, the C4 model, and many others have mapped the documentation landscape for decades. I am not proposing a new framework. What follows is my expression of what I believe a well-documented digital solution actually needs — shaped by practical experience with solutions that failed their owners because the wrong things were left undocumented.
The ten views below are the ones I think every solution should be considered against. Each answers a different set of questions and produces different artefacts. Not every solution will need all of them in full — but skipping a view should be a conscious decision, not a default. Together, they create a record that can be understood, operated, audited, and eventually decommissioned by people who weren’t in the room when it was built.
Not every view requires the same level of detail either. A simple internal tool doesn’t need the same coverage as a regulated platform operating across organisational boundaries. The depth required within each view is largely determined by the solution’s security classification — but how to make that determination is a topic for another post.
One thing the ordering doesn’t imply: a sequential process. In practice, working the views is iterative — you move between them as each one informs and clarifies the others. A component discussion surfaces a gap in the information model. A process walkthrough exposes an accountability that was assumed but never stated. Domain work reshapes requirements. The order reflects dependency and priority; the work is exploratory and cyclical, with each pass filling in more of the picture.
Of the ten views, Requirements comes first — it establishes what the solution must achieve, for whom, and under what constraints. Every other view is shaped by what is captured there. How you express requirements in the first place matters as much as where you record them. I’ve touched on this in the Stakeholder Stories post. That said, don’t aim for completeness before moving on — working the other views will surface requirements you didn’t know to ask for. Capture what you know, move forward, and return as the picture sharpens.
“Speed of iteration beats quality of iteration.”
The Views I Work With
These are the views I return to on every engagement. For years I worked within formal frameworks — TOGAF, ArchiMate, the 4+1 model — and they taught me a lot about structured thinking. But over time I developed my own take — a different way of cutting the problem — one I found more practical to work with in the field. These ten emerged from that experience: from solutions where missing one of them created real problems, for the team, for the business, or for the people auditing it afterwards:
| View | What it covers |
|---|---|
| Requirements | What outcomes must the solution achieve, what are the functional and non-functional requirements, and what compliance or regulatory obligations must it satisfy? |
| Customer | Who are the customers and users, what are their drivers and goals, what channels do they use to interact with the solution, and what does their journey look like? |
| Current State | For brownfield solutions, what exists today — the as-is picture across each applicable view, capturing the baseline from which the solution will evolve. |
| Domain | What are the business domains, where are the bounded contexts and their responsibilities, and what is the ubiquitous language within each? |
| Information | What information exists, what are its relationships and attributes, how is it classified, who owns it, and what obligations does it carry? |
| Organisational | Who owns what and who is accountable — roles, responsibilities, regulatory scope, and authority relationships? |
| Process | How does the solution behave from a human perspective — manual activities, handoffs, exception paths, security gates, and who is responsible, accountable, consulted, and informed for each activity? |
| Component | What systems exist, what actors interact with them, what components do they contain, what interfaces do those components expose, and how are they statically connected? |
| Sequence | The dynamic view of the component view — for a given scenario, how do the actors, systems, components, and interfaces interact over time, in what order, and with what data? |
| Deployment | Where does the solution run and how is it released — infrastructure topology, environment separation, release pipeline, and data residency? |
A solution documented across all ten views can be handed to a new team, audited by a regulator, extended by an architect who wasn’t there at the start, and eventually decommissioned without leaving orphaned dependencies or unresolved obligations.
These ten views form the documentation backbone of the Digital Solution Lifecycle Model I’m building — an opinionated framework for taking solutions from first design to reliable operation and eventual decommission.
The Ten Views
Requirements View
Purpose. The requirements view makes explicit what the solution must achieve before any design decisions are made. Without it, every other view risks being built on assumptions rather than agreed outcomes. It is the view that connects stakeholder needs to documented artefacts — and makes it possible to trace every design decision back to a stated requirement.
What matters. Stakeholder outcomes — what each affected party needs the solution to achieve. Functional requirements — what the solution must do. Non-functional requirements — performance, availability, security, scalability, and other quality attributes. Compliance and regulatory obligations — what the solution must satisfy by law, policy, or contractual agreement. Acceptance criteria — how each requirement will be demonstrated to be met.
