Beruflich Dokumente
Kultur Dokumente
However, in the SFIA skill descriptors generally, it would be inappropriate to remain silent about
sustainability matters when other examples, such as cost and security are here and there quoted
as examples. For this reason, examples – usually prefaced by a phrase like ‘such as’ – have been
included in a few descriptors.
However, SFIA’s value as a management tool has been enhanced by the inclusion of four
professional skills underpinning work specifically directed at improving sustainability.
This update to version 4 of SFIA has therefore been introduced in order to bring forward those
four new skills, and to make a few adjustments to the wording of existing skills.
The four new skills are:
SUST Sustainability strategy (in Strategy and architecture)
SUMI Sustainability management for IT (in Strategy and architecture)
SUAS Sustainability assessment (in Business change)
SUEN Sustainability engineering (in Solution development and implementation)
It should be remembered that SFIA sets out to give brief descriptions of skills so that they can be
used for diagnostic purposes. There is no intention to list all the things that the skill-holder should
do, nor is there any intention to tell organisations how to go about the activities that are enabled
by SFIA skills.
Copyright
The contents of this document are copyright © The SFIA Foundation 2010
SFIA 4G: Framework reference
Framework summary 4
Levels of responsibility 9
Generic levels 9
Core competencies 9
Existing levels 9
Level 1: follow 9
Level 2: assist 9
Level 3: apply 9
Level 4: enable 10
Level 5: ensure, advise 10
Level 6: initiate, influence 10
Level 7: set strategy, inspire, mobilise 10
Skills 11
Categories and subcategories 11
Layout 11
Skill definitions 13
Framework reference 4G
3
SFIA 4G: Framework reference Framework summary
Framework summary
Category Subcategory Skill Code 1 2 3 4 5 6 7
Strategy and Information strategy Corporate governance of IT GOVN 6 7
architecture Information management IRMG 4 5 6 7
Information systems co-ordination ISCO 6 7
Information policy formation DPRO 5 6
Information security SCTY 3 4 5 6
Information assurance INAS 5 6 7
Information analysis INAN 4 5 6
Information content publishing ICPM 2 3 4 5 6
Advice and guidance Consultancy CNSL 5 6 7
Technical specialism TECH 5 6 7
Business/IT strategy and planning Research RSCH 3 4 5 6
Innovation INOV 6
Business process improvement BPRE 5 6 7
Enterprise architecture STPL 5 6 7
Business risk management BURM 5 6
Sustainability strategy SUST 5 6
Technical strategy and planning Solution architecture ARCH 5 6
Emerging technology monitoring EMRG 5 6
Continuity management COPL 4 5
Software development process improvement SPIM 5 6 7
Sustainability management for IT SUMI 5 6
Network planning NTPL 5 6
Methods and tools METL 4 5 6
Business change Business change implementation Portfolio management POMG 5 6 7
Programme management PGMG 6 7
Project management PRMG 4 5 6 7
Business change management Business analysis BUAN 3 4 5 6
Business process testing BPTS 4 5 6
Change implementation planning and
CIPM 5 6
management
Organisation design and implementation ORDI 5 6
Benefits management BENM 5 6
Business modelling BSMO 2 3 4 5 6
Sustainability assessment SUAS 4 5 6
Relationship management Stakeholder relationship management RLMT 5 6
Solution Systems development Systems development management DLMG 5 6 7
development and Data analysis DTAN 2 3 4 5
implementation
Requirements definition and management REQM 2 3 4 5 6
Systems design DESN 2 3 4 5 6
Network design NTDS 5 6
Database/repository design DBDS 2 3 4 5 6
Programming/software development PROG 2 3 4 5
Safety engineering SFEN 3 4 5 6
Sustainability engineering SUEN 4 5 6
Information content authoring INCA 2 3 4 5 6
Testing TEST 2 3 4 5 6
Human factors Systems ergonomics HCEV 3 4 5 6
Usability requirements analysis UNAN 3 4 5
Usability evaluation USEV 2 3 4 5
Human factors integration HFIN 5 6 7
Installation and integration Systems integration SINT 2 3 4 5 6
Porting/software integration PORT 3 4 5 6
Systems installation/decommissioning HSIN 1 2 3 4 5
4
SFIA 4G: Framework reference Framework summary
5
SFIA 4G: Framework reference The purpose of SFIA
SFIA categories One axis presents the whole set of SFIA skills. These are defined in a way that makes them easily
recognisable in the workplace: the practical nature of the descriptions means that they can be
Strategy and architecture
used to construct an organisation’s internal competency framework.
Business change
The skills are presented for convenience in categories which are further broken down into
Solution development and implementation
subcategories.
Service management
The categories and subcategories are purely for the convenience of the SFIA user: they form a
Procurement & management support
navigation aid. For example, SFIA does not claim to be offering a standard definition of the term
Client interface
‘Business change’, nor is it suggesting that this should be the title of a business role or job. It is
simply a convenient heading under which to group certain related skills (Business analysis,
Benefits management, etc).
Levels in SFIA
SFIA levels The other axis defines the different levels of competence or attainment exercised by IT
7 Set strategy/inspire/mobilise practitioners. Each of seven levels – from new entrant to strategist level – has its own generic
6 Initiate/influence definition, cast in terms of autonomy, influence, complexity and business skills.
5 Ensure/advise
Full definitions of the levels of responsibility are given on page 9.
4 Enable
3 Apply
2 Assist
1 Follow
6
SFIA 4G: Framework reference How SFIA is used
All of these activities require a factual information base, so that decisions can be made objectively.
7
SFIA 4G: Framework reference How SFIA is used
might be a set of free-standing documents containing professional profiles: these would give
descriptions of what is expected of the various classes of IT professionals needed by the
organisation, such as business analysts, software engineers or service managers.
Then, the same criteria used when recruiting can be used when deploying people on projects,
assessing their competence or producing development plans. Also, the whole process of resource
planning can be based on clear definitions of the types of IT professional that will be needed to
carry out future work.
That set of profiles, based on the SFIA skills, becomes the common language of skills in the
organisation.
Diagnostic
A SFIA skill is not intended as a complete definition of all the activities that could be carried out by
someone with that skill. Rather, it is intended for diagnostic use: to help determine if a given
individual has the skill; and if so, at what level.
Staying relevant
The SFIA Foundation maintains and updates SFIA on behalf of the community of users. The
update exercises are based on a period of open consultation. Feedback from users forms the
basis of the update exercise.
The policy is for SFIA to reflect current IT practice, rather than to dictate it.
By these means, SFIA stays relevant to the needs of the IT industry.
8
SFIA 4G: Framework reference Levels of responsibility
Levels of responsibility
Generic levels Level 1: follow Level 2: assist Level 3: apply
This section describes the standard
Autonomy Autonomy Autonomy
levels of responsibility and
accountability used in the framework. Works under close supervision. Uses Works under routine supervision. Works under general supervision.
little discretion. Is expected to seek Uses minor discretion in resolving Uses discretion in identifying and
The underlying structure of the
guidance in unexpected situations. problems or enquiries. Works without resolving complex problems and
framework ensures that the
frequent reference to others. assignments. Usually receives specific
definitions of professional skills are Influence instructions and has work reviewed at
defined in a way that makes their Interacts with immediate colleagues. Influence frequent milestones. Determines
different levels recognisably distinct.
Interacts with and may influence when issues should be escalated to a
Complexity immediate colleagues. May have higher level.
Core competencies Performs routine activities in a some external contact with
structured environment. Requires customers and suppliers. May have Influence
The nature of these generic
definitions makes them suitable for assistance in resolving unexpected more influence in own domain. Interacts with and influences
use as the basis of core problems. department/project team members.
Complexity May have working level contact with
competencies.
Business skills Performs a range of varied work customers and suppliers. In
An organisation that already has a set Uses basic information systems and activities in a variety of structured predictable and structured areas may
of core competencies may wish to
technology functions, applications, environments. supervise others. Makes decisions
use them in combination with SFIA's
and processes. Demonstrates an which may impact on the work
professional skills. The organisation organised approach to work. Learns Business skills assigned to individuals or phases of
will still benefit from the sensible
new skills and applies newly acquired Understands and uses appropriate projects.
spacing of levels that the framework
knowledge. Has basic oral and methods, tools and applications.
provides. written communication skills. Demonstrates a rational and Complexity
Contributes to identifying own organised approach to work. Is aware Performs a broad range of work,
Existing levels development opportunities. of health and safety issues. Identifies sometimes complex and non-routine,
It may be required to map SFIA's and negotiates own development in a variety of environments.
professional skills on to an opportunities. Has sufficient
communication skills for effective Business skills
established structure of levels within
an organisation. In that case, the dialogue with colleagues. Is able to Understands and uses appropriate
generic levels can be used as a work in a team. Is able to plan, methods, tools and applications.
transition aid in order to establish the schedule and monitor own work Demonstrates an analytical and
basis of the mapping. within short time horizons. Absorbs systematic approach to problem
technical information when it is solving. Takes the initiative in
presented systematically and applies identifying and negotiating
it effectively. appropriate development
opportunities. Demonstrates effective
communication skills. Contributes
fully to the work of teams. Plans,
schedules and monitors own work
(and that of others where applicable)
competently within limited deadlines
and according to relevant legislation
and procedures. Absorbs and applies
technical information. Works to
required standards. Understands and
uses appropriate methods, tools and
applications. Appreciates the wider
field of information systems, and how
own role relates to other roles and to
the business of the employer or
client.
9
SFIA 4G: Framework reference Levels of responsibility
Level 4: enable Level 5: ensure, advise Level 6: initiate, influence Level 7: set strategy,
inspire, mobilise
Autonomy Autonomy Autonomy
Works under general direction within Works under broad direction. Is fully Has defined authority and Autonomy
a clear framework of accountability. accountable for own technical work responsibility for a significant area of Has authority and responsibility for all
Exercises substantial personal and/or project/supervisory work, including technical, financial aspects of a significant area of work,
responsibility and autonomy. Plans responsibilities. Receives assignments and quality aspects. Establishes including policy formation and
own work to meet given objectives in the form of objectives. Establishes organisational objectives and application. Is fully accountable for
and processes. own milestones and team objectives, delegates responsibilities. Is actions taken and decisions made,
and delegates responsibilities. Work is accountable for actions and decisions both by self and subordinates.
Influence often self-initiated. taken by self and subordinates.
Influences team and specialist peers Influence
internally. Influences customers at Influence Influence Makes decisions critical to
account level and suppliers. Has Influences organisation, customers, Influences policy formation on the organisational success. Influences
some responsibility for the work of suppliers and peers within industry contribution of own specialism to developments within the IT industry
others and for the allocation of on the contribution of own business objectives. Influences a at the highest levels. Advances the
resources. Participates in external specialism. Has significant significant part of own organisation knowledge and/or exploitation of IT
activities related to own specialism. responsibility for the work of others and influences customers/suppliers within one or more organisations.
