Summary of CRs
Rewording to remove the work "applies" from level 2 as 'apply' is associated with level 3.
A prerequisite of acceptance testing is that criteria have been agreed in line with requirements definition
The proposed amendments to the "Software Design" skill aim to explicitly include software architecture within its scope, aligning the SFIA framework with industry standards such as SWEBOK Version 4. These changes will provide clarity and ensure comprehensive coverage of both software design and architecture activities
Add Level 2 Level 3 and Level 4 to Business Process Improvement skill
Ensure all level descriptions align with the levels of responsibility
Clarity that this is a specialist area separate from the understanding of staff capability needed as an input to performance management or professional development.
Need better guidance/descriptions to value resourcing as it's own skill/domain separate from both general staff management, and separate from workforce planning.
Unnecessary formality in some parts. In others this skill can be confused for more general planning of work (not the workforce).
Ensure Employee Experience (EEXP) has a clear purpose distinct from Performance Management (PEMT)
Separate staff development from performance management
Separate staff development from performance management
Ensure Business Administration (ADMN) covers a wider range of business/team/exec support and administration
Need better level indicators
Need better level indicators
Use of RFPs, RFI, etc is very formal. A lot of sourcing doesn't require this level of formality.
Use of RFPs, RFI, etc is very formal. A lot of sourcing doesn't require this level of formality.
Need better level indicators
Reduce the formality of SLAs in SLMO. "Service expectations" for example are used in some organisations which are typically less formal/robust
We have faciliaties mangement, but not a design skill
Clarify intended interaction of RELM, CHMG, SEAC, as they seem to overlap unnecessarily
Clarify intended interaction of RELM, CHMG, SEAC, as they seem to overlap unnecessarily
Clarify intended interaction of RELM, CHMG, SEAC, HSIN - RELM, CHMG, SEAC in particular seem to overlap unnecessarily
HSIN seems to cover the work of packaging and software virtualisation, but it's difficult to see this in the skill guidance or level descriptions
Looking for parity across the IT operational skills
Looking for parity across the IT operational skills
Many non-management users of SFIA are selecting this during self-assessment when a skill like ITOP or ASUP at level 5 might be a better fit
Knowledge Management (KNOW) only covers part of the knowledge management domain and seems to be a little too focussed on maintaining the tool
Looking for parity across the IT operational skills
Skill level descriptions make the skill seem narrower than the guidance notes
Request to provide more descriptive level descriptions and to remove design now we have SWDN
Data center design (covering layout, heat management, security, etc) is a critical skill, even though many organisations are moving to the cloud
Level 3 and improved guidance for Systems and Software Life Cycle Engineering (SLEN)
We've noticed quite a few managers to whom this skill applies skipping it as they felt it was for senior delivery staff
Organisational Change Management (CIPM) has a heavy focus on the processes for change, but barely mentions people which is a critical part of change management.
We need a level 4 descriptor for preparing the benefits realisation plan or supporting these, but without the accountability for the actual realisation
Although the skill name covers both these are two separate sets of actions and should be split out. The implementation side might be better covered in CIPM
Better alignment to Levels of responsibility needed
Arguably BPRE is about the implementation not the analysis. Never-the-less we do need to recognise those who support the implementation with a lower level of this skill.
Too much overlapping content - too easy for users to pick both skills without better guidance/descriptions.
Par-down expectations at lower levels and provide clearer distintinctions between levels
Remove the overlap with METL
We need better ways to distinguished the levels of project management.
Recognise smaller scope programmes and clarify which model or models SFIA is leaning on.
Help SFIA users to better understand purpose of METL
Ensure level-based expectations are consistent with levels of responsibility. Current descriptions don't help distinguish levels of advice clearly.
Ensure level-based expectations are consistent with levels of responsibility
Update level 3 description for Quality Management (QUMG)
Should references to architecture input be left out of the Information Security (SCTY) skill?
Some level descriptions for Continuity Management (COPL) don't seem to align to the levels of responsibility
Rename Innovation (INOV) to Innovation Management. Add lower levels also.
Skill to cover embedding of change that covers methods, practices, culture through (often iterative) improvements toward a defined way of working.
Existing skills don't cover support activities for complicated AV systems (e.g. lecture theatres, medical imaging environments, conferencing environments)
Existing skills don't cover design activities for complicated AV systems (e.g. lecture theatres, medical imaging environments, conferencing environments)
These terms are bundled together across some of the user experience subcategory … this means the evaluation of user stories is now bundled with testing accessibility
This would pull the staff development references from Performance Management (PEMT) into Professional Development (PDSV) providing one skill for professional development.
Performance Management (PEMT) has too much staff development responsibility to be appropriate for the management of contractors, but otherwise seems to cover the responsibility for performance. Move the staff development references to PDSV and refocus PEMT on performance management
Performance Management (PEMT) has too much staff development responsibility to be appropriate for the management of contractors
Identity and access management is a more specialist area than general security operations.
Suppliers/vendors spend a lot of time writing and managing bids/proposals but we don't have a skill to cover this.
We don't currently have a skill for a supplier to use to manage their customer/client. This might the reverse side of the SUPP and ITCM skill from the supplier point of view.
General purchasing is not well covered by SORC, SUPP, ITCM but is a common activity with different levels of responsibility
Monitoring/Event Management is mentioned to some degree in existing skills (e.g. ITOP, MEAS) but there are plenty of examples of roles with a specialist focus on designing, maintaining, and operating monitoring systems and event management processes separate from the systems-operations skills like ITOP.
This was covered to some degree by previous versions of HCEV but now there is no longer a good skill for this.
Separate from RLMT and INCA - this skill would be for those who craft and manage the delivery of communications.
Current skill describes product ownership at lower levels and then blends product management and product ownership at higher levels
Current description has grown considerably and now encompases multiple aspects of testing in one skill
We see a number of examples where the responsibilities for information management/governance are separate from (or performed at different levels from) records management.