Deliverables.
| Deliverable | What it is |
|---|---|
| Stakeholder list | All parties with needs or interests in the solution, from end users to regulators and auditors |
| Informal scope notes | Early agreed boundaries of what is and isn’t included, used to frame architectural thinking |
| Stakeholder stories | Needs captured as “In order to [outcome], As [stakeholder], I want [capability]”, covering all affected parties |
| Features with acceptance criteria | Discrete deliverable capabilities, each with testable pass/fail conditions including required security controls |
| Gherkin Feature Files | Given/When/Then scenarios for each feature that form the machine-readable, immutable requirements baseline |
| Security Requirements Specification | Produced per component or system that carries a security classification — covering the functional, non-functional, and mandated security requirements specific to that scope |
Customer View
Purpose. The customer view documents who interacts with the solution from the outside — their drivers, goals, and the channels through which they engage. It is the outside-in perspective that grounds every other view in real user experience. Without it, design decisions are made for an assumed user who may not reflect the people actually affected by the solution.
What matters. Customer and user segments — the distinct groups of people the solution serves or affects. Their drivers and goals — what they are trying to achieve and why. The channels through which they interact with the solution. The customer journeys — the sequences of touchpoints and decisions that make up their experience. The value moments — where the solution succeeds or fails in meeting customer expectations at the points that matter most.
Deliverables.
| Deliverable | What it is |
|---|---|
| Customer and user segment register | The distinct groups of people the solution serves, with their characteristics, goals, and relationship to the solution |
| Driver and motivation map | What each segment is trying to achieve and why — the underlying goals that requirements must address |
| Channel register | The interaction channels available to each segment and the capabilities required of each |
| Customer journey maps | End-to-end journeys for key segments showing touchpoints, decisions, and the experience at each step |
| Touchpoint inventory | All points of interaction between customers and the solution, mapped to channels and owning components |
Current State View
Purpose. The current state view documents what exists before any design work begins. It is only relevant for brownfield solutions — where you are changing, extending, or replacing something that already exists. Skipping it in those contexts is one of the most reliable ways to introduce integration failures, inherit undocumented constraints, and underestimate decommissioning complexity.
What matters. The as-is version of each applicable view: current customer journeys, current domain model, existing systems and components, active processes, current deployment topology, and known information assets and obligations. Technical debt — known issues, constraints, and compromises inherited from the current state. Decommission candidates — what will be retired and when. The gap between current and target state, view by view. Pain points and friction in current processes and journeys — where the existing solution or ways of working are failing the people who depend on them.
Deliverables.
| Deliverable | What it is |
|---|---|
| As-is versions of each applicable view | Current state documented using the same view structure as the target, so gaps are immediately visible across customer, domain, information, component, process, and deployment |
| Technical debt register | Known issues and constraints inherited from the current state, with an assessment of whether each will be carried forward or resolved |
| Decommission plan | What will be retired, in what order, and what dependencies must be unwound before each component can be safely removed |
| Gap analysis | Delta between current and target state per view, used to scope the work and identify transition risks |
| Pain point and friction register | Where current journeys fail or frustrate — captured as part of the as-is picture and used to prioritise what the solution must improve |
Domain View
Purpose. The domain view establishes the high-level business landscape before any technical detail is introduced. It maps the business domains, defines bounded contexts, and makes explicit where the solution sits within the broader domain model. It is the view that prevents two teams from using the same word to mean different things, and from building integrations that silently corrupt data because domain boundaries were never agreed.
What matters. Business domain identification and their relationships. Bounded context definitions with clear responsibility boundaries — what each context owns and what it does not. Ubiquitous language: the terms agreed within each context that all documentation, code, and conversation must use consistently. Context maps showing how bounded contexts relate — partnership, customer-supplier, shared kernel, anti-corruption layer, or open-host service. Domain events that cross context boundaries. Aggregate boundaries and their consistency rules.
Deliverables.
| Deliverable | What it is |
|---|---|
| Bounded context map | A diagram showing each bounded context, its responsibilities, and how it relates to others (e.g. Customer, Order, and Payment as separate contexts with defined relationship types) |
| Domain model diagram | The aggregate roots, entities, value objects, and domain events within each context (e.g. an Order aggregate containing OrderLine entities and a PaymentRequested event) |
| Ubiquitous language glossary | Agreed definitions for all domain terms within each context (e.g. “Customer” in Sales means something different from “Customer” in Billing — both must be documented) |
| Domain event catalogue | All events that cross context boundaries, with their payload, the context that produces them, and the contexts that consume them |
Information View
Purpose. The information view establishes the information model — the information the solution creates, stores, processes, or transmits. It is the foundation everything else builds on. Without it, data model decisions are made ad hoc, information is misclassified or never classified at all, compliance obligations are discovered late, and nobody has a clear picture of what the solution actually handles.