Makes decisions which influence the and for the allocation of resources. and industry at senior management Develops long-term strategic
success of projects and team Makes decisions which impact on the level. Makes decisions which impact relationships with customers and
objectives. success of assigned projects i.e. the work of employing organisations, industry leaders.
results, deadlines and budget. achievement of organisational
Complexity Develops business relationships with objectives and financial performance. Complexity
Performs a broad range of complex customers. Develops high-level relationships with Leads on the formulation and
technical or professional work customers, suppliers and industry application of strategy. Applies the
activities, in a variety of contexts. Complexity leaders. highest level of management and
Performs a challenging range and leadership skills. Has a deep
Business skills variety of complex technical or Complexity understanding of the IT industry and
Selects appropriately from applicable professional work activities. Performs highly complex work the implications of emerging
standards, methods, tools and Undertakes work which requires the activities covering technical, financial technologies for the wider business
applications. Demonstrates an application of fundamental principles and quality aspects. Contributes to environment.
analytical and systematic approach to in a wide and often unpredictable the formulation of IT strategy.
problem solving. Communicates range of contexts. Understands the Creatively applies a wide range of Business skills
fluently orally and in writing, and can relationship between own specialism technical and/or management Has a full range of strategic
present complex technical and wider customer/organisational principles. management and leadership skills.
information to both technical and requirements. Understands, explains and presents
non-technical audiences. Facilitates Business skills complex technical ideas to both
collaboration between stakeholders Business skills Absorbs complex technical technical and non-technical
who share common objectives. Plans, Advises on the available standards, information and communicates audiences at all levels up to the
schedules and monitors work to methods, tools and applications effectively at all levels to both highest in a persuasive and
meet time and quality targets and in relevant to own specialism and can technical and non-technical convincing manner. Has a broad and
accordance with relevant legislation make correct choices from audiences. Assesses and evaluates deep IT knowledge coupled with
and procedures. Rapidly absorbs new alternatives. Analyses, diagnoses, risk. Understands the implications of equivalent knowledge of the activities
technical information and applies it designs, plans, executes and new technologies. Demonstrates of those businesses and other
effectively. Has a good appreciation evaluates work to time, cost and clear leadership and the ability to organisations that use and exploit IT.
of the wider field of information quality targets. Communicates influence and persuade. Has a broad Communicates the potential impact
systems, their use in relevant effectively, formally and informally, understanding of all aspects of IT and of emerging technologies on
employment areas and how they with colleagues, subordinates and deep understanding of own organisations and individuals and
relate to the business activities of the customers. Demonstrates leadership. specialism(s). Understands and analyses the risks of using or not
employer or client. Maintains an Facilitates collaboration between communicates the role and impact of using such technologies. Assesses
awareness of developing stakeholders who have diverse IT in the employing organisation and the impact of legislation, and actively
technologies and their application objectives. Understands the promotes compliance with relevant promotes compliance. Takes the
and takes some responsibility for relevance of own area of legislation. Takes the initiative to keep initiative to keep both own and
personal development. responsibility/specialism to the both own and subordinates' skills up subordinates’ skills up to date and to
employing organisation. Takes to date and to maintain an maintain an awareness of
customer requirements into account awareness of developments in the IT developments in IT in own area(s) of
when making proposals. Takes industry. expertise.
initiative to keep skills up to date.
Mentors more junior colleagues.
Maintains an awareness of
developments in the industry.
Analyses requirements and advises
on scope and options for operational
improvement. Demonstrates
creativity and innovation in applying
solutions for the benefit of the
customer.
10
SFIA 4G: Framework reference Skills
Skills
Categories and subcategories
The skills in SFIA are grouped into categories and subcategories for the convenience of users.
It is not proposed that these equate to jobs or areas of personal responsibility. The grouping is
intended to assist people who are incorporating SFIA skills in role profiles or job descriptions, or
who are building an organisation’s IT competency framework.
Layout
The skill definitions are presented within their categories and subcategories.
11
SFIA 4G: Framework reference Index of skill definitions
12
SFIA 4G: Framework reference Strategy & architecture: Information strategy
13
SFIA 4G: Framework reference Strategy & architecture: Information strategy
Level 4 Takes responsibility for the accessibility, Information policy formation Level 4 Conducts security risk assessments for
retrievability and protection of information. (DPRO) defined business applications or IT installations in
Provides advice on the transformation of defined areas, and provides advice and guidance
information from one format/medium to The development of policies, procedures, on the application and operation of elementary
another, where appropriate. Maintains and working practices and training to promote physical, procedural and technical security
implements information handling procedures. compliance with legislation regulating the controls (e.g. the key controls defined in
Ensures the availability, integrity and searchability holding, use and disclosure of personal data. ISO27001). Performs risk assessment, and
of information through the application of formal business impact analysis for medium size
data structures and protection measures. Level 6 Develops strategies for compliance with information systems. Investigates suspected
Identifies and complies with relevant data protection legislation. Ensures that the policy attacks and recommends remedial action.
organisational policies and procedures, taking and standards for compliance with data
responsibility for assessing and managing risks protection legislation are fit for purpose, current Level 3 Applies and maintains specific security
around the use of information. Ensures that and correctly implemented. Reviews new controls as required by organisational policy and
information is presented effectively. business proposals and provides specialist advice local risk assessments to maintain confidentiality,
on compliance issues. Acts as the organisation's integrity and availability of business information
contact for the data protection authorities. systems and to enhance resilience to
unauthorised access. Recognises when an IT
Information systems coordination Level 5 Drafts and maintains the policy, network/system has been attacked, and takes
(ISCO) standards and procedures for compliance with immediate action to limit damage. Determines
relevant legislation. Reviews information systems when security issues should be escalated to a
Typically within a large organisation in which the for compliance with legislation and specifies any higher level. Demonstrates effective
information strategy function is devolved to required changes. Ensures that formal communication of security issues to business
autonomous units, or within a collaborative information access requests and complaints are managers and others. Performs basic risk
enterprise of otherwise independent dealt with according to approved procedures. assessments for small information systems.
organisations, the coordination of information Creates and maintains an inventory of data which
strategy matters where the adoption of a is subject to data protection legislation. Prepares
common approach (such as shared services) and reviews the periodic notification of
would benefit the organisation.
Information assurance (INAS)
registration details and submits it to the data
protection authorities. The leadership and oversight of information
Level 7 Establishes, maintains and
communicates the organisation's strategy for assurance, setting high level strategy and policy,
managing information and the policies, to ensure stakeholder confidence that risk to the
standards, procedures and methods necessary to Information security (SCTY) integrity of information in storage and transit is
implement the strategy. Coordinates the managed pragmatically, appropriately and in a
promotion, development, acquisition and The management of, and provision of expert cost effective manner.
implementation of information systems, and advice on, the selection, design, justification,
implementation and operation of information Level 7 Establishes and manages Information
represents information strategy issues on behalf
security controls and management strategies to assurance strategy and policies in accordance
of the entire organisation, with general
maintain the confidentiality, integrity, availability, with the ISO/IEC 27000 series of standards.
management and external bodies.
accountability and relevant compliance of Plans and implements processes to take forward
Level 6 Maintains an awareness of the global information systems the strategy and policies. Provides leadership and
needs of the organisation, and promotes the guidelines for provision of Information assurance
benefits that a common approach to IT Level 6 Provides leadership and guidelines on requirements across all of the organisation's
deployment will bring to the business as a whole, information assurance security expertise for the information and information systems.
among information systems and business organisation, working effectively with strategic
organisational functions such as legal experts and Level 6 Develops corporate Information security
management. Coordinates the promotion,
technical support to provide authoritative advice policy, standards and guidelines. Prepares and
development, acquisition and implementation of
and guidance on the requirements for security maintains organisational strategies that address
information systems and services in close liaison
controls. Provides for restoration of information the evolving business risk and information control
with those responsible for management and
systems by ensuring that protection, detection, requirements. Operates as a focus for
strategy.
and reaction capabilities are incorporated. Information assurance governance expertise for
the organisation, working effectively with strategic
Level 5 Conducts security risk assessments for organisational functions such as legal experts and
business applications and computer installations; technical support to provide authoritative advice
provides authoritative advice and guidance on and guidance on the requirements for security
security strategies to manage the identified risk. controls.
Investigates major breaches of security, and
recommends appropriate control improvements. Level 5 Provides authoritative advice and
Interprets security policy and contributes to guidance on Information assurance strategies to
development of standards and guidelines that manage the identified risk. Interprets security and
comply with this. Performs risk assessment, assurance policies and contributes to
business impact analysis and accreditation for all development of standards and guidelines that
major information systems within the comply with these.
organisation.
14
SFIA 4G: Framework reference Strategy & architecture: Advice and guidance
15
SFIA 4G: Framework reference Strategy & architecture: Business/IT strategy and planning
16
SFIA 4G: Framework reference Strategy & architecture: Technical strategy and planning
Business risk management (BURM) Technical strategy and planning Emerging technology monitoring
(EMRG)
The planning and implementation of
organisation-wide processes and procedures for Solution architecture (ARCH) The identification of new and emerging
the management of operational risk arising from hardware, software and communication
any aspect of the use of information technology, The development and communication of technologies and products, services, methods
including that arising from reduction or structural frameworks (hardware, software and and techniques and the assessment of their
non-availability of energy supply or inappropriate other components) which meet the present and relevance and potential value as business
disposal of materials, hardware or data. future requirements of an organisation, and the enablers, improvements in cost/performance or
interrelationships between these components. sustainability. The promotion of emerging
Level 6 Plans and manages the implementation
The design of solutions required to automate technology awareness among staff and business
of organisation-wide processes and procedures,
business processes and resolve business issues management.
tools and techniques for the identification,
assessment, and management of risk inherent in in a particular business or functional area. The
Level 6 Co-ordinates the identification and
the operation of business processes and of provision of direction and guidance on all
assessment of new and emerging hardware,
potential risks arising from planned IT-enabled technical aspects of the development of, and
software and communication technologies,
change. modifications to, information systems to ensure
products, methods and techniques. Evaluates
that they take account of relevant architectures,
likely relevance of these for the organisation.
Level 5 Carries out risk assessment within a strategies, policies, standards and practices and
Provides regular briefings to staff and
defined functional or technical area of business. that existing and planned systems and IT
management.
