Email this Article Email   

CHIPS Articles: SFIA

Skills Framework for the Information Age
By Mukesh Barot, Navy IT Service Management Office (NAVITSMO) and Phil Withers, NAVITSMO Contractor Support Staff - October-December 2015
If you have ever been certified in any of the many professional information technology or management skills that dot the Naval Enterprise Networks (NEN) landscape such as CISSP, PMP or CCNA, or you know of someone who is, you probably also know that the designation is framed within the specific technical or managerial confines that specify the knowledge, skills and abilities that are required to obtain and maintain the certification(s).

Having a recognized baseline for qualifying the skills used by IT professionals not only enables instant recognition as to the competency of the individual, but it also sets a standard by which such necessary activities as recruitment, advancement and training, among others, are organizationally mapped in the current state – with a justifiable and quantifiable vision for the target state and the manpower skills that will operate it.

Now, let’s back off from a specific focus on a single set of quantifiable (and testable) IT proficiencies and take in a broad 10,000-foot view of necessary IT and managerial skills across the global enterprise horizon. Such a “monumental” feat would hardly be practical (or even possible) without the help of a framework that logically categorized the many skills we come across in our daily work (and many we don’t) and, more importantly, actually describe in measurable detail what those skills do in a graduated scale of increasing competency and influence.

Enter SFIA.

The Skills Framework for the Information Age (SFIA – pronounced like the name Sophia… hey, it’s a UK thing) is an international framework that describes the various competencies required of IT professionals, and is designed to match the existing workforce skills to the needs of the business or mission – indeed, a consistent theme of alignment with IT Service Management writ large. According to the SFIA Foundation, the owner of the framework, it is an essential resource for organizational design and talent management in information technology. It maps out the range of skills as a two-dimensional model, by tagging each skill with a category of like skills and responsibility levels that describe the baseline competency and capability for each and every one of the 97 skills that currently make up the framework.

These skills are organized into six main categories:
• Strategy and Architecture
• Change and Transformation
• Development and Implementation
• Delivery and Operation
• Skills and Quality
• Relationships and Engagement.

Each of these is then further divided into sub-categories, mapping out 97 discrete skills. Each of these skills has a general description and a description at one or more of the seven levels.

These seven levels of responsibility, in ascending order, are: Follow; Assist; Apply; Enable; Ensure and advise; Initiate and influence; and Set strategy, inspire and mobilize. Each of these responsibility levels has a generic description showing the level of autonomy, influence, complexity, and business skills required to perform competently at that level.

From a Professional Services perspective, responsibility levels 3 to 7 can be thought of as equivalent to more senior levels: associate professional, professional, senior professional, lead and principal.

Each level of responsibility within each skill has a brief description of the typical characteristics of someone with that skill at that level. Skills apply at one or more of the seven levels.

Seven Levels of Responsibility
Levels of responsibility run from level 1 (the most junior) to level 7 (the most senior):
  1. Follow: Basic capability to complete tasks under close supervision. Not expected to use much initiative. Should be organized.
  2. Assist: Uses some discretion and has a wider circle of interaction than level 1, especially in specialty. Works on a range of tasks, and proactively manages personal development.
  3. Apply: Complete work packages with milestone reviews only. Escalates problems under own discretion. Works with suppliers and customers. May have some supervisory responsibility. Performs a broad range of tasks, takes initiative, and schedules own and others work.
  4. Enable: Works under general direction in a framework. Influence at account level, works on a broad range of complex activities. Good level of operational business skills.
  5. Ensure and Advise: Broad direction, supervisory, objective setting responsibility. Influences organization. Challenging and unpredictable work. Self-sufficient in business skills.
  6. Initiate and Influence: Authority for an area of work. Sets organizational objectives. Influences policy, significant part of organization, and customers and suppliers at a high level. Highly complex and strategic work. Initiates and leads technical and business change.
  7. Set Strategy, Inspire, and Mobilize: Authority includes setting policy. Makes decisions critical to organization, influences key suppliers and customers at top level. Leads on strategy. Full range of management and leadership skills.

©2015 SFIA Foundation

Let’s look at an example. Relationship Management (SFIA code RLMT) provides a generic description for the skill that applies to all levels:

“The identification, analysis, management and monitoring of relationships with and between stakeholders. (Stakeholders are individuals, groups, or organisations who may affect, be affected by, or perceive themselves to be affected by decisions, activities and outcomes related to products, services or changes to products and services). The clarification of mutual needs and commitments through consultation and consideration of impacts. For example, the coordination of all promotional activities to one or more clients to achieve satisfaction for the client and an acceptable return for the supplier; assistance to the client to ensure that maximum benefit is gained from products and services supplied.”

©2015 SFIA Foundation

Next, RLMT provides a breakdown description of the skills required, starting at level 7 (Set Strategy, Inspire, and Mobilize) and going down to level 4. Levels 1-3 are considered to be too junior to competently address and manage the relationships with stakeholders and are therefore not provided (indeed, sufficient experience must be gained before turning someone loose on unsuspecting customers!). Each of the skill descriptions reveal the scope of responsibility built into the level, for instance:

RLMT level-7: “Determines the strategic approach to understanding stakeholder objectives and requirements. Works with all interested parties to establish effective relationships between stakeholders, including responsibility for the relationship between technology functions and end users. Establishes and promotes the overall vision for how stakeholder objectives are met and determines organisational roles and alignment. Actively manages relationships with the most senior stakeholders, and is the ultimate escalation point for issue resolution.”

