Skip to content. | Skip to navigation

Personal tools

Reference and guide to SFIA version 7. Framework status: Current standard.

Updates to generic attributes

The descriptions of the levels of responsibility have been enhanced by explicitly addressing knowledge and security.

The knowledge statements from the Business skills generic attribute have been moved to a separate, stand-alone knowledge attribute and at the same time enhanced it throughout the 7 levels.

Security has been included into the Business Skills generic attributes to reflect that, while there are specialist security skills, security is a responsibility for all.


What has the project done?

  • Consulted with SFIA User organisations and Bodies of Knowledge
  • Identified the needs relating to knowledge and the implications for SFIA’s capability model - Knowledge and skills

What’s in SFIA 7?

  • SFIA has always recognised the critical importance of knowledge but hasn’t been explicit – enabling knowledge providers to better map their offerings.
  • The generic attricutes state more explicitly how the industry can recognise the importance of knowledge and skills and how they are closely related.
    • SFIA provides the generic – the Bodies of Knowledge and syllabuses provide the specific.
    • This promotes mobility as knowledge is often easier to gain than skills.
    • This enables the knowledge providers to use SFIA as a framework for their offerings.
  • Moved the knowledge statements out of Business Skills into the stand alone Knowledge.
  • Developed a new, enhanced SFIA capability diagram to visualise relationship between knowledge, skills, qualifications and certifications.

What’s the future roadmap?

  • Support for detailed decompositions of SFIA skills e.g. discipline specific framework, National occupational standards,
  • This approach allows for users to navigate from high level to detailed level - without being lost in detail. It allows the detailed models to have a position and for their expertise to find a home on the overall architecture and taxonomy of Digital, IT, Technology competencies
  • The SFIA Foundation encourages this for the benefit of the global industry as a whole.
  • Owners of bodies of knowledge who wish to collaborate on this work should contact the SFIA Foundation.


What has the project done?

  • Discussion with a number of the global Cybersecurity related professional bodies, large employers and bodies of knowledge.
  • Reviewed all the cybersecurity related change requests received via the public consultation.

What’s in SFIA 7?

  • Generic responsibilities for security have been added to Business skills at all levels 1 to 7.
  • Confirmation of the positioning that SFIA is an ‘umbrella’ framework for detailed descriptions of cybersecurity skills and tasks.
  • Updates to Digital forensics (DGFS), Penetration testing (PENT).

What’s the future roadmap?

  • Links to Cybersecurity bodies of knowledge.
  • Owners of bodies of knowledge who wish to collaborate on this work should contact the SFIA Foundation.