Uses consistent processes for identifying infrastructure remain compatible.
potential risk events, quantifying and Level 5 Monitors the market to gain knowledge
documenting the probability of occurrence and Level 6 Leads the development of architectures
and understanding of currently emerging
the impact on the business. Refers to domain for complex systems, ensuring consistency with
technologies. Identifies new and emerging
experts for guidance on specialised areas of risk, specified requirements agreed with both
hardware and software technologies and
such as architecture and environment. external, and internal customers. Takes full
products based on own area of expertise,
Co-ordinates the development of responsibility for the balance between functional,
assesses their relevance and potential value to
countermeasures and contingency plans. service quality and systems management
the organisation, contributes to briefings of staff
requirements within a significant area of the
and management.
organisation. Establishes policy and strategy for
the selection of systems architecture
Sustainability strategy (SUST) components, and co-ordinates design activities,
promoting the discipline to ensure consistency. Continuity management (COPL)
The preparation of a sustainability strategy for IT, Ensures that appropriate standards (corporate,
taking into account any established corporate industry, national and international) are adhered The provision of service continuity planning and
strategy, to be used as a basis for policies and to. Within a business change programme, support. This includes the identification of
planning, and covering both consumption and manages the target design, policies and information systems which support critical
sources of supply of energy and materials. standards, working proactively to maintain a business processes, the assessment of risks to
Evaluation and inclusion, as appropriate, of stable, viable architecture and ensure consistency those systems' availability, integrity and
political, legislative, economic, social and of design across projects within the programme. confidentiality and the co-ordination of planning,
technological factors. Identification of major designing, testing and maintenance procedures
external standards, practices or schemes to be Level 5 Uses appropriate tools, including logical and contingency plans to address exposures and
adopted. Consultation with identified relevant models of components and interfaces, to maintain agreed levels of continuity. This function
parties, either internal or external. Obtaining contribute to the development of systems should be performed as part of, or in close
agreement to the strategy and the commitment architectures in specific business or functional cooperation with, the function which plans
to act upon it. areas. Produces detailed component business continuity for the whole organisation.
specifications and translates these into detailed
Level 6 Provides leadership and guidelines on designs for implementation using selected Level 5 Owns the service continuity planning
sustainability; leads in the development of a products. Within a business change programme, process and leads the implementation of
sustainability strategy for IT, encompassing assists in the preparation of technical plans and resulting plans. Coordinates the identification by
sources of supply, control and measurement of cooperates with business assurance and project specialists across the organisation of information
in-house utilisation, procurement of staff to ensure that appropriate technical and communication systems which support the
resource-efficient products and services, and resources are made available. Provides advice on critical business processes, and the assessment
legislative factors. technical aspects of system development and of risks to the availability, integrity, and
integration (including requests for changes, confidentiality of those systems. Evaluates the
Level 5 Contributes to strategy formation by
deviations from specifications, etc.) and ensures critical risks associated with these systems and
providing in-depth analysis of one or more broad
that relevant technical strategies, policies, identifies priority areas for improvement.
aspects of the organisation’s use of energy and
standards and practices are applied correctly. Coordinates the planning, designing, testing of
materials, and by recommending elements of the
maintenance procedures and contingency plans
strategy; provides in-depth advice in own area of
to address exposure to risk and ensure that
expertise. Provides analysis of risks arising in the
agreed levels of continuity are maintained.
areas covered.
Level 4 Provides input to the service continuity
planning process and implements resulting
plans.
17
SFIA 4G: Framework reference Strategy & architecture: Technical strategy and planning
Software development process Sustainability management for IT Methods & tools (METL)
improvement (SPIM) (SUMI)
Ensuring that appropriate methods and tools for
The provision of advice, assistance and The specification, planning and management of the planning, development, testing, operation,
leadership in improving the quality of software changes to IT assets, systems, processes or management and maintenance of systems are
development, by focusing on process definition, practices intended to reduce or constrain adopted and used effectively throughout the
management, repeatability and measurement. consumption and/or disposal of energy or organisation.
The facilitation of improvements by changing materials, within the context of company strategy
Level 6 Sets direction and leads in the
approaches and working practices, typically using and policy, and regulatory and contractual
introduction and use of techniques,
recognised models such as the Capability requirements. The evaluation of changes to
methodologies and tools, to match overall
Maturity Model Integration (CMMI), the Software ensure that planned benefits have been
business requirements (both current and future),
Process Improvement and Capability obtained. The specification of remedial and
ensuring consistency across all user groups.
dEtermination Model (SPICE), Test Process process improvement actions in cases where
Improvement (TPI) and Test Maturity Model planned benefits have not been obtained. The Level 5 Promotes and ensures use of
(TMM). identification and planning of alternative sources appropriate techniques, methodologies and
of supply. tools.
Level 7 Liaises with client functions to establish
business requirements and identifies, proposes, Level 6 Establishes the overall approach to the Level 4 Provides expertise and support on use
initiates and leads significant improvement incorporation of sustainability requirements and of methods and tools.
programmes. Manages the quality and factors into the specification and design of
appropriateness of the work performed and systems and services; determines relevant
delivers measurable business benefits. Modifies methods and tools to be used to address energy
existing software process improvement efficiency issues in specification, design and
approaches and/or develops new approaches to operation.
achieving improvement.
Level 5 Plans and implements new practices
Level 6 Plans and manages the evaluation of that ensure that sustainability matters are
software processes. Identifies, proposes, and appropriately addressed in specification, design
initiates software process improvement activities and operation of systems and services.
within the organisation, devising solutions. Takes Recommends methods, tools and practices to be
action to exploit opportunities that will have a used. Establishes organisation-wide practices for
measurable effect on operational effectiveness, the disposal of materials. Sets standards for the
with associated benefits to the business. conformance of components and services to
efficient use of energy and materials.
Level 5 Develops and maintains a detailed
knowledge of software process improvement.
Contributes effectively to identifying new areas of
software process improvement within the
Network planning (NTPL)
organisation. Carries out software process
improvement assignments, justified by The creation and maintenance of overall network
measurable business benefits. plans, encompassing the communication of data,
voice, text and image, in the support of an
organisation's business strategy. This includes
participation in the creation of service level
agreements and the planning of all aspects of
infrastructure necessary to ensure provision of
network services to meet such agreements.
Physical implementation may include copper
wire, fibre-optic, wireless, or any other
technology.
18
SFIA 4G: Framework reference Business change: Business change implementation
19
SFIA 4G: Framework reference Business change: Business change management
governance arrangements, supported by the change control procedure, and ensures that Business change management
comprehensive reporting. Evaluates changes to project deliverables are completed within
programme management practices and initiates planned cost, timescale and resource budgets,
improvement to organisation practices. and are signed off. Provides effective leadership
to the project team, and takes appropriate action
Business analysis (BUAN)
Level 6 Plans, directs, and co-ordinates activities where team performance deviates from agreed
to manage and implement interrelated projects The methodical investigation, analysis, review
tolerances.
from contract/proposal initiation to final and documentation of all or part of a business in
operational stage; plans, schedules, monitors, Level 4 Defines, documents and carries out terms of business functions and processes, the
and reports on activities related to the small projects (typically less than six months, with information used and the data on which the
programme. Leads the programme team(s) in a small team, limited budget, no information is based. The definition of
determining business requirements and interdependency with other projects, and no requirements for improving processes and
translating requirements into operational plans. significant strategic impact), actively participating systems, reducing their costs, enhancing their
Determines, monitors, and reviews all in all phases. Identifies, assesses and manages sustainability, and the quantification of potential
programme economics to include programme risks to the success of the project. Prepares business benefits. The creation of viable
costs, operational budgets, staffing requirements, realistic project and quality plans and tracks specifications and acceptance criteria in
programme resources, and programme risk. activities against the plans, providing regular and preparation for the construction of information
Ensures that programme is managed to realise accurate reports to stakeholders as appropriate. and communication systems.
business benefits and that programme Monitors costs, timescales and resources used,
Level 6 Takes full responsibility for business
management is informed by an awareness of and takes action where these deviate from
analysis within a significant segment of an
current technical developments. agreed tolerances. Ensures that own projects are
organisation where the advice given and
formally closed and, where appropriate,
decisions made will have a measurable impact
subsequently reviewed, and that lessons learned
on the profitability or effectiveness of the
Project management (PRMG) are recorded.
organisation. Establishes the contribution that
technology can make to business objectives,
The management of projects, typically (but not defining strategies, validating and justifying
exclusively) involving the development and business needs, conducting feasibility studies,
implementation of business processes to meet producing high-level and detailed business
identified business needs, acquiring and utilising models, preparing business cases, overseeing
the necessary resources and skills, within agreed development and implementation of solutions,
parameters of cost, timescales, and quality. taking into account the implications of change on
the organisation and all stakeholders. Guides
Level 7 Sets organisational strategy governing
senior management towards accepting change
the direction and conduct of project
brought about through process and
management, including application of
organisational change.
appropriate methodologies. Authorises the
management of large scale projects. Leads Level 5 Takes responsibility for investigative
project planning, scheduling, controlling and work to determine business requirements and
reporting activities for strategic, high impact, high specify effective business processes, through
risk projects. Manages risk and ensures that improvements in information systems,
solutions to problems are implemented in line information management, practices, procedures,
with change control processes. and organisation change. Applies and monitors
the use of required modelling and analysis tools,
Level 6 Takes full responsibility for the definition,
methods and standards, giving special
documentation and successful completion of
consideration to business perspectives. Conducts
complex projects (typically greater than 12
investigations at a high level for strategy studies,
months, with significant business, political, or
business requirements specifications and
high-profile impact, and high-risk dependencies),
feasibility studies. Prepares business cases which
ensuring that realistic project, quality, change
define potential benefits, options for achieving
control and risk management processes are
these benefits through development of new or
maintained. Monitors and controls resources,
changed processes, and associated business
revenue and capital costs against the project
risks. Identifies stakeholders and their business
budget and manages expectations of all project
needs.
stakeholders.
Level 4 Investigates operational requirements,
Level 5 Takes full responsibility for the definition,
problems, and opportunities, seeking effective
documentation and satisfactory completion of
business solutions through improvements in
medium-scale projects (typically lasting 6–12
automated and non-automated components of
months, with direct business impact, teams of
new or changed processes. Assists in the analysis
3–5 and firm deadlines). Identifies, assesses and
of stakeholder objectives, and the underlying
manages risks to the success of the project.
issues arising from investigations into business
Ensures that realistic project and quality plans are
requirements and problems, and identifies
prepared and maintained and provides regular
and accurate reports to stakeholders as
appropriate.Ensures Quality reviews occur on
schedule and according to procedure. Manages
20
SFIA 4G: Framework reference Business change: Business change management
options for consideration. Identifies potential Change implementation planning organisation boundaries, and creates future
benefits, and available options for consideration. and management (CIPM) organisation design, including location strategy
Works with clients/users in defining acceptance and the number of locations required. Outlines
tests. The definition and management of the process performance measurement objectives and the
for deploying and integrating IT capabilities into high level implementation approach.
