Conformance review CORE
The independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements. May relate to, for example, asset management, network security tools, firewalls and internet security, sustainability, real-time systems, application design and specific certifications.
Moving to SFIA 8
- For SFIA 8 the content of Conformance review is covered by:
- a refreshed version of SFIA 8 Quality assurance and
- the new SFIA 8 Audit skill
- Conformance review CORE is retired from SFIA 8
- SFIA 7 skill descriptions will remain available for you to use
- Previous SFIA assessments will be impacted by this change.
Levels of responsibility for this skill
3 | 4 | 5 | 6 |
Conformance review: Levels 1-2
This skill is not typically observed or practiced at these levels of responsibility and accountability.
Conformance review: Level 3
Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or services. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.
Conformance review: Level 4
Conducts formal reviews of activities, processes, products or services. Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences. Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment.
Conformance review: Level 5
Plans formal reviews of activities, processes, products or services. Evaluates and independently appraises the internal control of processes, based on investigative evidence and assessments undertaken by self or team. Ensures that independent appraisals follow agreed procedure and advises others on the review process. Provides advice to management on ways of improving the effectiveness and efficiency of their control mechanisms. Identifies and evaluates associated risks and how they can be reduced.
Conformance review: Level 6
Specifies organisational procedures for the internal or third-party assessment of an activity, process, product or service, against recognised criteria. Develops plans for review of management systems, including the review of implementation and use of standards and the effectiveness of operational and process controls. May manage the review, conduct the review or manage third party reviewers. Identifies areas of risk and specifies interrogation programs. Recommends improvements in processes and control procedures. Authorises the issue of formal reports to management on the extent of compliance of systems with standards, regulations and/or legislation.
Conformance review: Level 7
This skill is not typically observed or practiced at this level of responsibility and accountability.