SFIA7 included useful descripters for DATM at levels 2/3. The replacement in SFIA8 is DENG which has the wrong context and doesn't align with the basic data handling activities we see junior records analysts performing.
The proposals is to change the skill name to assist users in accurately identifying the appropriate skill. The current designation "Research" frequently leads to misunderstandings among new users. It is often perceived as a general activity of 'looking up information' or conducting basic investigations into a topic.
Amend to clarify that contract management applies to both buyers and providers of digital products and service.
In our SFIA Assessments in serveral organizations, we lacked a way to adequately represent the topic of Identity and Access Management. We find IAM partially in the SCAD, but this leads to a mixing of security operations and IAM, which can result in incorrect / incomplete reports and conclusions. We suggest an dedicated Identity and Access Management Skill.
There are 11 new controls introduced in ISO27001:2022 some of which are new to SFIA.
Review whole - but replace "Makes simple travel and meeting arrangements." from Level 1 with a generic statement.
The current Methods & Tools skill lacks context and is adequately covered in other skills.
The current Scrum Master description is out-of-sync with the latest edition of the Scrum Guide, the official document about Scrum (where the Scrum Master comes from).
An open question - not a definitive change request. It's becoming increasingly rare to find organsiations that need SFIA level 1 skills, or people who genuinely work at SFIA level 1 **in a professional context**. Whilst SFIA is focussed on the skills of **digital professionals** - do we need to keep it?
Review and consider whether we should say more about ethics in the Generic Attributes.
Some additional description of each level is necessary to make the Levels of Responsibility easier to understand.
Apply the same 'rewrite' principles to the Generic Attributes as were applied to the Professional Skills in SFIA 8.
Very small changes that don't impact the meaning of the sentences.
Given the increasing impact of IT services on people and their business, people involved in providing and consuming IT services should have skills for influencing how IT services are experienced. About half of the current SFIA 8 skills address areas related to IT service experience and could be enhanced by including additional activities.
A request of a new skill of PCB Layout Design . This is seen as more specific for hardware designers - requested.
From a hardware/engineering company - it is felt that there should be a SFIA Level 2 for this skill - Behrouz Abdolali
FMIT lacks reference to Cloud Financial Operations, cost optimization, and resource attribution.
We have 4-letter codes for the professional skills. This proposal is to introduce short codes for the generic responsibility attributes.
We have 4-letter codes for the professional skills. This proposal is to introduce short codes for the generic responsibility attributes.
I edited some words and specified them in bold.
Hi, could you please strongly consider splitting PROD to 2 competencies. One focused on Product Management and the other Product Ownership. these are very distinct roles with distinct competencies and having the two competencies joined under one will ultimately result in a need to split them later on.
Hi, could you please strongly consider splitting PROD to 2 competencies. One focused on Product Management and the other Product Ownership. these are very distinct roles with distinct competencies and having the two competencies joined under one will ultimately result in a need to split them later on.
Three changes are proposed to "Relationship management" (RLMT), as detailed in attached Word document.
For level 5 Takes responsibility for managing the design, procurement, installation, upgrading, operation, control, maintenance and effective use of specific technology service. Monitors the performance or technology services. In the last sentence or should be of
The skills in 'System software" (SYSP) that relate to software updates are covered in the proposed SFIA 8 "IT infrastructure" (ITOP). If the proposed ITOP changes are implemented, SYSP is no longer required in SFIA.
Review some of the skill descriptions in PDSV to reflect industry working practices.
The selection and use of skills/capability frameworks can be an important part of learning and development.
The selection and use of skills/capability frameworks can be an important part of executing organisation design work.
Text from Garry Tyrrell Lead Editor for SFIAplus. Cannot add the comments himself. What is the rationale behind the loss of SYSP? This has been an important aspect of SFIA that I have used with Clients on many occasions. The Change Log does not indicate that there has been any change request to remove it. Neither does it seem to have been fully absorbed into ITOP, which might be considered to be closely aligned. I would like to know why it has been terminated and whether or not its content has been moved elsewhere.
What is the justification behind the loss of the term Business Analysis?
Happy with splitting off Feasibility assessment BUT cannot fathom why change Business analysis title which is universally recognised and understood by everybody. Please re-think as this would be a real retrograde step and could open SFIA to ridicule.
Acknowledge that teaching is separate from the proposed description for Learning Delivery (ETDL) which is aligned to training activities (see CR#1439). Split the subject formation aspects of teaching from the delivery of teaching so these can be evaluated separately. Acknowledge that pedagogy is an inherent and inseparable aspect of teaching. Builds on and supersedes CR#1413 to suggest a version that is not limited to computer and IT curricula. Extend both teaching and subject formation to level 7. Extend teaching to level 2 (assistant) and subject formation to level 4.
Update to Learning Delivery (ETDL) to increase alignment to training activities and provide separation from the activity of teaching. Review and update of level descriptions for level alignment. Addition of level 2 for those who actively assist in learning delivery.
(1) The vintage SFIA skill "Systems installation/decommissioning" (HSIN) has become degraded so the skill-level descriptions for Levels 2, 3 and 4 include similar statements, which blur the distinction between levels of responsibility. Revised wording suggested. (2) The skill name is cumbersome. Suggestion is to simplify the name to "Systems installation" and include decommissioning as an example activity in the Guidance Notes.
Update of PORT to: (1) change the name to Software Configuration (2) provide clarity that the skills is for the design and deployment of configurations not for operational configuration (which should be covered in the relevant operations skill, e.g. ITOP, ASUP, NTAS, etc)
Network planning (NTPL) covers similar ground to Network design (NTDS) but adds no value beyond the more practical descriptions for NTDS. As NTDS is developed in SFIA 8, the proposal is to drop NTPL from the framework.
Extend Network support (NTAS) to cover operational network configuration necessary to resolve issues and and implement design changes.
IT infrastructure (ITOP) - A SFIA 8 draft already includes readability improvements and Guidance Notes. Revised descriptions are proposed to give greater coverage of two key infrastructure activities: platform configuration and automation of sysadmin tasks. Skill-levels 1 and 2 to indicate that skills are being gained and understood at these levels.