What matters. The conceptual entity model with relationships and attributes. Information ownership and stewardship assignments. Classification of all information assets — sensitivity, handling requirements, and where applicable, sovereign or security classification. Compliance obligations: personal data register, legal basis for processing, retention schedule, and data flow classification showing where information moves and at what level. Audit log classification — log content inherits the classification of the information it records or gives access to.
Deliverables.
| Deliverable | What it is |
|---|---|
| Conceptual entity model | The business information objects the solution handles, with relationships and attributes, before any technical detail is introduced |
| Information asset register | Ownership, classification, and obligations per asset, including PSA classification where applicable |
| Personal data register | All personal data elements, their legal basis for processing, retention schedule, and data subject rights obligations |
| Information flow diagram | Where information moves between components and external parties, annotated with classification levels |
| Lifecycle policy | Creation, retention, and disposal rules for each information asset |
| Audit log register | Which components produce which logs, what those logs expose, their classification, and immutability requirements |
| Need-to-know matrix | Which roles and components are authorised to access which information assets, and under what conditions |
Organisational View
Purpose. The organisational view is where every actor, owner, and role referenced in the other views gets their organisational identity. It does not describe what people do — that belongs to the process view — or what they can access — that belongs to the information view. What it captures is accountability: who owns what at the organisational level, who has the authority to approve decisions, and who is answerable to regulators, auditors, and external parties when something fails.
What matters. Named ownership of the solution and each of its information assets — the entities that appear as owners in the information view are defined and grounded here. The actors that appear in component and sequence diagrams, and the roles that appear in process flows, have their organisational home here: their accountability, authority, and reporting position. External party relationships at the organisational level. Regulatory scope and compliance obligations by unit. Authority chains for security decisions and exception approvals.
Deliverables.
| Deliverable | What it is |
|---|---|
| System ownership register | Business owner and technical owner per system within the solution — a single solution may have different accountable parties for different systems |
| Data controller and processor identification | Formal identification under GDPR or applicable privacy regulation, including data subject rights responsibility assignments |
| Role and access register | All roles with access to components, personal data, or classified systems, including clearance levels and conditions |
| External party register | All third parties with system access, their organisational relationship, and the scope of their access |
| Information asset ownership register | Named owner per asset with accountability for integrity and compliance |
| Security accountability matrix | Who is responsible for enforcing each security control and who is accountable when it fails |
| Regulatory scope and escalation register | Which obligations apply to which organisational units and the decision authority chain for exceptions and security approvals |
Process View
Purpose. The process view covers how people interact with the solution — manual activities, human-in-the-loop handoffs, and the operational workflows the system supports but doesn’t fully automate. It makes explicit what a sequence or component diagram leaves invisible: the human steps, the exceptions, and the approval gates.
What matters. Manual activities and role assignments. Human-in-the-loop handoffs between automated and manual steps. Exception and escalation paths — not as afterthoughts but as first-class documented flows. Security approval gates and the authority required at each decision point. The distinction between informal process diagrams used for discussion and formal, baselined process models that define how the solution is actually operated — and which processes fall into each category.
Deliverables.
| Deliverable | What it is |
|---|---|
| Manual activity descriptions | Prose descriptions of each human step with preconditions, inputs, outputs, and the role responsible |
| Role-to-activity assignments (RACI) | Who is responsible, accountable, consulted, and informed for each activity |
| Process diagrams | Activity and state flows annotated with security gates, clearance requirements, and need-to-know handoffs |
| Formal process models | Versioned, baselined models for processes requiring auditable documentation — notation chosen to suit the team and tooling, treated as controlled documents under version control |
| Exception and escalation documentation | All exception and escalation paths as first-class documented flows, not afterthoughts |
| Approval chain register | The authority required to approve each step, exception, or escalation |
Component View
Purpose. The component view maps the static landscape — the systems, the actors that interact with them, the components those systems contain, the interfaces those components expose, and how everything is statically connected. It is the most familiar view for technical teams, but it is often underdeveloped: component boxes without clear responsibility definitions, interfaces without protocol or data specification, and trust boundaries left implicit.
What matters. Components with explicitly defined responsibilities — what each component does and what it doesn’t. Integration points with direction, protocol, and data exchanged. Trust boundaries with explicitly classified cross-boundary interactions. Formal data models: both logical (what entities exist and how they relate) and physical (schemas, constraints, storage design). API specifications for all endpoints. A dependency map with version constraints.
