Digital Skills Landscape Report 2018

Securing and Retaining talent: Skills or Potential Article

SFIA makes transformational change less taxing Case Study: Inland Revenue

What does SFIA Accredited mean?


Why is SIAM such a puzzle? ARTICLE

Don't be a fool - get your SFIA skills right! ARTICLE

ISACA Logo - Cybersecurity, Governance

ISACA Now blog: What skills do you need? Article

Digital Forensics and SFIA ARTICLE

Holding Whitepaper

Why is a good Project Manager so hard to find? White Paper

SFIA plays a role in countering weapons of mass destruction Case Study: DTRA

Achieving Service Maturity for Vodafone CASE STUDY

ITSM Global Podcast Interview with Matthew Burrows at SITS15

BSMimpact and Learning Tree SFIA Webinar

Using SFIA to identify & address workforce skills gaps WEBINAR

Return on SFIA Investment Case Study

All things ITSM speak to Matthew Burrows at the itSMF Australia Conference 2015

ITSM Global Podcast VIDEO What's the latest with SFIA V6?

SFIA V6 Launch Event Video

What's new in SFIA6? UK Launch Event VIDEO

Introduction to SFIA V6

SFIA V6 Introduction VIDEO

Finding untapped capability from within using SFIA Case Study: Central Sussex Partnership ICT (CenSus)

1 2
Press Release: BSMimpact and SkillsTx capabilities unified under the SkillsTx branding

1st September 2018

BSMimpact and SkillsTx capabilities unified under the SkillsTx branding.

We’re making a few changes to our structure and the way we service various parts of the world.

To better serve our customers, whilst maintaining the global consistency of our products and services, we’re moving to a more simplified company structure – with a single operating company in each of the 3 global regions. These will combine under the SkillsTx brand, offering the training and professional services we have established through BSMimpact over the last 20 years of operation, alongside the SkillsTx SaaS solution.

We remain the most active SFIA Global Accredited Partner and Training Provider, with the largest and most experienced team of SFIA Accredited Consultants and trainers. Our focus is to support our direct customers as well as enabling and growing the network of SkillsTx Resellers and Professional Services partners, many of whom will offer value-added services on top of the core platform and services they provide as part of our network.

In New Zealand, our local team will establish and run a NZ company, Partner Consulting, to provide increased focus for existing and new NZ customers. This organisation will act as a SkillsTx reseller and professional services partner, working as part of the extended team of SFIA Accredited Consultants that we have around the globe, as well as developing additional offerings tailored to their NZ customers.

In Australia we will simplify our company structure, with customers being served with tools and services through our Australian-based SkillsTx operating company, Digital Skills Management Pty Ltd, rather than maintaining a separate BSMimpact subsidiary in Australia. The other 2 operating companies, BSM impact Limited based in the UK, and BSM impact Inc in the US, will continue supporting customers in UK, EMEA and the Americas, and coordinating international projects using our global network of employees, associates, resellers and professional services partners. All three companies will operate under the SkillsTx brand.


Matthew Burrows



SFIA7 officially launched – should we care?

The seventh major release of the world’s most widely adopted skills and competency framework was formally launched on 22 June 2018.

What is SFIA?

As it says in the SFIA7 Reference Guide. “SFIA describes skills and competencies required by professionals in roles involved in information and communication technologies, digital transformation and software engineering.”

Why should we care?

75 percent of organisations will experience visible business disruptions due to I&O [Infrastructure & Operations Management] skills gaps, which is an increase from less than 20 percent in 2016″ Gartner, March 2018.

MITSloan Management Review “Individuals report needing to continually develop their skills but say they get little to no support from their organization to do so. Some 90% of respondents indicate that they need to update their skills at least yearly, with nearly half of them reporting the need to update skills continuously on an ongoing basis. Yet, only 34% of respondents say they are satisfied with the degree to which their organization supports ongoing skill development. Many organizations continue to rely on formal training for developing these skills, but cultivating an environment that allows on-the-job learning may be more effective. Many employees are also willing to do it themselves, given the right support. Of those surveyed, 90% indicate they want to use data analytics from their organization to help them improve their own performance.” MITSloan Management Review, June 2018.

