Conducts record collection, delivery and retention tasks ensuring ensure accessibility, retrievability, integrity, security and protection of records is maintained.
SFIA Skills: Delivery and operation
Policies, procedures and standards (RMGT)( Level 3)
Follows organisational policies and actively identifies potential risks in information handling.
Information Handling (RMGT)( Level 3)
Uses ethical and reliable methods to transform data between formats or media, following organisational policies and being aware of potential issues when handling information.
Data transformation (RMGT)( Level 3)
Uses ethical and reliable methods to transform data between formats or media, following organisational policies and being aware of potential issues when handling information.
Controls (RMGT)( Level 3)
Configures routine controls to ensure only approved actions are performed on records.
Access requests (RMGT)( Level 3)
Conducts routine searches for records required to support authorised requests. Supports users in finding and accessing records.
Records management (RMGT)( Level 5)
Oversees records management administration activities ensuring effective and efficient customer service is provided.
Policies, procedures and standards (RMGT)( Level 5)
Supports the implementation of records management policies andContributes to the development of policy, standards and procedures for compliance with records-related legislation. Ensures implementation of records management policies covering all aspects of retention and disposal.practices including the approved disposal of records.
Controls (RMGT)( Level 5)
Manages access controls for records, including authorising access and approving the release of potentially sensitive information.
Advice/guidance (RMGT)( Level 5)
Reviews new change proposals and provides specialist advice on records management. Assesses and manages records-related risks.
Access requests (RMGT)( Level 5)
Conducts and oversees complex record searches, seeking legal guidance when necessary.
Records management (RMGT)( Level 4)
Conducts record collection, delivery and retention tasks ensuring ensure accessibility, retrievability, integrity, security and protection of records is maintained.
Advice/guidance (RMGT)( Level 4)
Provides advice and guidance to enable appropriate records management practices to be adopted across the organisation.
Policies, procedures and standards (RMGT)( Level 4)
Supports the implementation of records management policies and practices including the approved disposal of records.
Access requests (RMGT)( Level 4)
Conducts complex or sensitive searches for records to address authorised requests.
Controls (RMGT)( Level 4)
Monitors and reports on the implementation of effective controls for records management including metadata and access controls.
Vulnerability identification and analysis (VUAS) (Level 4)
Assesses the potential vulnerabilities identified against established vulnerability databases.
Vulnerability assessment (VUAS) (Level 4)
Conducts automated and manual vulnerability assessments and business impact analyses. Creates test cases using in-depth technical analysis of risks and typical vulnerabilities. Assesses effectiveness of security controls for infrastructure and application components, and recommends remedial action.
Tools and techniques (VUAS) (Level 4)
Contributes to the selection and deployment of vulnerability assessment tools and techniques.
Risk mitigation (VUAS) (Level 4)
Delivers risk treatment plans using one or more recognised control sets.
Risk assessment (VUAS) (Level 4)
Produces a risk assessment table to determine the likelihood and impact to an information or technology asset if a vulnerability is exposed to a threat source, assigning a likelihood and impact to determine risk level. Documents the business impact of a vulnerability being breached.
Critical information and technology assets (VUAS) (Level 4)
Allocates an impact level to critical information and technology assets should their confidentiality, integrity or availability be breached. Collates and analyses catalogues of information and technology assets for vulnerability assessment.
Communication and awareness (VUAS) (Level 4)
Promotes security awareness and communicates information on security risks and potential business impact to senior business managers and others.
Assessment documentation (VUAS) (Level 4)
Documents a full vulnerability assessment and business impact analysis conducted on medium complexity information systems.
Violation and security breach (SCAD) (Level 4)
Investigates security breaches in accordance with established procedures and security standards, and recommends required actions and support/follows-up to ensure these are implemented. Investigates and reconciles violation reports and logs generated by automated systems. Where appropriate (i.e. involving employees within own organisation) interviews minor offenders and compiles reports and recommendations for management follow-up.
Security advice (SCAD) (Level 4)
Provides advice and handles enquiries relating to security, contingency planning and related activities. Acts as subject matter expert for security administration activities.
Policies, standards, processes and guidelines (SCAD) (Level 4)
Maintains security administration processes, and checks that all requests for support are dealt with according to agreed procedures.
Auditable records (SCAD) (Level 4)
For all services and systems within identified remit, maintains auditable records and user documentation. Assists in the preparation and maintenance of other documentation such as business recovery plans, particularly in the data collection and compilation/production/distribution phases of the exercise.
Vulnerability identification and analysis (VUAS) (Level 5)
Takes a comprehensive approach to seeking vulnerabilities across the full spectrum of organisation policies, processes, and defences in order to improve organisational readiness, improve training for defensive practitioners, and inspect current performance levels.
Vulnerability assessment (VUAS) (Level 5)
Plans and manages automated and manual vulnerability assessment activities within the organisation. Assesses effectiveness of security controls for infrastructure and application components and recommends remedial action.
Tools and techniques (VUAS) (Level 5)
Reviews, evaluates, and selects vulnerability tools and techniques.
