Public Page | 7 Public
System Data Flow Diagram
A data flow diagram (DFD) maps out the flow of information for any process or system. It uses defined
symbols like rectangles, circles and arrows, plus short text labels, to show data inputs, outputs, storage
points and the routes between each destination. Data flow charts like Figure 3 can range from simple,
even hand-drawn process overviews, to in-depth, multi-level DFDs that dig progressively deeper into
how the data is handled. They can be used to analyze an existing system or model a new one. Like all the
best diagrams and charts, a DFD can often visually “say” things that would be hard to explain in words,
and they work for both technical and nontechnical audiences, from developer to CEO.
Examples of data flow diagrams are:
• E-communications: email, secure messaging, instant messaging
• On-boarding: new accounts process
• Compliance Data Processing: privacy protected data flow
• Any process or procedure…
Designing Network Diagrams
As stated earlier, begin with Layer 3, which show the IP subnets and all Layer 3 network devices like
routers, firewalls, and load balancers. The Layer 3 diagram must show all of the important network
segments and subnets and how they’re interconnected.
Network diagramming rules and tips:
• Layout is important and should represent the flow of traffic in a broad sense. Another layout
consideration is to always draw your network segments either horizontally or vertically.
• The Layer 3 diagram should show any high availability mechanisms and redundant network
components or redundant paths. It’s customary to show router redundancy protocols as an
elongated ellipse that covers the router links included in the high availability group.
• The other important thing about Layer 3 diagrams is that they should only include Layer 3
objects. You can show a switch on a Layer 3 diagram only if it’s a Layer 3 switch, and then only
because it functions as a router.
• Another useful thing to put into a Layer 3 diagram is organizational boxes. If there are security
zones or interesting groupings of users by function or servers by application, put them together
on the picture, put a box around them, and label the box clearly. It’s then easy to see the exact
network path those users take to reach their servers.
• In more complicated network designs, use a base Layer 3 diagram showing the VLANs, routers,
and firewalls. Then I create several other diagrams to lay over the base diagram.
Network documentation is extremely valuable, so valuable in fact that is one of the first requirements
listed in the Payment Card Industry Data Security Standard (PCI DSS). For example, documenting card
data flows on top of the network diagram can serve to be invaluable. Diagrams are designed with
varying levels of detail, which are:
• Level 0 diagram (context level) – shows complete systems, inputs and outputs from/to external
factors. This is the level chosen to diagram third-party (vendor) relationships in support of
GLBA’s “Safeguard Rules” .
• Level 1 diagram – Illustrates primary processes, data stores and linked destinations.