Level 3 Investigates operational needs and
problems, and opportunities, contributing to the the business in a way that is sensitive to and fully Level 5 Conducts business impact assessment
recommendation of improvements in automated compatible with business operations. to identify how the changes from the ’as-is’
and non-automated components of new or Level 6 Ensures that there is a business processes, systems, and structures to the ’to-be’
changed processes and organisation. Assists in perspective on how the new technical capabilities processes, systems and structures impact specific
defining acceptance tests for these will be delivered to the business, including organisations and roles. Outlines how the
recommendations. planning around key business cycles, selecting organisation structure, jobs, teams and roles
appropriate customers for migration, etc. Initiates need to change to enable the future business
the business implementation plan, including all processes. Aligns existing jobs/organisational
Business process testing (BPTS) the activities that the business needs to do to structures to new processes.
prepare for new technical components and
The planning, design, management, execution technologies. Ensures sites deliver site
and reporting of business process tests and implementation plans that align with the overall Benefits management (BENM)
usability evaluations. The application of plan. Tracks and reports against these activities to
evaluation skills to the assessment of the ensure progress. Defines and manages the Monitoring for the emergence of anticipated
ergonomics, usability and fitness for purpose of activities to ensure achievement of the business benefits (typically specified as part of the
defined processes. This includes the synthesis of case after delivery. Outlines key business business case for a change programme or
test tasks to be performed (from statement of engagement messages that need to take place project). Action (typically by the programme
user needs and user interface specification), the throughout the programme / project. management team) to optimise the business
design of an evaluation programme, the selection impact of individual and combined benefits.
of user samples, the analysis of performance, and Level 5 Creates the business readiness plan,
inputting results to the development team. taking into consideration IT deployment, data Level 6 Promotes the change programme vision
migration, capability deployment (training and to staff at all levels of the business operation,
Level 6 Is responsible for organisational engagement activities) and any business brings order to complex situations, and keeps a
commitment to high standards in human factors. activities required to integrate new processes or focus on business objectives. Works with senior
Specifies ergonomics standards and methods to jobs into the ’business as usual’ environment. people responsible for the line business
meet organisational objectives. Sets the policy Determines the readiness levels of business operation, to ensure maximum improvements
and standards for business process testing. users with regard to upcoming changes; are made in the business operations as groups of
Manages the design and execution of business uncovers readiness gaps and creates and projects deliver their products into operational
process tests, usability evaluations, network and implements action plans to close the gaps prior use. Maintains the business case for funding the
business trials, confidence tests. Maintains an to going live. Assists the user community in the programme and confirms continuing business
overview of the business environment, required provision of transition support and change viability of the programme at regular intervals.
outcomes and potential exposures. planning, and liaises with the project team.
Monitors and reports progress on business Level 5 Identifies specific measures and
Level 5 Designs and manages tests of readiness targets, business engagement activity, mechanisms by which benefits can be
new/updated processes. Specifies test training design and deployment activities, key measured, and plans to activate these
environment for whole life-cycle testing (e.g. operational metrics and return to productivity mechanisms at the required time. Monitors
using model office concept). Manages measures. Defines the series and sequence of benefits against what was predicted in the
selection/creation of relevant scenarios for activities to bring stakeholders to the required business case and ensures that all participants
testing and ensures that tests reflect realistic level of commitment, prior to going live. are informed and involved throughout the
operational business conditions. Ensure tests and change programme and fully prepared to exploit
results are documented, reported to stakeholders the new operational business environment once
and are available for specification of user it is in place. Supports senior management to
instructions. Highlights issues and risks identified
Organisation design and ensure that all plans, work packages and
during testing to business stakeholders. Provides implementation (ORDI) deliverables are aligned to the expected benefits
specialist guidance and advice to less and leads activities required in the realisation of
experienced colleagues and users to ensure that The design and implementation of an integrated the benefits of each part of the change
test are conducted in an appropriate manner. organisation structure, role profiles, culture, programme.
performance measurements, competencies and
Level 4 Specifies and develops test scenarios to skills, to facilitate strategies for change and for
test that new/updated processes deliver training to enable the change. The identification
improved ways of working for the end user at the of key attributes of the culture and the key
Business modelling (BSMO)
same time as delivering efficiencies and planned principles and factors for addressing location
business benefits. Records and analyses test The production of abstract or distilled
strategy.
results, and reports any unexpected or representations of real world/business situations
unsatisfactory outcomes. Uses test plans and Level 6 Anticipates major changes affecting the to aid the communication and understanding of
outcomes to specify user instructions. organisation, and mobilises resources to existing, conceptual or proposed scenarios.
implement changes. Advises business managers
about the implications of planned IT-enabled
change on the business, on processes and on
customers. Initiates the definition of new
21
SFIA 4G: Framework reference Business change: Relationship management
22
SFIA 4G: Framework reference Solution development and implementation: Systems development
23
SFIA 4G: Framework reference Solution development and implementation: Systems development
agreement by stakeholders and recipients to options and assesses and manages associated Database/repository design
scope and requirements and establishes a risks. Ensures that the system design balances (DBDS)
base-line on which delivery of a solution can functional, service quality and systems
commence. Manages requests for and the management requirements. The specification, design and maintenance of
application of changes to base-lined mechanisms for storage and access to both
requirements. Identifies the impact on business Level 4 Recommends/designs structures and
tools for systems which meet business needs. structured and unstructured information, in
requirements of interim (e.g. migration) support of business information needs.
scenarios as well as the required end position. Delivers technical visualisation of proposed
applications for approval by customer and Level 6 Sets strategies for effective use of
Level 3 Defines scope and business priorities for execution by system developers. Translates database technology taking account of the
small-scale changes and may assist in larger scale logical designs into physical designs, and complex interrelations between
scoping exercises. Elicits and discovers produces detailed design documentation. Maps hardware/software. Provides specialist expertise
requirements from operational management and work to user specification and removes errors in the development, use or operation of database
other stakeholders. Selects appropriate and deviations from specification to achieve management system tools and facilities. Provides
techniques for the elicitation of detailed user-friendly processes. expert knowledge in the selection, provision and
requirements taking into account the nature of use of database architectures, software and
the required changes, established practice and Level 3 Specifies user/system interfaces, and
translates logical designs into physical designs facilities, typically taking responsibility for a team
the characteristics and culture of those providing of technical staff.
the requirements. Specifies and documents taking account of target environment,
business requirements as directed, ensuring performance requirements and existing systems. Level 5 Maintains and applies up to date,
traceability back to source. Analyses them for Produces detailed designs and documents all specialist knowledge of database concepts,
adherence to business objectives and for work using required standards, methods and object and data modelling techniques and design
consistency, challenging positively as appropriate. tools, including prototyping tools where principles, and a detailed knowledge of the full
Works with stakeholders to prioritise appropriate. range of database architectures, software and
requirements. facilities available. Analyses data requirements, to
Level 2 Undertakes complete design of simple
applications using simple templates and tools. establish, modify or maintain a data model. Takes
Level 2 Uses established techniques as directed account of specialist requirements (e.g.
to identify current problems and elicit, specify Assists as part of a team on design of
components of larger systems. Produces detailed geocoding, for geographic information systems).
and document business functional, data and Interprets the model into an appropriate
non-functional requirements for simple subject designs including for example: physical data
flows, file layouts, common routines and utilities, database schema within set policies.
areas with clearly-defined boundaries. Assists in Demonstrates, installs and commissions selected
more complex requirements activities and with program specifications or prototypes, and
backup, recovery and restart procedures. products.
the processes for establishing agreed baselines
for change and managing the assessment and Level 4 Develops and maintains specialist
application of requested changes to those knowledge of database concepts, object and data
requirements. Network design (NTDS) modelling techniques and design principles and
a detailed knowledge of database architectures,
The production of network designs and design software and facilities. Analyses data
Systems design (DESN) policies, strategies, architectures and requirements to establish, modify or maintain
documentation, covering voice, data, text, e-mail, object/data models. Evaluates potential
The specification and design of information facsimile and image, to support business solutions, demonstrating, installing and
systems and the design or selection of requirements and strategy. This may incorporate commissioning selected products.
components to meet defined business needs, all aspects of the communications infrastructure,
internal and external, mobile, public and private, Level 3 Develops specialist knowledge of
retaining compatibility with enterprise and
Internet, Intranet and call centres. database concepts, object and data modelling
solution architectures, and conforming to
techniques and design principles. Translates
corporate standards within constraints of cost,
Level 6 Takes responsibility for major aspects of object and data models into appropriate
security and sustainability.
network specification and design within the database schemas within design constraints.
Level 6 Controls system design practice within organisation. Produces network design policies, Interprets installation standards to meet project
an enterprise or industry architecture. Influences philosophies and criteria covering connectivity, needs and produces database components as
industry-based models for the development of capacity, interfacing, security, resilience, recovery, required. Evaluates potential solutions,
new technology applications. Develops effective access and remote access. demonstrating, installing and commissioning
implementation and procurement strategies, selected products.
Level 5 Produces outline system designs and
consistent with business needs.
specifications, and overall architectures, Level 2 Translates and implements simple
Level 5 Specifies and designs large or complex topologies, configuration databases and design development project requirements into physical
systems. Selects appropriate design standards, documentation of networks and networking database structures. Assesses proposed changes
methods and tools, consistent with agreed technology within the organisation. Specifies to object and data structures and implements
enterprise and solution architectures and ensures user/system interfaces, including validation and these changes in physical databases. Assists in
they are applied effectively. Reviews others' error correction procedures, processing rules, database management system support activities
systems designs to ensure selection of access, security and audit controls. Assesses for operational database systems.
appropriate technology, efficient use of associated risks, and specifies recovery routines
resources, and integration of multiple systems and contingency procedures. Translates logical
and technology. Contributes to policy for designs into physical designs.
selection of architecture components. Evaluates
and undertakes impact analysis on major design
24
SFIA 4G: Framework reference Solution development and implementation: Systems development
Programming/software systems architectures up to the highest safety material developed by document content
development (PROG) integrity levels. Develops and maintains project creators within the organisation. Manages
safety assurance plans, monitors compliance and relationships with stakeholders, ensuring that
The design, creation, testing and documenting of ensures that safety assurance evidence is they receive the information that they need.
new and amended programs from supplied gathered for safety case preparation. Manages reviews of draft material.
specifications in accordance with agreed Level 4 Contributes to the identification, analysis Level 5 Designs overall support information
standards. and documentation of hazards, and to the package plans. Manages small teams of authors,
Level 5 Sets standards for programming tools capture, evaluation and specification of safety ensuring that they are aware of and work to
and techniques, advises on their application and requirements. Analyses and documents safety relevant standards. Advises on appropriate
ensures compliance. Takes technical validation results. Contributes to the documentation formats and documentation
responsibility for all stages in the software development and maintenance of project safety systems to satisfy requirements. Organises
development process. Prepares project and assurance plans, and gathers safety assurance reviews of draft material.
quality plans and advises systems development evidence for safety case preparation.