Risk mitigation (VUAS) (Level 5)
Identifies control owners and holds them accountable for the implementation of policies to reduce the risk of controls allocated to them using a recognised methodology.
Risk assessment (VUAS) (Level 5)
Uses complex quantitative risk analysis methods such as exposure factor, single loss expectancy, annualised rate of occurrence or annualised loss expectancy, to conduct security risk assessments, business impact analysis and accreditation on complex information systems.
Critical information and technology assets (VUAS) (Level 5)
Determines a quantifiable value to the impairment of an identified critical information or technology asset.
Communication and awareness (VUAS) (Level 5)
Communicates to the organisation’s leadership information on security risks to critical information and technology assets, and the impact on the business should vulnerabilities be breached.
Assessment documentation (VUAS) (Level 5)
Documents a full vulnerability assessment and business impact analysis conducted on complex information systems.
Violation and security breach (SCAD) (Level 5)
Ensures that all identified breaches in security are promptly and thoroughly investigated, and that any system changes required to maintain security are implemented. Investigates complex, or highly sensitive violations referred by more junior staff or colleagues, handling issues imaginatively, efficiently and professionally. Obtains factual information and formulates opinions regarding exposed violations. Where appropriate (i.e. involving employees within own organisation) interviews offenders in conjunction with the relevant line manager or on own authority if warranted.
Security training (SCAD) (Level 5)
Ensures that training, guidance and support is provided to security administrators, in all aspects of security policy and control.
Security advice (SCAD) (Level 5)
Provides general security expertise and specialist guidance on security administration and wider security issues.
Policies, standards, processes and guidelines (SCAD) (Level 5)
Contributes to the creation and maintenance of policy, standards, procedures and documentation for security, taking account of current best practice, legislation and regulation.
Changes and continual improvement (SCAD) (Level 5)
Advises on and assists with the assessment of the potential impact on existing access security mechanisms of specific planned technical changes, in order to help ensure that potential compromise or weakening of existing security controls is minimised. Also assists in the evaluation, testing and implementation of such changes.
Auditable records (SCAD) (Level 5)
Ensures that security records are accurate and complete, and that requests for support are dealt with according to set standards and procedures. Recognises requirements for, and creates, auditable records, user documentation and security awareness literature for all services and systems within scope, ensuring that the records provide a comprehensive history of violations, resolutions and corrective action.
Assurance (SCAD) (Level 5)
Monitors the application and compliance of security administration procedures, and reviews information systems for actual or potential breaches in security.
Vulnerability identification and analysis (VUAS) (Level 3)
Determines the potential vulnerabilities that might breach a critical information asset.
Vulnerability assessment (VUAS) (Level 3)
Conducts automated and manual vulnerability assessments under direction. Undertakes moderate-complexity vulnerability assessments using more sophisticated techniques and tools.
Risk assessment (VUAS) (Level 3)
Assesses the likelihood of attack on critical information and technology asset vulnerabilities from a threat source. Assesses the business impact and determines a value to the potential loss should a vulnerability be breached.
Critical information and technology assets(VUAS) (Level 3)
Assigns asset information security requirements and catalogues identified critical information and technology assets for vulnerability assessment.
Communication and awareness (VUAS) (Level 3)
Promotes security awareness and communicates information on known security risks and issues to business managers and others.
Assessment documentation (VUAS) (Level 3)
Documents vulnerability assessments. Evaluates and documents results, escalating and communicating issues where appropriate.
Violation and security breach (SCAD) (Level 3)
Investigates minor security breaches in accordance with established procedures and security standards. Investigates and reconciles violation reports and logs generated by automated systems. Integrates findings from other investigators, and compiles reports and recommendations for management follow-up. Leads the continual monitoring and remediation processes following an incident.
Security advice (SCAD) (Level 3)
Handles all enquiries relating to security administration with only infrequent reference to more senior staff for assistance
Auditable records (SCAD) (Level 3)
For all services and systems within identified remit, maintains auditable records and user documentation. Assists in the preparation and maintenance of evidence required for internal and external audit, compliance or regulatory reporting, security accreditations, and business recovery plans — particularly in the data collection and compilation/production/distribution phases of the exercise.
Vulnerability identification and analysis (VUAS) (Level 2)
Identifies basic vulnerabilities that might breach a critical information or technology asset.
Vulnerability assessment (VUAS) (Level 2)
Undertakes routine vulnerability assessments using automated and semi-automated tools, escalating issues where appropriate. Participates, under supervision, in more complex assessments.
Critical information and technology assets (VUAS) (Level 2)
Identifies and documents critical information and technology assets within the organisation, including the asset type and asset location.
Communication and awareness (VUAS) (Level 2)
Promotes awareness of security risks and issues to colleagues and others.
Assessment documentation (VUAS) (Level 2)
Documents the scope and results of basic vulnerability assessments, or contributes to the documentation of more complex assessments.
Violation and security breach (SCAD) (Level 2)
Assists in the investigation and resolution of issues relating to access controls and security systems. Investigates and reconciles violation reports and logs generated by automated systems. Investigates any other minor security breaches, in accordance with established procedures and security standards. Integrates findings from other investigators, and compiles reports and recommendations for management follow-up.
