The global skills and competency framework for the digital world

CompTIA

CompTIA is known worldwide as a leading provider of vendor-neutral IT certifications.

CompTIA certifications identify IT professionals who prove their aptitude in various fields, including cyber security, network engineering, systems administration, technical training, project management, infrastructure support and cloud computing. The certifications focus on the skills associated with a candidate’s job role encompassing a wide range of technologies from different vendors which reflects the diverse IT environment of today.

See full definitions of the SFIA skills and levels, click here.

Generic levels of responsibility

SFIA first defines seven generic levels of responsibility, with 5 characteristics (Autonomy, Influence, Complexity, Knowledge and Business Skills) defined at each of the 7 levels within the SFIA structure, with level 1 being the lowest level.

Specific professional skills

On top of the foundation of the generic levels of responsibility characteristics, SFIA also provides definitions for 102 specific professional skills, with each skill being described at one or more of the 7 levels, reflecting the different levels of these skills that are found practiced in the working environment.

For each skill there is an overall definition, supported by differential definitions for each of the levels at which the skill can be recognised.

Mapping between SFIA and CompTIA

For each of the SFIA skills attributed to a CompTIA certification, this document shows the overall skill definition and the differential definition for the appropriate level(s). CompTIA certifications are based upon job roles. Individuals who obtain the CompTIA A+ will have SFIA skills at Level 2 as a minimum, and might be well on the way to Level 3. Other CompTIA certifications are placed higher and in the case of some skills, Level 3 is shown as the probable minimum.

Full definitions of all the levels at which these skills are recognised can be found on the SFIA web site: https://www.sfia-online.org

Mapping of CompTIA qualifications and SFIA skills

CompTIA web site

The certifications covered below are:

Core:                                          ITF+                      A+                                           Network+           Security+

Infrastructure:                      Cloud+                  Linux+                                  Server+

Cybersecurity:                       CySA+                   PenTest+                              CASP+

Data and Analytics:             Data+

Additional Professional:    CTT+                      Cloud Essentials+            Project+



CompTIA Tech+ (FCO-U71)

Code/level

Skill name

Overall description, and Description at the specified level(s)

ITOP

 

Infrastructure operations 

Overall definition

 

Level 1

 

Level 2

Provisioning, deploying, configuring, operating, and optimising technology infrastructure across physical, virtual, and cloud-based environments. 


Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure health and reports on component status to support operational continuity. 

Executes operational procedures, runs automation scripts and performs routine maintenance, installation and monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating  them to others for resolution. 

DBAD

Database administration

Overall definition

 

Level 2

Installing, configuring, monitoring, maintaining databases and data stores, ensuring performance and security while adapting to evolving technologies. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance and monitoring of databases. Adjusts automation tasks as instructed to meet operational standards for databases. Reports on database performance, addresses issues directly when possible, or escalates to others for resolution. 

PROG

Programming / software development

Overall definition

 

Level 2

Developing software components to deliver value to stakeholders. 
 
Designs, codes, verifies, tests, documents, amends and refactors simple programs/scripts.  
Applies agreed standards, tools and basic security practices to achieve a well-engineered result. 
Reviews own work. 

HSIN

Systems installation and removal 

Overall definition

 

 

Level 1

  

Level 2

Installing and testing, or decommissioning and removing, systems or system components. 
 
Follows agreed procedures to perform simple installations, replace consumable items and check the correct working of installations. Documents and reports on work done. 
 
Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 

 

NTAS

Network support

Overall definition

 

 Level 1

Level 2

 

Providing maintenance and support services for communications networks. 
 
Supports routine network tasks under close supervision.  
Monitors basic network health and reports on the status of network components.  
Assists with straightforward troubleshooting and follows established procedures to maintain operational continuity.  
Escalates issues as necessary to higher levels of support 
 
Assists in the operational configuration of network components and the investigation and resolution of network problems. 
Assists in the implementation of basic scripting and automation tools to streamline network support tasks. 
Assists with specified maintenance procedures and follows established safety, security and quality standards. 
Provides first-line support and guidance to network users, escalating issues as necessary. 

 

SCAD

Security operations

Overall definition

 

 

Level 1

 

Level 2

 

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 

 

USUP

Incident management

Overall definition

 

 Level 1

 

Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services. 
 
Follows agreed procedures to identify, register and categorise incidents. 
Uses provided tools and technologies to support the incident management process. 
Collects information as instructed to assist in incident resolution and allocates incidents as directed. 
Assists in monitoring incident queues and escalates issues according to procedures. 

PBMG

Problem management

Overall definition

 

 Level 2

 Level 3

 

Managing the lifecycle of all problems that have occurred or could occur in delivering a service. 
 
Assists with problem management tasks under routine supervision. 
Helps document problems and maintain relevant records. 
Assists in detecting, logging, classifying, and prioritising problems in systems, processes, and services. 
 
Investigates problems in systems, processes and services.  
Contributes to the implementation of agreed remedies and preventative measures. 

ASUP

Application Support 

Overall Description

Level 2 

Delivering management, technical and administrative services to support and maintain live applications. 

Assists with specified maintenance procedures.  
Assists in the investigation and resolution of issues relating to applications. 

DBDS 

Database Design

Overall Description

Level 2 

Specifying, designing and maintaining mechanisms for storing and accessing data across various environments and 
platforms. 


Assists in creating and documenting detailed database designs under routine supervision.  
Follows established procedures and guidelines.  
Helps create and maintain documentation. 

A+ Core Series (220-1201 & 1202)

Code/level

Skill name

Overall description, and Description at the specified level

ITOP

 

Infrastructure operations

Overall definition

 

Level 1

Level 2

 

 

 

 

Level 3

Provisioning, deploying, configuring, operating, and optimising technology infrastructure across physical, virtual, and cloud-based environments. 
 
Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure 
health and reports on component status to support operational continuity. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance, installation and monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating them to others for resolution. 
 
Provisions, deploys, and configures infrastructure services and components. Monitors infrastructure for load, performance and security events. Reports metrics and resolves operational issues. Executes standard operational procedures, including backups and restorations. Carries out agreed system software maintenance tasks. Automates routine system administration tasks to specifications using standard tools and basic scripting. 

 

NTDS 

Network design
Overall description

Level 2

Level 3

Designing communication networks to meet business requirements, ensuring scalability, reliability, security and alignment with strategic objectives. 
 
Assists with defining configurations for networks and network components under routine supervision.  
Follows established network architectures, standards, and security protocols. 
Assists in documenting network configurations and producing detailed network specifications under guidance, incorporating relevant security aspects. 
 
Specifies the technical configurations and components required for a small network or a network segment in a more complex infrastructure. 
Follows organisational architectures, standards, and security guidelines. 

HSIN

Systems installation and removal

Overall definition

 

 Level 1

Level 2

Level 3

Installing and testing, or decommissioning and removing, systems or system components. 
 
Follows agreed procedures to perform simple installations, replace consumable items and check the correct working of installations. Documents and reports on work done. 
 
Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 
 
Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to the client.  
Uses standard procedures and diagnostic tools to test installations, correct problems, and document results.  
Records details of all components that have been installed and removed. Assists users and follows agreed procedures for further help or escalation. 
Contributes to the development of installation procedures and standards. 

USUP

Incident management
Overall description

Level 1

Level 2

Level 3

Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services. 
 
Follows agreed procedures to identify, register and categorise incidents. 
Uses provided tools and technologies to support the incident management process. 
Collects information as instructed to assist in incident resolution and allocates incidents as directed. 
Assists in monitoring incident queues and escalates issues according to procedures. 
 
Provides first line investigation and gathers information to enable incident resolution and allocate incidents.  
Gathers information to enable incident resolution and allocates incidents according to established procedures. 
Escalates incidents as necessary.  
Advises relevant people of actions taken. Communicates with users and stakeholders to provide updates on incident status.  
Assists in maintaining records and documentation related to incidents.  

Prioritises and diagnoses incidents applying agreed procedures and tools. 
Investigates causes of incidents and seeks resolution.  
Escalates unresolved incidents to higher levels or specialist teams. Coordinates with stakeholders to ensure timely resolution. 
Facilitates recovery, following resolution of incidents. Documents, communicates outcomes and closes resolved incidents. 

NTAS

Network support

Overall definition

 

Level 1

Level 2

Level 3

 Providing maintenance and support services for communications networks. 
 
Supports routine network tasks under close supervision.  
Monitors basic network health and reports on the status of network components.  
Assists with straightforward troubleshooting and follows established procedures to maintain operational continuity.  
Escalates issues as necessary to higher levels of support 
 
Assists in the operational configuration of network components and the investigation and resolution of network 
problems. 
Assists in the implementation of basic scripting and automation tools to streamline network support tasks. 
Assists with specified maintenance procedures and follows established safety, security and quality standards. 
Provides first-line support and guidance to network users, escalating issues as necessary. 
 
Executes agreed network maintenance tasks and specified operational configuration of network components. 
Identifies and diagnoses network problems/faults using the required troubleshooting tools and network management software, including addressing security-related issues. 
Implements and maintains scripts, automation tools and orchestration platforms to optimise network support 
processes. 
Collects performance and traffic statistics and collaborates with others to ensure network effectiveness and resolve issues

PBMG

Problem management

Overall definition

 

Level 2

Level 3 

Managing the lifecycle of all problems that have occurred or could occur in delivering a service. 
 
Assists with problem management tasks under routine supervision. 
Helps document problems and maintain relevant records. 
Assists in detecting, logging, classifying, and prioritising problems in systems, processes, and services. 
 
Investigates problems in systems, processes and services.  
Contributes to the implementation of agreed remedies and preventative measures. 

SCAD

Security operations

Overall definition

 

Level 1

Level 2

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates 
actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and 
techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 

PROG

Programming/software
development

Overall description

Level 2

Developing software components to deliver value to stakeholders. 
 
Designs, codes, verifies, tests, documents, amends and refactors simple programs/scripts.  
Applies agreed standards, tools and basic security practices to achieve a well-engineered result. 
Reviews own work.

RFEN

Radio frequency
engineering
Overall description

Level 2

Level 3

 Designing, installing and maintaining radio frequency based devices and software. 
 
Assists with setting up, tuning and functional checks of radio frequency devices and software.  
Resolves faults down to line replaceable unit level or escalates according to given procedures.  
Carries out user confidence checks and escalates faults according to given procedures.  
Integrates RF devices with software applications using static configurations. 
 
Deploys, sets up, tunes and calibrates RF devices and software following maintenance schedules and using appropriate tools and test equipment.  
Incorporates hardware/firmware modifications. Interprets automatic fault/performance indications and resolves faults down to discrete component level or escalates according to given procedures.  
Implements communication protocols between system elements in accordance with defined standards.  
Integrates RF devices with software applications, incorporating dynamic reconfiguration of elements under software control to optimise their operational performance. 

ASUP

Application support
Overall description

Level 2

Delivering management, technical and administrative services to support and maintain live applications. 
 
Assists with specified maintenance procedures.  
Assists in the investigation and resolution of issues relating to applications. 

SYSP

System software administration

Overall description

Level 2

Level 3

Installing, managing and maintaining operating systems, data management, office automation and utility software across various infrastructure environments. 
 
Assists with system software administration tasks under routine supervision. 
Supports the installation and configuration of system software. 
Helps monitor system performance and resource usage. 
Assists in documenting system software settings and updates. 
 
Monitors operational systems for resource usage and failure rates, to inform and facilitate system software tuning. 
Applies system software settings to optimise performance, enabling maximum throughput and efficient resource 
utilisation. 
Installs and tests new versions of system software.  
Assists in creating software implementation procedures, including  fallback contingency plans. 

STMG

Storage management

Overall description

Level 2

Level 3

Provisioning, configuring and optimising on-premises and cloud-based storage solutions, ensuring data availability, security and alignment with business objectives. 
 
Assists with storage management tasks such as provisioning. 
Supports the setup and configuration of storage systems, incorporating standard security practices. 
Helps monitor storage performance and capacity, and documents storage utilisation. 
 
Executes routine storage management tasks following established procedures and using standard tools. 
Implements documented configurations for allocation of storage, installation and maintenance of secure storage 
systems using the agreed operational procedures. 
Identifies operational problems, including security-related issues, and contributes to their resolution. 
Uses standard management and reporting tools to collect and report on storage utilisation, performance and backup statistics. 

CIPM

Organisational change
management

Overall description

Level 2

Level 3

Planning, designing and implementing activities to transition the organisation and people to the required future 
state. 
 
Assists with organisational change management tasks under routine supervision. 
Supports the collection and analysis of data related to change readiness and impact. 
Helps document and communicate change management plans and activities. 
 
Follows standard techniques to investigate and analyse the size, nature and impact of changes to operational 
activities.  
Contributes to change management plans and actions, focusing on the procedural execution of change.  
Supports implementation and engages with stakeholders under direction.

CHMG

Change control
Overall description

Level 2

Assessing risks associated with proposed changes and ensuring changes to products, services or systems are 
controlled and coordinated. 
 
Administers, tracks, logs, reports on change requests, using appropriate tools, techniques and processes. 
Provides assistance to implement standard low-risk changes, in accordance with defined change control procedures.

CSMG

Customer service support
Overall description

Level 1

Level 2

Managing and operating customer service or service desk functions. 
 
Receives and handles routine customer inquiries and requests, following established procedures. 
Accurately records customer interactions and maintains relevant records. 
Escalates complex issues to appropriate team members or departments. 
 
Responds to common customer service requests, providing information to enable fulfilment or resolution. 
Allocates unresolved calls, requests, or issues to appropriate functions. 
Contributes to the maintenance of customer service knowledge bases and documentation. 
Assists in monitoring customer satisfaction metrics. 