Create IT Infrastructure (ITOP) at level 5 with a focus on owning IT Operations as a team lead / manager. This would be in line with other operational skills (e.g. Application Support (ASUP) or Network Support (NTAS) at level 5). See also CR#1431 - https://sfia-online.org/en/sfia-8/change-requests/reshape-itmg-to-technical-service-delivery-management-and-create-itop5/view which proposes to reshape IT Management (ITMG) to focus on technical service delivery and move the IT infrastructure management parts at level 5 into IT Infrastructure (ITOP).
Shift the focus of IT Management (ITMG) to be Technical Service Delivery Management... not technical management of IT Infrastructure. This provide a little more leeway for other technical managers outside of IT Infrastructure to claim the skill whilst fairly recognising their technical owner/management. Additionally, create IT Infrastructure (ITOP) at level 5 with a focus on owning IT Operations as a team lead / manager. This would be in line with other operational skills (e.g. Application Support (ASUP) or Network Support (NTAS) at level 5). Separate change request logged for this (I'll provide a reference in the comments once logged).
Enhancements to ITOP-3 from Cyber Security Technologist Apprenticeship Standard Reference ST0124
Enhancements to ITOP-3 from Cyber Security Technologist Apprenticeship Standard Reference ST0124
Addition of PEN-3 from Cyber Security Technologist Apprenticeship Standard Reference ST0124
Enhancements to SCTY-3 from Cyber Security Technologist Apprenticeship Standard Reference ST0124
Enhancements to SCTY-3 from Cyber Security Technologist Apprenticeship Standard Reference ST0124
Enhancements to ITOP-3 from Network Eningeer Apprenticeship Standard (Reference ST0127)
Enhancements to ITOP-3 from Network Eningeer Apprenticeship Standard (Reference ST0127)
Enhancements to PBMG from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to PBMG from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to SLMO from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to SLMO from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to RELM-3 from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to TEST-2 from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to TEST-2 from Software Development Apprenticeship Standard (Reference ST0116)
Enhancements to BUAN-3 from Software Developer Technician Apprenticeship Standard Reference ST0116.
Enhancements to REQM-3 from Software Developer Technician Apprenticeship Standard Reference ST0116.
Enhancements to PROG-3 from Software Developer Technician Apprenticeship Standard Reference ST0116.
Enhancements to SWDN-3 from Software Developer Technician Apprenticeship Standard Reference ST0116.
Enhancements to DATM from Data Analyst Apprenticeship Standard
Enhancements to DATM from Data Analyst Apprenticeship Standard
What if we extended Learning Delivery (ETDL) to level 6 and wrapped in the delivery part of Teaching and Subject Formation (TEAC)? See also CR#1413 - https://sfia-online.org/en/sfia-8/change-requests/update-teac-to-not-be-focussed-on-teaching-it If we remove the requirement for Teaching and Subject Formation (TEAC) to have a curriculum based on IT, then we could consider extending Learning Delivery (ETDL) (and other aspects of Teaching and Subject Formation (TEAC) can be argued as being covered by Learning Design and Development (TMCR) without change.
The professional activity of teaching doesn't depend on the subject matter. Currently teachers outside of IT are "relegated" to other skills like ETDL and TMCR purely on the basis of the subject matter they teach.
The Data Analyst (Level 4, Standard Reference ST0118) standard defines a number of competencies aligned with VISL at level 4. These are less complex than the definitions in INAN.
The Software Tester (Level 4, Standard Reference ST0129) defines a wider set of competencies for a level 3 software testing which should be considered to enhance the TEST-3 definition.
The Software Tester (Level 4, Standard Reference ST0129) defines a wider set of competencies for a level 3 software testing which should be considered to enhance the TEST-3 definition.
The Business Analyst (Level 4, Standard Reference ST0117) defines a benefits management competency at level 3 which is not in SFIA 7.
The Business Analyst (Level 4, Standard Reference ST0117) defines a business analysis, business modelling, requirements gathering and business process improvement. However many duties (competencies) are not currently in SFIA7.
The DevOps Engineer (Level 4, Standard Reference ST0825) enhances the definition of Release and Deployment at level 3.
The DevOps Engineer (Level 4, Standard Reference ST0825) enhances the definition of Systems Integration and Build (SINT) at level 3.
The DevOps Engineer (Level 4, Standard Reference ST0825) enhances the definition of programming/software development at level 3.
After reviewing the Information Communications Technician (Level 3, Standard Reference ST0973) apprenticeship standard it is suggested that SMLO-2 is enhanced.
After reviewing Information Communications Technician (Level 3, Standard Reference ST0973) apprenticeship standard it is suggested that HSIN-2 is enhanced.
After reviewing the Information Communications Technician (Level 3, Standard Reference ST0973) it is suggested to enhance the definition of USUP-2.
The Information Communications Technician (Level 3, Standard Reference ST0973) enhances the definition of NTAS as level 2.
PENT includes threat intelligence, vulnerability assessment as well as penetration testing. This change request is to ask that the skill name is reconsidered to cover threat and vulnerability management.
PENT includes threat intelligence, vulnerability assessment as well as penetration testing. This change request is to ask that the skill name is reconsidered to cover threat and vulnerability management.
The Cyber Security Technician Apprenticeship standard (Level 3, Standard Reference ST085) enhances the definition of penetration testing at Level 2.
The Cyber Security Technician Apprenticeship standard (Level 3, Standard Reference ST085) enhances the definition of security at Level 3.
The Cyber Security Technician Apprenticeship standard (Level 3, Standard Reference ST085) enhances the definition of security at Level 3.
The Cyber Security Technician Apprenticeship standard (Level 3, Standard Reference ST085) enhances the definition of security and this change is to request the addition of a level 2 security skill.
The Cyber Security Technician Apprenticeship standard (Level 3, Standard Reference ST0795) enhances the definition of security administration at Level 2.
