Skills
Categories and subcategories
The skills in SFIA are grouped into categories and subcategories for the convenience of users.
It is not proposed that these equate to jobs or areas of personal responsibility. The grouping is intended to assist people who are incorporating SFIA skills in role profiles or job descriptions, or who are building an organisation’s IT competency framework.
Inevitably, there are alternative approaches which would also work well. However, in this version of SFIA the prime factor in determining the grouping is the function being carried out. For this reason, management skills that relate to particular functions have been listed with those functions.
The skill definitions are presented within their categories and subcategories.
Each skill definition consists of the following:
Skill code
An abbreviated reference code. Example: INSE
Skill name
The name used for normal reference purposes. Example: Information security
Overall description
A broad definition of this skill, without any reference to the levels at which it might be practised. Example:
The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
Level descriptions
Definitions of the skill for each of the levels at which it is practised. These are referred to as tasks. However their phrasing facilitates their use as professional competencies. Example:
Level 5 Conducts security risk assessments for business applications and computer installations; provides authoritative advice and guidance on security strategies to manage the identified risk. Investigates breaches of security, and recommends appropriate control improvements. Interprets security policy and contributes to development of standards and guidelines that comply with this.