DEPL

Deployment 
Overall Description 
 
Level 2 
 
 
 
Level 3 

Transitioning software from development to live usage, managing risks and ensuring it works as intended. 
 
Assists in deploying software releases and updates under routine supervision. 
Executes defined deployment processes and procedures using deployment tools and techniques. 
Monitors deployed applications and reports issues. Assists in rolling back deployments when necessary. 
 
Deploys software releases and updates to production environments. 
Uses deployment tools and techniques to ensure consistent deployments. Monitors and troubleshoots deployment processes. 
Performs rollbacks of deployments in case of issues or failures. 
Collaborates with release management and operations teams. 

IAMT

Identity and Access 
Management 
Overall Description 
 

Level 1 
 
 
 
Level 2 

Manages identity verification and access permissions within organisational systems and environments. 
 
Performs basic identity and access management tasks, including user account lifecycle management, under 
supervision. 
Maintains accurate records and follows established identity and access management protocols. 
 
Provides assistance for identity and access management operations, including automated role allocation and access control management. 
Engages in user identity lifecycle management, including account creation and deletion. 
Facilitates operation of identity and access management tools and self-service portals. 

Network+ (N10-009)

Code/level

Skill name

Overall description, and Description at the specified level

NTDS

Network design
Overall description

Level 2

Level 3

Designing communication networks to meet business requirements, ensuring scalability, reliability, security and 
alignment with strategic objectives. 
 
Assists with defining configurations for networks and network components under routine supervision.  
Follows established network architectures, standards, and security protocols. 
Assists in documenting network configurations and producing detailed network specifications under guidance, 
incorporating relevant security aspects. 
 
Specifies the technical configurations and components required for a small network or a network segment in a more complex infrastructure. 
Follows organisational architectures, standards, and security guidelines.

ITOP

 

Infrastructure operations

Overall definition

 

Level 1

Level 2

Level 3

Provisioning, deploying, configuring, operating and optimising technology infrastructure across physical, virtual and cloud-based environments. 
 
Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure 
health and reports on component status to support operational continuity. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance, installation and 
monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating them to others for resolution. 
 
Provisions, deploys, and configures infrastructure services and components. Monitors infrastructure for load, 
performance and security events. Reports metrics and resolves operational issues. Executes standard operational procedures, including backups and restorations. Carries out agreed system software maintenance tasks. Automates routine system administration tasks to specifications using standard tools and basic scripting. 

 

NTAS

Network support

Overall definition

 

Level 1

Level 2

Level 3

Level 4

Providing maintenance and support services for communications networks. 
 
Supports routine network tasks under close supervision.  
Monitors basic network health and reports on the status of network components.  
Assists with straightforward troubleshooting and follows established procedures to maintain operational continuity.  
Escalates issues as necessary to higher levels of support 
 
Assists in the operational configuration of network components and the investigation and resolution of network 
problems. 
Assists in the implementation of basic scripting and automation tools to streamline network support tasks. 
Assists with specified maintenance procedures and follows established safety, security and quality standards. 
Provides first-line support and guidance to network users, escalating issues as necessary. 
 
Executes agreed network maintenance tasks and specified operational configuration of network components. 
Identifies and diagnoses network problems/faults using the required troubleshooting tools and network management software, including addressing security-related issues. 
Implements and maintains scripts, automation tools and orchestration platforms to optimise network support 
processes. 
Collects performance and traffic statistics and collaborates with others to ensure network effectiveness and resolve issues. 
 
Applies technical expertise to maintain and optimise network infrastructure, executing updates and employing 
automation tools.  
Uses network management tools to monitor load, performance, and security statistics. Investigates and enables the resolution of network-related operational and security issues.  Configures tools and/or creates scripts to automate network tasks.  
Maintains operational procedures and checks that they are followed. Provides reports and proposals for improvement to stakeholders. 
Contributes to the planning and implementation of network maintenance, updates, and security enhancements. 
Implements agreed network changes and maintenance routines.

 

SCAD

Security administration

Overall definition

 

 

Level 1

Level 2

Level 3

 

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates 
actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and 
techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 
 
Investigates minor security breaches using established procedures, incorporating analytical tools and techniques. 
Performs non-standard operational security tasks adapting to evolving technologies and threat landscapes. 
Addresses and resolves a variety of security events to maintain system integrity and operational continuity. 

USUP

Incident management

Overall definition

 

Level 1

Level 2

Level 3

Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services. 
 
Follows agreed procedures to identify, register and categorise incidents. 
Uses provided tools and technologies to support the incident management process. 
Collects information as instructed to assist in incident resolution and allocates incidents as directed. 
Assists in monitoring incident queues and escalates issues according to procedures. 
 
Provides first line investigation and gathers information to enable incident resolution and allocate incidents.  
Gathers information to enable incident resolution and allocates incidents according to established procedures. 
Escalates incidents as necessary.  
Advises relevant people of actions taken. Communicates with users and stakeholders to provide updates on incident status.  
Assists in maintaining records and documentation related to incidents. 
 
Prioritises and diagnoses incidents applying agreed procedures and tools. 
Investigates causes of incidents and seeks resolution.  
Escalates unresolved incidents to higher levels or specialist teams. Coordinates with stakeholders to ensure timely resolution. 
Facilitates recovery, following resolution of incidents. Documents, communicates outcomes and closes resolved 
incidents. 

 

PBMG

Problem management
Overall description

Level 2

Level 3

Managing the lifecycle of all problems that have occurred or could occur in delivering a service. 
 
Assists with problem management tasks under routine supervision. 
Helps document problems and maintain relevant records. 
Assists in detecting, logging, classifying, and prioritising problems in systems, processes, and services. 
 
Investigates problems in systems, processes and services.  
Contributes to the implementation of agreed remedies and preventative measures. 

HSIN

Systems installation and removal
Overall description

Level 1

Level 2

Level 3

Installing and testing, or decommissioning and removing, systems or system components. 
 
 
Follows agreed procedures to perform simple installations, replace consumable items and check the correct working of installations.  
Documents and reports on work done. 
 
 

Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 
 
Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to the client.  
Uses standard procedures and diagnostic tools to test installations, correct problems, and document results.  
Records details of all components that have been installed and removed. Assists users and follows agreed procedures for further help or escalation. 
Contributes to the development of installation procedures and standards. 

RFEN

Radio frequency engineering

Overall definition

 

Level 2

 

Level 3

Designing, installing and maintaining radio frequency based devices and software. 
 
Assists with setting up, tuning and functional checks of radio frequency devices and software.  
Resolves faults down to line replaceable unit level or escalates according to given procedures.  
Carries out user confidence checks and escalates faults according to given procedures.  
Integrates RF devices with software applications using static configurations. 
 
Deploys, sets up, tunes and calibrates RF devices and software following maintenance schedules and using appropriate tools and test equipment.  

Incorporates hardware/firmware modifications. Interprets automatic fault/performance indications and resolves faults down to discrete component level or escalates according to given procedures.  
Implements communication protocols between system elements in accordance with defined standards.  
Integrates RF devices with software applications, incorporating dynamic reconfiguration of elements under software control to optimise their operational performance. 



CHMG

Change control
Overall description

Level 2


Level 3

Assessing risks associated with proposed changes and ensuring changes to products, services or systems are 
controlled and coordinated. 
 
Administers, tracks, logs, reports on change requests, using appropriate tools, techniques and processes. 
Provides assistance to implement standard low-risk changes, in accordance with defined change control procedures. 
 
Develops, documents and implements changes based on requests for change.  
Applies change control processes and procedures.  
Applies tools, techniques and processes to manage and report on change requests. 

BURM

Risk management
Overall description


Level 2

Level 3

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision.  
Helps create and maintain documentation of risks and risk management activities.  
Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities.  
Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 

CIPM

Organisational change
management
Overall description

Level 2

Level 3

Planning, designing and implementing activities to transition the organisation and people to the required future 
state. 
 
Assists with organisational change management tasks under routine supervision. 
Supports the collection and analysis of data related to change readiness and impact. 
Helps document and communicate change management plans and activities. 
 
Follows standard techniques to investigate and analyse the size, nature and impact of changes to operational 
activities.  
Contributes to change management plans and actions, focusing on the procedural execution of change.  
Supports implementation and engages with stakeholders under direction. 

Security+ (SY0-701)

Code/level

Skill name

Overall description, and Description at the specified level

SCTY

 

Information security

Overall definition

 

Level 2

 

Level 3

Defining and operating a framework of security controls and security management strategies. 
 
Assists with implementing and monitoring security policies and protocols across different systems. 
Contributes to identifying and addressing potential risks in security governance and compliance. 
Supports the analysis of documented security incidents, escalating where appropriate. 
Assists in the review of access controls and permissions, ensuring adherence to security policies. 
 
Applies and maintains specific security controls as required by organisational policy and local risk assessments. 
Communicates security risks and issues to business managers and others. Performs basic risk assessments for small information systems.  
Contributes to the identification of risks that arise from potential technical solution architectures. Suggests alternate solutions or countermeasures to mitigate risks. Defines secure systems configurations in compliance with intended architectures. 
Supports investigation of suspected attacks and security breaches. 

 

SCAD

Security operations

Overall definition

 

 

Level 1

Level 2

Level 3

 

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 
 
Investigates minor security breaches using established procedures, incorporating analytical tools and techniques. 
Performs non-standard operational security tasks adapting to evolving technologies and threat landscapes. 
Addresses and resolves a variety of security events to maintain system integrity and operational continuity. 

VURE

Vulnerability research

Overall definition

 

 

 Level 2

 Level 3

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses. 
 
Assists with vulnerability research tasks under routine supervision. 
Helps document and report findings from vulnerability research activities. 
 
Applies standard techniques and tools for vulnerability research.  
Uses available resources to update knowledge of relevant specialism.  
Participates in research communities.  
Analyses and reports on activities and results. 

NTAS

Network support

Overall definition

 

Level 1

Level 2

Level 3

Providing maintenance and support services for communications networks. 
 
Supports routine network tasks under close supervision.  
Monitors basic network health and reports on the status of network components.  
Assists with straightforward troubleshooting and follows established procedures to maintain operational continuity.  
Escalates issues as necessary to higher levels of support 
 
Assists in the operational configuration of network components and the investigation and resolution of network 
problems. 
Assists in the implementation of basic scripting and automation tools to streamline network support tasks. 
Assists with specified maintenance procedures and follows established safety, security and quality standards. 
Provides first-line support and guidance to network users, escalating issues as necessary. 
 
Executes agreed network maintenance tasks and specified operational configuration of network components. 
Identifies and diagnoses network problems/faults using the required troubleshooting tools and network management 
software, including addressing security-related issues. 
Implements and maintains scripts, automation tools and orchestration platforms to optimise network support 
processes. 
Collects performance and traffic statistics and collaborates with others to ensure network effectiveness and resolve issues 

 

DGFS

Digital forensics

Overall definition

 

Level 2

Level 3

Level 4

Recovering and investigating material found in digital devices. 
 
Assists with digital forensic investigations under routine supervision.  
Supports the recovery of damaged, deleted or hidden data from digital devices. 
Helps collect and preserve digital information and evidence according to established protocols. 
 
Applies standard forensic tools and techniques to examine digital devices.  
Recovers and analyses damaged, deleted or hidden data from various digital sources and devices.  
Maintains the integrity of digital evidence and ensures its collection adheres to legal admissibility standards. 
 
Designs and executes complex digital forensic examinations.  
Specifies requirements for specialised forensic tools and resources. Provides guidance on advanced data recovery techniques and artefact analysis.  
Processes and analyses digital evidence in line with organisational policies and industry standards. Develops 
procedures for handling emerging technologies in forensic contexts. 
Contributes to forensic reports detailing technical findings. 

USUP

Incident management

Overall definition

 

Level 1

Level 2

Level 3

Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services. 
 
Follows agreed procedures to identify, register and categorise incidents. 
Uses provided tools and technologies to support the incident management process. 
Collects information as instructed to assist in incident resolution and allocates incidents as directed. 
Assists in monitoring incident queues and escalates issues according to procedures. 
 
Provides first line investigation and gathers information to enable incident resolution and allocate incidents.  
Gathers information to enable incident resolution and allocates incidents according to established procedures. Escalates incidents as necessary.  
Advises relevant people of actions taken. Communicates with users and stakeholders to provide updates on incident status.  
Assists in maintaining records and documentation related to incidents. 
 
Prioritises and diagnoses incidents applying agreed procedures and tools. 
Investigates causes of incidents and seeks resolution.  
Escalates unresolved incidents to higher levels or specialist teams. Coordinates with stakeholders to ensure timely resolution. 
Facilitates recovery, following resolution of incidents. Documents, communicates outcomes and closes resolved incidents. 

THIN

Threat intelligence

Overall description

Level 2

Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation. 
 
Contributes to routine threat intelligence gathering tasks.  
Monitors and detects potential security threats and escalates in accordance with relevant procedures and standards.

BURM

 Risk management 
Overall description 
  

Level 2 
 
 
 
Level 3 
 
 

Level 4

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision.  
Helps create and maintain documentation of risks and risk management activities.  
Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities.  
Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 
 
Carries out risk management activities within a specific function, technical area or project of medium complexity.  
Identifies risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business.  
Involves specialists and domain experts as necessary. 

AUDT

Audit 
Overall description 
 
 

Level 2 
 
 
 
Level 3 

Delivering independent, risk-based assessments of the effectiveness of processes, the controls and the compliance environment of an organisation. 
 
Assists in collecting evidence and conducting audit activities under routine supervision.  
Maintains documentation and audit trails.  
Helps identify and report issues and discrepancies. 
 
