The global skills and competency framework for the digital world

#1345 Ethics in the Levels of Responsibility change request accepted

Changes to the Levels of Responsibility (LoR) are proposed that more comprehensively and consistently reference ethics.

This proposal comes from workshops and a working group organised by the SFIA user community in Australia. Special thanks to Phil Lovell for doing most of the work.

Current state:

  • Ethics is referenced in LoR in a couple of places.
  • Ethics currently appears in DATM and LEDA.
  • There is not an easily identifiable pattern of application, in either LoR or Professional skill.


  • Incorporate ethics into the LoR with focus on business skills related to security (see table below).
  • Create a guideline to support the incorporation of ethics into relevant professional skills.
  • Identify those skills where ethics is a critical consideration.
  • Review Governance and quality related skills for incorporation of ethics in to scope.


  • Discussions with domain specialists with an interest in Ethics highlighted focus on Data Science and algorithm design eg Bias in credit scoring and Design eg accessibility in its broadest sense.
  • There was discussion about a standalone ethical skill, however, the key functions of the roles described by ethical SME related to governance and quality.

 Please refer below to the suggested changes.

  • Underline Text – Specific changes to existing statement to include ethics.
  • Italics Text – Existing text that references ethics
  • Principle:  To align Ethics with security unless it is already addressed (i.e. in Level 1).

Generic skill


From SFIA LoR v7

Business Skills


Champions security and ethics within own area of work and throughout the organisation.

Business Skills


Takes a leading role in promoting security and ethics throughout own area of responsibilities and collectively in the organisations.

Business Skills


Contributes to the security and ethics culture of the organisation and ensures implementation in area of responsibility.

Proactively ensures security and ethics is appropriately addressed within their area by self and others.

Engages or works with security and ethics specialists as necessary.

Contributes to the security and ethics culture of the organisation.

Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.

Business Skills


Fully understands the importance and application of security and ethics to own work and the operation of the organisation.

Business Skills


Understands how own role impacts security and ethics, and demonstrates routine security and ethical practice and knowledge required for own work.

Business Skills


Is fully aware of and complies with essential organisational security and ethical practices expected of the individual.

Business Skills


Follows code of conduct, ethics and organisational standards. Is aware of health and safety issues.

Proposed change applies to Levels of responsibility

Current status of this request: accepted

What we decided

Include in review of generic attributes and levels of responsibility for SFIA 8.

Ian Seward (General Manager)
Dec 31, 2020 10:34 PM

It seems there are a number of skills where ethics may need to be included. But it also seems that there is a generic angle to ethics ...

From discussions across the user base ethics needs to be explicitly addressed (yes it's in a some skills) but the generics seems a sound place for such a 'generic' issue. My observation is that Business Skills is a bit of a catchall - should it be brought out explicitly?

Segkouli Sofia
Jan 22, 2021 10:36 AM

The role of training towards the maturity level (business level skills 7: competence to control and evaluate the level of training) could be also implemented. More specifically liaison with relevant training courses/activities (see e-Competence Framework (e-CF)) could be valuable. Moreover, the ability to balance the tradeoffs between legal, security and ethics could be an attribute feature in the top levels of responsibility ranking.

Clare Thornley
Jan 25, 2021 04:12 PM

Ethics in LoR has some valuable benefits in terms of potentially integrating ethics into the Skills. Ethics though also has specific content ( there are some things you need to know e.g what are values, what is a trade off, who is a vulnerable user, how do you integrate ethics questions into processes, what is ethics) and this content is not necessarily linked to levels. At present there is often an over focus on ethics in data /privacy issues and but it an important issue in all areas of IT. I think ethics should then be explicitly addressed and adequately explained somewhere, perhaps in a skill?, and then clear guidance given and relevant adaptations to LoRs and other skills where specific points of clear integration occur. The use of some concrete case studies revealing the exact needs re ethics support from SFIA for users , where it happens, what is needed, what has / has not helped so far may help ( I'm aware this may already have been done but I have not yet seen anything this specific, clearly it could be anonymised) .

SFIA Updates Manager
Jan 26, 2021 09:55 AM

An approach I find useful when thinking about new skills in SFIA is to look at real-world jobs related to the domain in question. So in this case here's a job description for a Ethics and Compliance Manager.

The link below contains the JD with some highlighted text of key responsibilities. We can see some skills in there - which relate to the original change request - which said "Review Governance and quality related skills for incorporation of ethics in to scope.". BURM, CORE, QUMG. QUAS

We could apply SFIA's "Specialist advice" skill

And potentially "Learning design and development" - but I suspect in practice the role would help a Learning specialist create the learning material by providing their expertise.

In the past - I worked on job design and role profile creation for a multinational Finance function they had similar jobs to the attached within their risk and compliance teams.

I haven't come across "ethics" related jobs in Technology teams.