The Zachman Framework is a taxonomy for enterprise architecture, not a methodology, process model, or automation tool. Its primary purpose is to organize, classify, and evaluate enterprise artifacts in a structured and logical manner so that enterprises can achieve better analysis, completeness, consistency, and planning across business and IT domains. Therefore, Option C is the correct and verified answer.
The framework is structured as a 6×6 matrix, intersecting six interrogatives (What, How, Where, Who, When, Why) with six stakeholder perspectives (Planner, Owner, Designer, Builder, Subcontractor, and Enterprise). Each cell represents a unique architectural artifact, ensuring that no critical viewpoint or enterprise concern is overlooked. Importantly, the Zachman Framework does not prescribe implementation steps, workflows, or operational procedures. Instead, it provides a classification schema that enables organizations to understand what architectural artifacts exist, what is missing, and how they relate to one another.
This clearly eliminates:
Option A, because the Zachman Framework does not automate IT operations or enable service delivery.
Option B, because it does not prescribe detailed IT service management procedures.
Alignment with ISO/IEC 27001:2022Although the Zachman Framework is not an ISO standard, it strongly supports the architectural and contextual requirements of ISO/IEC 27001:2022 by enabling structured analysis of organizational context, assets, processes, and responsibilities.
This aligns directly with:
Clause 4.1 – Understanding the organization and its context, which states:“The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its information security management system.”
Clause 4.2 – Understanding the needs and expectations of interested parties, which requires systematic identification and evaluation of stakeholder requirements.
By organizing enterprise artifacts across business, data, application, and technology dimensions, the Zachman Framework provides a foundation for informed risk assessment, scope definition, and control selection, all of which are essential to an effective ISMS.