Adopts a structured approach to executing and documenting audit fieldwork, following agreed standards.  
Maintains integrity of records to support and satisfy audit trails. 
Identifies typical risk indicators and explains prevention measures. 

NTDS

Network design 
Overall description 
 
 

Level 2 
 
 


Level 3 

Designing communication networks to meet business requirements, ensuring scalability, reliability, security and 
alignment with strategic objectives. 
 
Assists with defining configurations for networks and network components under routine supervision.  
Follows established network architectures, standards, and security protocols. 
Assists in documenting network configurations and producing detailed network specifications under guidance, 
incorporating relevant security aspects. 
 
Specifies the technical configurations and components required for a small network or a network segment in a more complex infrastructure. 
Follows organisational architectures, standards, and security guidelines. 

RFEN Radio frequency engineering 
Overall description 
 
Level 2 

 

Designing, installing and maintaining radio frequency based devices and software. 
 
Assists with setting up, tuning and functional checks of radio frequency devices and software.  
Resolves faults down to line replaceable unit level or escalates according to given procedures.  
Carries out user confidence checks and escalates faults according to given procedures.  
Integrates RF devices with software applications using static configurations. 

HSIN

Systems installation and 
removal 
Overall description 
 
Level 1 
 
 

Level 2 
 
 


 Level 3 

 

Installing and testing, or decommissioning and removing, systems or system components. 
 

Follows agreed procedures to perform simple installations, replace consumable items and check the correct working of installations. Documents and reports on work done. 
 
Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 
 
Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to the client.  
Uses standard procedures and diagnostic tools to test installations, correct problems, and document results.  
Records details of all components that have been installed and removed. Assists users and follows agreed procedures for further help or escalation. 
Contributes to the development of installation procedures and standards. 

PENT Penetration testing 
Overall description 
 
 
Level 2 

Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers. 
 
Assists with penetration testing tasks under routine supervision. 
Supports the execution of standard penetration tests on systems, networks and applications. 
Helps document and report on test results, findings and potential security risks.

PEDP

Information and Data 
Compliance 
Overall description 
 


Level 4 

Implementing and promoting compliance with information and data management legislation. 
 
 
Supports the implementation of policy, standards and guidelines related to information and data legislation and compliance requirements. Monitors the implementation of effective controls for internal delegation, audit and control relating to information management. Reports on the consolidated status of information controls to inform effective decision-making. Identifies risks around the use of information  and data that is subject to specific legislation. 
Recommends remediation actions as required. 

CHMG Change control 
Overall description 
 
 
Level 2 
 
 
 
Level 3 

Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated. 
 
Administers, tracks, logs, reports on change requests, using appropriate tools, techniques and processes. 
Provides assistance to implement standard low-risk changes, in accordance with defined change control procedures. 
 
Develops, documents and implements changes based on requests for change.  
Applies change control processes and procedures.  
Applies tools, techniques and processes to manage and report on change requests. 

CIPM

Organisational change 
management 
Overall description 
 
 


Level 2 

Planning, designing and implementing activities to transition the organisation and people to the required future 
state. 
 
Assists with organisational change management tasks under routine supervision. 
Supports the collection and analysis of data related to change readiness and impact. 
Helps document and communicate change management plans and activities. 

IAMT

Identity and access 
management 
Overall description 
 
 

Level 1 

 
 
Level 2 
 
 
 


Level 3 

Manages identity verification and access permissions within organisational systems and environments. 
 
Performs basic identity and access management tasks, including user account lifecycle management, under supervision. 
Maintains accurate records and follows established identity and access management protocols. 
 
Provides assistance for identity and access management operations, including automated role allocation and access control management. 
Engages in user identity lifecycle management, including account creation and deletion. 
Facilitates operation of identity and access management tools and self-service portals. 
 
Administers standard identity and access management services, implementing policies and resolving related issues.  
Manages monitoring, audits and logging for identity and access management systems. Investigates minor security breaches in accordance with established procedures related to identity and access management. 
Assists users in defining their access rights and privileges. Designs and implements simple identity and access management solutions, enhancing user access security. Contributes to the enhancement and optimisation of existing identity and access management processes and systems. 

IFDN

Infrastructure design 
Overall description 
 
 
Level 2 

Designing technology infrastructure to meet business requirements, ensuring scalability, reliability, security and alignment with strategic objectives. 
 
Assists in developing preliminary infrastructure design specifications under routine supervision.  
Uses established standards and security protocols to contribute to infrastructure design activities.  
Helps draft design documents and diagrams. Documents design-related issues. 

INAS

Information assurance 
Overall description 
 
 
Level 2 
 
 
 
 
Level 3 
 
 
 
 
 
 
 
Level 4 

Protecting against and managing risks related to the use, storage and transmission of data and information systems. 
 
Assists with information assurance activities under routine supervision. 
Helps perform basic risk assessments and supports the implementation of information assurance measures. 
Assists in maintaining records and documentation related to information assurance. 
 
Follows standard approaches for the technical assessment of information systems against information assurance policies and business objectives.  
Makes routine accreditation decisions. Recognises decisions that are beyond their scope and responsibility level and escalates according. 
Reviews and performs risk assessments and risk treatment plans. Identifies typical risk indicators and explains prevention measures. 
Maintains integrity of records to support and justify decisions. 
 
Performs technical assessments and/or accreditation of complex or higher-risk information systems.  
Identifies risk mitigation measures required in addition to the standard organisation or domain measures.  
Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation requirements to stakeholders.   
Contributes to planning and organisation of information assurance and accreditation activities. Contributes to development of and implementation of information assurance processes. 

Cloud+ (CV0-004)

Code/level

Skill name

Overall description, and Description at the specified level

ITOP

 

Infrastructure operations 
Overall description 
 

Level 1 
 
 
Level 2 
 
 
 
 
 
Level 3 

Provisioning, deploying, configuring, operating, and optimising technology infrastructure across physical, virtual and cloud-based environments. 
 
Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure health and reports on component status to support operational continuity. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance, installation and monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating them to others for resolution. 
 
Provisions, deploys, and configures infrastructure services and components. Monitors infrastructure for load, performance and security events. Reports metrics and resolves operational issues. Executes standard operational procedures, including backups and restorations. Carries out agreed system software maintenance tasks. Automates routine system administration tasks to specifications using standard tools and basic scripting. 

 

STMG

Storage management

Overall definition

 

 

Level 2

Level 3

Provisioning, configuring and optimising on-premises and cloud-based storage solutions, ensuring data availability, security and alignment with business objectives. 
 
Assists with storage management tasks such as provisioning. 
Supports the setup and configuration of storage systems, incorporating standard security practices. 
Helps monitor storage performance and capacity, and documents storage utilisation. 
 
Executes routine storage management tasks following established procedures and using standard tools. 
Implements documented configurations for allocation of storage, installation and maintenance of secure storage systems using the agreed operational procedures. 
Identifies operational problems, including security-related issues, and contributes to their resolution. 
Uses standard management and reporting tools to collect and report on storage utilisation, performance and backup statistics. 

 

SINT

Systems integration and build
Overall description


Level 2

Planning, implementing and controlling activities to integrate system elements, subsystems and interfaces to create operational systems, products or services. 
 
Produces builds from system components using appropriate build automation tools and processes. Conducts tests as defined in an integration test specification and records the details of any failures. Analyses and reports on integration test activities and results. Identifies and reports issues and risks. 

AVMT

Availability management

Overall description

 

Level 3

Level 4

 

Ensuring services deliver agreed levels of availability to meet the current and future needs of the business. 
 
Performs defined availability management tasks, such as routine monitoring and data collection. 
Tests disaster recovery procedures under direction and contributes to the documentation of recovery plans. 
Assists with the operation of availability management tools and processes. 
Monitors service components against agreed performance standards and reports any deviations. 
 
Analyses service and component availability, reliability, maintainability and serviceability.  
Contributes to the availability management process and its operation.  
Monitors and maintains services and components to ensure ongoing compliance with agreed performance targets and service levels. 
Implements disaster recovery arrangements and documents recovery procedures. Conducts testing of recovery procedures. 

 

HSIN

Systems installation/ decommissioning

Overall definition

 

 Level 1

Level 2

Level 3

Installing and testing, or decommissioning and removing, systems or system components. 
 
Follows agreed procedures to perform simple installations, replace consumable items, and check the correct working of installations. Documents and reports on work done. 
 
Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 
 
Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to the client.  
Uses standard procedures and diagnostic tools to test installations, correct problems, and document results. 

Records details of all components that have been installed and removed. Assists users and follows agreed procedures for further help or escalation. 
Contributes to the development of installation procedures and standards. 

 

DESN

Systems design
Overall description

Level 2

Level 3

Designing systems to meet specified requirements and agreed systems architectures. 
 
Assists in the creation and documentation of system design elements under routine supervision.  
Follows established procedures and guidelines.  
Helps create and maintain documentation. 
 
 
Follows standard approaches and established design patterns to create new designs for simple systems or system components. 
Identifies and resolves minor design issues.  
Identifies alternative design options and seeks guidance when deviating from established design patterns. 

SCAD

Security administration

Overall definition

 

 

Level 1

Level 2

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 

NTAS

Network support 
Overall description 
 
Level 1 
 
 
 
 
 
Level 2 
 
 
 
 
 
 
 
Level 3 

Providing maintenance and support services for communications networks. 
 
Supports routine network tasks under close supervision.  
Monitors basic network health and reports on the status of network components.  
Assists with straightforward troubleshooting and follows established procedures to maintain operational continuity.  
Escalates issues as necessary to higher levels of support 
 
Assists in the operational configuration of network components and the investigation and resolution of network problems. 
Assists in the implementation of basic scripting and automation tools to streamline network support tasks. 
Assists with specified maintenance procedures and follows established safety, security and quality standards. 
Provides first-line support and guidance to network users, escalating issues as necessary. 
 
Executes agreed network maintenance tasks and specified operational configuration of network components. 
Identifies and diagnoses network problems/faults using the required troubleshooting tools and network management software, including addressing security-related issues. 
Implements and maintains scripts, automation tools and orchestration platforms to optimise network support processes. 
Collects performance and traffic statistics and collaborates with others to ensure network effectiveness and resolve issues 

ARCH

Solution architecture
Overall description

Level 4

Developing and communicating a multi-dimensional solution architecture to deliver agreed business outcomes. 
 
Contributes to the development of solution architectures in specific business, infrastructure or functional areas.  
Identifies and evaluates alternative architectures and the trade-offs in cost, performance and scalability. Determines and documents architecturally significant decisions.  
Produces specifications of cloud-based or on-premises components, tiers and interfaces, for translation into detailed designs using selected services and products.  
Supports projects or change initiatives through the preparation of technical plans and application of design principles. 
Aligns solutions with enterprise and solution architecture standards (including security). 

PEDP

Personal data protection
Overall description

Level 4

 Implementing and promoting compliance with information and data management legislation. 
  
Supports the implementation of policy, standards and guidelines related to information and data legislation and compliance requirements. 
Monitors the implementation of effective controls for internal delegation, audit and control relating to information management. 
Reports on the consolidated status of information controls to inform effective decision-making. 
Identifies risks around the use of information  and data that is subject to specific legislation. Recommends remediation actions as required. 

DEPL

Deployment 
Overall description 
 
 
Level 2 

Transitioning software from development to live usage, managing risks and ensuring it works as intended. 
 
Assists in deploying software releases and updates under routine supervision. 
Executes defined deployment processes and procedures using deployment tools and techniques. 
Monitors deployed applications and reports issues. Assists in rolling back deployments when necessary. 

IAMT

Identity and access 
management 
Overall description 
 
 
Level 2 
 
 
Level 3 

Manages identity verification and access permissions within organisational systems and environments. 
 
Performs basic identity and access management tasks, including user account lifecycle management, under supervision. 
Maintains accurate records and follows established identity and access management protocols. 
 
Provides assistance for identity and access management operations, including automated role allocation and access control management. 
Engages in user identity lifecycle management, including account creation and deletion. 
Facilitates operation of identity and access management tools and self-service portals. 

CFMG

Change control
Overall description


Level 2

Planning, identifying, controlling, accounting for and auditing of configuration items (CIs) and their 
interrelationships. 
 
Applies tools, techniques and processes to administer, track, log, report on and correct configuration items, components and changes.  
Assists with audits to check the accuracy of the information and undertakes any necessary corrective action under direction. 

Linux+ (XK0-005)

Code/level

Skill name

Overall description, and Description at the specified level

SYSP

Organisational change
management
Overall description

Level 2

Level 3

Installing, managing and maintaining operating systems, data management, office automation and utility software across various infrastructure environments. 
 
Assists with system software administration tasks under routine supervision. 
Supports the installation and configuration of system software. 
Helps monitor system performance and resource usage. 
Assists in documenting system software settings and updates. 
 
Monitors operational systems for resource usage and failure rates, to inform and facilitate system software tuning. 
Applies system software settings to optimise performance, enabling maximum throughput and efficient resource utilisation. 
Installs and tests new versions of system software.  
Assists in creating software implementation procedures, including  fallback contingency plans. 

HSIN

Systems installation and 
removal 
Overall description 
 
Level 1 
 
 
Level 2 
 
 
 
 
Level 3 

 

Installing and testing, or decommissioning and removing, systems or system components. 
 
Follows agreed procedures to perform simple installations, replace consumable items, and check the correct working of installations. Documents and reports on work done. 
 
Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 
 
Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to the client.  
Uses standard procedures and diagnostic tools to test installations, correct problems, and document results.  
Records details of all components that have been installed and removed. Assists users and follows agreed procedures for further help or escalation. 