Deliverables.
| Deliverable | What it is |
|---|---|
| Component diagram | Systems, actors, components, interfaces, and their static connections — with explicit responsibility definitions per component to prevent ownership gaps |
| Data model | Logical and physical; entities, relationships, schemas, constraints, and storage design |
| Integration catalogue | All integrations with direction, protocol, authentication method, data payloads, and the communication patterns applied across the solution |
| API and interface specifications | Detailed contracts for each exposed interface and endpoint — request/response structure, authentication, error handling, and versioning |
| Dependency map | All component-to-component dependencies with version constraints |
| Trust boundary and security control diagram | Trust zones, cross-boundary classifications, and the security controls each component is responsible for enforcing |
| Component-to-personal-data mapping | Which components handle personal data, with clearance and isolation requirements noted |
Sequence View
Purpose. The sequence view takes the static landscape of the component view and layers scenarios on top of it — showing how the solution actually works when used. For a given scenario, it makes explicit which actors initiate the flow, which components are involved, what messages and data pass between them, in what order, and under what conditions. Where the component view shows what exists, the sequence view shows what happens.
What matters. Scenario coverage — the key flows that reveal how the solution behaves in normal operation, under error conditions, and in exception paths. The actors that initiate each scenario and their entry points into the system. The sequence of component interactions, including the messages and data exchanged at each step. Authentication and authorisation at each boundary crossing. Trust zone transitions — especially where data moves between classification levels. Personal data flows through the solution from entry to exit.
Deliverables.
| Deliverable | What it is |
|---|---|
| Scenario inventory | The defined set of scenarios to document — normal flows, error conditions, and exception paths |
| Sequence diagrams | One per scenario showing actors, components, messages, data exchanged, trust zone crossings, and authentication at each boundary |
| Personal data flow diagrams | Annotated sequences tracing where personal data enters, is processed, and exits — used to demonstrate compliance |
| Cross-domain interaction register | All interactions crossing security domain boundaries, with guard or data diode requirements specified for each |
Deployment View
Purpose. The deployment view documents how the solution is hosted and how it is released. It records the infrastructure decisions that have been made — where components run, how environments are separated, how the network is structured, and how changes move from development to production. It is the view that makes hosting decisions explicit and auditable, and that shows how the physical and regulatory constraints identified elsewhere in the documentation have been addressed in the design.
What matters. The infrastructure topology — where components are hosted and how they connect. The environment separation design — how environments are divided and what controls exist between them. The network topology — boundary placements, zone definitions, and the controls enforced at each. The release pipeline design — the stages and gates that govern how changes are promoted. The data residency design — where data is physically stored and how jurisdictional obligations are met. The physical security and isolation design — zone classifications, isolation mechanisms, and air-gap arrangements in place.
Deliverables.
| Deliverable | What it is |
|---|---|
| Infrastructure topology | How components are hosted and connected, mapped to their deployment environments |
| Environment separation design | How environments are structured and isolated, with the controls that exist between them |
| Network topology | Zone definitions, boundary placements, and the controls enforced at each |
| Release pipeline design | The stages and gates that govern how changes are promoted through environments |
| Data residency register | Where data is physically stored and how each jurisdictional obligation is addressed in the design |
| External service register | All external services used, their hosting location, and the data flows involving them |
| Physical security and isolation design | Zone classifications, isolation mechanisms, and air-gap arrangements in place |
The Full Picture
Ten views is a lot — but no single view is complete without the others. A requirements view without a customer view can capture what must be built but miss who it needs to work for. Requirements without a domain model can produce technically correct solutions to the wrong problem. A component view without an information view leaves data classification invisible. A deployment view without an organisational view tells you where the system runs but not who is accountable when something fails.
The views are designed to be used together. Each illuminates something the others don’t — and the gaps between them are often exactly where the most consequential design decisions get made implicitly rather than explicitly. A solution documented across all ten can be understood, operated, audited, extended, and eventually decommissioned by people who weren’t there at the start. That’s the standard worth aiming for.
These ten views are the documentation backbone of the Digital Solution Lifecycle Model — a broader framework I’m building for taking solutions from first design through reliable operation to eventual decommission.
If you’re building or inheriting a solution and recognise the gaps these views are designed to close, get in touch. I work with teams to establish documentation practices that are actually sustainable — and to recover the institutional knowledge that was never written down.
Want more on solution design, architecture documentation, and the digital solution lifecycle?
Follow my RSS feed for practical perspectives on building IT organizations that deliver and operate consistently.