Released in September 2021, SFIA 8 is most significant update to SFIA since it's original release in 2000. SFIA 8 now contains 121 skills, and 495 unique skill-level descriptions, and has seen a major reworking of the core documentation to improve usability and readability. In parallel the SFIA Foundation continues to release additional support materials, including new SFIA views, mapping to other industry frameworks, and usage guidance.
This page describes some of the key changes in SFIA 8 compared to SFIA 7.
Security and privacy
A major update to specialist security skills and the addition of a new personal data protection (PEDP) skill.
In line with the SFIA 7 approach, security and privacy is part of many skills (and also included in the Business skills generic attribute at all levels of responsibility) reflecting the shared responsibility for a security-aware culture, whilst specific security skills are available for those with specialist security responsibilities.
Data and analytics / computational science
Major updates in this area to reflect a more granular view of activity, and in particular to better describe the work of those in specialist data analytics and data science roles. New skills have been added covering areas of computational science.
The view was taken for SFIA 8 that whilst the context of cloud engineering might see skills applied in different ways or in different combinations the existing skills (with some updates) apply well to those in cloud engineering roles. An open change request to update a number of skills to be cloud specific (or at least renamed to reflect their using in cloud engineering) will be revisited by the SFIA Design Authority Board at a later date.
The addition of guidance notes in SFIA 8 has allowed for more examples of agile practices to be described. New skills such as Organisational facilitation (OFCL) and Employee experience (EEXP) will reflect self-organising capabilities of teams and the separation of responsibility for people management from work management or creation of the right conditions for teams to excel.
Reflecting the increasing broad range of approaches to people management, work management, planning and coordination we have new skills and updates to existing skills in the people management space.
DevOps and DevSecOps
SFIA already describes the skills used by practitioners working in DevOps roles, and in SFIA 8 the relevant skills were revisited to ensure contemporary approaches to engineering and operations are reflected with focus on business value. A new skill Systems and software lifecycle engineering (SLEN) will likely be of interest to those in DevOps or DevSecOps in particular those describing site reliability, or developer productivity improvement roles.
Elements of the business analysis skill are found in many roles. In reviewing this, and considering alignment with industry bodies, the Business analysis (BUAN) skill has been split into it's constituent parts with two new skills being added.
Robotic Process Automation
The addition of new skills in data engineering and machine learning as well as other updates to the data and analytics skills, business analysis skills, and refresh of developments skills should be a big help to those describing RPA roles.
A number of SFIA skills have been updated in line with modern service management practices. Mappings between common service management roles and the major frameworks such as ITIL are available on the SFIA Foundation website.
- 23 new skills
- 4 skills retired
- 7 skills renamed / 9 restructured
- 28 skill levels added and 3 moved or replaced
Generic attributes / levels of responsibility
Updated to provide more consistent and clearer use of behavioural factors.
Updated to provide more consistent descriptions of responsibility for security, privacy, and ethics.
Some minor changes to the default category / subcategory structure, including reorganising some of the skills.
As with SFIA 7, the default category / subcategory structure is just one way to navigate the SFIA skills. SFIA views are being updated for SFIA 8 and new views are being added.
The structure of SFIA skills has update to provide a short description and then more substantive guidance notes.
Throughout the skill descriptions and levels of responsibility sentence structures have been shortened and re-ordered to enhance readability, and where possible to ensure the most essential aspects are described first.
List of skill changes
The expandable sections below list the major changes to the SFIA skills. Many smaller changes and clarifications across the framework have been applied but are not listed here unless they are of substance or particular note.