Contributes to the development of installation procedures and standards. 

ITOP

 

Infrastructure operations
Overall description

Level 1

Level 2


Level 3

Provisioning, deploying, configuring, operating, and optimising technology infrastructure across physical, virtual, and cloud-based environments. 
 
Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure health and reports on component status to support operational continuity. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance, installation and monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating them to others for resolution. 
 
Provisions, deploys, and configures infrastructure services and components. Monitors infrastructure for load, performance and security events. Reports metrics and resolves operational issues. Executes standard operational procedures, including backups and restorations. Carries out agreed system software maintenance tasks. Automates routine system administration tasks to specifications using standard tools and basic scripting.

SCAD

Security operations

Overall definition

 

Level 1

Level 2

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 

PROG

Programming/software development

Overall definition

 

Level 2

Developing software components to deliver value to stakeholders. 
 
Designs, codes, verifies, tests, documents, amends and refactors simple programs/scripts.  
Applies agreed standards, tools and basic security practices to achieve a well-engineered result. 
Reviews own work. 

 

IAMT

Identity and access 
management 
Overall description 
 
Level 1 
 


 
Level 2 

Manages identity verification and access permissions within organisational systems and environments. 
 
Performs basic identity and access management tasks, including user account lifecycle management, under 
supervision. 
Maintains accurate records and follows established identity and access management protocols. 
 
Provides assistance for identity and access management operations, including automated role allocation and access control management. 
Engages in user identity lifecycle management, including account creation and deletion. 
Facilitates operation of identity and access management tools and self-service portals. 

DEPL

Deployment

Overall description 
 
Level 2 

Transitioning software from development to live usage, managing risks and ensuring it works as intended. 
 
Assists in deploying software releases and updates under routine supervision. 
Executes defined deployment processes and procedures using deployment tools and techniques. 
Monitors deployed applications and reports issues. Assists in rolling back deployments when necessary. 

 Server+ (SK0-005)

Code/level

Skill name

Overall description, and Description at the specified level

HSIN

Systems installation/ decommissioning

Overall definition

 

 

Level 3

Installing and testing, or decommissioning and removing, systems or system components.


Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to the client. Uses standard procedures and diagnostic tools to test installations, correct problems, and document results. Records details of all components that have been installed and removed. Assists
users and follows agreed procedures for further help or escalation. Contributes to the development of installation procedures and standards

 

AVMT

Availability management

Overall definition

 

Level 4

 

 

Ensuring that services deliver agreed levels of availability to meet the current and future needs of the business.


Analyses service and component availability, reliability, maintainability and serviceability. Contributes to the availability management process and its operation. Performs defined availability management tasks. Ensures that services and components meet and continue to meet all of their agreed performance targets and service levels. Implements arrangements for disaster recovery and documents recovery procedures. Conducts testing of recovery procedures.

 

SCAD

Security operations
Overall description

Level 3

Delivering management, technical and administrative services to implement security controls and security management strategies.

Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard operational security tasks. Resolves security events and operational security issues.

STMG

Storage management

Overall definition

 

 

Level 3

Planning, implementing and optimising the technologies and processes used for data storage.


Performs regular high-performance, scalable backups and restores on a schedule and tracks offsite storage. Implements documented configurations for allocation of storage, installation and maintenance of secure storage systems using the agreed operational procedures. Identifies operational problems and contributes to their resolution. Uses standard management and reporting tools to collect and report on storage utilisation, performance and backup statistics.

SYSP

System software

Overall definition

 

 

Level 3

Level 4

Installing, managing, controlling, deploying and maintaining infrastructure systems software, to meet operational needs and service levels.


Monitors operational systems for resource usage and failure rates, to inform and facilitate system software tuning. Applies system software parameters to maximise throughput and efficiency. Installs and tests new versions of system software. Contributes to preparation of software implementation procedures with fall back
contingency plans.


Monitors system software metrics and adjusts configurations for optimum availability and performance. Reviews system software updates and identifies those that merit action. Configures system software for required functionality and performance. Investigates and resolves system software problems, requesting action from supplier if required.

 

ITOP

Security administration

Overall definition

 

 Level 3

 

Deploying, configuring and operating IT Infrastructure.


Provisions/installs, configures and maintains infrastructure services and components. Monitors, measures and reports on infrastructure load, performance and security events. Identifies operational issues and contributes to their resolution. Carries out agreed operational procedures, including backup/restore, using supplied infrastructure tools and scripts. Carries out agreed system software maintenance tasks. Automates routine system administration tasks to specifications using standard tools and basic scripting.

PBMG

Problem management

Overall definition

 

Level 4

Managing the life cycle of all problems that have occurred or could occur in delivering a service.


Initiates and monitors actions to investigate and resolve problems in systems, processes and services. Determines problem fixes and remedies. Collaborates with others to implemented agreed remedies and preventative measures. Supports analysis of patterns and trends to improve problem management processes

 

COPL

L Continuity management
Overall description

Level 2


Level 3

Developing, implementing and testing a business continuity framework.


Maintains records of all related testing and training and ensures the availability of all documentation. Records the actions taken and the consequences following an incident or live testing of a continuity plan for a lessons-learned report.


Applies a structured approach to develop and document the detail for a continuity plan. Maintains documentation of business continuity and disaster recovery plans. Supports the development of a test plan and implementation of continuity management exercises.

PEDP

Personal data protection
Overall description

Level 5

Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.

Contributes to the development of policy, standards and guidelines related to personal data legislation. Provides expert advice and guidance on implementing personal data legislation controls in products, services and systems. Investigates major data breaches and recommends appropriate control improvements. Creates and maintains an inventory of data that are subject to personal data legislation. Conducts risk assessments, business impact analysis for complex information systems and specifies any required changes. Ensures that formal requests and complaints are dealt with according to approved procedures. Prepares and submits reports and registrations to relevant authorities.

CHMG

Change control

Overall description

Level 2


Level 3

Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated.


Applies tools, techniques and processes to administer, track, log, report on change requests. Applies change control procedures for standard, low-risk changes.

Develops, documents and implements changes based on requests for change. Applies change control procedures. Applies tools, techniques and processes to manage and report on change requests.

BURM

Risk management
Overall description

Level 3

Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise.


Undertakes basic risk management activities. Maintains documentation of risks, threats, vulnerabilities and mitigation actions.

CIPM

Organisational change
management
Overall description


Level 3

Planning, designing and implementing activities to transition the organisation and people to the required future state.


Follows standard techniques to investigate and analyse the size, nature and impact of changes to operational activities. Contributes to the recommendations for change management plans and actions. Supports implementation and engages with stakeholders under direction.

 CySA+ Cybersecurity Analyst (CS0-003)

Code/level

Skill name

Overall description, and Description at the specified level

SCTY

Information security

Overall definition

 

Level 2

Level 3

 

 

 

 

 

Defining and operating a framework of security controls and security management strategies. 
 
Assists with implementing and monitoring security policies and protocols across different systems. 
Contributes to identifying and addressing potential risks in security governance and compliance. 
Supports the analysis of documented security incidents, escalating where appropriate. 
Assists in the review of access controls and permissions, ensuring adherence to security policies. 
 
Applies and maintains specific security controls as required by organisational policy and local risk assessments. 
Communicates security risks and issues to business managers and others. Performs basic risk assessments for small 
information systems.  
Contributes to the identification of risks that arise from potential technical solution architectures. Suggests alternate 
solutions or countermeasures to mitigate risks. Defines secure systems configurations in compliance with intended 
architectures. 
Supports investigation of suspected attacks and security breaches. 

THIN

Threat intelligence
Overall description

Level 2

Level 3

Level 4

Developing and sharing actionable insights on current and potential security threats to the success or integrity of an 
organisation. 
 
Contributes to routine threat intelligence gathering tasks.  
Monitors and detects potential security threats and escalates in accordance with relevant procedures and standards. 
 
Performs routine threat intelligence gathering tasks.  
Transforms collected information into a data format that can be used for operational security activities. 
Cleans and converts quantitative information into consistent formats. 
 
Collates and analyses information for threat intelligence requirements from a variety of sources. 
Contributes to reviewing, ranking and categorising qualitative threat intelligence information.  
Creates threat intelligence reports.  
Evaluates the value, usefulness and impact of threat intelligence sources.

VURE

Vulnerability research
Overall description

Level 3

Level 4

Level 5

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.


Applies standard techniques and tools for vulnerability research. Uses available resources to update knowledge of relevant specialism. Participates in research communities. Analyses and reports on activities and results.


Designs and executes complex vulnerability research activities. Specifies requirements for environment, data, resources and tools to perform assessments. Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions. Advises on deception methods by exploiting identified patterns. Makes an active contribution to research communities.


Plans and manages vulnerability research activities. Maintains a strong external network in the area of vulnerability research. Gathers information on new and emerging threats and vulnerabilities. Assesses and documents the impacts and threats to the organisation. Creates reports and shares knowledge and insights
with stakeholders. Providing expert advice and guidance to support the adoption of tools and techniques for vulnerability research. Contributes to the development of organisational policies, standards, and guidelines for vulnerability research and assessment.

TECH

Specialist advice

Overall definition

 

 Level 4

Providing authoritative, professional advice and direction in a specialist area. 
 
Provides detailed and specific advice to support the organisation's planning and operations, typically related to the immediate area of responsibility. 
Actively maintains recognised expert level knowledge in one or more identifiable specialisms.  
Recognises and identifies the boundaries of their own specialist knowledge.  
Where appropriate, collaborates with other specialists to ensure advice given is professionally sound and appropriate to the organisation's needs. 

SCAD

Security administration

Overall definition

 

 

Level 1

 

Level 2

Level 3

Level 4

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and  techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to management reporting processes. 
 
Investigates minor security breaches using established procedures, incorporating analytical tools and techniques. 
Performs non-standard operational security tasks adapting to evolving technologies and threat landscapes. 
Addresses and resolves a variety of security events to maintain system integrity and operational continuity. 
 
Maintains and optimises operational security processes. Checks that all requests for support are dealt with according 
to established protocols, including for cloud-based and automated systems. 
Provides advice on implementing and managing physical, procedural and technical security encompassing both physical and digital assets. 
Investigates security breaches in accordance with established procedures using advanced tools and techniques and recommends necessary corrective actions.  
Enables effective implementation of recommended security measures and monitors their performance. 

USUP

Incident management

Overall definition

 

 

Level 1

Level 2

Level 3

Level 4

Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services. 
 
Follows agreed procedures to identify, register and categorise incidents. 
Uses provided tools and technologies to support the incident management process. 
Collects information as instructed to assist in incident resolution and allocates incidents as directed. 
Assists in monitoring incident queues and escalates issues according to procedures. 
 
Provides first line investigation and gathers information to enable incident resolution and allocate incidents.  
Gathers information to enable incident resolution and allocates incidents according to established procedures. 
Escalates incidents as necessary.  
Advises relevant people of actions taken. Communicates with users and stakeholders to provide updates on incident status.  
Assists in maintaining records and documentation related to incidents. 
 
Prioritises and diagnoses incidents applying agreed procedures and tools. 
Investigates causes of incidents and seeks resolution.  
Escalates unresolved incidents to higher levels or specialist teams. Coordinates with stakeholders to ensure timely resolution. 
Facilitates recovery, following resolution of incidents. Documents, communicates outcomes and closes resolved incidents. 

Monitors and manages incident queues to ensure incidents are handled according to procedures and service levels.  
Contributes to developing, testing and improving incident management procedures. Uses analytics tools to track trends. 
Ensures resolved incidents are properly documented and closed.  
Supports team members in the correct use of the incident process. 

DGFS

Digital forensics

Overall definition

 

 

Level 2

Level 3

Recovering and investigating material found in digital devices. 
 

Assists with digital forensic investigations under routine supervision.  
Supports the recovery of damaged, deleted or hidden data from digital devices. 
Helps collect and preserve digital information and evidence according to established protocols. 
 
Applies standard forensic tools and techniques to examine digital devices.  
Recovers and analyses damaged, deleted or hidden data from various digital sources and devices.  
Maintains the integrity of digital evidence and ensures its collection adheres to legal admissibility standards. 

BURM

Risk management
Overall description

Level 2

Level 3

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision.  
Helps create and maintain documentation of risks and risk management activities.  
Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities.  
Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 

ITOP

IT infrastructure
Overall description

Level 1

Level 2

Level 3

Level 4

Provisioning, deploying, configuring, operating, and optimising technology infrastructure across physical, virtual, and cloud-based environments. 
 
Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure health and reports on component status to support operational continuity. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance, installation and monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating them to others for resolution. 
 
Provisions, deploys, and configures infrastructure services and components. Monitors infrastructure for load, performance and security events. Reports metrics and resolves operational issues.

Executes standard operational procedures, including backups and restorations. Carries out agreed system software maintenance tasks. Automates routine system administration tasks to specifications using standard tools and basic scripting. 
 
Applies technical expertise to maintain and optimise technology infrastructure, executing updates and employing automation tools. Configures tools and/or creates scripts to automate infrastructure tasks.  
Maintains operational procedures and checks that they are followed, including adherence to security policies. Uses infrastructure management tools to monitor load, performance, and security metrics. 
Investigates and enables the resolution of operational and security-related issues. Provides reports and proposals for improvement to stakeholders. 
Contributes to the planning and implementation of infrastructure maintenance and updates. Implements agreed infrastructure changes and maintenance routines. 

VUAS

Vulnerability assessment
Overall description

Level 2

Level 3


Level 4

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or 
eliminating their impact. 
 