Level 4 Determines the documentation needs
teams. Assigns work to programming staff and Level 3 Assists with the collection of safety of users. Designs individual documentation
monitors performance, providing advice, assurance evidence, undertaking all work in plans. Creates drafts for review of information
guidance and assistance to less experienced accordance with agreed safety, technical and format and content. Organises the production
colleagues as required. quality standards, using appropriate methods and and distribution of approved documentation
Level 4 Designs, codes, tests, corrects and tools. Documents the results of hazard and risk items. Designs the content and appearance of
documents large and/or complex programs and analysis activities. complex information deliverables (e.g. web
program modifications from supplied pages) in collaboration with clients/users.
specifications using agreed standards and tools, Creates and tests complex, well-engineered
to achieve a well engineered result. Takes part in Sustainability engineering (SUEN) deliverables with specified content and layout.
reviews of own work and leads reviews of Manages the configuration of documentation
colleagues' work. The application of appropriate methods to assure items and files, within own area of responsibility.
sustainability in all phases of the life cycle of Level 3 Liaises with clients/users to clarify details
Level 3 Designs, codes, tests, corrects, and energy- or materials-consuming systems and
documents moderately complex programs and of requirements. Designs, creates and tests
services, including maintenance and re-use. moderately complex, well-engineered
program modifications from supplied These include such things as energy supply risk
specifications, using agreed standards and tools. information deliverables with specified content
analysis, specification of materials procurement and layout. Manages the configuration of
Conducts reviews of supplied specifications, with guidelines, factors influencing system design, and
others as appropriate. documentation items and files, within own area
the verification of energy efficiency. of responsibility.
Level 2 Designs, codes, tests, corrects, and Level 6 Creates models to ensure that new
documents simple programs, and assists in the Level 2 Develops a broad understanding of
systems and services are designed to achieve technical publication concepts, tools and
implementation of software which forms part of specified levels of sustainability and to optimise
a properly engineered information or methods and the way in which these are
the consumption and re-cycling of materials. implemented. Develops an understanding of
communications system. Defines and promulgates best practices in publication development support activities, such
sustainability. as information gathering, user task analysis,
Level 5 Designs systems, services and creating draft documentation, and illustration,
Safety engineering (SFEN) and printing and publishing. Works with
components that meet required levels of
sustainability and specific profiles of materials colleagues and clients to create new sections of
The application of appropriate methods to assure technical documentation through all stages of the
safety during all lifecycle phases of safety-related consumption.
publication process as support literature.
systems developments, including maintenance Level 4 Investigates and recommends
and re-use. These include safety hazard and risk components and subsystems that meet
analysis, safety requirements specification, sustainability criteria.
safety-related system architectural design, formal
Testing (TEST)
method design, safety validation and verification,
and safety case preparation. The concurrent lifecycle process of engineering,
Information content authoring using and maintaining testware (test cases, test
Level 6 Takes full responsibility for hazard (INCA) scripts, test reports, test plans, etc) to measure
analysis and risk assessment, safety-related and improve the quality of the software being
system architectural design, safety assurance The planning, design and creation of textual tested. Testing embraces the planning, design,
planning and compliance and safety case information, supported where necessary by management, execution and reporting of tests,
preparation on systems up to the highest safety graphical content. This material may be delivered using appropriate testing tools and techniques
integrity levels. Takes responsibility for the electronically (for example, as collections of web and conforming to agreed standards (such as ISO
safety-related aspects of multiple complex or pages) or otherwise. This skill includes managing 29119), to ensure that new and amended
high safety integrity level projects, providing the quality assurance and authoring processes for systems, configurations, packages, or services,
effective leadership to team members. the material being produced. together with any interfaces, perform as
specified.
Level 5 Identifies and analyses hazards and Level 6 Manages documentation projects,
contributes to the identification and evaluation of ensuring that adequate procedures, standards,
risk reduction measures, ensuring these are tools and resources are in place and
adequately documented. Specifies safety-related implemented to ensure the appropriate quality of
25
SFIA 4G: Framework reference Solution development and implementation: Human factors
Level 6 Determines testing policy, and owns the Human factors Usability evaluation (USEV)
supporting processes. Takes responsibility for the
management of all testing activities within a Formal assessment of the usability (including
development or integration project or health and safety, and accessibility) of new or
programme. Manages all risks associated with the
Systems ergonomics (HCEV)
existing products or services (including
testing and takes preventative action when any prototypes). Methods include user trials, expert
The iterative development of the allocation of
risks become unacceptable. Assesses and review, survey, and analysis.
function (between the human, machine and
advises on the practicality of testing process
organisational elements of systems), user Level 5 Advises on what to evaluate and type of
alternatives. Identifies improvements to the
interaction and job design. The optimisation of evaluation. Ensures that the results of evaluations
process and assists in their implementation.
accessibility and usability, based on user are understood by system developers.
Level 5 Coordinates and manages planning of requirements, the context of use, relevant
the system and acceptance tests within a ergonomics knowledge and feedback from Level 4 Plans and performs all types of
development or integration project or evaluations of prototypes. evaluation. Interprets and presents the results of
programme. Takes responsibility for integrity of evaluations.
Level 6 Is responsible for organisational
testing and acceptance activities and coordinates
commitment to high standards in human factors. Level 3 Performs, analyses and documents
the execution of these activities. Provides
Specifies ergonomics standards and methods to evaluations according to a plan, excluding expert
authoritative advice and guidance on any aspect
meet organisational objectives. reviews.
of test planning and execution. Defines and
communicates the test strategy for the project. Level 5 Advises what ergonomics tools and Level 2 Assists in the preparations for
Manages all phases of testing, including plans, methods to use in order to allocate functions, evaluations and in the operation of the test
resources, costs, timescales, test deliverables and design user interaction and users' jobs. environment. Maintains the test environment.
auditability. Assesses suppliers' development and
testing capabilities. Selects project testing Level 4 Specifies how to use ergonomics tools
standards for all phases, influencing all parties to and methods to allocate functions, design user
conform to those standards. Manages the client interaction and users' jobs. Human factors integration (HFIN)
relationship with respect to all testing matters.
Identifies process improvements, contributes to Level 3 Applies ergonomics tools and methods Achievement of optimum levels of product or
corporate testing standards and definition of best to allocate functions, design user interaction and service usability, by ensuring that project and
practice users' jobs. enterprise activities take account of the user
experience.
Level 4 Defines and creates test cases from
analysis of both functional and non-functional Level 7 Acts to influence the perception of the
Usability requirements analysis organisation, in relation to ergonomics, and the
specifications (such as reliability, efficiency,
usability, maintainability and portability).
(UNAN) user experience of deployed IT products and
Produces test scripts, materials and regression systems, and to ensure that this is addressed in
The establishment, clarification and future design.
test packs to test new and amended software or
communication of non-functional requirements
services. Specifies requirements for environment,
for usability (for example, screen Level 6 Is responsible for organisational
data, resources and tools. Interprets, executes
design/layout/consistency, response times, commitment to high standards in all aspects of
and documents complex test scripts using agreed
capacity). The analysis of the characteristics of the interaction between users and deployed
methods and standards. Records and analyses
users and their tasks, and the technical, technology - the user experience.
actions and results, and maintains a defect
organisational and physical environment in which
register. Reviews test results and modifies tests if Level 5 Advises on achievement of usability
products or systems will operate.
necessary. Provides reports on progress, (including health and safety and accessibility) for
anomalies, risks and issues. Produces reports on Level 5 Advises on tools and methods to be IT products and services.
system quality and metrics on test cases. used and clarifies and communicates the
non-functional requirements of system users,
Level 3 Reviews requirements and
their characteristics and tasks, and the technical,
specifications, and defines test requirements for
organisational and physical environment in which
smaller projects. Creates simple test cases and
products or systems will operate.
test scripts. Interprets and executes moderately
complex test scripts, mapping back to Level 4 Selects and uses tools and methods to
pre-determined criteria, recording and reporting establish, clarify and communicate the
outcomes. Provides specialist advice to support non-functional requirements of system users,
others. Analyses and reports test activities and their characteristics and tasks, and identifies the
results. Identifies and reports issues and risks. technical, organisational and physical
environment in which a complex products or
Level 2 Defines test requirements for smaller
systems will operate.
projects. Creates test scripts and supporting data,
working to the specifications provided. Interprets, Level 3 Applies tools and methods to identify
executes and records simple test cases in the non-functional requirements of users, their
accordance with established plans. Analyses and characteristics and tasks, and the technical,
reports test activities and results. Identifies and organisational and physical environment in which
reports issues and risks. the product or system will operate.
26
SFIA 4G: Framework reference Solution development and implementation: Installation and integration
Installation and integration Level 6 Ensures the availability of hardware, diagnostic tools. Corrects malfunctions, calling on
software, and resources for the systems testing of other experienced colleagues and external
platform-specific versions of one or more resources if required. Documents details of all
software products. Defines configurations hardware/software items that have been
Systems integration (SINT) required for testing with reference to agreed installed and removed so that configuration
testing standards. Evaluates new developments management records can be updated. Develops
The incremental and logical integration and
in the organisation and the industry and advises installation procedures and standards, and
testing of components and/or subsystems and
senior management on potential growth, schedules installation work. Provides specialist
their interfaces in order to create operational
problem areas and resourcing needs. Ensures guidance and advice to less experienced
services.
adherence to agreed standards and good colleagues to ensure best use is made of
Level 6 Sets standards, strategies and practice. available assets, and to maintain or improve the
procedures across the IT service lifecycle installation service.
Level 5 Leads a team, providing expert technical
(including the development lifecycle) in the areas
knowledge in the systems testing of Level 3 Installs or removes hardware and/or
of systems integration and testing and ensures
platform-specific versions of the software software, using supplied installation instructions
that practitioners adhere to them. Manages
products, on varying platforms. Provides specialist and tools including, where appropriate, handover
resources to ensure that the systems integration
guidance information to support, systems testing to the client. Conducts tests, corrects
function operates effectively.
and quality assurance functions to assist in malfunctions, and documents results in
Level 5 Designs and builds integration improving procedures. accordance with agreed procedures. Reports
components and interfaces. Leads practical details of all hardware/software items that have
Level 4 Configures software and equipment and been installed and removed so that configuration
integration work under the technical direction of
tests platform-specific versions of one or more management records can be updated. Provides
the system /service designer. May contribute to
software products. Reports the outcome of assistance to users in a professional manner
the overall design of the service. May define the
testing and identifies potential improvements to following agreed procedures for further help or
technical criteria for product/component
the process and to the software products escalation. Maintains accurate records of user
selection. Contributes to decisions about tools,
according to agreed designs and standards. requests, contact details and outcomes.
methods and approaches.
Contributes to the development of installation
Level 3 Assists in the configuration of software
Level 4 Defines the integration build, accepts procedures and standards.
and equipment and the systems testing of
software modules from software developers, and
platform-specific versions of one or more Level 2 Installs or removes hardware and/or
produces software builds for loading onto the
software products. Documents faults, software, and associated connections, using
target environment. Configures the hardware
implements resolutions and retests to agreed supplied installation instructions and tools.
environment, produces integration test
standards. Conducts tests and corrects malfunctions, calling
specifications, and conducts tests, recording
details of any failures and carrying out fault on help from more experienced colleagues if
diagnosis. required. Documents results in accordance with
Systems agreed procedures. Assists with the evaluation of
Level 3 Defines the integration build and installation/decommissioning change requests. Contributes, as required, to
produces a build definition for generation of the investigations of problems and faults concerning
(HSIN)
software. Accepts software modules from the installation of hardware and/or software and
software developers, and produces software confirms the correct working of installations.