|Information and cybersecurity||
|Data and analytics||
|DevOps, DevSecOps, Software engineering||
|People and skills||
|Other new skills||
|SFIA 7||SFIA 8|
|Analytics (INAN)||Content refined and extended by creating 3 new skills:
|Business analysis (BUAN)||Content refined and extended by creating 2 new skills:
|Conformance review (CORE)||Content covered by a refreshed version of Quality assurance (QUAS) and the new Audit (AUDT) skill|
|Network planning (NTPL)||Content covered between Network design (NTDS) and Service level management (SLMO)|
|SFIA 7||SFIA 8|
|Enterprise IT governance (GOVN)||Made more generic
Renamed as Governance (GOVN)
|Business risk management (BURM)||Made more generic
Renamed as Risk management (BURM)
|IT management ITMG||Shift the focus to technical service delivery management
Renamed as Technology service management (ITMG)
|Change implementation planning and management (CIPM)||Broader scope and 2 new levels
Renamed as Organisational change management (CIPM)
|Teaching and subject formation (TEAC)||Broader scope and some parts moved to new skill Subject formation (SUBJ)
Renamed as Teaching (TEAC)
|Business process testing (BPTS)||Broader scope and new levels
Renamed as Acceptance testing (BPTS)
|Data management (DATM)||Some aspects (and levels) moved to new skill called Data engineering (DENG)|
|Porting/Software configuration (PORT)||Shift of focus to design and deployment of software configuration, particularly for (not exclusively) enterprise scale systems and large SaaS
Renamed as Software configuration (PORT)
|Resourcing (RESC)||Some parts moved to new skill called Workforce planning (WFPL)|
|SFIA 7||SFIA 8|
|Security administration (SCAD)||Security operations (SCAD)|
|Information content authoring (INCA)||Content authoring (INCA)|
|Information content publishing (ICPM)||Content publishing (ICPM)|
|Systems installation/decommissioning (HSIN)||Systems installation and removal (HSIN)|
|Change management (CHMG)||Change control (CHMG)|
|Relationship management (RLMT)||Stakeholder relationship management (RLMT)|
|Information governance (IRMG)||Information management (IRMG)|
The main reference guide document from previous versions has been split into two documents for SFIA 8.
SFIA Framework Reference (pdf)
This is the 'SFIA Standard'. The document contains full descriptions of the SFIA skills and the SFIA levels of responsibilities (the generic attributes that define SFIA levels).
Each skill now takes up two adjacent pages improving readability on screen and in print.
About SFIA (pdf)
This provides the overview of the SFIA Skills and Competency Framework and how it can be used.
An increasing number of documents and online materials are being produced by the SFIA Foundation. In SFIA 8 some of these have been included as appendices to the About SFIA documentation. Two of the most important are:
SFIA - Behavioural Factors
SFIA itself is not designed to be a behavioural factors framework, however experienced consultants have long been able to point to descriptions in the generic attributes and describe or hint at behavioural factors. For SFIA 8 work was carried out to ensure behavioural factors are used consistently across the levels of responsibility, and this document describes how this behavioural factors can be seen.
For organisations without their own behavioural framework this makes the generic attributes and levels of responsibility even more valuable. For those with an existing behavioural framework (sometimes called a leadership capability framework or similar) this will make aligning SFIA with your behavioural framework easier, ensuring a smoother integration.
SFIA - Knowledge, skill and competency
For those conducting SFIA skills assessments, or mapping certifications to SFIA, this may prove to be a particularly critical update.
SFIA 8 now explicitly recognises the difference between acquiring knowledge, applying knowledge with skill, and demonstrating competency in real-world scenarios. SFIA has long been used in this way without clear guidance (largely relying on the quality of the assessor's process, or the certification body in the case of schemes like Chartered IT Professional), but in SFIA8 we now have specific guidance that can be applied to the assessment of knowledge, skill, and competency. This guidance is in line with international standards relating the certification of professionals and operating certification schemes (ISO/IEC 24773-1:2019 and ISO/IEC 17024:2012).
Guidance on conducting SFIA assessments from the SFIA Foundation will be updated in line with this, and you should expect providers of SFIA tools and SFIA consultancy to update their tools and practices in line with this approach.
SFIA A3 Summary chart (pdf)
The A3 summary chart has had a visual overhaul.
SFIA spreadsheet (xlsx)
In common with previous versions, the SFIA skills and levels of responsibility are available in a spreadsheet to download for registered users.