The global skills and competency framework for the digital world

Everyone has information security responsibilities

SFIA supports the need for individuals and organisations to embed secure working practices into everything they do.

This means that everyone needs to be aware of security and make it a generally accepted part of every-day working and management practices.

In SFIA - these generic (not role-specific) expectations are described in the Business skills dimension of SFIA's 7 levels of responsibility.

Security, privacy and ethics

All levels 1 to 7 - extract from Business skills generic attributes

Level 1 - Follow

Understands and complies with organisational standards.

Level 2 - Assist

Is fully aware of organisational standards. Uses appropriate working practices in own work.

Level 3 - Apply

Demonstrates appropriate working practices and knowledge in non-routine work. Appreciates how own role and others support appropriate working practices.

Level 4 - Enable

Fully understands the importance and application to own work and the operation of the organisation. Engages or works with specialists as necessary.

Level 5 - Ensure, advise

Proactively contributes to the implementation of appropriate working practices and culture.

Level 6 - Initiate, influence

Takes a leading role in promoting and ensuring appropriate working practices and culture throughout own area of accountability and collectively in the organisation.

Level 7 - Set strategy, inspire, mobilise

Provides clear direction and strategic leadership for the implementation of working practices and culture throughout the organisation.