The Data Technician Apprenticeship standard (Level 3, Standard Reference ST0795) defines a set of competencies for data visualisation at lower levels that in SFIA 7.
The Data Technician Apprenticeship standard (Level 3, Standard Reference ST0795) defines a set of competencies for data visualisation at lower levels that in SFIA 7.
minor but important clarification from being specifically "computer-related evidence" to material on any device capable of storing digital data.
SFIA v7 identifies a range of roles which collectively provide the ‘data science’ function. While it is true that no one individual can adequately deliver ‘data science’, it is also the case that many organisations hire data scientists, and many individuals describe themselves thus. In relation to previously existing professions, the data science field can be thought of as a superset of business intelligence, data mining, data analytics and that includes elements from software engineering and data engineering. The UK Government's Digital Service (GDS) defines the data scientist's role as a member of a multidisciplinary team, working with data architects, data engineers, data analysts and others. They state that, "A Data Scientist uses data to identify and solve complex business problems. They have an interdisciplinary focus, using techniques and knowledge from a range of scientific and computer science disciplines (for example, statistics, analytics, machine learning). A Data scientist is open and transparent, collaborating with others to share good practice and continuously improve outputs." Data science jobs typically involve developing machine learning, statistical, deep learning and natural language processing (NLP) models in languages like Python, R, SQL, Scala and Java, using frameworks such as Scikit-Learn, Spark ML, Tensorflow and PyTorch. The three most commonly used data science job titles on LinkedIn are, in ascending order of seniority: "Data Scientist" (grade-1), "Senior Data Scientist" (grade-2), and "Principal Data Scientist" (grade-3). However, there is no consensus on the number of different types of data scientist across industry or academia, although recurring categories include: • Generalist: Applies machine learning and statistics to develop models that generate insight to solve business problems. Generalist roles tend to be advertised as grade-1 or grade-2 positions, without any requirement for specialist skills or domain-specific knowledge. • Specialist: Extends beyond the capabilities of a Generalist, focusing on specialist machine learning skills (e.g. deep learning, natural language processing, audio/image processing) and application domains (e.g. healthcare, finance, manufacturing). Specialist roles tend to be advertised as grade-2 or grade-3 positions. • Researcher: Focuses on the development of novel machine learning algorithms or application of existing algorithms in new settings. These tend to be advertised as grade-2 or grade-3 positions. There are a several certifications that are specific to data science, many of which are vendor-specific: • Data Science Council of America (DASCA) Senior Data Scientist (SDS) • Data Science Council of America (DASCA) Principal Data Scientist (PDS) • Dell EMC Data Science Track (EMCDS) • IBM Data Science Professional Certificate • Microsoft Certified: Azure Data Scientist Associate • Open Certified Data Scientist (Open CDS) • SAS Certified Data Scientist It is suggested to add a new skill “Data Scientist” at levels 4,5 and 6 to the SFIA Framework, corresponding to the commonly used grade-1, grade-2 and grade-3 respectively. The following proposed competency descriptions are an extension of the SFIA Analytics INAN to include additional competencies commonly associated with these roles in NATO and also outlined in the SFIA discussion on data science. Our emphasis is on incorporating competencies from Innovation, Data Management, Programming/software development, and Data Visualisation. Additions or changes to the original Analytics INAN text are highlighted in green in the attached PDF document.
Move "... assessing impact of learning/educational activities ..." from LEDA to Learning Design and Development (TMCR) or Teaching and Subject Formation (TEAC).
Include 'Smart Systems' in the SFIA theme, 'Artificial intelligence and machine learning skills'.
Include 'Smart Systems' in the SFIA theme, 'Artificial intelligence and machine learning skills'.
the testing of Services in TEST and business processes in CORE (and proposed AUDT CR#1379) overlap with BPTS
Include distinctions between types of testing, the point in the lifecycle and scope of test
Include distinctions between types of testing, the point in the lifecycle and scope of test
SLMO audit of service overlaps with CORE and process audits elsewhere (e.g. QUMG, CR1379)
CFMG - inadequate definition of CI (configuration items) in description and guidance to show that CIs should have a relationship and coherence between them. Services as human activities are not "assets and artefacts" and cannot be fixed as a version or state (the documents and process definitions describing them can.) However the objects provided in a service lifecycle can be subjected to configuration management. Status has been omitted as a key characteristic of a CI - alongside versioning - it matters in audit, e.g. is it defined, present/correct, non-conforming. There is no hint that specific CIs can form part of multiple configurations (e.g. product lines). Note: there is some question around supplier as a CI. Supplier is usually a characteristic (e.g. source stated in a product definition) for a CI and not a CI in itself as it is a (legal) person and not an object (see comment on services). A CM audit does not verify the CI (that falls under testing) but the configuration records
Suggested that services are removed from scope of TEST to focus this skill more directly on product (hardware, software, etc) rather than activity.
Suggested that services are removed from scope of TEST to focus this skill more directly on product (hardware, software, etc) rather than activity.
Testing, Penetration Testing and Testing skills have overlaps Level 6 CORE 6 review of implementation and use of standards and the effectiveness of operational and process controls PENT 6 seeking vulnerabilities across the full spectrum of organisation policies, processes Level 5 TEST 5 Defines and communicates the test strategy. Manages all test processes, including test plans, resources, costs, timescales, test deliverables and traceability. PENT 5 Defines and communicates the test strategy. Manages all test processes, and contributes to corporate security testing standards.
more senior Digital Forensics skills that provide an external commentary, policy making or expert witness role.
more senior Digital Forensics skills that provide an external commentary, policy making or expert witness role.
Consider adding an Audit skill to SFIA 8 to describe a range of audit responsibilities including - but not limited to - audits related to information and cyber security systems and processes.
Consider changing the name of the skill to a more contemporary term - Security operations.
New lower Level (HWDE) is to ensure adequate coverage for Digital Apprenticeships. This has already been added to the BCS SFIAplus detailed standard. All details including the additional six HWDE3 component descriptions are available on the BCS members protected site. Skill at a Level description is given below.