Most organisations are looking to further empower individuals to maintain their skills profile and drive their development action plan.

Digital transformation can’t just be a top-down mandate to change. Instead, it involves creating the conditions under which existing employees start thinking and working differently, and driving change from the bottom up as well. “At the end of the day, so much is about talent. Talent is two-pronged, by skill set and by attitude”” MITSloan Management Review, June 2018.

What has changed between SFIA6 and SFIA7?

The main changes addressed with SFIA7 have been centred on the following key themes:

  • Digital and Digital Transformation
  • Agile/DevOps
  • Big Data / Informatics
  • Software Engineering
  • Service Management
  • Knowledge
  • Information / Cyber Security.

56 of the 96 skills from SFIA6 have been updated. A few new skills have been added, a few deleted /consolidated / restructured, bringing the total to 102.

New skills in SFIA7:

  • Real time / embedded systems development (RESD)
  • Software design (SWDN)
  • Knowledge management (KNOW)
  • Data visualisation (VISL)
  • Measurement (MEAS)
  • User research (URCH)
  • Demand Management (DEMM)
  • Supplier management (SUPP)
  • Organisational capability development (OCDV).

Knowledge has been added to the characteristics in the generic levels of responsibility – to sit alongside Autonomy, Influence, Complexity and Business Skills. Details are available on the SFIA Foundation website

Why should we migrate to SFIA7?

  • Skills and practices change! We need to build and maintain an inventory of our skills and ensure they remain current and relevant. SFIA is the best internationally-adopted framework to do this, and the updates to SFIA7 ensure relevance and currency. The updated descriptions in SFIA7 reflect the latest description of activities in the working world. Remaining on an old version of SFIA means you may be describing out of date skill requirements, and your recruitment and training/development may end up looking for the wrong things.
  • Skills that weren’t described in SFIA6 may be needed! Take a look at the new skills and the key themes listed above – if any sound relevant to your organisation, you should move to SFIA7 or else you’re not going to be confirming whether you have these skills, requiring them in Job Descriptions, developing them in your existing staff, or checking for them during recruitment or supplier engagement.  Can you afford to miss a critical skills gap just because you didn’t assess against the latest version?
  • The assessment criteria for the following skills is impacted, so if these skills are relevant individual skill profiles/assessments and Role Profiles / Job Descriptions need updating:
    • Asset management ASMG
    • Competency assessment LEDA
    • Data visualisation VISL
    • Database design DBDS
    • Demand management DEMM
    • Organisation design and implementation ORDI
    • Performance management PEMT
    • Programming/software development PROG
    • Quality assurance QUAS
    • Quality management QUMG
    • Service level management SLMO
    • Software design SWDN
    • Solution architecture ARCH
    • Sourcing SORC
    • Specialist advice TECH
    • Supplier management SUPP
    • Sustainability SUST
    • Systems design DESN
    • Teaching and subject formation TEAC
    • User experience design HCEV
    • User research URCH

Contact us for support with SFIA. We can assess whether the changes in SFIA7 are relevant to you, and advise whether you should stay with the current version for now or plan a migration. If migration is required, we can use our in-depth knowledge of the changes (from our work on the Global Design Authority Board), and the SFIA7 migration mechanism we’ve built, to drive a quick and effective transition. We already have several SFIA7 customers projects running, and our SkillsTx platform is fully operational for version 7 as well as continuing to support v6.

Matthew Burrows, 22 June 2018


Digital Skills Landscape Report 2018

Digital Skills Landscape 2018 Report – out now!

BSMimpact and SkillsTx have great pleasure in releasing the latest Digital Skills Landscape Report.