The installation, testing, implementation or
builds for loading onto the target hardware from
decommissioning and removal of cabling, wiring, Level 1 Following agreed procedures, performs
software source code. Configures the hardware
equipment, hardware and appropriate software, simple installations, replaces consumable items,
environment, produces integration test
following plans and instructions and in checks correct working of installations, and
specifications, conducts tests and records the
accordance with agreed standards. The testing of documents and reports on work done.
details of any failures. Carries out and reports
hardware and software components, resolving
fault diagnosis relating to moderately complex
malfunctions found and recording the results.
problems.
The reporting of details of hardware and software
Level 2 Produces software builds from software installed so that configuration management
source code. Conducts tests as defined in an records can be updated.
integration test specification, records the details
Level 5 Takes responsibility for installation
of any failures, and carries out fault diagnosis
projects, providing effective team leadership,
relating to simple failures, reporting the results of
including information flow to and from the
the diagnosis in a clear and concise manner.
customer during project work. Develops and
implements quality plans and method
statements. Monitors the effectiveness of
Porting/software integration installations and ensures that appropriate
(PORT) recommendations for change are made.
The integration of software products into existing Level 4 Undertakes routine installations and
software environments to produce new de-installations of items of hardware and/or
platform-specific versions of the software software. Takes action to ensure targets are met
products. within established safety and quality procedures,
including, where appropriate, handover to the
client. Conducts tests of hardware and/or
software using supplied test procedures and
27
SFIA 4G: Framework reference Service management: Service strategy
Level 7 Sets strategy for management of The overall financial management, control and
resources, including corporate stewardship of the IT assets and resources used
telecommunications functions, and promotes the in the provision of IT services, including the
opportunities that technology presents to the identification of materials and energy costs,
employing organisation, including the feasibility ensuring compliance with all governance, legal
of change and its likely impact upon the business. and regulatory requirements.
Authorises allocation of resources for the
Level 6 Sets strategy and develops plans,
planning, development and delivery of all
policies and processes for the accounting,
information systems services and products.
budgeting and, where applicable, charging of IT
Responsible for IT governance (the rules and
resources and services, including the definition of
regulations under which an IT department
cost models and charging models. Sets,
functions and the mechanisms put in place to
negotiates, agrees and manages all financial
ensure compliance with those rules and
budgets and targets, ensuring that there is
regulations). Authorises organisational policies
adequate funding for all IT targets and plans,
governing the conduct of management of change
especially to meet development and capacity
initiatives and standards of professional conduct.
needs.
Maintains an overview of the contribution of
programmes to organisational success. Inspires Level 5 Monitors and manages IT expenditure,
creativity and flexibility in the management and ensuring that all IT financial targets are met, and
application of IT. Sets strategy for monitoring and examining any areas where budgets and
managing the performance of IT-related systems expenditure exceed their agreed tolerances.
and services, in respect of their contribution to Assists with the definition and operation of
business performance and benefits to the effective financial control and decision making,
business. especially in the areas of service, projects and
component cost models and the allocation and
Level 6 Identifies and manages resources
apportionment of all incurred IT costs.
needed for the planning, development and
delivery of specified information and Level 4 Monitors and maintains all required
communications systems services and products. financial records for compliance and audit to all
Influences senior level customers and project agreed requirements. Assists all other areas of IT
teams through change management initiatives, with their financial tasks, especially in the areas of
ensuring that professional standards are identification of process, service, project and
maintained. Takes full responsibility for component costs and the calculation and
budgeting, estimating, planning and objective subsequent reduction of all IT service, project,
setting. Plans and manages implementation of component and process failures.
processes and procedures, tools and techniques
for monitoring and managing the performance of
automated systems and services, in respect of
their contribution to business performance and
benefits to the business, where the measure of
28
SFIA 4G: Framework reference Service management: Service design
Service design Level 4 Contributes to the availability Level 4 Performs defined tasks to monitor
management process and its operation and service delivery against service level agreements
performs defined availability management tasks. and maintains records of relevant information.
Analyses service and component availability, Analyses service records against agreed service
Capacity management (CPMG) reliability, maintainability and serviceability. levels regularly to identify actions required to
Ensures that services and components meet and maintain or improve levels of service, and
The management of the capability, functionality
continue to meet all of their agreed performance initiates or reports these actions.
and sustainability of service components
targets and service levels. Implements
(including hardware, software and network) to Level 3 Monitors service delivery performance
arrangements for disaster recovery and
meet current and forecast needs in a cost metrics and liaises with managers and customers
documents recovery procedures. Conducts
effective manner. This includes dealing with both to ensure that service level agreements are not
testing of recovery procedures.
long-term changes and short-term variations in breached without the stakeholders being given
the level of demand. the opportunity of planning for a deterioration in
service.
Level 6 Develops strategies to ensure all the Service level management (SLMO)
performance measures of all IT services meet the Level 2 Monitors and logs the actual service
needs of the business and of any service The planning, implementation, control, review provided, compared to that required by service
requirements or service level agreements which and audit of service provision, to meet customer level agreements.
may be in place. Ensures that the policy and business requirements. This includes negotiation,
standards for capacity management are fit for implementation and monitoring of service level
purpose, current and are correctly implemented. agreements, and the ongoing management of
Reviews new business proposals and provides operational facilities to provide the agreed levels
specialist advice on capacity issues. of service, seeking continually and proactively to
improve service delivery and sustainability
Level 5 Drafts and maintains policy, standards targets.
and procedures for service component capacity
management. Ensures the correct Level 7 Sets strategies for service delivery that
implementation of standards and procedures. support the strategic needs of the client
Reviews information in conjunction with service organisation. Authorises allocation of resources
level agreements to identify any capacity issues for monitoring service delivery arrangements.
and specifies any required changes. Provides leadership within the industry on the
identification of future trends (e.g. technical,
Level 4 Monitors service component capacity market, industrial, socioeconomic, legislative).
and initiates actions to resolve any shortfalls Develops relationships with customers at the
according to agreed procedures. highest level to identify potential areas of mutual
commercial interest for future development,
maintains an overview of the contribution of
Availability management (AVMT) service delivery arrangements to organisational
success.
The definition, analysis, planning, measurement
and improvement of all aspects of the availability Level 6 Ensures that a catalogue of available
of IT services, including the availability of power. services is created and maintained and that
The overall control and management of service service level agreements are complete and cost
availability to ensure that the level of service effective. Ensures that service delivery is
delivered in all services is matched to or exceeds monitored effectively and that identified actions
the current and future agreed needs of the to maintain or improve levels of service are
business, in a cost effective manner. implemented. Ensures that operational methods,
procedures, facilities and tools are established,
Level 6 Sets strategy and develops plans, reviewed and maintained. Negotiates with
policies and processes for the design, monitoring, relevant parties in respect of disruptions and
measurement, reporting and continuous major amendments to the provision of services.
improvement of service and component Reviews service delivery to ensure that agreed
availability, including the development and targets are met and prepares proposals to meet
implementation of new availability techniques forecast changes in the level or type of service.
and methods.
Level 5 Ensures that service delivery meets
Level 5 Provides advice, assistance and agreed service levels. Creates and maintains a
leadership associated with the planning, design catalogue of available services. In consultation
and improvement of service and component with the customer negotiates service level
availability, including the investigation of all requirements and agrees service levels.
breaches of availability targets and service Diagnoses service delivery problems and initiates
non-availability, with the instigation of remedial actions to maintain or improve levels of service.
activities. Plans arrangements for disaster Establishes and maintains operational methods,
recovery together with supporting processes and procedures and facilities in assigned area of
manages the testing of such plans. responsibility and reviews them regularly for
effectiveness and efficiency.
29
SFIA 4G: Framework reference Service management: Service transition
Service transition Change management (CHMG) Level 5 Leads the assessment, analysis,
planning and design of release packages,
The management of change to the service including assessment of risk. Liaises with
infrastructure including service assets, business and IT partners on release scheduling
Configuration management and communication of progress. Conducts post
configuration items and associated
(CFMG) documentation, be it via request for change release reviews. Ensures release processes and
(RFC), emergency changes, incidents and procedures are applied.
The lifecycle planning, control and management
problems, so providing effective control and
of the documentation, software, hardware and Level 4 Assesses and analyses release
mitigation of risk to the availability, performance,
firmware assets of an organisation, system components. Provides input to scheduling.
security and compliance of the business services
and/or service(s), including information relating Carries out the builds and tests in coordination
impacted.
to those assets and their dependencies and with testers and component specialists
relationships. This involves identification, Level 6 Sets the organisation's policy for the maintaining and administering the tools and
classification and appropriate specification of all management of change in live services and test methods – manual or automatic – and ensuring,
configuration items (CIs) and the interfaces to environments, and ensures that the policy is where possible, information exchange with
other processes and data through techniques reflected in practice. configuration management. Ensures release
such as federation. Required information relates processes and procedures are maintained.
to storage, access, service relationships, versions, Level 5 Develops implementation plans for
problem reporting and change control of CIs. The dealing with more complex requests for change, Level 3 Uses the tools and techniques for
application of status accounting and auditing, evaluates risks to integrity of infrastructure specific areas of release and deployment
often in line with acknowledged external criteria inherent in proposed implementations, seeks activities. Administers the recording of activities,
such as ISO 9000 and ISO 20000, throughout all authority for those activities, reviews the logging of results and documents technical
stages of the CI lifecycle, including (importantly) effectiveness of change implementation, activity undertaken. May carry out early life
the early stages of system development. suggests improvement to organisational support activities such as providing support
procedures governing change management. advice to initial users.
Level 6 Manages the organisation's Leads the assessment, analysis, development,
configuration management system and documentation and implementation of changes
champions the business value and company based on requests for change.
policies for the configuration management
system. Ensures that processes are in place for Level 4 Assesses, analyses, develops,
consistent classification and management of CIs, documents and implements changes based on
and for verification and audit of configuration requests for change.
records. Contributes strongly to the business
service knowledge management system. Level 3 Develops, documents and implements
Manages the research and development of tools, changes based on requests for change. Applies
processes and techniques. change control procedures.