New lower Levels (NTDS3 and NTDS4) are required to ensure adequate coverage for Digital Apprenticeships. These have already been added to the BCS SFIAplus detailed standard. All details including the additional six NTDS3 and NTDS4 descriptions are available on the BCS members protected site. Skill at a Level descriptions are given below.
New lower Levels (NTDS3 and NTDS4) are required to ensure adequate coverage for Digital Apprenticeships. These have already been added to the BCS SFIAplus detailed standard. All details including the additional six NTDS3 and NTDS4 descriptions are available on the BCS members protected site. Skill at a Level descriptions are given below.
A new lower Level (NTPL4) is required to ensure adequate coverage for Digital Apprenticeships. This have already been added to BCS SFIAplus detailed standard. All details including the additional six Task (Skill at a Level) descriptions are available on the BCS members protected site. Task (Skill at a Level) descriptions are given below.
Over the last decade, data infrastructure teams were stood up in larger companies and the new competency or profession of a “Data Engineer” became to emerge while Data Science also became a new discipline and was maturing. Inspired by software engineering, data engineers build tools, infrastructure, frameworks, and services. In relation to previously existing professions, the data engineering field can be thought of as a superset of business intelligence, data mining, warehousing, data analytics and that includes elements from software engineering and data science. It is suggested to add a new skill “Data Engineering” at levels 4, 5 and 6 to the SFIA Framework.
Move development skills from "business skills" over to "autonomy". Allthough development can greatly help one's business skills, it is more intrinsically part of "autonomy".
Transfer communication skills from "Business skills" to "Influence"
Remove references to communication and leadership skills that are found under "Business skills" over to "Influence" in the 7 levels. Allthough communication and leadership are both important parts of business skills and influence, it can be argued that it is more importantly tied to influence. Buesiness skills is very broad, and influence is defintly part of business skills, but since they are to distinct skills in SFIA levels we suggest to correspond communication and leadership skills to "influence".
Add 2 new skills covering Machine Learning and Data Science and a related change to the existing Analytics skill.
Rename to Content Publishing or just publishing? and refresh content of readability
The word information in the name is unnecessary and this skill needs updating for readability.
With the adoption of cloud computing services the traditional functions and roles of Software Engineers, Cyber Security Experts and Operations/Information Technology (Ops/IT) Specialists are blurring, and a new discipline known as Development Security Operations (DevSecOps) Engineering has emerged. DevSecOps engineers ensure continuous delivery of value to end users by optimizing and automating continuous integration and delivery pipelines taking a security by design approach. DevSecOps engineers work on optimizing processes, tools and methodologies to overcome traditional barriers between software development, security, testing and operations. DevSecOps engineers foster efficiency at every stage of the entire Software Development and Operations Life Cycle. DevSecOps is now well established in industry and new integrated skill profiles have emerged, which include knowledge about accessing the technological automation tools, managing the cloud deployment, leading software development teams, maintaining compliance and security controls, monitoring operations, and working and improving development process. As DevSecOps engineers are required to have some skills and prior experience in at least one of the traditional roles before stepping into a broader DevSecOps engineering role it is suggested to add a new skill “DevSecOps Engineering” at levels 4, 5 and 6 to the “Change and Transformation” (category) under a new “Software Life-Cycle Optimization” (sub-category).
With the adoption of cloud computing services the traditional functions and roles of Software Engineers, Cyber Security Experts and Operations/Information Technology (Ops/IT) Specialists are blurring, and a new discipline known as Development Security Operations (DevSecOps) Engineering has emerged. DevSecOps engineers ensure continuous delivery of value to end users by optimizing and automating continuous integration and delivery pipelines taking a security by design approach. DevSecOps engineers work on optimizing processes, tools and methodologies to overcome traditional barriers between software development, security, testing and operations. DevSecOps engineers foster efficiency at every stage of the entire Software Development and Operations Life Cycle. DevSecOps is now well established in industry and new integrated skill profiles have emerged, which include knowledge about accessing the technological automation tools, managing the cloud deployment, leading software development teams, maintaining compliance and security controls, monitoring operations, and working and improving development process. As DevSecOps engineers are required to have some skills and prior experience in at least one of the traditional roles before stepping into a broader DevSecOps engineering role it is suggested to add a new skill “DevSecOps Engineering” at levels 4, 5 and 6 to the “Change and Transformation” (category) under a new “Software Life-Cycle Optimization” (sub-category).
Over the last years Cloud engineering emerged as a new field of engineering that focuses on cloud services, such as "software as a service", "platform as a service", and "infrastructure as a service". The term of cloud engineering is at least ten years old. Extensive research has been conducted on specific areas in cloud engineering, such as development support for cloud patterns, and cloud business continuity services. The first IEEE Internatio nal Conference on Cloud Engineering (IC2E) took place in March 2013. Whilst in the first years cloud engineering was a multidisciplinary method encompassing contributions and skills from traditional engineering disciplines like systems engineering, software engineering, information technology engineering, and security engineering, the nature of commodity-like capabilities delivered by cloud services and the inherent challenges in this business model drive the need for cloud engineering as a core discipline. It is suggested to add a new skill “Cloud Engineering” at levels 4,5 and 6 to the SFIA Framework.
Over the last years Cloud engineering emerged as a new field of engineering that focuses on cloud services, such as "software as a service", "platform as a service", and "infrastructure as a service". The term of cloud engineering is at least ten years old. Extensive research has been conducted on specific areas in cloud engineering, such as development support for cloud patterns, and cloud business continuity services. The first IEEE Internatio nal Conference on Cloud Engineering (IC2E) took place in March 2013. Whilst in the first years cloud engineering was a multidisciplinary method encompassing contributions and skills from traditional engineering disciplines like systems engineering, software engineering, information technology engineering, and security engineering, the nature of commodity-like capabilities delivered by cloud services and the inherent challenges in this business model drive the need for cloud engineering as a core discipline. It is suggested to add a new skill “Cloud Engineering” at levels 4,5 and 6 to the SFIA Framework.
