SFIA professional skills

SFIA defines the skills and competencies required by professionals who design, develop, implement, manage and protect the data and technology that power the digital world.

The SFIA professional skills are defined to be consistent with the levels of responsibility definitions. The SFIA Framework has many skills to cover the wide breadth of activities that professionals need.

Navigating the SFIA skills

SFIA continues to group the skills into categories and subcategories.  These do not have definitions themselves, they are just a navigation aid. Colour coding is also used to identify the categories.

  • These categories and subcategories do not equate to jobs, roles, organisational teams or areas of personal responsibility.
  • It is common practice for a specific job description, for instance, to comprise skills taken from multiple categories and subcategories.
  • The grouping is intended to assist people who are incorporating SFIA skills in role profiles or job descriptions, or who are building an organisation's competency framework.

Many users find these categories useful, but SFIA is a flexible resource and the SFIA Skills can easily be grouped and filtered into alternative views to support specific industry disciplines, particular environments and frameworks.

SFIA focussed views

SFIA views provide a quick-start list of the SFIA skills which are most relevant to a selection of professional disciplines, industry topics and complementary frameworks.

As well as the SFIA full framework view where SFIA skills are organised by the common categories and sub-categories, several other views are available. These views organise the skills more appropriately for particular environments and provide additional information for SFIA use in those environments. Currently available SFIA views include:

  • Information and cyber security
  • Big data and data science
  • DevOps
  • Agile
  • Software engineering
  • Enterprise IT

These views are refreshed by SFIA users operating in these areas, and further views are in development, created by industry users and added to the SFIA website when available.

Structure of the skills

Even with over 120 skills, the SFIA Framework is a straightforward framework to use. This simplicity is achieved by a consistent use of a rigorous structure - once you know the structure you can navigate all skills easily.

Each SFIA skill is presented consistently, with a brief description of the skill, supplemented with guidance notes to illustrate the application of the skill. These are followed by more detailed descriptions of what it means to practice the skill at each relevant level of responsibility.

Structure of the SFIA professional skills

Skills are constructed with the following reference details:

Skill name:

 

The name used for reference purposes

Skill code:

 

A unique code used as a short reference for the skill

Skill description:

 

A brief definition of the skill, without any reference to the levels at which it might be practiced

Guidance notes:

A broader description and examples to clarify application of the skill along with context for interpreting level descriptions. Examples are descriptive, not prescriptive.

Level description:

 

Definitions of the skill for each of the levels at which it is practised.  The phrasing facilitates their use as professional competencies.

Example of a skill structure – illustrated by Digital forensics

Skill name:

 

Digital forensics

Skill code:

 

DGFS

Skill description:

 

Recovering and investigating material found in digital devices.

Guidance notes:

Activities may include - but not limited to:

 - collecting, processing, preserving and analysing material

 - presenting forensic evidence based on the totality of findings

The scope of digital forensics includes finding evidence on computers and any device capable of storing digital data. The evidence may be used in support of security vulnerability mitigation, criminal, fraud, counterintelligence, or law enforcement investigations.

Level description:

 

Level 6: Plans and leads the organisation's approach to digital forensics. Sets policies, standards and guidelines for how the organisation conducts digital forensic investigations. Leads and manages high-risk, large or wide-ranging digital forensics investigations engaging additional specialists if required. Authorises the release of formal forensics reports.

Level 5: Conducts investigations to correctly gather, analyse and present findings, including digital evidence, to both business and legal audiences. Collates conclusions and recommendations and presents forensics findings to stakeholders. Plans and manages digital forensics activities within the organisation. Provides expert advice on digital forensics. Contributes to the development of digital forensics policies, standards and guidelines. Evaluates and selects digital forensics tools and techniques.

Level 4: Designs and executes complex digital forensic investigations on devices. Specifies requirements for resources and tools to perform investigations. Processes and analyses evidence in line with policy, standards and guidelines and supports production of forensics findings and reports.

Level 3: Supports digital forensic investigations by applying standard tools and techniques to investigate devices. Recovers damaged, deleted or hidden data from devices. Maintains integrity of records and collects information and evidence in a legally admissible way.