30
SFIA 4G: Framework reference Service management: Service operation
Service operation Level 4 Investigates identified security breaches may be resolved by providing advice or training to
in accordance with established procedures and users about an application's functionality, correct
recommends any required actions. Assists users operation or constraints, by devising
in defining their access rights and privileges, and work-arounds, correcting faults, making general
System software (SYSP) administers logical access controls and security or site-specific modifications, updating system
systems. Maintains security records and documentation, manipulating data, or defining
The provision of specialist expertise to facilitate
documentation. enhancements – often in close collaboration with
and execute the installation and maintenance of
the system's developers and/or with colleagues
system software such as operating systems, data Level 3 Investigates minor security breaches in specialising in different areas, such as Database
management products, office automation accordance with established procedures. Assists administration or Network support.
products and other utility software. users in defining their access rights and privileges,
and operates agreed logical access controls and Level 5 Drafts and maintains procedures and
Level 5 Evaluates new system software, reviews
security systems. Maintains agreed security documentation for applications support.
system software updates and identifies those that
records and documentation. Manages application enhancements to improve
merit action. Ensures that system software is
business performance. Ensures that all requests
tailored to facilitate the achievement of service
for support are dealt with according to set
objectives. Plans the installation and testing of
Radio frequency engineering standards and procedures.
new versions of system software. Investigates
and coordinates the resolution of potential and (RFEN) Level 4 Maintains application support processes,
actual service problems. Ensures that operational and checks that all requests for support are dealt
documentation for system software is fit for The deployment, integration, calibration, tuning with according to agreed procedures. Uses
purpose and current. Advises on the correct and and maintenance of radio frequency (RF) and application management software and tools to
effective use of system software. analogue elements of IT systems. investigate issues, collect performance statistics
and create reports.
Level 4 Reviews system software updates and Level 6 Specifies radio frequency equipment
identifies those that merit action. Tailors system performance requirements and sets Level 3 Identifies and resolves issues with
software to maximise hardware functionality. maintenance policy. applications, following agreed procedures. Uses
Installs and tests new versions of system application management software and tools to
software. Investigates and coordinates the Level 5 Develops maintenance schedules and
collect agreed performance statistics. Carries out
resolution of potential and actual service procedures. Approves equipment upgrades and
agreed applications maintenance tasks.
problems. Prepares and maintains operational modifications. Monitors system performance,
documentation for system software. Advises on recommends equipment modifications and Level 2 Assists in the investigation and
the correct and effective use of system software. changes to operating procedures, servicing resolution of issues relating to applications.
methods and schedules. Assists with specified maintenance procedures.
Level 3 Uses system management software and
tools to collect agreed performance statistics. Level 4 Investigates and resolves system-wide
Carries out agreed system software maintenance fault conditions using a wide range of diagnostic
tasks. tools and techniques. Reconfigures equipment to IT Operations (ITOP)
circumvent temporary outages.
The operation of the IT infrastructure (typically
Level 3 Deploys, sets up, tunes and calibrates hardware, software, information stored on
Security administration (SCAD) radio frequency/analogue elements following various media, and communications) required to
maintenance schedules and using appropriate deliver and support properly-engineered IT
The authorisation and monitoring of access to IT tools and test equipment. Incorporates services and products to meet the needs of a
facilities or infrastructure in accordance with hardware/firmware modifications. Interprets business. Includes preparation for new or
established organisational policy. Includes automatic fault/performance indications and changed services, operation of the change
investigation of unauthorised access, compliance resolves faults down to discrete component level process, the maintenance of regulatory, legal and
with relevant legislation and the performance of or escalates according to given procedures. professional standards, and the monitoring of
other administrative duties relating to security performance of systems and services in relation
management. Level 2 Assists with setting up, tuning and to their contribution to business performance,
functional checks of radio frequency/analogue their security and their sustainability.
Level 6 Develops strategies for ensuring the elements. Resolves faults down to line
security of automated systems. Ensures that the replaceable unit (LRU) level or escalates Level 4 Provides technical expertise to enable
policy and standards for security are fit for according to given procedures. Carries out user the correct application of operational procedures.
purpose, current and are correctly implemented. confidence checks and escalates faults according Contributes to the planning and implementation
Reviews new business proposals and provides to given procedures. of maintenance and installation work. Identifies
specialist advice on security issues and operational problems and contributes to their
implications. resolution. Provides appropriate information to
Application support (ASUP) specialists, users and managers.
Level 5 Drafts and maintains the policy,
standards, procedures and documentation for Level 3 Carries out agreed operational
security. Reviews information systems for actual The provision of application maintenance and
procedures. Contributes to the implementation
or potential breaches in security. Ensures that all support services. Support may be provided both
of maintenance and installation work. Identifies
identified breaches in security are promptly and to users of the systems and to service delivery
operational problems and contributes to their
thoroughly investigated. Ensures that any system functions. Support typically takes the form of
resolution.
changes required to maintain security are investigating and resolving issues and providing
implemented. Ensures that security records are information about the systems. It may also
accurate and complete. include monitoring their performance. Issues
31
SFIA 4G: Framework reference Service management: Service operation
Level 2 Carries out agreed operational standards for database objects and ensures Problem management (PBMG)
procedures of a routine nature. Contributes to conformance to these standards. Monitors
maintenance, installation and problem database activity and resource usage. Optimises The resolution of incidents and problems
resolution. database performance and plans for forecast throughout the information system lifecycle,
resource needs. including classification, prioritisation and initiation
Level 1 Contributes, under instruction, to system
of action, documentation of root causes and
operation. Level 4 Uses database management system
implementation of remedies.
software and tools to investigate problems and
collect performance statistics and create reports. Level 5 Ensures that appropriate action is taken
Network control and operation Carries out routine configuration/installation and to investigate and resolve incidents and problems
reconfiguration of database and related products. in systems and services. Ensures that such
(NTOP)
incidents and problems are fully documented
Level 3 Uses database management system
The day-to-day operation and control of all within the relevant reporting system(s).
software and tools to collect agreed performance
equipment within wide and local area network Coordinates the implementation of agreed
statistics. Carries out agreed database
infrastructure. Includes production of network remedies and preventative measures.
maintenance and administration tasks.
performance statistics and energy consumption Level 4 Monitors actions to investigate and
data, provision of network diagnostic information Level 2 Assists in database support activities.
resolve incidents and problems in systems and
and site surveys. services. Assists with the implementation of
Level 6 Takes overall responsibility for the agreed remedies and preventative measures.
installation, upgrading, and control of local and
Network support (NTAS)
wide area networks for the communication of
The provision of network maintenance and
data, voice, text or images. Ensures that the Service desk and incident
support services. Support may be provided both
network is managed to provide agreed levels of
to users of the systems and to service delivery
management (USUP)
service and data integrity. Ensures that network
functions. Support typically takes the form of
performance and traffic is monitored and The processing and coordination of appropriate
investigating and resolving problems and
reviewed. Ensures that network problems are and timely responses to incident reports,
providing information about the systems. It may
resolved. including channelling requests for help to
also include monitoring their performance.
Problems may be resolved by providing advice or appropriate functions for resolution, monitoring
Level 5 Takes responsibility for significant
training to users about the network's functionality, resolution activity, and keeping clients appraised
aspects of the installing, upgrading, operation,
correct operation or constraints, by devising of progress.
control and effective use of local and wide area
networks for the communication of data, voice, work-arounds, correcting faults, or making Level 5 Ensures that the inventory of
text or images. Manages the network to provide general or site-specific modifications. components to be supported is complete and
agreed levels of service and data integrity. current. Drafts and maintains policy, standards
Level 5 Drafts and maintains procedures and
Ensures that network performance and traffic is and procedures for the service desk. Schedules
documentation for network support. Makes a
monitored and reviewed. the work of service desk staff to meet agreed
significant contribution to the investigation,
diagnosis and resolution of network problems. service levels.
Level 4 Uses network management tools to
determine network load and performance Ensures that all requests for support are dealt Level 4 Ensures that incidents and requests are
statistics. Creates reports and proposals for with according to set standards and procedures. handled according to agreed procedures.
improvement. Checks that problems are Ensures that documentation of the supported
Level 4 Maintains the network support process
managed in accordance with agreed standards components is available and in an appropriate
and checks that all requests for support are dealt
and procedures. Implements agreed network form for those providing support. Creates and
with according to agreed procedures. Uses
changes and maintenance routines. maintains support documentation.
network management software and tools to
Level 3 Carries out agreed network investigate and diagnose network problems, Level 3 Receives and handles requests for
configuration, installation and maintenance. Uses collect performance statistics and create reports, support following agreed procedures. Responds
standard procedures and tools to carry out working with users, other staff and suppliers as to requests for support by providing information
defined system backups, restoring data where appropriate. to enable problem resolution and promptly
necessary. Uses network management tools to allocates unresolved calls as appropriate.
Level 3 Identifies and resolves network
collect and report on network load and Maintains records and advises relevant persons
problems following agreed procedures. Uses
performance statistics. of actions taken.
network management software and tools to
collect agreed performance statistics. Carries out Level 2 Receives and handles requests for
agreed network maintenance tasks. support following agreed procedures. Responds
Database administration (DBAD)
Level 2 Assists in investigation and resolution of to common requests for support by providing
network problems. Assists with specified information to enable problem resolution and
The installation, configuration, upgrade,
maintenance procedures. promptly allocates unresolved calls as
administration, monitoring and maintenance of
appropriate. Maintains records and advises
physical databases.
relevant persons of actions taken.
Level 5 Drafts and maintains procedures and
Level 1 Receives and handles requests for
documentation for databases. Manages database
support following agreed procedures. Promptly
configuration including installing and upgrading
allocates calls as appropriate. Maintains relevant
software and maintaining relevant
records.
documentation. Contributes to the setting of
32
SFIA 4G: Framework reference Procurement & management support: Supply management
33
SFIA 4G: Framework reference Procurement & management support: Quality management
Quality management Level 5 Uses quality standards to review past guidance. Authorises the issue of formal reports
performance and plan future activities. Conducts to management on the extent of compliance of
audits and produces audit reports. Monitors and systems with standards, regulations and/or
reports on the outputs from the quality assurance legislation.
Quality management (QUMG) and audit processes.
Level 5 Evaluates and independently appraises
The application of techniques for monitoring and Level 4 Investigates and documents the internal the internal control of automated business
improvement of quality to any aspect of a control of specified aspects of automated or processes, based on investigative evidence and
function or process. The achievement of, and partly automated processes, and assesses assessments undertaken by self or team. Ensures
maintenance of compliance to, national and compliance with the relevant standard. that independent appraisals follow agreed
international standards, as appropriate, and to procedure and advises others on the review
internal policies, including those relating to Level 3 Uses appropriate methods and tools in process. Provides advice to management on
sustainability and security. the development, maintenance, control and ways of improving the effectiveness and
distribution of quality and environmental efficiency of their control mechanisms. Identifies
Level 7 Sets the quality strategy for approval and standards. Makes technical changes to quality and evaluates associated risks and how they can
adoption by business management. Measures and environmental standards according to be reduced.
the extent to which the quality policy meets the documented procedures. Distributes new and
organisation's needs and objectives and reviews revised standards. Level 4 Plans programmes to review activities,
it as necessary. Plans, resources (either directly or processes, products or services. Collects, collates
indirectly) and monitors the internal quality audit and examines records as part of specified testing
schedule. Defines and reviews quality and strategies for evidence of compliance with
environmental systems. Ensures that adequate
Quality standards (QUST)
management directives, or the identification of
technology, procedures and resources are in abnormal occurrences. Analyses evidence
The development, maintenance, control and
place to support the quality system. collated and drafts part or all of formal reports
distribution of quality standards.
commenting on the conformance found to exist
Level 6 Prioritises areas for quality and/or
Level 5 Takes responsibility for the control, in the reviewed part of an information systems
environmental improvement in light of the
update and distribution of quality standards, and environment.
strategy, wider business objectives, results from
advice on their use.
internal and external audits, and advice from Level 3 Collects and collates evidence as part of
colleagues. Initiates the application of appropriate Level 4 Controls, updates and distributes new a formally conducted and planned review of
quality management techniques in these areas. and revised quality standards, including technical activities, processes, products or services.