The latest update of ITIL (ITIL® 4) has changed the name of “Change management” to “Change control". There are some benefits in SFIA doing the same.
As part of the review of people management coverage in SFIA, it is proposed that Resourcing RESC is refocused to exclude workforce planning aspects and these are to be covered in a new "Workforce planning" skill.
A new skill is proposed that will address "employee experience" aspects of people management, in contrast to - and complementary to - work / performance management.
Performance Management - PEMT falls within a wider review of People Management coverage in SFIA. Current skills descriptions don't reflect the need to follow organisational direction and wording/content is not consistent through the skill-levels 4, 5 and 6. New descriptions are proposed, overall and at each skill-level.
Remove references to IT from SFIA Financial management (FMIT) overall and level descriptions, in order to widen the relevance of this skill.
Risk management is applicable in a number of business and technology domains. At first glance the name of the skill and some of the description may get in the way of wider adoption.
Governance is applicable in a number of business and technology domains. At first glance the name of the skill and some of the description may get in the way of wider adoption.
The Australian SFIA user community suggests some new skills related to scientific computing: Scientific Modelling, Numerical Analysis and High Performance Computing.
Changes to the Levels of Responsibility (LoR) are proposed that more comprehensively and consistently reference ethics.
Embedded systems design and peculiarities of edge processing must reflect at level 5 at least.
Embedded systems design and peculiarities of edge processing must reflect at level 5 at least.
Skills related to design of edge processing systems should be part of embedded systems design.
Skills related to design of edge processing systems should be part of embedded systems design.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security.
Separated into the skills that ‘research, discover and develop exploits, reverse engineering and researching of mitigation bypasses’ and the skills to implement and test etc.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
Add SFIA Service Design role Rename the current "service design" category to better reflect the ITIL concept it is trying to define. Once renamed add a new correct Service design skill that reflects the service design work that service design practitioners do.
SFIA Levels of Responsibility summary inclusion at https://sfia-online.org/en/sfia-7/responsibilities.
Digital Credentials, sometimes known as Open Digital Badges, are a relatively new form of digital asset that provide a visible, verifiable, immutable and portable form of credential that is awarded on completion of learning and assessment. The design of Digital Credentials and credential programme (ie. collections of credentials), their relationship with skills taxonomies (eg. SFIA), learning activities and assessments is a new skill that falls within Learning & Development.
Change request based on a review of skills associated with the Testing profession.
Change request based on a review of skills associated with the Testing profession.
During training this week, one customer organisation was saying that they think the language in RFEN seems a little dated and would benefit from review.
Expand the scope of this skill to embody the software engineering related aspects of radio frequency engineering, including RFID.
Introduction of an additional skill covering economics and estimation at levels 2 to 6, separate from Systems Development Management (DLMG) and considering SWEBOK 3.0 Chapter 12
Introduction of an additional skill covering economics and estimation at levels 2 to 6, separate from Systems Development Management (DLMG) and considering SWEBOK 3.0 Chapter 12
Expand the scope of this skill to embody the software engineering related aspects of energy consumption, expanding the descriptions for application at Levels 2 and 3
Expand the scope of this skill to embody the software engineering related aspects of energy consumption, expanding the descriptions for application at Levels 2 and 3
One of the people I was training this week mentioned that it would be useful to have some guidance within the reference guide on how to interpret the difference between 'generic' and 'specific' bodies of knowledge in the Knowledge generic level of responsibility characteristic/
Some approaches to assessment of competence against SFIA look for evidence of repeated, successful application of a proportion of the facets of a skill. However, some skill / level descriptions are single paragraphs. It would support such assessment approaches if the skill descriptions published in the framework were atomic sentences rather than conjunctive paragraphs.
Some approaches to assessment of competence against SFIA look for evidence of repeated, successful application of a proportion of the facets of a skill. However, some skill / level descriptions are single paragraphs. It would support such assessment approaches if the skill descriptions published in the framework were atomic sentences rather than conjunctive paragraphs.
To make the framework and model more accessible to *users*, revisit the presentation of the incremental model implicit in SFIA, to reduce the risk that components of either the generic (level of) responsibility characteristics or a skill defined at one level, and not expanded at the next higher, might be overlooked.
The BA Service Handbook identifies seven skills within the BA Service Framework. The SFIA BUAN skill encompasses all of these services. In addition, there are other SFIA skills that relate directly to some of the services. For example, Requirements definition (BA service) and REQM.
Programming a Quantum Computer requires unique skills that are not readily transferrable from the realm of binary computing. This change request is a placeholder for a future set of skills around Quantum Computing code design, development and testing.
Consideration should be given to the relationship between SFIA and ISCO-08. the International Standard Classification of Occupations.
Consideration should be given to the relationship between SFIA and ISCO-08. the International Standard Classification of Occupations.
ISO/IEC 24773 references some standards that can be used to define tasks. As SFIA skills descriptions are activity based, perhaps we should check these standards to ensure that we have covered all the tasks.
ISO/IEC 24773 references some standards that can be used to define tasks. As SFIA skills descriptions are activity based, perhaps we should check these standards to ensure that we have covered all the tasks.
The Generics probably need a general review and overhaul. The Industry wants additional generics and this aligns with the general view that 'Business Skills' is overloaded.
Enhance LEDA (Competence Assessment) to additionally be explicit for skills/competency assessment to be used for suitability for a defined role or for the professional development of an individual.
Learning Experience Design is a new skill that is born of the digitisation of learning and a shift in focus from learning content to learner centric context
Service Integration and Management (SIAM) is being increasingly used to improve end-to-end service quality and value in complex multi-vendor environments.
Service Integration and Management (SIAM) is being increasingly used to improve end-to-end service quality and value in complex multi-vendor environments.
Currently these skills lack any specific mention of OCM and stakeholder management.
Add level 4 NTDS skill for network design. This is required for a major network company that specialises in design and management.
A new sub-category is needed to address the lack of clarity around agile software development.
Security is addressed at all levels in the Business Skill generic attribute. It should be brought out as a generic attribute in its own right.