Undertakes low-complexity routine vulnerability assessments using automated and semi-automated tools.  
Escalates issues where appropriate. 
Contributes to documenting the scope and evaluating the results of vulnerability assessments. 
 
Follows standard approaches to perform basic vulnerability assessments for small information systems.  
Supports creation of  catalogues of information and technology assets for vulnerability assessment. 
 
Collates and analyses catalogues of information and technology assets for vulnerability assessment.  
Performs vulnerability assessments and business impact analysis for medium complexity information systems.  
Contributes to selection and deployment of vulnerability assessment tools and techniques. 

PEDP

Personal data protection
Overall description


Level 4

Implementing and promoting compliance with information and data management legislation. 
 
 
Supports the implementation of policy, standards and guidelines related to information and data legislation and compliance requirements. 
Monitors the implementation of effective controls for internal delegation, audit and control relating to information management. 
Reports on the consolidated status of information controls to inform effective decision-making. 
Identifies risks around the use of information  and data that is subject to specific legislation. Recommends remediation actions as required. 

PenTest+ (PT0-003)

Code/level

Skill name

Overall description, and Description at the specified level

PENT

Penetration testing

Overall definition

 

Level 2

 

 

Level 3

 

 

 

 Level 4

 

 Level 5

Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers. 
 
Assists with penetration testing tasks under routine supervision. 
Supports the execution of standard penetration tests on systems, networks and applications. 
Helps document and report on test results, findings and potential security risks. 
 
Follows standard approaches to design and execute penetration testing activities. 
Researches and investigates attack techniques and recommends ways to defend against them.  
Analyses and reports on penetration testing activities, results, issues and risks. 
 
Selects appropriate testing approaches using in-depth technical analysis of risks and typical vulnerabilities. 
Produces test scripts, materials and test packs and tests new and existing networks, systems or applications. Provides advice on penetration testing to support others. 
Records and analyses actions and results and modifies tests if necessary.  
Provides reports on progress, anomalies, risks and issues associated with the overall project. 
 
Plans and drives penetration testing within a defined area of business activity.  
Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls.  
Takes responsibility for the integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on all aspects of penetration testing.  
Identifies needs and implements new approaches for penetration testing. Contributes to security testing standards.

TECH

Specialist advice

Overall definition

 

Level 4

Providing authoritative, professional advice and direction in a specialist area. 
 
Provides detailed and specific advice to support the organisation's planning and operations, typically related to the immediate area of responsibility. 
Actively maintains recognised expert level knowledge in one or more identifiable specialisms.  
Recognises and identifies the boundaries of their own specialist knowledge.  
Where appropriate, collaborates with other specialists to ensure advice given is professionally sound and appropriate to the organisation's needs. 

 

OCOP

Offensive cyber operations 
Overall description 
 

Level 2 

Plans, executes and manages offensive cybersecurity operations, including target selection, electronic target folders and post-operation analysis. 
 
Supports offensive cyber operations under supervision.  
Assists in creating electronic target folders based on provided intelligence.  
Participates in basic operational tasks, following established security protocols. 
Assists in documenting operations and outcomes, contributing to post-operation reviews. 

VURE

Vulnerability research
Overall description

Level 2

Level 3

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and 
weaknesses. 
 
Assists with vulnerability research tasks under routine supervision. 
Helps document and report findings from vulnerability research activities. 
 
Applies standard techniques and tools for vulnerability research.  
Uses available resources to update knowledge of relevant specialism.  
Participates in research communities.  
Analyses and reports on activities and results.

BURM

Risk management

Overall description

Level 2

Level 3

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy 
and governance frameworks. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision.  
Helps create and maintain documentation of risks and risk management activities.  
Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities.  
Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 

VUAS

Vulnerability assessment 
Overall description 
 
 
Level 2 
 
 
 
Level 3 
 
 
 Level 4 
 

 
Level 5 

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or 
eliminating their impact. 
 
Undertakes low-complexity routine vulnerability assessments using automated and semi-automated tools.  
Escalates issues where appropriate. 
Contributes to documenting the scope and evaluating the results of vulnerability assessments. 
 
Follows standard approaches to perform basic vulnerability assessments for small information systems.  
Supports creation of  catalogues of information and technology assets for vulnerability assessment. 
 
Collates and analyses catalogues of information and technology assets for vulnerability assessment.  
Performs vulnerability assessments and business impact analysis for medium complexity information systems.  
Contributes to selection and deployment of vulnerability assessment tools and techniques. 
 
Plans and manages vulnerability assessment activities within the organisation. 
Evaluates, selects and reviews vulnerability assessment tools and techniques. 
Provides expert advice and guidance to support the adoption of agreed approaches. 
Obtains and acts on vulnerability information and accreditation on complex information systems. 

SecurityX (CAS-005)

Code/level

Skill name

Overall description, and Description at the specified level

SCTY

 

 Security operations 
Overall description 
 
 
Level 1 
 
Level 2 
 
 
 
 
 

Level 3 
 
 
 
 Level 4 
 
 
 
 
 

 
Level 5 

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and 
operational integrity. 
 

Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates 
actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and 
techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to 
management reporting processes. 
 
Investigates minor security breaches using established procedures, incorporating analytical tools and techniques. 
Performs non-standard operational security tasks adapting to evolving technologies and threat landscapes. 
Addresses and resolves a variety of security events to maintain system integrity and operational continuity. 
 
Maintains and optimises operational security processes. Checks that all requests for support are dealt with according 
to established protocols, including for cloud-based and automated systems. 
Provides advice on implementing and managing physical, procedural and technical security encompassing both 
physical and digital assets. 
Investigates security breaches in accordance with established procedures using advanced tools and techniques and 
recommends necessary corrective actions.  
Enables effective implementation of recommended security measures and monitors their performance. 
 
Oversees security operations procedures, ensuring adherence and effectiveness, including cloud security practices and 
automated threat responses. 
Reviews actual or potential security breaches and vulnerabilities and ensures they are promptly and thoroughly 
investigated. Recommends actions and appropriate control improvements. 

Ensures the integrity and completeness of security records, ensuring timely support and adherence to established 
procedures. 
Contributes to the creation and maintenance of security policies, standards and procedures integrating new 
compliance requirements and technology advances. 

SCAD

Security operations
Overall description


Level 4

Delivering management, technical and administrative services to implement security controls and security management strategies.


Maintains operational security processes and checks that all requests for support are dealt with according to agreed procedures. Provides advice on defining access rights and the application and operation of elementary physical, procedural and technical security controls. Investigates security breaches in accordance with established procedures and recommends required actions. Provides support and checks that corrective actions are implemented

AUDT

Audit
Overall description


Level 4

Delivering independent, risk-based assessments of the effectiveness of processes, the controls, and the compliance environment of an organisation.


Contributes to planning and executing of risk-based audit of existing and planned processes, products, systems and services. Identifies and documents risks in detail. Identifies the root cause of issues during an audit, and communicates these effectively as risk insights. Collates evidence regarding the interpretation and
implementation of control measures. Prepares and communicates reports to stakeholders, providing a factual basis for findings.

SCTY

Information security 
Overall description 
 
Level 2 
 
 
 
 
Level 3 
 
 
 
 
 
 
 
 Level 4 

Defining and operating a framework of security controls and security management strategies. 
 

Assists with implementing and monitoring security policies and protocols across different systems. 
Contributes to identifying and addressing potential risks in security governance and compliance. 
Supports the analysis of documented security incidents, escalating where appropriate. 
Assists in the review of access controls and permissions, ensuring adherence to security policies. 
 
Applies and maintains specific security controls as required by organisational policy and local risk assessments. 
Communicates security risks and issues to business managers and others. Performs basic risk assessments for small 
information systems.  
Contributes to the identification of risks that arise from potential technical solution architectures. Suggests alternate 
solutions or countermeasures to mitigate risks. Defines secure systems configurations in compliance with intended 
architectures. 
Supports investigation of suspected attacks and security breaches. 
 
Provides guidance on the application and operation of elementary physical, procedural and technical security controls.  
Explains the purpose of security controls and performs security risk and business impact analysis for medium 
complexity information systems.  
Identifies risks that arise from potential technical solution architectures. Designs alternate solutions or 
countermeasures and ensures they manage identified risks.  
Investigates suspected attacks and supports security incident management. 

DGFS

Digital forensics

Overall definition

 

Level 5

Recovering and investigating material found in digital devices.


Conducts investigations to correctly gather, analyse and present findings, including digital evidence, to both business and legal audiences. Collates conclusions and recommendations and presents forensics findings to stakeholders. Plans and manages digital forensics activities within the organisation. Provides expert advice
on digital forensics. Contributes to the development of digital forensics policies, standards and guidelines. Evaluates and selects digital forensics tools and techniques.

USUP

Incident management

Overall definition

 

 

Level 4

Coordinating responses to incident reports, minimising negative impacts and restoring service as quickly as possible.


Ensures that incidents are handled according to agreed procedures. Prioritises and diagnoses incidents. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Facilitates recovery, following resolution of incidents. Documents and closes resolved incidents. Contributes to testing and improving incident management procedures.

 

BURM

Business risk management 
Overall description 


 Level 2 
 
 
 
Level 3 
 
 
 
Level 4 
 
 
 
 
Level 5

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision.  
Helps create and maintain documentation of risks and risk management activities.  
Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities.  
Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 
 
Carries out risk management activities within a specific function, technical area or project of medium complexity.  
Identifies risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business.  
Involves specialists and domain experts as necessary. 
 
Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme.  
Establishes consistent risk management processes and reporting mechanisms aligned with governance frameworks. 
Engages specialists and domain experts as necessary.  
Advises on the organisation's approach to risk management. 

NTDS

Network design

Overall definition

 

 Level 2

Level 3

Level 4 

 

Designing communication networks to meet business requirements, ensuring scalability, reliability, security and 
alignment with strategic objectives. 
 
Assists with defining configurations for networks and network components under routine supervision.  
Follows established network architectures, standards, and security protocols. 
Assists in documenting network configurations and producing detailed network specifications under guidance, 
incorporating relevant security aspects. 
 
Specifies the technical configurations and components required for a small network or a network segment in a more 
complex infrastructure. 
Follows organisational architectures, standards, and security guidelines. 
 
Designs specific network components using agreed architectures, design standards, patterns and methodology. 
Translates logical designs into physical designs that meet specified operational parameters for capacity and 
performance. 
Reviews and verifies network designs against non-functional requirements, including validation and error correction 
procedures, access, security and audit controls. 
Contributes to the development of recovery routines and contingency procedures. Contributes to alternative network 
architectures, networking topologies and design options. 

VUAS

Vulnerability assessment
Overall description


Level 2


Level 3

Level 4


Level 5

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or 
eliminating their impact. 
 
Undertakes low-complexity routine vulnerability assessments using automated and semi-automated tools.  
Escalates issues where appropriate. 
Contributes to documenting the scope and evaluating the results of vulnerability assessments. 
 
Follows standard approaches to perform basic vulnerability assessments for small information systems.  
Supports creation of  catalogues of information and technology assets for vulnerability assessment. 
 
Collates and analyses catalogues of information and technology assets for vulnerability assessment.  
Performs vulnerability assessments and business impact analysis for medium complexity information systems.  
Contributes to selection and deployment of vulnerability assessment tools and techniques. 
 
Plans and manages vulnerability assessment activities within the organisation. 
Evaluates, selects and reviews vulnerability assessment tools and techniques. 
Provides expert advice and guidance to support the adoption of agreed approaches. 
Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and 
accreditation on complex information systems. 

PEDP

Information and data compliance 
Overall description 
 
 
Level 4 
 
 
 
 
 
 
Level 5 

Implementing and promoting compliance with information and data management legislation.  
 
Supports the implementation of policy, standards and guidelines related to information and data legislation and 
compliance requirements. 
Monitors the implementation of effective controls for internal delegation, audit and control relating to information 
management. 
Reports on the consolidated status of information controls to inform effective decision-making. 
Identifies risks around the use of information  and data that is subject to specific legislation. Recommends remediation 
actions as required. 
 
Contributes to policies, standards and guidelines for information and data compliance.  
Provides authoritative advice on implementing compliance controls in products, services and systems.  
Investigates breaches and recommends control improvements.  Maintains an inventory of legislated data, conducts 
risk assessments and specifies necessary changes.  
Ensures formal requests and complaints are handled following procedures. Prepares and submits reports to relevant 
authorities, ensuring all compliance requirements are met. 

THIN

Threat intelligence
Overall description

Level 2

Level 3

Level 4


Developing and sharing actionable insights on current and potential security threats to the success or integrity of an 
organisation. 
 
Contributes to routine threat intelligence gathering tasks.  
Monitors and detects potential security threats and escalates in accordance with relevant procedures and standards. 
 
Performs routine threat intelligence gathering tasks.  
Transforms collected information into a data format that can be used for operational security activities. 
Cleans and converts quantitative information into consistent formats. 
 
Collates and analyses information for threat intelligence requirements from a variety of sources. 
Contributes to reviewing, ranking and categorising qualitative threat intelligence information.  
Creates threat intelligence reports.  
Evaluates the value, usefulness and impact of threat intelligence sources. 

AIDE

Personal data protection
Overall description

Level 3

Implementing and promoting ethical practices in the design, development, deployment and use of AI and data 
technologies. 
 
Supports ethical reviews and conducts basic impact assessments under direction.  
Gathers and analyses information for assessments. Reports on ethical issues and compliance with guidance from 
others. Documents findings from audits and reviews.  
Assists with documentation and communication of ethical policies.   
Supports others in responding to incidents. 

DAAN

Data analytics 
Overall description 


Level 2


Level 3


Level 4

Enabling data-driven decision making by extracting, analysing and communicating insights from structured and 
unstructured data. 
 
