Skip to content

7. Appendices

RecommendedISO 42010 Recommended

Define terms, acronyms, and abbreviations used in this document:

Term Definition
AD Architecture Description — ISO 42010 term for the work product expressing an architecture
ADS Architecture Description Standard — this standard
ADR Architecture Decision Record
APM Application Performance Monitoring
ARB Architecture Review Board — a common form of architecture governance body
AZ Availability Zone
BYOD Bring Your Own Device
CDC Change Data Capture
CDN Content Delivery Network
CI/CD Continuous Integration / Continuous Deployment
CISO Chief Information Security Officer
CMDB Configuration Management Database
CQRS Command Query Responsibility Segregation
DAST Dynamic Application Security Testing
DBA Database Administrator
DMS Database Migration Service
DPIA Data Protection Impact Assessment
DR Disaster Recovery
EDR Endpoint Detection and Response
ETL Extract, Transform, Load
EUC End User Computing
FaaS Function as a Service
FinOps Cloud Financial Operations — a practice for managing cloud costs
HLD High Level Design — the conceptual-level design content within a SAD (Sections 3–4)
HSM Hardware Security Module
IaaS Infrastructure as a Service
IAM Identity and Access Management
JDBC Java Database Connectivity
KMS Key Management Service
LIA Legitimate Interests Assessment
mTLS Mutual Transport Layer Security
NAS Network Attached Storage
NFR Non-Functional Requirement
NOC Network Operations Centre
ODBC Open Database Connectivity
OIDC OpenID Connect
PaaS Platform as a Service
PCI-DSS Payment Card Industry Data Security Standard
PIA Privacy Impact Assessment
PII Personally Identifiable Information
QoS Quality of Service
RAID Risks, Assumptions, Issues, Dependencies — a project governance log
RDP Remote Desktop Protocol
REST Representational State Transfer — an architectural style for APIs
RPO Recovery Point Objective — maximum acceptable data loss measured in time
RTO Recovery Time Objective — maximum acceptable downtime after an incident
SaaS Software as a Service
SAD Solution Architecture Document (originally “Software Architecture Document” in RUP)
SAML Security Assertion Markup Language
SAN Storage Area Network
SAST Static Application Security Testing
SCA Software Composition Analysis
SDLC Software Development Lifecycle
SFTP SSH File Transfer Protocol
SIEM Security Information and Event Management
SLA Service Level Agreement
SPI Sensitive Personal Information
SRE Site Reliability Engineering
SSO Single Sign-On
TCO Total Cost of Ownership
TOGAF The Open Group Architecture Framework
VDI Virtual Desktop Infrastructure
VPN Virtual Private Network
WAF (firewall) Web Application Firewall — a network security control
WAF (framework) Well-Architected Framework — cloud provider architecture guidance (AWS, Azure, GCP, Oracle, IBM)
[additional terms] [definitions]

Guidance

A glossary ensures shared understanding across all readers. Include:

  • All acronyms used in the document (even common ones — not everyone knows what RTO means)
  • Organisation-specific terminology
  • Technical terms that may be unfamiliar to non-technical stakeholders
  • Define terms on first use in the document, and collect them all here for reference
Recommended

List documents referenced by or related to this SAD:

Document Version Description Location
[document name] [version] [what it covers] [link or reference]
Recommended

List the standards, design patterns, and principles referenced throughout this document:

Standard / Pattern ID Name Version Applicability
[ID] [name] [version] [which sections reference it]