Skill-level descriptions for Incident management, particularly Level 5, needs to be better aligned to SFIA Levels of Responsibility.
Capturing this as reported to me some time ago. A number of skills would be useful to have a Level 3 as a recognition of achievement for apprenticeships.
Theme for consideration: Privacy has an overlap with security practices but is not the same thing as security. How will SFIA8 ensure we address privacy alongside security in the generics and perhaps in specific skills?
Change to the general description of IT Infrastructure ITOP Skill/ Italian Version
It can be very useful to compare the generic attributes (autonomy, influence, complexity, knowledge, business skills) across levels
It can be very useful to compare the generic attributes (autonomy, influence, complexity, knowledge, business skills) across levels
The description of Release Management and skill levels make extensive reference to test as part of release management. This should be decoupled.
The A-Z is a popular way of viewing the framework and the addition of the applicable skill levels will enhance its usability and value to people browsing the framework online.
The A-Z is a popular way of viewing the framework and the addition of the applicable skill levels will enhance its usability and value to people browsing the framework online.
KING IV and COBIT 2019 have changed the definition of the term "IT" in line with the requirements of the fourth industrial revolution. SFIA should also align with them.
KING IV and COBIT 2019 have changed the definition of the term "IT" in line with the requirements of the fourth industrial revolution. SFIA should also align with them.
The importance of effective change management in order to deliver business value from investment in new digital, data and technology capabilities.
Missing word in sentence "These descriptions provide a detailed definition what it means to practice the skill at each level of competency."
This is largely a cosmetic change to achieve a consistent syntax to all of SFIA's skill descriptions. 98 of the SFIA overall skill descriptions start with the word "The" . 4 skill descriptions do not follow this rule. (BENM, ISCO, QUMG, USEV). This change request is to change QUMG overall skill description to start with "The"
This is largely a cosmetic change to achieve a consistent syntax to all of SFIA's skill descriptions. 98 of the SFIA overall skill descriptions start with the word "The" . 4 skill descriptions do not follow this rule. (BENM, ISCO, QUMG, USEV). This change request is to change USEV overall skill description to start with "The"
This is largely a cosmetic change to achieve a consistent syntax to all of SFIA's skill descriptions. 98 of the SFIA overall skill descriptions start with the word "The" . 4 skill descriptions do not follow this rule. (BENM, ISCO, QUMG, USEV). This change request is to change ISCO overall skill description to start with "The"
This is largely a cosmetic change to achieve a consistent syntax to all of SFIA's skill descriptions. 98 of the SFIA overall skill descriptions start with the word "The" . 4 skill descriptions do not follow this rule. (BENM, ISCO, QUMG, USEV). This change request is to change BENM overall skill description to start with "The"
SFIA v3 introduced a caveat to the description of a project; I don't think this is needed anymore and in some use cases of SFIA (e.g. software engineering) it is unhelpful as it emphasises "Enterprise IT" SFIA users to the detriment of others.
Data Visualisation descriptions start from Level 4, with wording that suggests significant experience is already in place. A level 3 description is proposed for those working on visualisation tasks, without the breadth of technical skills to align with Level 4.
It has been highlighted that this phrase may not have universal understanding or interpretation. We should maybe include a more descriptive phrase. It has also caused some issue with translation in to Spanish.
There is no skill level that includes the skills that the Change Manager uses - this is essentially a governance role ensuring that RFCs are submitted in the correct format, with adequate plans, and then ensures the change is communicated and approvals sought. Its a non technical role whereas most of the skill levels (apart from level 6) allude to a technical appraisal or understanding of the change in questions. Change manager is not level 6 as they don't necessarily set the policy.
From Pete Brink - SWEBOK Evolution team: IEC 61508 Safety Integrity level Level 3 is usually just referred to as SIL3 or Safety Integrity Level 3. Also, I don’t think we want to vary the level by SFIA level, everyone should be able to assess any SIL based on the specification. Do you want to list examples of other standards? ISO 26262, DO178C, etc.
'Service design' has come to describe a specific set of processes for conceiving of and validating a service. This subcategory describes service delivery or service level management and should be renamed.
This is the process of defining where we are today (A point), where we wish to be (B point) and the activities to move the organisation from A to B. It sounds corny but it works and provides valuable documentation for future changes, uppgrades or trouble shooting.
The term "installation" alludes to implementaiton of physical infrastructure. Renaming this skill to "Systems Implementation/Decommissioning" better reflects the "cloud-first" world we operate in today.
Cybersecurity is a growing aspect of all IT professionals roles and as such should be included in the framework. The description below highlights particular areas missing from our organisations perspective.
Is Business process testing the best name / description? Does it exclude other approaches to broader User Acceptance Testing that we may see in Systems Engineering. Is User Acceptance Testing acceptable?
Change Request raised on behalf of itSMF International via Barry Corless (Director - itSMF International) The creation and maintenance of a service catalogue is touched on very briefly in portfolio (POMG) and in more (but still insufficient ) detail in Service Level Management (SLMO). Suggest this needs strengthening
Transfer of skills and knowledge through hands-on mentoring/coaching is an important part of the professional environment. At present this kind of skills/knowledge transfer is not well articulated by a skill in SFIA.
Transfer of skills and knowledge through hands-on mentoring/coaching is an important part of the professional environment. At present this kind of skills/knowledge transfer is not well articulated by a skill in SFIA.
The currently isn't a specific skill that covers the role of Team Administrator / Personal Assistant / Exec Assistant adequately.
It may be helpful to new or inexperienced SFIA users if we create and publish a glossary of SFIA related terms.
It may be helpful to new or inexperienced SFIA users if we create and publish a glossary of SFIA related terms.
When viewed from an IT supplier or vendor perspective, and the skills required for that organisation, SFIA throws up some interesting white areas. Among others these include marketing, HR, finance, pre-sales & sales & education. Consulting or professional services while being pretty well covered may need a review from this perspective. BAU IT Operations and IT Service Delivery I suspect are pretty well covered.