The data in this report comprises an analysis of the capabilities, competencies and skills of Digital, Cyber and Information and Communications Technology (ICT) professionals.

For more information, and to request a copy of the report, click here.



Securing and Retaining Talent: Skills or Potential?

When securing and retaining talent, are you looking for skills or potential?

Knowledge of “how to” is one thing, hard-earned experience is another, mastery of a skill requires both.  No doubt skills can be learnt, but if I’m in the back of a commercial jet, I still want the pilot to have real experience (in a wide range of conditions), necessary qualifications and the knowledge to manage unpredictable situations. 

Having the potential, promise or untested capability is not going to cut it, not even hours on a simulator and passing a multiple-choice exam! I want to fly with airlines that have people like Sully (check out Captain Chesley “Sully” Sullenberger in the movie “Sully”).  There’s no substitute for tried and tested experience, if a pilot requires 100 hours of experience, then not even 10 pilots with 10 hrs and potential will do!

IT organisations increasingly use process models of best practice to help deliver and manage technology, yet very few systematically assess demonstrated relevant experience of staff to align best practice and technology.

Finding resources with real world experience – putting skills first

When we use SFIA (Skills Framework for the Information Age) to confirm what skills your organisation, your staff, and your suppliers have, we don’t validate potential and theory, we confirm experience and mastery of practicing the skills and doing what SFIA is describing, many times and in real working environments.

We use SFIA precisely because it is the globally-adopted description of real activity in the Digital, Cyber and Technology dependent world – what you have done rather than just what you know or might theoretically be able to do.

Certification and training often only demonstrates knowledge and understanding, which is important, but you need resources who:

  • have taken the opportunity to put that into practice in the real world, and
  • have continued to practice those skills to the point where they are competent, experienced and capable.

Got any pilots already? How do you know?

What could be more frustrating than looking externally for talent when appropriately skilled resources could be found from within?   If you don’t know what skills you have internally, then the potential for lost time and cost in recruiting increases exponentially.   Remember if you are not providing the opportunities to challenge and develop your staff somebody else will. 

If you’re sourcing staff based on potential, then you’re going to need to have people internally who already have the skill, and who have time to help the person to gain experience and mastery in that skill.  That’s going to take some time.  It will cost less to bring an experienced pilot up to speed on a new type of plane, if they have already demonstrated mastery in another type. 

This is where SFIA can help by focussing on the application of professional skills and being technology and methodology agnostic, you can build a clear picture of their skill potential for your specific needs.

You need a balance in your talent pool

SFIA makes an important contribution in the selection process and can help your organisation recruit the skills needed.  It plays an even bigger part in understanding the skills you already have by providing the common language to describe and build “healthy” balanced talent pools, including:

  • those who are still learning, (and have potential!)
  • people with the same skills but at different levels,
  • people with particular skills specialisms, and
  • appropriate coverage across all the skills and experience levels that you have decided are core to have in your organisation.

SFIA contributes to delivering business outcomes by providing insight into the capability of your team, by quantifying the difference between the team you want and the team you have and the means to manage it. 

With the appropriate skills and experience, it is relatively straightforward to confirm what skills you have, which skills are needed, and how any gaps can be addressed through development or recruitment.


About the Author: Phil Lovell

Phil Lovell is a positive and motivated IT resource management professional, with expertise in learning and development assessment, consultancy, stakeholder relationship management and resourcing.  Combining over 10 years of hands-on IT experience with 15 years IT resource management experience with formal training and accreditation as a SFIA Consultant and a Cert IV in Training and Assessment, Phil has assessed the skills of IT professionals for the purposes of recruitment, professional development and the Australian Computer Society’s certification program. Phil’s key skills also include Consultancy and Stakeholder Relationship Management. 


Case Study: Inland Revenue

With a mission to bring New Zealand’s tax administration into the modern world, Inland Revenue has embarked on a Business Transformation program, using elements of SFIA, ITIL, SIAM and COBIT.

