University of Florida

Information Security

Skip to main Content   Local Links   Search   Main Navigation   Quick Links   Resources   Website   Social   Address   What is this view

Main Navigation

Quick Links

Home   IT Workers   Risk Assessment Creating an Information System/Data Flow Diagram

Creating an Information System/Data Flow Diagram

The goal of the Information System/Data Flow Diagram is to capture the main components of an Information System, how data moves within the system, user-interaction points, and the Authorization Boundary. Think of this diagram as conceptual rather than technical – multiple systems can be abstracted together, and there’s no need to detail every network connection. The Authorization Boundary describes the limits of the Information System – which pieces are currently being assessed. Information Systems often depend on other Information Systems, but those other Information Systems will be assessed independently, and their risk factored into the current Information System.

Bad System Diagram

Figure 2: Example of a poor System/Flow Diagram

Example Flow Diagram

Figure 1: Example of a good System/Flow diagram

The diagram on the Right focuses too much on system components, includes unnecessary information, and does little to explain how data moves through the system, which protocols are in use, or the boundaries of the system to be assessed.

Directional arrows indicating data flow and protocols are important to know during an assessment, because they can highlight which parts of the Information System need scrutiny during an assessment. For instance, system descriptions often might only say, “data is transferred from the customer to the Viridian Dynamics System”. In this case, if the diagram depicts the protocol as ‘FTP’, then the assessor can ask the appropriate followup questions.

Download PowerPoint Dataflow Template Figure 3

Another example of a good data flow diagram

Figure 3: Example of a good system/flow diagram

System diagram illustrating virtual and referenced systems.

Figure 4: Example of a good system/flow diagram, illustrating how to represent virtual and hosted systems.


You may use any tool you prefer to create your diagrams, but to ensure compatibility, please only send image files (jpg or png) or PDFs to the Information Security Office. We have had success with the following tools:

  • Microsoft Visio – May be licensed under the Microsoft Select Plus agreement
  • OmniGraffle – available for Mac OSX
  • Microsoft Powerpoint
  • – free online tool. Since system diagrams may contain information related to security controls, please choose either Browser or Device to save your drawing, do not save to a cloud provider.




Utility Links

Report an Incident or Email Abuse

Social links


What is this view?

You are using a dynamic assistive view of the University of Florida site. It has all the same data and features of the original site but formatted just with assistive users in mind. It has links and content reorganized to aid assistive users and has controls at the bottom under assistive options that allow you to control key aspects such as font size and contrast colors etc.
This is not a separate text-only site, it's a dynamic view that uses unique technology from Usablenet to give assistive users better, more accessible access to the same content and features as all users that use the graphic view of the site.

Assistive Options

Top of page

Assistive Options

Open the original version of this page.

Usablenet Assistive is a Usablenet product. Usablenet Assistive Main Page.