When viewed from an IT supplier or vendor perspective, and the skills required for that organisation, SFIA throws up some interesting white areas. Among others these include marketing, HR, finance, pre-sales & sales & education. Consulting or professional services while being pretty well covered may need a review from this perspective. BAU IT Operations and IT Service Delivery I suspect are pretty well covered.
This was a new skill introduced in SFIA6. I feel it needs some review to ensure it addresses the key aspects of Performance Management in the work place and is complementary in approach to other people management skills in SFIA.
Is there is an case to port SFIA and making it a cloud based service? 1. SFIA as a Platform 2. SFIA as a nation-wide skills inventory 3. APIs to others in the eco-system 4. LinkedIn (& MSWord) integration 5. Ability to map SFIA with CoBIT, ITIL, TOGAF, eTOM and others More details below.
There are some areas of people management which are recognised as critical for an effective and high performing IT workforce but which aren’t really touched by SFIA. Broadly these can be captured under 2 headings: • Employee engagement and satisfaction, attraction and retention of high performing people, succession planning • Reward, compensation, incentives, internal promotions / career progression
This is a request to stretch the boundaries of SFIA to encompass the skill needed to identify a business opportunity using novel digital technologies, and then acquire and deploy the necessary resources required for its commercial exploitation.
This is a request to stretch the boundaries of SFIA to encompass the skill needed to identify a business opportunity using novel digital technologies, and then acquire and deploy the necessary resources required for its commercial exploitation.
This skill description combines 2 strands which may be better separated: 1. recruitment 2. workforce / talent planning Although the 2 dimensions are related they are often (typically) found in different roles / different teams / different functions. Having the skills merged as they are in SFIA6 means that skills mapping (e.g. to job descriptions) and skills assessment is compromised.
Promoting and supporting diversity in the workplace is an important aspect of good people management - it’s about valuing everyone in the organisation as an individual. To realise the benefits of a diverse workforce it’s vital to have an inclusive environment where everyone feels able to participate and achieve their potential regardless of age, disability, race, religion, gender and sexual orientation among others.
Promoting and supporting diversity in the workplace is an important aspect of good people management - it’s about valuing everyone in the organisation as an individual. To realise the benefits of a diverse workforce it’s vital to have an inclusive environment where everyone feels able to participate and achieve their potential regardless of age, disability, race, religion, gender and sexual orientation among others.
Some changes required to the wording of the SFIA 4 / 5 skills levels to address the more technical elements of the modern Test Engineer to cover Test Automation and Performance Testing or alternatively consideration given to creating a separate skill for these common Test roles.
With an increased focus on the end user (general public), consider each skill description to see if it should reflect the need to include the "service" element of the skill as all participants in delivery need to consider and often work with the end user.
A general comment about refreshing the language such as using ‘cyber security’ instead of ‘security’ as well as ‘digital’ and ‘cloud’ in some places to add relevance or specifically draw in the new aaS world.
Consider whether dealing with Blockchain and Cryptography would be skills in their own right. Suggested adding administration of these to Security Administration
Consider adding in as a component of Acceptance testing or adding acceptance testing into the description of Pen testing.
This change identifies a minor change to wording and also raises a couple of points about the security architect role.
Blockchain, DLT, SmartContracts, Crypto are topics I believe SFIA need to incorporate into the scheme without delays.
Blockchain, DLT, SmartContracts, Crypto are topics I believe SFIA need to incorporate into the scheme without delays.
Skills focused Operational Technology? With industry 4.0 and IT/OT convergence bringing IT and OT skill sets closer than ever, it would be great to see how these skills sets might work closer together with in the SFIA framework.
Skills focused Operational Technology? With industry 4.0 and IT/OT convergence bringing IT and OT skill sets closer than ever, it would be great to see how these skills sets might work closer together with in the SFIA framework.
The importance of AI needs to be considered and introduced.
Some individuals do not have the skills as identified at the lowest level in SFIA but are working in this area - could we recognise the lower level as a trainee?
Consider introducing guidance around new entrants to IT and repositioning
Consider introducing guidance around new entrants to IT and repositioning
Some changes in emphasis and wording across the Skill description and skill level descriptions to ensure Software Engineering is addressed.
Should the description of skills related to verification / validation activities be standalone or embedded in each individual software engineering related skill.
Should the description of skills related to verification / validation activities be standalone or embedded in each individual software engineering related skill.
Some changes in emphasis and wording across the Skill description and skill level descriptions to ensure Software Engineering is addressed.
Some changes in emphasis and wording across the Skill description and skill level descriptions to ensure Software Engineering is addressed.
It will be easy for reader of the SFIA framework document , if skill description is written in terms of bullet points and keywords are highlighted ..
It will be easy for reader of the SFIA framework document , if skill description is written in terms of bullet points and keywords are highlighted ..
A couple of user organisations and individuals have suggested that the AV aspects could be developed further.
A couple of user organisations and individuals have suggested that the AV aspects could be developed further.
Security: Professionals should comply with ethics in order to safe guard business entities and activities carried out in an organization
I have worked in a consulting firm for 20 years and we have found that our entry point is actually at SFIA level 4. Our senior consultant role is at level 5 and our principal consultant role is mainly at level 6. This should not be confused by the fact that may contractors refer to themselves as 'consultants. as borne out by ACS surveys where some respondents claimed to have that skill at SFIA level 3! Our entry level consultants were expected to actually expected to consult and to understand and deliver to client requirements in a wide range of situations. I would still assess them as being at level 4 at this entry level.
I have worked in a consulting firm for 20 years and we have found that our entry point is actually at SFIA level 4. Our senior consultant role is at level 5 and our principal consultant role is mainly at level 6. This should not be confused by the fact that may contractors refer to themselves as 'consultants. as borne out by ACS surveys where some respondents claimed to have that skill at SFIA level 3! Our entry level consultants were expected to actually expected to consult and to understand and deliver to client requirements in a wide range of situations. I would still assess them as being at level 4 at this entry level.