©2015 SFIA Foundation

Now, contrast the level-7 description of the Relationship Management skill with the lowest level of responsibility within the skill set to see how the scope of skill capability and responsibility is segregated among the levels:

RLMT level-4: “Implements stakeholder engagement/ communications plans, including, for example; handling of complaints; problems and issues; managing resolutions; corrective actions and lessons learned; collection and dissemination of relevant information. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Helps develop and enhance customer and stakeholder relationships.”

©2015 SFIA Foundation

Individuals use SFIA to map their current skills and experience, identify their goals, and plan their professional development journey. Organizations use SFIA to quickly provide a baseline of capability for specific departments and teams, and to identify skill gaps. Employers use SFIA to more accurately describe the skills they require for candidate acquisition or the training that is required to increase the skill sets of the current workforce.

Additionally, SFIA will prove useful in drafting appropriate position descriptions (PD) and individual training plans for specific roles within government IT. Using SFIA as a skills reference establishes consistency and logical skills mapping within the organization. Any organization can use SFIA for IT-related skills descriptions and then add organizational specific skills to build PDs for their specific roles.

The Navy IT Service Management Office (NAVITSMO) has appropriated the SFIA content for mapping Navy Process Reference Model (NPRM) roles to the appropriate SFIA skills at specific levels. This mapping was first accomplished with NPRMv3 and will be undergoing an update to incorporate SFIA6 information. Of particular note is SFIA6 additions to skill descriptions that are specific to cyber (like PENT – Penetration Testing and DGFS – Digital Forensics) and the upgrade of SCTY – Information Security that now has a level 7 description.

For example, the NPRM Request Fulfillment process contains a role for Request Fulfillment Coordinator. This role is subordinate to the Process Owner and Manager, but still requires sophisticated experience and skills to perform at the level required. The Coordinator role-to-skills profile has three baseline SFIA skills:

• USUP – (Incident Management) Level 4: Ensures that incidents and requests are handled according to agreed procedures. Ensures that documentation of the supported components is available and in an appropriate form for those providing support. Creates and maintains support documentation.

• CHMG – (Change Management) Level 3: Develops, documents and implements changes based on requests for change. Applies change control procedures.

• NTAS – (Network Support) Level 4: Maintains the network support process and checks that all requests for support are dealt with according to agreed procedures. Uses network management software and tools to investigate and diagnose network problems, collect performance statistics and create reports, working with users, other staff and suppliers as appropriate.

SFIA is owned and managed by the SFIA Foundation, a not-for-profit organization with five corporate members - the Institution of Engineering and Technology (IET), The Tech Partnership, the British Computer Society (BCS), IMIS and the itSMF. In addition, the foundation is also supported by many accredited partners, training providers and individually accredited consultants. The NAVITSMO has an accredited SFIA consultant on staff.

The current published version of the SFIA framework is version 6, published in June 2015. SFIA6 was developed during 2014 and early 2015 through an open consultation process involving users of SFIA around the world and was launched at an event on July 1, 2015.

The licensing schema for SFIA is such that anyone can register for free and obtain the framework for their own personal use, and for the use of their internal organization; usage beyond that boundary requires an annual paid license.

However, NAVITSMO has been granted permission to incorporate SFIA content across the Department of Defense as a singular “departmental” organization to help evangelize the many benefits of the framework, and to make the NPRM more relevant and available to its stakeholders.

The NAVITSMO has developed an informational brief on SFIA6 that can be accessed on their milSuite portal which provides more in-depth information concerning the structure of the framework with a review of all 97 skill descriptions.

Additionally, SFIA has developed their own informational video that provides a quick overview of of the framework, ending with a question all IT professionals should be thinking about: "Do you know which skills you have, and the skills you need?"

About the NAVITSMO
Chartered in April 2012, the NAVITSMO provides IT Service Management thought leadership and assistance by creating usable products and services for the Navy ITSM community. The NAVITSMO strives for alignment of enterprise IT architecture through discreet but interlocking practice areas to help define and support organizational IT governance and management requirements. The NAVITSMO résumé boasts industry-certified expertise in ITIL, COBIT, Program and Project Management, DoDAF, IT Risk Management and Control, IT Skills Framework, Service Quality, CMMI, ISO/IEC-20000, ISO/IEC-33000, Information Security, Enterprise IT Governance, and Assessment and Audit.

The NAVITSMO Wiki is located at: and the NAVITSMO can also be contacted at

Access to milSuite is CAC controlled. First time users will need to register their CAC with milSuite by clicking the ‘Register’ button, confirming their information and clicking ‘Submit’

The Navy Process Reference Model is located at:

More information about ISO/IEC 20000 can be reviewed at:

More information about COBIT can be reviewed at:

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer