Reference and guide to SFIA version 7. Framework status: Development. Show revision-marked text

Information strategy

Information strategy subcategory

Enterprise IT governance GOVN

(modified)

The establishment and oversight of an organisation's approach to the use of Information systems and digital services, and associated technology, in line with the needs of the principal stakeholders of the organisation and overall organisational corporate governance requirements. The determination and accountability for evaluation of current and future needs; directing the planning for both supply and demand of these services; the quality, characteristics, and level of IT services; and for monitoring the conformance to obligations (including regulatory, legislation, control, and other standards) to ensure positive contribution of IT to the organisation's goals and objectives.

Strategic planning ITSP

(modified)

The creation, iteration and maintenance of a strategy in order to align organisational actions, plans and resources with business objectives and the development of plans to drive forward and execute that strategy. Working with stakeholders to communicate and embed strategic management via objectives, accountabilities and monitoring of progress.

Information governance IRMG

(unchanged)

The overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices and training to promote compliance with legislation regulating all aspects of holding, use and disclosure of data.

Information systems coordination ISCO

(unchanged)

Typically within a large organisation in which the information strategy function is devolved to autonomous units, or within a collaborative enterprise of otherwise independent organisations, the coordination of information strategy matters where the adoption of a common approach (such as shared services) would benefit the organisation.

Information security SCTY

(unchanged)

The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

Information assurance INAS

(unchanged)

The protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence.

Analytics INAN

(modified)

The application of mathematics, statistics, predictive modeling and machine-learning techniques to discover meaningful patterns and knowledge in recorded data. Analysis of data with high volumes, velocities and variety (numbers, symbols, text, sound and image). Development of forward-looking, predictive, real-time, model-based insights to create value and drive effective decision-making. The identification, validation and exploitation of internal and external data sets generated from a diverse range of processes.

Data visualisation VISL

(new)

The process of interpreting concepts, ideas, and facts by using graphical representations. Condensing and encapsulating the characteristics of data, making it easier to surface opportunities, identify risks, analyse trends, to drive effective decision-making. Presenting findings and data insights in creative ways to facilitate the understanding of data across a range of technical and non-technical audiences.

Information content publishing ICPM

(modified)

The evaluation and application of different publishing methods and options, recognising key features, including open source and proprietary options. The management and tuning of the processes that collect, assemble and publish information, including in unstructured and semi-structured forms, for delivery to the user. The management of copyright, data protection and other legal issues associated with publishing and re-use of published information and data.