Security advice (SCAD) (Level 2)
Receives and responds to routine requests for security support. Maintains records and advises relevant persons of actions taken.
Auditable records (SCAD) (Level 2)
For all services and systems within identified remit, maintains auditable records and user documentation. Assists in the preparation and maintenance of evidence for use in internal and external audits, compliance or regulatory reporting, security accreditations, and business recovery plans — particularly in the data collection and compilation/production/distribution phases of the exercise.
System development standards (DLMG) (Level 7)
Manages the process for establishing and maintaining the organisation’s systems development standards, methods and procedures and for ensuring that they are adhered to. Manages existing software process improvement approaches and/or develops new approaches to achieving improvement.
Resource planning (DLMG) (Level 7)
Oversees the resourcing of the agreed programme of systems development, taking full responsibility for the provision of IT resources and advising on requirements for client/user resources.
Project and programme definition (DLMG) (Level 7)
Typically, within a large organisation, works with senior client or user management to define a costed and prioritised programme of systems development which supports the organisation’s objectives and strategic plans. Communicates information about the agreed programme, and how it supports the organisation’s objectives.
Programme assurance (DLMG) (Level 7)
Ensures that the programme of systems development is implemented in a coherent and consistent manner, liaising as necessary with IS, ICT and client/user management to ensure that planned systems developments are compatible with the organisation’s existing systems, infrastructure and strategic plans.
Policy making (DLMG) (Level 7)
Plays a major part in the wider policy making and overall management of information within the organisation.
Performance management (DLMG) (Level 7)
Tracks and reports objectives and key results (OKR) progress. Supports PMO with portfolio governance and management, reporting on development activities and supporting preparation of performance management artefacts such as quarterly business reviews.
Monitoring progress and security (DLMG) (Level 7)
Ensures that systems and procedures for monitoring and reporting on the progress of systems development projects are in place and operated effectively, and that action is taken to deal with exceptions, problems and unforeseen events in a timely manner.
Development processes (DLMG) (Level 7)
Facilitates development ceremonies such as Monthly Team Planning, Weekly Scrum of Scrums and Sprint Demos. Identifies, tracks, removes and escalates impediments at intra-department level.
Capability development (DLMG) (Level 7)
Owns function level resource plans, forecasts future resource requirements, and works with appropriate stakeholders to agree future resourcing strategies.
Incident management (ITOP)(Level Five)
Reviews incidents and breaches of service level agreements. Reports on findings and initiates improvement actions.
Automation tools (ITOP)(Level Five)
Investigates and manages the adoption of tools, techniques and processes (including automation) for the management of systems and services.
Incident management (ITOP)(Level Four)
Responds to operational incidents and contributes to their resolution, checking that they are managed in accordance with agreed standards and procedures.
Automation tools (ITOP)(Level Four)
Configures tools to automate the provisioning, testing and deployment of new and changed infrastructure.
Incident management (ITOP)(Level Three)
Responds to calls and enquiries from service desk, users, specialists and others and takes appropriate action, within defined limits of responsibility or area of specialism, to deal with processing priorities. Accepts escalations and initiates support action.
Automation tools (ITOP)(Level Three)
Uses a wide range of automated tools to maintain operational compliance, deliver configuration and provisioning services, and mitigate threats to the organisation’s IT infrastructure and/or data.
Incident management (ITOP)(Level Two)
Responds to support calls and enquiries from service desk, users, specialists and others. Takes appropriate action, within defined limits of responsibility or area of specialism, to deal with processing priorities.
Automation tools (ITOP)(Level Two)
Modifies queuing parameters and job priorities within defined limits, to improve job throughput or the processing of output.
Automation tools (ITOP)(Level One)
Under supervision, administers job queues to ensure efficient job throughput and output processing.
Incident management (ITOP)(Level One)
Under guidance, takes appropriate action to handle and resolve requests for support or advice.
Request progress (ASUP) (Level 2)
Monitors the progress of requests for application support and keeps users and other interested parties are informed.
Performance monitoring and improvement (ASUP) (Level 2)
Under direction (and in accordance with agreed procedures) assists in monitoring applications and collecting agreed performance statistics. May assist in capturing user feedback for subsequent analysis.
Application maintenance (ASUP) (Level 2)
Working closely with more senior colleagues (and in accordance with agreed procedures) assists with specified routine maintenance procedures. This may include making modifications to system parameters, devising permanent or temporary corrections and workarounds or site-specific enhancements, reconfiguring systems, maintaining application data, providing guidance or training to users or operations staff, and creating or updating documentation. Ensures all work is carried out and documented in accordance with required standards, methods and procedures.
Application support requests (ASUP) (Level 2)
Receives and logs requests for application support from the service desk, developers, other specialist areas and/or users, in accordance with agreed procedures.
Service development (Level 5)
Influences design and development of new and changed systems and services to optimise operational efficiency. Contributes to definition of associated standards and techniques. Recommends operational and maintenance acceptance of new systems and services. Contributes to KPIs for system acceptance and monitoring.