You are here: Home / How SFIA works / Skills


SFIA skills are constructed with the following reference details:

Skill name

The name used for normal reference purposes

Skill code

A unique code used for short reference

Overall description

A broad definition of the skill, without any reference to the levels at which it might be practised

Level descriptions

Definitions of the skill for each of the levels at which it is practised.  The phrasing facilitates their use as professional competencies.



Skill name

Digital forensics

Skill code


Overall description

The collection, processing, preserving, analysing, and presenting of computer-related evidence in support of security vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations.

Level descriptions

Level 6: Sets policies and standards and guidelines for how the organisation conducts digital forensic investigations. Leads and manages complex investigations managing specialists if required. Authorises the release of formal forensics reports.

Level 5: Conducts investigations to correctly gather, analyse and present digital evidence to both business and legal audiences. Collates conclusions and recommendations and presents forensics findings to stakeholders. Contributes to the development of policies, standards and guidelines.

Level 4: Contributes to digital forensic investigations. Processes and analyses computer evidence in line with policy, standards and guideline and supports production of forensics findings and reports.


It is important to know the difference between understanding competency and a job description.

SFIA is used extensively in the assessment of existing capability, at both an individual and an organisational level. The framework itself does not provide instructions for improvement or the specific mix of skills that an individual or organisation should have. Context is important in the use of any framework, and it is crucial to understand the organisation’s needs rather than simply use the skills in an isolated manner to form a single job description or role profile. The specific mix will be different from one organisation to another.

SFIA does not attempt to cover all of the things that an individual may be required to do, as it doesn’t describe any product or technology-specific skills or knowledge, industry experience or qualifications. For example, one might decide that a service desk manager requires some knowledge of a particular process framework (such as ITIL or COBIT) and the specific service desk tools which are used in that organisation. They may also need specific industry experience, security clearance and defined qualifications.

In this example, SFIA would be used to define the generic level of responsibility (autonomy, influence, complexity and business skills), and the identified SFIA skills, which might, as an example, include customer service support (CSMG) at level 5, business process improvement (BPRE) at level 5, relationship management (RLMT) at level 4, IT management (ITMG) at level 5, and incident management (USUP) at level 5.

Knowledge Professional skills Behavioural skills Experience Qualifications

In most organisations, job descriptions will include a number of different aspects of professional capability. Typically these would include:

Professional skills

  • SFIA defines professional skills

Behavioural skills

  • Most organisations define a set of behavioural skills that are used in job descriptions. These vary considerably from one organisation to another.
  • Some organisations use the generic level of responsibility definitions from SFIA to cover or contribute to this area, as they do include many aspects often considered as behavioural skills, such as influencing, analytical thinking, delegation, oral and written communication, and presentation skills.


  • Technologies, products, internal systems, services, processes, methods and even legislation are all examples of areas where professionals working in the industry are required to have knowledge.
  • Some of the knowledge is gained through training and achieving qualifications and certifications. An increasing number of university courses, training, events, and other mechanisms for gaining knowledge, have been mapped to SFIA to help ensure alignment with the required professional skills

Experience and qualifications

  • Experience demonstrates the ability to apply knowledge and achieve outcomes in a practical environment.
  • Qualifications show that an individual has successfully completed some testing or assessment, and demonstrated a textbook understanding of a particular subject area.
  • The descriptions of skills within SFIA, at different levels, relate to the experience demonstrated by someone at that level.
  • The mapping of qualifications to SFIA communicates to potential applicants the usefulness and relevance of the qualification. The learning objectives can be matched to CPD targets expressed in SFIA terms. The use of SFIA by awarding bodies, to establish whether an individual meets the required level, is also growing.

Organisation and job/role design or re-design can be greatly assisted by SFIA, but common mistakes are made, including the assumption that the SFIA skills or categories are related to specific organisational units, departments, teams or jobs. SFIA does not describe roles, jobs or organisational units, but can provide building blocks to help create these. There are no organisational design templates, examples or suggestions in SFIA.