Assists in data preparation and analysis activities under direction.  
Processes and validates data to support analytics.  
Generates standard reports and insights using established tools and methods. 
 
Supports data analytics by gathering and preparing data from multiple sources.  
Applies analytical and statistical methods and software tools to analyse data and develop reports.  
Assists in identifying trends, patterns and insights that inform business decisions.  
Collaborates with team members to refine analysis techniques and maintain data quality. 

IAMT

Identity and access 
management 
Overall description 
 
Level 1 
 
 
 
Level 2 
 
 
 
 
Level 3 
 
 
 
 
 
 
Level 4 

Manages identity verification and access permissions within organisational systems and environments. 
 
Performs basic identity and access management tasks, including user account lifecycle management, under 
supervision. 
Maintains accurate records and follows established identity and access management protocols. 
 
Provides assistance for identity and access management operations, including automated role allocation and access control management. 
Engages in user identity lifecycle management, including account creation and deletion. 
Facilitates operation of identity and access management tools and self-service portals. 
 
Administers standard identity and access management services, implementing policies and resolving related issues.  
Manages monitoring, audits and logging for identity and access management systems. Investigates minor security 
breaches in accordance with established procedures related to identity and access management. 
Assists users in defining their access rights and privileges. Designs and implements simple identity and access 
management solutions, enhancing user access security. Contributes to the enhancement and optimisation of existing identity and access management processes and systems. 
 
Designs and implements complex identity and access management solutions, focusing on automated access control 
and role allocation.  
Oversees the integration of identity and access management services with new technologies. 
Provides specialised support for complex identity and access management operations and supports implementation of policies and standards. 
Collaborates with stakeholders to align identity and access management with business objectives and emerging 
security trends. 

IRMG

Information management 
Overall description 
 
Level 3 
 
 
 
 
Level 4 

Enabling the effective management and use of information assets. 
 
 
Supports teams and individuals to identify and organise information assets and repositories in line with policy and 
practices. 
Conducts routine searches for non-sensitive information needed to support organisational decision making. 
Supports users to find and access information resources based on their requirements and approved access. 
 
Enables the organisation to organise, control and discover information assets. 
Supports the organisation to identify, catalogue and categorise information types and information repositories in line 
with information management strategies and practices. 
Enables users to find information through appropriate use of metadata and search tools. 
Provides advice and guidance to enable good information management practices to be adopted across the 
organisation. 

DATM

 Data management 
Overall description 
 

 Level 2 

Developing and implementing plans, policies and practices that control, protect and optimise the value and 
governance of data assets. 
 
Assists in implementing data management activities under close guidance and supervision. 
Helps create and maintain documentation of data management activities.  
Helps identify and report issues and discrepancies. 

CFMG

Configuration management 
Overall description 
 
 
Level 2 

Planning, identifying, controlling, accounting for and auditing of configuration items (CIs) and their 
interrelationships. 
 
Applies tools, techniques and processes to administer, track, log, report on and correct configuration items, 
components and changes.  
Assists with audits to check the accuracy of the information and undertakes any necessary corrective action under 
direction. 

DESN

Systems design 
Overall description 
 
Level 2 
 
 
 
Level 3 
 
 
 
 
 
Level 4 

Designing systems to meet specified requirements and agreed systems architectures. 
 
Assists in the creation and documentation of system design elements under routine supervision.  
Follows established procedures and guidelines.  
Helps create and maintain documentation. 
 
Follows standard approaches and established design patterns to create new designs for simple systems or system 
components. 
Identifies and resolves minor design issues.  
Identifies alternative design options and seeks guidance when deviating from established design patterns. 
 
Designs system components using appropriate modelling techniques following agreed architectures, design standards, 
patterns and methodology.  
Identifies and evaluates alternative design options and trade-offs. Creates multiple design views to address the 
concerns of the different stakeholders and to handle functional and non-functional requirements.  
Models, simulates or prototypes the behaviour of proposed system components to enable approval by stakeholders.  
Produces detailed design specifications to form the basis for the construction of systems. Reviews, verifies and 
improves own designs against specifications. 

GOVN

Governance 
Overall description 
 
 
Level 6 

 
Defining and operating frameworks for decision-making, risk management, stakeholder relationships and 
compliance with organisational and regulatory obligations. 
 
Implements the governance framework to enable governance activity to be conducted.  
Within a defined area of accountability, determines the requirements for appropriate governance reflecting the 
organisation's values, ethics, risk appetite and wider governance frameworks. Communicates delegated authority, 
benefits, opportunities, costs and risks.  
Leads reviews of governance practices with appropriate and sufficient independence from management activity.  
Acts as the organisation's contact for relevant regulatory authorities and ensures proper relationships between the 
organisation and external stakeholders. 

CIPM

Organisational change 
management 
Overall description 
 
 
Level 2 
 
 
 
Level 3 

 

Planning, designing and implementing activities to transition the organisation and people to the required future 
state. 
 
Assists with organisational change management tasks under routine supervision. 
Supports the collection and analysis of data related to change readiness and impact. 
Helps document and communicate change management plans and activities. 
 
Follows standard techniques to investigate and analyse the size, nature and impact of changes to operational 
activities.  
Contributes to change management plans and actions, focusing on the procedural execution of change.  
Supports implementation and engages with stakeholders under direction. 

INAS

Information assurance 
Overall description 
 
Level 2 
 
 
 
Level 3 
 
 
 
 
 
 
 
Level 4 

 
Protecting against and managing risks related to the use, storage and transmission of data and information systems. 
 
Assists with information assurance activities under routine supervision. 
Helps perform basic risk assessments and supports the implementation of information assurance measures. 
Assists in maintaining records and documentation related to information assurance. 
 
Follows standard approaches for the technical assessment of information systems against information assurance 
policies and business objectives.  
Makes routine accreditation decisions. Recognises decisions that are beyond their scope and responsibility level and 
escalates according. 
Reviews and performs risk assessments and risk treatment plans. Identifies typical risk indicators and explains 
prevention measures. 
Maintains integrity of records to support and justify decisions. 
 
Performs technical assessments and/or accreditation of complex or higher-risk information systems.  
Identifies risk mitigation measures required in addition to the standard organisation or domain measures.  
Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation 
requirements to stakeholders.   
Contributes to planning and organisation of information assurance and accreditation activities. Contributes to 
development of and implementation of information assurance processes. 

 

Data+ (DA0-001)

Code/level

Skill name

Overall description, and Description at the specified level

DENG

Data engineering
Overall description


Level 2

Level 3

Level 4

Designing, building, operationalising, securing and monitoring data pipelines and data stores.


Assist in developing and implementing data pipelines and data stores. Performs administrative tasks to provide accessibility, retrievability, security and protection of data.


Designs and implements data pipelines and data stores to acquire and prepare data. Applies data engineering standards and tools to create and maintain data pipelines and extract, transform and load data. Carries out routine data quality checks and remediation.


Designs, implements, and maintains complex data engineering solutions to acquire and prepare data. Creates and maintains data pipelines to connect data within and between data stores, applications and organisations. Carries out complex data quality checking and remediation.

STPL

Enterprise and business architecture
Overall description


Level 5

Aligning an organisation's technology strategy with its business mission, strategy, and processes and documenting this using architectural models.


Develops models and plans to drive the execution of the business strategy, taking advantage of opportunities to improve business performance. Contributes to creating and reviewing a systems capability strategy which meets the business's strategic requirements. Determines requirements and specifies effective business processes, through improvements in technology, information or data practices, organisation, roles, procedures and equipment.

DATS

Data science
Overall description


Level 2

Level 3

Level 4

Applying mathematics, statistics, data mining and predictive modelling techniques to gain insights, predict behaviours and generate value from data.

Under guidance, applies given data science techniques to data. Analyses and reports findings and
remediates simple issues, using algorithms implemented in standard software frameworks and tools.


Applies existing data science techniques to new problems and datasets using specialised programming techniques. Selects from existing data sources and prepares data to be used by data science models. Evaluates the outcomes and performance of data science models. Identifies and implements opportunities to
train and improve models and the data they use. Publishes and reports on model outputs to meet customer needs and conforming to agreed standards.


Investigates the described problem and dataset to assess the usefulness of data science and analytics solutions. Applies a range of data science techniques and uses specialised programming languages. Understands and applies rules and guidelines specific to the industry, and anticipates risks and other implications of modelling. Selects, acquires and integrates data for analysis. Develops data hypotheses and
methods and evaluates analytics models. Advises on the effectiveness of specific techniques based on project findings and comprehensive research. Contributes to the development, evaluation, monitoring and deployment of data science solutions.

NUAN

Numerical analysis
Overall description


Level 4

Creating, analysing, implementing, testing and improving algorithms for numerically solving mathematical problems.


Creates moderately complex algorithms using a range of mathematical techniques and with sensitivity to the limitations of the techniques. Uses sophisticated scientific computing and visualisation environments. Assesses the stability, accuracy and efficiency of algorithms and makes or recommends improvements to them. Iterates and improves models using feedback from experts as appropriate.

INAS

Information assurance
Overall description


Level 3

Level 4

Protecting against and managing risks related to the use, storage and transmission of data and information systems.


Follows standard approaches for the technical assessment of information systems against information assurance policies and business objectives. Makes routine accreditation decisions. Recognises decisions that are beyond their scope and responsibility level and escalates according. Reviews and performs risk assessments and risk treatment plans. Identifies typical risk indicators and explains prevention measures. Maintains integrity of records to support and justify decisions.


Performs technical assessments and/or accreditation of complex or higher-risk information systems. Identifies risk mitigation measures required in addition to the standard organisation or domain measures. Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation requirements to stakeholders. Contributes to planning and organisation of information assurance and accreditation activities. Contributes to development of and implementation of information assurance processes.

PEDP

Personal data protection
Overall description


Level 5

Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.


Contributes to the development of policy, standards and guidelines related to personal data legislation. Provides expert advice and guidance on implementing personal data legislation controls in products, services and systems. Investigates major data breaches and recommends appropriate control improvements. Creates
and maintains an inventory of data that are subject to personal data legislation. Conducts risk assessments, business impact analysis for complex information systems and specifies any required changes. Ensures that formal requests and complaints are dealt with according to approved procedures. Prepares and submits
reports and registrations to relevant authorities.

DATM

Data management
Overall description


Level 4

Developing and implementing plans, policies, and practices that control, protect and optimise the value of data assets.


Devises and implements master data management processes for specific subsets of data. Assesses the integrity of data from multiple sources. Provides advice on the transformation of data from one format/medium to another. Maintains and implements information handling procedures. Enables the availability, integrity and searchability of information through the application of formal data and metadata structures and protection measures.

DTAN

Data modelling and design

Overall description


Level 2

Level 3

Level 4

Developing models and diagrams to represent and communicate data requirements and data assets.


Establishes, modifies or maintains simple data structures and associated components. Uses specific data modelling and design techniques under guidance.


Applies standard data modelling and design techniques based upon a detailed understanding of requirements. Establishes, modifies and maintains data structures and associated components. Communicates the details of data structures and associated components to others using the data structures and associated components.


Investigates enterprise data requirements where there is some complexity and ambiguity. Plans own data modelling and design activities, selecting appropriate techniques and the correct level of detail for meeting assigned objectives. Provides advice and guidance to others using the data structures and associated components.

BINT

Business intelligence
Overall description


Level 2


Level 3

Developing, producing and delivering regular and one-off management information to provide insights and aid decision-making.


Assists with the creation of regular business intelligence reports using standard tools. Supports data preparation from existing sources.


Sources and prepares data for analysis and performs standard business intelligence analysis activities. Creates and delivers standard reports in accordance with stakeholder needs and conforming to agreed standards. Investigates the need for new or revised business intelligence analysis. Contributes to the recommendation of improvements. Engages with stakeholders under direction.

VISL

Data visualisation
Overall description


Level 3

Level 4

Facilitating understanding of data by displaying concepts, ideas, and facts using graphical representations.


Uses a visualisation product, as guided, to design and create data visuals. Selects appropriate visualisation techniques from the options available. Engages with the target user to prototype and refine specified visualisations.


Applies a variety of visualisation techniques and designs the content and appearance of data visuals. Operationalises and automates activities for efficient and timely production of data visuals. Selects appropriate visualisation approaches from a range of applicable options. Contributes to exploration and experimentation in data visualisation.

DataSys+ (DS0-001)

Code/level

Skill name

Overall description, and Description at the specified level

DBAD

Database administration 
Overall description 
 
 
Level 2 
 
 
 
 
Level 3 
 
 
 


 
Level 4

Installing, configuring, monitoring, maintaining databases and data stores, ensuring performance and security while adapting to evolving technologies. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance and monitoring of databases. Adjusts automation tasks as instructed to meet operational standards for databases. Reports on database performance, addresses issues directly when possible, or escalates to others for resolution. 
 
Provisions, installs, configures and ensures the maintenance and reliability of databases. 
Monitors databases for load, performance and security events. Reports metrics and resolves operational issues. 
Executes standard operational procedures, including database backups and restorations. Automates routine database administration tasks to specifications using standard scripts and tools. 
 
Applies technical expertise to maintain and optimise databases, executing updates and employing automation tools. 
Configures tools and/or creates scripts to automate database tasks. 
Maintains operational procedures and checks that they are followed, including compliance with security policies. Uses database management tools to monitor load and performance statistics.  
Investigates and enables the resolution of database operational and security issues. Provides reports and proposals for improvement to stakeholders. 
Contributes to the planning and implementation of database maintenance and updates. Implements agreed database changes and maintenance routines. 

