The global skills and competency framework for the digital world

#1329 COPL - Continuity Management add skill level descriptions for level 2, 3 and 6 change request accepted

From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.

wording to cover...

Level 6 - Has defined authority and accountability for the actions and decisions within the business continuity area of work. Sets the strategy for continuity management across the organisation including allocating the funding for the appropriate technical and personnel resources.

Level 3 - Performs the activities necessary to achieve an effective continuity plan including its routine testing.

Level 2 - Records the actions taken and the consequences for a lesson learned report post incident.

Proposed change applies to Continuity management

Current status of this request: accepted

What we decided

Include in review of information and cyber security skills for SFIA 8

Andrew Thomson
Jan 26, 2021 12:50 PM

Is some of the proposed skill wording taken directly from NIST and does it need to remain unchanged?
• In Level 3 the proposed wording is odd and rather vague. "Performs the activities necessary to ..." reads like "Do whatever it takes to ...".
Suggestion: "Implements an effective continuity plan including its routine testing."

• In Level 2, the phrase "... a lesson learned report post incident." needs punctuation or re-ordering for readability.
Suggestion: "Records the actions taken and the consequences following an incident, for a lesson-learned report."

SFIA Updates Manager
Jan 26, 2021 01:14 PM

thanks Andy - you're correct these need more work -

my cryptic phrase "wording to cover..." meant that we needed to add wording to cover the following points which were identified in the gap analysis.