Initiates improvements to processes by changing changes. Examines records as part of specified testing
approaches and working practices, typically using strategies for evidence of compliance with
recognised models. Achieves and maintains Level 3 Controls, updates and distributes new management directives, or the identification of
compliance against national and international and revised quality standards. abnormal occurrences.
standards, as appropriate. Identifies and plans
systematic corrective action to reduce errors and Level 2 Distributes new and revised quality
improve the quality of the systems and services, standards and maintains department and quality
by examination of the root causes of problems. group documentation. Safety assessment (SFAS)
34
SFIA 4G: Framework reference Procurement & management support: Resource management
Technology audit (TAUD) Level 5 Manages risk-based audit of existing and Resource management
planned technology systems. Identifies areas of
The independent, risk-based assessment of the risk and evaluates adequacy and effectiveness of
adequacy and integrity of controls in information organisation's approach to risk in use of IT.
Assesses and communicates associated risks of a
Programme and project support
processing systems, including hardware, software
solutions, information management systems, complex nature to middle and senior managers. office (PROF)
security systems and tools, and communications Recommends changes in processes and control
procedures based on audit findings. Provides The provision of support and guidance on
technologies – both web-based and physical.
general and specific advice. Collates conclusions programme and project management processes,
The structured analysis of the risks to
and recommendations, and presents audit procedures, tools and techniques to programme
achievement of business objectives, including
findings to management regarding the and project managers and their teams. The use
the risk that the organisation fails to make
effectiveness and efficiency of control of project management software. The
effective use of new technology to improve
mechanisms in information systems. Engages development, production and maintenance of
delivery and internal effectiveness. Assessment
with providers of other IT assurance such as time, resource, cost and exception plans. The
of the extent to which effective use has been
compliance audits, quality assurance functions tracking and reporting of progress and
made of techniques and tools to achieve
and other technical specialists. performance of projects (including those
sustainability and business continuity.
performed by third parties). The maintenance of
Level 7 Ensures that there is planned audit Level 4 Contributes to risk-based audit of programme and/or project files and the
coverage across the organisation, and liaises with existing and planned technology systems. repository of lessons learned on previous projects
executives to ensure that this coverage is relevant Identifies IT risk in detail, assesses and tests the and programmes. The servicing of programme/
and understood. Directs use of risk analysis to effectiveness of control measures and prepares project control boards, project assurance teams
identify areas for in-depth review. Evaluates the formal reports in order to provide independent and quality review meetings. The analysis of
effectiveness of corporate IT strategy and assurance on an organisation's information performance and the maintenance of metric data
governance and makes recommendations for security, integrity and resilience. and estimating models. The administration of
development. Agrees terms of reference for project change control, including use of
audits with clients. Plans audit cycle, and leads configuration management systems.
and manages audit function. Determines the
Level 5 Takes responsibility for the provision of
need for and manages the effective use of
project office services, either to a large project or
additional IT experts. Reports at the most senior
to a number of projects within an organisation.
level on the findings, relevance and
May also be responsible for the provision of
recommendations for improvement. Represents
programme office services. Advises on the
the audit function at the Audit Committee of the
available standards, procedures, methods, tools
organisation.
and techniques. Evaluates project and/or
Level 6 Specifies organisational procedures for programme performance and recommends
the assessment of an activity, process, product or changes where necessary. Contributes to reviews
service, against recognised criteria, such as ISO and audits of project and programme
27001. Develops plans for risk-based audit management to ensure conformance to
coverage of technology systems for inclusion in standards.
audit planning and uses experience to ensure
Level 4 Takes responsibility for the provision of
audit coverage is sufficient to provide the
Project Office Services to a small project. Uses
business with assurance of adequacy and
and recommends project control solutions for
integrity. Leads and manages complex technical
planning, scheduling and tracking projects. Sets
audits, managing specialists contracted to
up and provides detailed guidance on project
contribute highly specialised technical knowledge
management software, procedures, processes,
and experience. Identifies areas of risk and
tools and techniques. Supports programme or
specifies interrogation programs. Recommends
project control boards, project assurance teams
changes in processes and control procedures
and quality review meetings. Provides basic
based on audit findings, including, where
guidance on individual project proposals. May be
appropriate, the assessment of safety-related
involved in some aspects of supporting a
software systems to determine compliance with
programme by providing a cross programme
standards and required levels of safety integrity.
view on risk, change, quality, finance or
Provides general and specific advice, and
configuration management.
authorises the issue of formal reports to
management on the effectiveness and efficiency Level 3 Uses recommended project control
of control mechanisms. solutions for planning, scheduling and tracking
projects. Sets up project files, compiles and
distributes reports. Provides administrative
services to project boards, project assurance
teams and quality review meetings. Provides
guidance on project management software,
procedures, processes, tools and techniques.
35
SFIA 4G: Framework reference Procurement & management support: Resource management
Level 2 Assists with the compilation of project Client services management Resourcing (RESC)
management reports. Maintains programme and (CSMG)
project files from supplied actual and forecast The overall resource management of the IT
data. The management and control of one or more workforce to enable effective service delivery.
client service functions, including strategy, Provision of advice on any aspect of acquiring IT
support for business development, quality of resources – employees, consultants or
Asset management (ASMG) service and operations. contractors.
Level 6 Sets the strategic direction and takes Level 6 Takes responsibility for the overall
The management of the lifecycle for service
responsibility for the full range of client service workforce planning strategy across the IT service
assets (hardware, software, knowledge, warran-
functions, including organisational frameworks for ensuring that there is adequate skilled resource
ties etc) including inventory, compliance, usage
complaints, service standards and operational to meet planned service delivery. Ensures
and disposal, aiming to optimise the total cost of
agreements. Defines service levels, standards integration with strategic human resource plans.
ownership and sustainability by minimising oper-
and the monitoring process for client service staff. Takes responsibility for meeting the recruitment,
ating costs, improving investment decisions and
Gives technical leadership to operational staff, re-skilling and demand forecasts for IT
capitalising on potential opportunities. Knowl-
and takes responsibility for business continuity practitioners, advising on the approach and
edge and use of international standards such as
and legal compliance. relevant policies. Ensures that expert support is
ISO/IEC 19770-1 for software asset manage-
provided as and when required, including
ment and close integration with change and
Level 5 Carries out day-to-day management of interviewing of applicants for senior posts. Audits
configuration management are examples of
the client services function. Defines service levels and assesses the ongoing success and
enhanced asset management development.
for client services staff and monitors effectiveness of the process, including retention
Level 6 Promotes the continuing economic and performance. Takes responsibility for analysis, media and supplier assessment,
effective provision of services, ensuring that all specification, agreement and application of client customer satisfaction and selection methods
changes to assets and services are appropriately services standards and for the resolution of validation.
and accurately controlled and recorded. Provides clients’ service problems.
Level 5 Conducts job analyses, prepares job
information and advice on issues such as
descriptions and person specifications, and
maintenance of hardware assets, licensing of
prepares selection and evaluation criteria for
software, and legal obligations such as Professional development (PDSV) candidates. Manages recruitment campaigns.
compliance with the Data Protection Act.
Locates and selects possible agencies and other
Promotes awareness of and commitment to The facilitation of the professional development
suppliers, negotiating terms and conditions, and
asset control, ensuring that consequences of of IT practitioners, including initiation, monitoring,
placing orders with them, ensuring that all
decisions to obtain, change or continue the review and validation of individual training and
obligations are met in accordance with the
possession or use of an asset, system or service development plans in line with organisational or
agreed terms and timescales. Reviews candidate
are appropriately understood. business requirements. The counselling of
details, manages selection processes, and
participants in all relevant aspects of their
Level 5 Manages and maintains the service ensures that account is taken of relevant statutory
professional development. The identification of
compliance of all IT and service assets in line with or external regulations, standards and codes of
appropriate training/development resources.
business and regulatory requirements involving good practice. Ensures that all relevant parties are
Liaison with external training providers. The
knowledge of financial and technical processes, informed of the results of interviews and other
evaluation of the benefits of professional
tools and techniques thereby ensuring asset decisions, and assists in the negotiation of terms
development activities.
controllers, infrastructure teams and the business and conditions of service.
co-ordinate and maximise value, maintain control Level 6 Determines organisational development
and ensure any necessary legal compliance. needs in line with business needs and strategic
direction. Generates development strategies to
Level 4 Controls IT assets in one or more achieve required change and monitors progress.
significant areas, ensuring that administration of
the acquisition, storage, distribution, movement Level 5 Determines the required outcomes for
and disposal of assets is carried out. Produces training or development, from organisational
and analyses registers and histories of authorised development needs and the training strategy.
assets (including secure master copies of Mentors assigned practitioners, ensuring
software, documentation, data, licenses and alignment with a predetermined statement of
agreements for supply, warranty and required development outcomes. Assists each
maintenance), and verifies that all these assets practitioner with the creation of development
are in a known state and location. Ensures that plans based on the outcome statements. Ensures
there are no unauthorised assets such as that each practitioner records progress, and
unlicensed copies of software. validates practitioners' records at the end of each
cycle of planned development, ensuring that
achievements and enhanced capabilities are
recorded and referenced to the outcome
statements. May contribute to practitioners'
performance appraisals.
36
SFIA 4G: Framework reference Procurement & management support: Learning and development
37
SFIA 4G: Framework reference Client interface: Sales and marketing
38
SFIA 4G: Framework reference Client interface: Client support
39
The SFIA Foundation
The SFIA Foundation exists to own, promote, develop and maintain the Skills Framework for the Information Age; to
encourage the adoption of SFIA; to facilitate its use; and to enable the delivery of quality services based on SFIA.
SFIA is owned by The SFIA Foundation, a not-for-profit body. The members of The Foundation are organisations in the
field of Information Technology: BCS (The Chartered Institute for IT), e-skills UK, The IET (Institution of Engineering and
Technology), IMIS (Institute for the Management of Information Systems) and itSMF (IT Service Management Forum).
Our purpose is to maintain SFIA as the generally accepted standard and tool for all IT skills measurement, development,
deployment and debate.
This will serve the interests of employers of Information Technology professionals, the professionals themselves and
many other groups, including training companies and other service providers, education and the government.
All SFIA information, including details of SFIA training courses, Accredited Consultants, Accredited Partners and the User
Group may also be found there.
The SFIA Foundation is a company limited by guarantee. It is registered in England, number 04770377. The registered
address (not for normal correspondence) is 5 Fleet Place, London EC4M 7RD.
www.sfia.org.uk