DBDS

Database design 
Overall description  
 


Level 2 
 
 
 
 Level 3 
 
 
 


 
Level 4 

Specifying, designing and maintaining mechanisms for storing and accessing data across various environments and 
platforms. 
 
Assists in creating and documenting detailed database designs under routine supervision.  
Follows established procedures and guidelines.  
Helps create and maintain documentation. 
 
Interprets installation standards to meet project needs and produces database or data warehouse component 
specifications.  
Develops physical database or data warehouse design elements, within set policies, to meet data requirements. 
 
Implements physical database designs to support transactional data requirements for performance and availability.  
Develops and maintains specialist knowledge of database and data warehouse concepts, design principles, architectures, software and facilities.  
Assesses proposed changes to object/data structures and evaluates alternative options.  
Implements data warehouse designs that support business intelligence and data analytics. 

COPL

Continuity management 
Overall description 
 
Level 2 
 
 


 
Level 3 

Developing, implementing and testing a business continuity framework. 
 
Maintains records of all related testing and training and ensures the availability of all documentation. Records the actions taken and the consequences following an incident or live testing of a continuity plan for a lessons-learned 
report. 
 
Applies a structured approach to develop and document the detail for a continuity plan.  
Maintains documentation of business continuity and disaster recovery plans.  
Supports the development of a test plan and implementation of continuity management exercises. 

DATM

Data management 
Overall description 
 
 
Level 2 
 
 
 
Level 3 

Developing and implementing plans, policies and practices that control, protect and optimise the value and 
governance of data assets. 
 
Assists in implementing data management activities under close guidance and supervision. 
Helps create and maintain documentation of data management activities.  
Helps identify and report issues and discrepancies. 
 
Implements standard data management practices based on detailed organisational requirements. 
Monitors and maintains data quality through regular reviews and validation checks.     
Communicates the details of data management procedures to others, helping with their understanding and 
compliance. 

IAMT

Organisational facilitation
Overall description


Level 2

Manages identity verification and access permissions within organisational systems and environments. 
 
Performs basic identity and access management tasks, including user account lifecycle management, under 
supervision. 
Maintains accurate records and follows established identity and access management protocols. 

DTAN

Data modelling and design 
Overall description 
 
 
Level 2 
 
 
Level 3 
 
 
 
 
Level 4 

Developing models and diagrams to represent, communicate and manage data requirements and data assets. 
 
Establishes, modifies or maintains simple data structures and associated components.  
Uses specific data modelling and design techniques under guidance. 
 
Applies standard data modelling and design techniques based upon a detailed understanding of organisational 
requirements.  
Establishes, modifies and maintains data structures and associated components.  
Communicates and explain the details of data structures and components to others. 
 
Investigates enterprise data requirements where there is some complexity and ambiguity.   
Plans data modelling and design activities, selecting appropriate techniques and levels of detail to meet objectives.  
Provides advice and guidance to others using the data structures and associated components. 

SCTY

Information security 
Overall description 
 
Level 2 

Defining and operating a framework of security controls and security management strategies. 
 
Assists with implementing and monitoring security policies and protocols across different systems. 
Contributes to identifying and addressing potential risks in security governance and compliance. 
Supports the analysis of documented security incidents, escalating where appropriate. 
Assists in the review of access controls and permissions, ensuring adherence to security policies. 

PROG

Programming/software 
development 
Overall description 
 
Level 2 

 


Developing software components to deliver value to stakeholders. 
 
Designs, codes, verifies, tests, documents, amends and refactors simple programs/scripts.  
Applies agreed standards, tools and basic security practices to achieve a well-engineered result. 
Reviews own work. 

SCAD

Security operations 
Overall description 
 
 
Level 1 

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and 
operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 

STMG

Storage management 
Overall description 
 
 
Level 2 
 
 
 
Level 3 
 
 
 
 
 
 
Level 4 

Provisioning, configuring and optimising on-premises and cloud-based storage solutions, ensuring data availability, security and alignment with business objectives. 
 
Assists with storage management tasks such as provisioning. 
Supports the setup and configuration of storage systems, incorporating standard security practices. 
Helps monitor storage performance and capacity, and documents storage utilisation. 
 
Executes routine storage management tasks following established procedures and using standard tools. 
Implements documented configurations for allocation of storage, installation and maintenance of secure storage systems using the agreed operational procedures. 
Identifies operational problems, including security-related issues, and contributes to their resolution. 
Uses standard management and reporting tools to collect and report on storage utilisation, performance and backup statistics. 
 
Prepares and maintains operational procedures for storage management.  
Monitors capacity, performance, availability and other operational metrics. Takes appropriate action to ensure corrective and proactive maintenance of storage and backup systems to protect and secure business information.  
Creates reports and proposals for improvement.  
Contributes to the planning and implementation of new installations and scheduled maintenance and changes of existing systems. 

 DataX (DY0-001)

Code/level

Skill name

Overall description, and Description at the specified level

DANN

Data Analytics

Overall definition

Level 1

Level 2

Level 3

Level 4

Enabling data-driven decision making by extracting, analysing and communicating insights from structured and 
unstructured data. 
 
Assists in data preparation and analysis activities under direction.  
Processes and validates data to support analytics.  
Generates standard reports and insights using established tools and methods. 
 
Supports data analytics by gathering and preparing data from multiple sources.  
Applies analytical and statistical methods and software tools to analyse data and develop reports.  
Assists in identifying trends, patterns and insights that inform business decisions.  
Collaborates with team members to refine analysis techniques and maintain data quality. 
 
Conducts end-to-end data analysis, defining data requirements and ensuring data integrity.  
Applies advanced analytical and statistical techniques to extract meaningful insights and develop predictive models. 
Communicates complex findings to stakeholders in an understandable manner.  
Contributes to the development of data analytics processes and standards. Identifies opportunities for improving data 
analytics practices. 
 
Manages data analytics activities, establishing frameworks and methodologies aligned with business objectives and 
data governance policies.  
Leads the implementation of data analytics solutions. Translates business needs into analytics requirements and 
identifies data-driven solutions.  
Guides the selection and application of advanced analytical techniques.  
Communicates insights and recommendations to senior stakeholders, influencing strategic decisions. 

 

DATM

Data Management

Overall definition

 

Level 2

Level 3

Level 4

Level 5

Developing and implementing plans, policies and practices that control, protect and optimise the value and 
governance of data assets. 
 
Assists in implementing data management activities under close guidance and supervision. 
Helps create and maintain documentation of data management activities.  
Helps identify and report issues and discrepancies. 
 
Implements standard data management practices based on detailed organisational requirements. 
Monitors and maintains data quality through regular reviews and validation checks.     
Communicates the details of data management procedures to others, helping with their understanding and 
compliance. 
 
Devises and implements data governance and master data management processes for specific subsets of data.  
Assesses the integrity of data from multiple sources.  
Advises on transformation of data between formats or media. Maintains and implements data handling procedures.  
Enables data availability, integrity and searchability through formal data and metadata structures and protection 
measures. 
 
Devises and implements data governance and master data management processes.  
Derives data management structures and metadata to support consistent data retrieval, integration, analysis, pattern 
recognition and interpretation across the organisation. 
Independently validates external information from multiple sources.  Plans effective data storage, sharing and 
publishing practices within the organisation. 
Identifies and addresses issues preventing optimal use of information assets. Provides expert advice to maximise data 
asset value, ensuring data quality and compliance. 

BURM

Risk management
Overall description


Level 3

Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise.


Undertakes basic risk management activities. Maintains documentation of risks, threats, vulnerabilities and mitigation actions.

FEAS

Feasibility assessment
Overall description

Level 3

Defining, evaluating and describing business change options for financial, technical and business feasibility, and strategic alignment.


Supports option identification and feasibility assessment. Selects and employs standard techniques to get the information required for feasibility assessment. Supports identification of tangible costs and benefits, and development of business cases.

DESN

Systems design
Overall description


Level 3

Designing systems to meet specified requirements and agreed systems architectures.


Follows standard approaches and established design patterns to create new designs for simple systems or system components. Identifies and resolves minor design issues. Identifies alternative design options and seeks guidance when deviating from established design patterns.

CHMG

Change control
Overall description


Level 2

Level 3

Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated.


Applies tools, techniques and processes to administer, track, log, report on change requests. Applies change control procedures for standard, low-risk changes.


Develops, documents and implements changes based on requests for change. Applies change control procedures. Applies tools, techniques and processes to manage and report on change requests.

 CloudNetX (CNX-001)

CIPM

Organisational change 
management 
Overall description 
 
 
Level 2 
 
 
 
Level 3 

Planning, designing and implementing activities to transition the organisation and people to the required future 
state. 
 
 
Assists with organisational change management tasks under routine supervision. 
Supports the collection and analysis of data related to change readiness and impact. 
Helps document and communicate change management plans and activities. 
 
Follows standard techniques to investigate and analyse the size, nature and impact of changes to operational 
activities.  
Contributes to change management plans and actions, focusing on the procedural execution of change.  
Supports implementation and engages with stakeholders under direction. 

CFMG

Configuration management 
Overall description 
 
 
Level 2 
 
 
 
 
Level 3 

Planning, identifying, controlling, accounting for and auditing of configuration items (CIs) and their 
interrelationships. 
 
Applies tools, techniques and processes to administer, track, log, report on and correct configuration items, 
components and changes.  
Assists with audits to check the accuracy of the information and undertakes any necessary corrective action under 
direction. 
 
Applies tools, techniques and processes to track, log and correct information related to configuration items.  
Verifies and approves changes to protect assets and components from unauthorised change, diversion and 
inappropriate use.  
Supports user compliance with identification standards for object types, environments, processes, lifecycles, 
documentation, versions, formats, baselines, releases and templates.  
Performs audits to check the accuracy of the information and undertakes any necessary corrective action under 
direction. 

IAMT

Identity and access 
management 
Overall description 
 
 
Level 1 
 
 
 
Level 2 
 
 
 
Level 3 
 
 
 
 
 
 
 
Level 4 

Manages identity verification and access permissions within organisational systems and environments. 
 

Performs basic identity and access management tasks, including user account lifecycle management, under 
supervision. 
Maintains accurate records and follows established identity and access management protocols. 
 
Provides assistance for identity and access management operations, including automated role allocation and access 
control management. 
Engages in user identity lifecycle management, including account creation and deletion. 
Facilitates operation of identity and access management tools and self-service portals. 
 
Administers standard identity and access management services, implementing policies and resolving related issues.  
Manages monitoring, audits and logging for identity and access management systems. Investigates minor security 
breaches in accordance with established procedures related to identity and access management. 
Assists users in defining their access rights and privileges. Designs and implements simple identity and access 
management solutions, enhancing user access security. Contributes to the enhancement and optimisation of existing 
identity and access management processes and systems. 
 
Designs and implements complex identity and access management solutions, focusing on automated access control 
and role allocation.  
Oversees the integration of identity and access management services with new technologies. 
Provides specialised support for complex identity and access management operations and supports implementation of 
policies and standards. 
Collaborates with stakeholders to align identity and access management with business objectives and emerging 
security trends.

NTDS

Network design 
Overall description 
 
Level 2 
 
 
 
 

Level 3 
 
 
 
Level 4 
 
 
 
 
 
 


Level 5 

Designing communication networks to meet business requirements, ensuring scalability, reliability, security and 
alignment with strategic objectives. 
 

Assists with defining configurations for networks and network components under routine supervision.  
Follows established network architectures, standards, and security protocols. 
Assists in documenting network configurations and producing detailed network specifications under guidance, 
incorporating relevant security aspects. 
 
Specifies the technical configurations and components required for a small network or a network segment in a more 
complex infrastructure. 
Follows organisational architectures, standards, and security guidelines. 
 
Designs specific network components using agreed architectures, design standards, patterns and methodology. 
Translates logical designs into physical designs that meet specified operational parameters for capacity and 
performance. 
Reviews and verifies network designs against non-functional requirements, including validation and error correction 
procedures, access, security and audit controls. 
Contributes to the development of recovery routines and contingency procedures. Contributes to alternative network 
architectures, networking topologies and design options. 
 
Produces, or approves network providers', network architectures, topologies and configuration databases for own 
area of responsibility. 
Specifies design parameters for network connectivity, capacity, speed, interfacing, security and access, in line with 
business requirements. 
Assesses network-related risks and specifies recovery routines and contingency procedures. 
Creates multiple design views to address the different stakeholders' concerns and to handle both functional and non
functional requirements. 

NTAS

Network support 
Overall description 
 
 
Level 1 
 
 
 
Level 2 
 
 
 
 
 
 Level 3 
 
 
 
 
 
 
 
 
Level 4

Providing maintenance and support services for communications networks. 
 
 
Supports routine network tasks under close supervision.  
Monitors basic network health and reports on the status of network components.  
Assists with straightforward troubleshooting and follows established procedures to maintain operational continuity.  
Escalates issues as necessary to higher levels of support 
 
Assists in the operational configuration of network components and the investigation and resolution of network 
problems. 
Assists in the implementation of basic scripting and automation tools to streamline network support tasks. 
Assists with specified maintenance procedures and follows established safety, security and quality standards. 
Provides first-line support and guidance to network users, escalating issues as necessary. 
 
Executes agreed network maintenance tasks and specified operational configuration of network components. 
Identifies and diagnoses network problems/faults using the required troubleshooting tools and network management 
software, including addressing security-related issues. 
Implements and maintains scripts, automation tools and orchestration platforms to optimise network support 
processes. 
Collects performance and traffic statistics and collaborates with others to ensure network effectiveness and resolve 
issues. 
 
Executes agreed network maintenance tasks and specified operational configuration of network components. 
Identifies and diagnoses network problems/faults using the required troubleshooting tools and network management 
software, including addressing security-related issues. 
Implements and maintains scripts, automation tools and orchestration platforms to optimise network support 
processes. 
Collects performance and traffic statistics and collaborates with others to ensure network effectiveness and resolve 
issues 

ITOP

Infrastructure operations 
Overall description 
 
Level 1 
 
 
Level 2 
 
 
 
 
 
Level 3 
 
 
 
 
 Level 4


Provisioning, deploying, configuring, operating, and optimising technology infrastructure across physical, virtual, 
and cloud-based environments. 
 
Supports routine infrastructure tasks and basic troubleshooting under close supervision. Monitors infrastructure 
health and reports on component status to support operational continuity. 
 
Executes operational procedures, runs automation scripts and performs routine maintenance, installation and 
monitoring of infrastructure components.  
Adjusts automation tasks as instructed to meet operational standards. 
Reports on infrastructure performance and security events, addressing issues directly when possible or escalating 
them to others for resolution. 
 
Provisions, deploys, and configures infrastructure services and components. Monitors infrastructure for load, 
performance and security events. Reports metrics and resolves operational issues. Executes standard operational 
procedures, including backups and restorations. Carries out agreed system software maintenance tasks. Automates 
routine system administration tasks to specifications using standard tools and basic scripting. 
 
Applies technical expertise to maintain and optimise technology infrastructure, executing updates and employing 
automation tools. Configures tools and/or creates scripts to automate infrastructure tasks.  
Maintains operational procedures and checks that they are followed, including adherence to security policies. Uses 
infrastructure management tools to monitor load, performance, and security metrics. 
Investigates and enables the resolution of operational and security-related issues. Provides reports and proposals for 
improvement to stakeholders. 
Contributes to the planning and implementation of infrastructure maintenance and updates. Implements agreed 
infrastructure changes and maintenance routines. 

SINT

Systems integration and build 
Overall description 
 
 
Level 2 
 
 
 
Level 3 


Planning, implementing and controlling activities to integrate system elements, subsystems and interfaces to create 
operational systems, products or services. 
 
Produces builds from system components using appropriate build automation tools and processes. 
Conducts tests as defined in an integration test specification and records the details of any failures. 
Analyses and reports on integration test activities and results. Identifies and reports issues and risks. 
 
Defines the modules and components and dependencies needed for an integration build and produces a build 
definition. Accepts completed modules and components, checking that they meet defined criteria. 
Produces builds from system components for loading onto target environments.  
Configures the hardware, software and infrastructure environment as required by the system being integrated.  
Produces integration test specifications, conducts tests and records and reports on outcomes. Diagnoses faults and 
documents the results of tests. Produces system integration reports. 

AVMT

Availability management 
Overall description 
 
Level 3 
 
 
 
Level 4 

Ensuring services deliver agreed levels of availability to meet the current and future needs of the business. 
 
Performs defined availability management tasks, such as routine monitoring and data collection. 
Tests disaster recovery procedures under direction and contributes to the documentation of recovery plans. 
Assists with the operation of availability management tools and processes. 
Monitors service components against agreed performance standards and reports any deviations. 
 
Analyses service and component availability, reliability, maintainability and serviceability.  
Contributes to the availability management process and its operation.  
Monitors and maintains services and components to ensure ongoing compliance with agreed performance targets and 
service levels. 
Implements disaster recovery arrangements and documents recovery procedures. Conducts testing of recovery 
procedures. 

HSIN

Systems installation and 
removal 
Overall description 
 
 
Level 1 
 
 
Level 2 
 
 
 
Level 3 

 

Installing and testing, or decommissioning and removing, systems or system components. 
 
 
Follows agreed procedures to perform simple installations, replace consumable items, and check the correct working 
of installations. Documents and reports on work done. 
 
Installs or removes system components using supplied installation instructions and tools.   
Conducts standard tests and contributes to investigations of problems and faults. 
Confirms the correct working of installations.  
Documents results in accordance with agreed procedures. 
 
Installs or removes hardware and/or software, using supplied installation instructions and tools, including handover to 
the client.  
Uses standard procedures and diagnostic tools to test installations, correct problems, and document results.  
Records details of all components that have been installed and removed. Assists users and follows agreed procedures 
for further help or escalation. 
Contributes to the development of installation procedures and standards. 

DESN

Systems design 
Overall description 
 
Level 2 
 
 
 
Level 3 


Designing systems to meet specified requirements and agreed systems architectures. 
 
Assists in the creation and documentation of system design elements under routine supervision.  
Follows established procedures and guidelines.  
Helps create and maintain documentation. 
 
Follows standard approaches and established design patterns to create new designs for simple systems or system 
components. 
Identifies and resolves minor design issues.  
Identifies alternative design options and seeks guidance when deviating from established design patterns.

BURM

Risk management 
Overall description 
 
 
Level 2 
 
 
 
Level 3 
 
 
Level 4 

 

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy 
and governance frameworks. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision.  
Helps create and maintain documentation of risks and risk management activities.  
Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities.  
Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 
 
Carries out risk management activities within a specific function, technical area or project of medium complexity.  
Identifies risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to 
the business.  
Involves specialists and domain experts as necessary. 

ARCH

Solution architecture 
Overall description 
 
Level 4 


Developing and communicating a multi-dimensional solution architecture to deliver agreed business outcomes. 
 


Contributes to the development of solution architectures in specific business, infrastructure or functional areas.  
Identifies and evaluates alternative architectures and the trade-offs in cost, performance and scalability. Determines 
and documents architecturally significant decisions.  
Produces specifications of cloud-based or on-premises components, tiers and interfaces, for translation into detailed 
designs using selected services and products.  
Supports projects or change initiatives through the preparation of technical plans and application of design principles. 
Aligns solutions with enterprise and solution architecture standards (including security). 

IFDN

Infrastructure design 
Overall description 
 
 
Level 2 
 
 
 
Level 3 
 
 
 
 
 
 
Level 4 

Designing technology infrastructure to meet business requirements, ensuring scalability, reliability, security and 
alignment with strategic objectives. 
 
Assists in developing preliminary infrastructure design specifications under routine supervision.  
Uses established standards and security protocols to contribute to infrastructure design activities.  
Helps draft design documents and diagrams. Documents design-related issues. 
 
Performs varied infrastructure design tasks, including complex and non-routine assignments, using standard methods.  
Develops design specifications and diagrams for infrastructure components, integrating hardware, software, network 
elements, and cloud services, and addressing security requirements. 
Collaborates with others to align infrastructure design with organisational objectives and resolve design issues.  
Suggests improvements to enhance infrastructure performance and reliability. 
 
Leads the design of complex infrastructure systems to deliver comprehensive design solutions.  
Develops detailed architectural frameworks and ensures integration of all infrastructure components, including cloud 
services. 
Provides guidance on recommended practices and design standards. Reviews and validates design specifications and 
documentation.  
Checks that designs are scalable, reliable and secure, aligning with business and technical requirements. 

SCAD

Security operations 
Overall description 
 
 
Level 1 
 
 
Level 2 

 
Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and 
operational integrity. 
 
Performs simple security administration tasks.  
Maintains relevant records and documentation, contributing to overall data integrity. 
 
Receives and responds to routine requests for security support. Maintains records and effectively communicates 
actions taken. 
Assists in the investigation and resolution of issues relating to security systems using basic diagnostic tools and 
techniques. 
Documents incident and event information and generates reports on exceptions and security events. Contributes to 
management reporting processes. 

 Cloud Essentials+ (CLO-002)

Code/level

Skill name

Overall description, and Description at the specified level

BUSA

Business situation analysis 
Overall description 
 
Level 2 
 
 
 
Level 3 

 
 Investigating business situations to define recommendations for improvement action. 
 
Assists in investigating business situations to help identify and analyse problems and opportunities, under routine supervision.  
Helps collect and organise data and information to support recommendations. 
 
Investigates straightforward business situations to identify and analyse problems and opportunities.  
Contributes to the recommendation of improvements.  
Follows agreed standards and techniques to investigate, analyse and document business situations.  
Engages with stakeholders under direction. 

BURM

Risk management 
Overall description 
 
 
Level 2 
 
 
Level 3 

Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise. 
 
Assists in collecting and reporting data to support risk management activities under routine supervision. Helps create and maintain documentation of risks and risk management activities. Helps identify and report issues and discrepancies. 
 
Undertakes basic risk management activities. Maintains documentation of risks, threats, vulnerabilities and mitigation actions. 

SORC

Sourcing 
Overall description 
 
Level 2  

Managing, or providing advice on, the procurement or commissioning of products and services. 
 
Assists in the preparation of pre-qualification questionnaires and tender invitations in response to business cases.  
Assembles relevant  information for tenders.  
Produces detailed evaluation criteria for simple tender criteria.  
Assists in the evaluation of tenders. 

FEAS

Feasibility assessment 
Overall description 
 
 
Level 2 
 
 
Level 3 

Defining, evaluating and describing business change options for financial, technical and business feasibility and strategic alignment. 
 
Assists in feasibility assessment tasks under routine supervision.  
Helps gather information required for feasibility assessments.  
Supports the identification and documentation of options for business change. 
 
Supports option identification and feasibility assessment. 
Selects and employs standard techniques to get the information required for feasibility assessment.  
Supports identification of tangible costs and benefits, and development of business cases. 

DESN

Systems design 
Overall description 
 
Level 2 
 


Level 3 


Designing systems to meet specified requirements and agreed systems architectures. 
 
Assists in the creation and documentation of system design elements under routine supervision.  
Follows established procedures and guidelines.  
Helps create and maintain documentation. 
 
Follows standard approaches and established design patterns to create new designs for simple systems or system components. 
Identifies and resolves minor design issues.  
Identifies alternative design options and seeks guidance when deviating from established design patterns. 

CHMG

Change control 
Overall description 
 
 
Level 2 
 
 
 
Level 3 

 
Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated. 
 
Administers, tracks, logs, reports on change requests, using appropriate tools, techniques and processes. 
Provides assistance to implement standard low-risk changes, in accordance with defined change control procedures. 
 
Develops, documents and implements changes based on requests for change.  
Applies change control processes and procedures.  
Applies tools, techniques and processes to manage and report on change requests. 

INAS

Information assurance 
Overall description 
 
 
Level 2 

 
Protecting against and managing risks related to the use, storage and transmission of data and information systems. 
 
Assists with information assurance activities under routine supervision. 
Helps perform basic risk assessments and supports the implementation of information assurance measures. 
Assists in maintaining records and documentation related to information assurance. 

BUDF

Budgeting and forecasting  
 
Overall description 
 
 
Level 2 
 
 
Level 3 


 
Developing and managing financial budgets and forecasts to enable effective decision-making and resource 
allocation. 
 
Assists in gathering financial data and preparing basic budget templates under supervision.  
Supports the budgeting and forecasting process by completing assigned tasks. 
 
Performs specified tasks in the budgeting and forecasting process, including data analysis and report preparation, using standard methods.  
Identifies and resolves routine budgeting and forecasting issues.  
Communicates budget and forecast information to relevant stakeholders. 

 Project+ (PK0-005)

Code/level

Skill name

Overall description, and Description at the specified level

PRMG

Project management

Overall definition

 

Level 4

Level 5

Delivering agreed outcomes from projects using appropriate management techniques, collaboration, leadership and governance.

Defines, documents and executes small projects or sub-projects. Works alone or with a small team actively participating in all phases of the project. Applies appropriate project management methods and tools. Identifies, assesses and manages risks effectively. Agrees project approach with stakeholders and prepares realistic project plans (including scope, schedule, quality, risk and communication plans). Tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, times, quality and resources used takes action where these exceed agreed tolerances.


Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale projects. Provides effective leadership to the project team. Adopts appropriate project management methods and tools. Manages the change control process and assesses and manages risks. Ensures that realistic
project plans are maintained and delivers regular and accurate communication to stakeholders. Ensures project and product quality reviews occur on schedule and according to procedure. Ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are formally accepted, by appropriate stakeholders. Monitors costs, times, quality and resources used and takes action where performance deviates from agreed tolerances.

PROF

Portfolio, programme and project support

Overall definition

 

Level 2

 

 

Level 3

Providing support and guidance on portfolio, programme and project management processes, procedures, tools and techniques.


Assists with the compilation of portfolio, programme and project management reports. Maintains programme and project files from supplied actual and forecast data.


Provides administrative services to project boards, project assurance teams and quality review meetings. Uses recommended portfolio, programme and project control solutions for planning, scheduling and tracking. Sets up project files, compiles and distributes reports. Provides guidance on project management software, procedures, processes, tools and techniques.

BUSA

Business situation analysis
Overall description


Level 3

Investigating business situations to define recommendations for improvement action.


Investigates straightforward business situations to identify and analyse problems and opportunities. Contributes to the recommendation of improvements. Follows agreed standards and techniques to investigate, analyse and document business situations. Engages with stakeholders under direction.

RLMT

Stakeholder relationship
management

Overall description


Level 4

Influencing stakeholder attitudes, decisions, and actions for mutual benefit.


Deals with problems and issues, managing resolutions, corrective actions, lessons learned, and the collection and dissemination of relevant information. Implements stakeholder engagement/communications plan. Collects and uses feedback from customers and stakeholders to help measure the effectiveness of stakeholder management. Helps develop and enhance customer and stakeholder relationships.

CIPM

Organisational change
management
Overall description


Level 3

Planning, designing and implementing activities to transition the organisation and people to the required future state.


Follows standard techniques to investigate and analyse the size, nature and impact of changes to operational activities. Contributes to the recommendations for change management plans and actions. Supports implementation and engages with stakeholders under direction.