The Challenge

Inland Revenue’s core objective of enabling Business Transformation involves their people, processes, policy and technology.

Streamlined processes, advanced tools and more intelligent use of data will provide Inland Revenue with a single view of the customer and their needs. To achieve this, they needed to have the skills to proactively support customers to get their tax right from the start rather than reacting when things go wrong.

A key challenge for the team was the need to understand the skills required to support not only the existing Heritage systems but also those skills required to support the transformation process as well as the new services platform. It was decided that SFIA (Skills Framework for the Information Age) was the framework they would need to ensure they had a consistent and structured set of skills to work from.

The Solution

Inland Revenue engaged BSMimpact to conduct a SFIA baseline assessment across the ICT organisation to understand what skills they had.

This included assessing and validating 300+ ICT staff and producing an organisation-wide report detailing the overall levels of responsibility, outlining skill gaps and providing observations and recommendations for improvement. Each ICT member was provided with an individual SFIA skills profile.

The information from the consolidated organisation report was used to inform strategies for Learning and Development, sourcing strategies and Organisational Design.
BSMimpact also worked with the leadership team to create SFIA based Position Descriptions (Job Expectations) and conducted a series of training courses to further develop internal SFIA expertise and assist People Managers in working with their teams in terms of learning and career development.

BSMimpact were further engaged to help define the “to be” Target Operating Model based on SIAM, and determine the new roles and skills required. The Target Operating Model and subsequent Organisational Design included elements of workload analysis, training needs analysis, transitional support and process modelling.

The frameworks, methods and tools used included SFIA, ITIL, SIAM and COBIT.

“BSMimpact did a great job with regards to the implementation of the SFIA framework within the ICT Department at NZ Inland Revenue. They quickly established relationships at the senior level and delivered a consistent and high quality product at all times. Their consultants have high expertise in SFIA and added significant value throughout our successful implementation in all aspects including assessments, job expectation development and evaluation, training and ongoing support. “

– Don Burns, Principal Advisor to the Chief Technology Officer, New Zealand Inland Revenue


Download the full case study (link below) to view further details of what worked well, lessons learned, and moving forward.


What does Accredited SFIA Partners mean?

How to ensure you get the best support from suitably experienced SFIA Partners and Consultants who are appropriately licenced and accredited by the SFIA Foundation.

With awareness of the Skills Framework for the Information Age (SFIA) growing around the world, so too are the number of service organisations adding SFIA to their portfolio. 

Whilst this is great for the SFIA world as a whole, there is the potential for some confusion as to what these organisations are able to offer.  

The SFIA Foundation is a not for profit organisation – any monies received go directly into developing the next version and keeping the framework relevant. They operate an accreditation and licencing scheme to ensure some control on how SFIA can be used, marketed and delivered. 

If you, or your organisation is looking for SFIA service providers, here’s a little more information on SFIA Accreditation, which gives you an assurance that service providers have a formal relationship with the SFIA Foundation, and have met the relevant accreditation and licencing conditions.


Accredited SFIA Partners

There are different types of Accredited  SFIA Partners – some are only licenced to use SFIA content in their tools/products, and others are licenced to provide SFIA Consultancy, with a subset of those also able to offer accredited SFIA training. Any company that offers products or services relating to human capital management and want to use SFIA in the promotion or delivery of those products or services can become a partner.

To gain SFIA Partner accreditation, the organisation must sign a licence agreement, pay an annual fee, and have 2 or more accredited SFIA consultants on staff or under an associate agreement.

Some partners may only have SFIA-based tools or their offerings are mapped to SFIA, but are not licenced or accredited to provide SFIA training or consultancy.

Organisations that award qualifications or deliver training, and only wish to map their offerings to SFIA skills can use a Mapping Licence.  A mapping licence does not allow for the provision of training / consultancy services.

Regardless of the type, Partners are valued as contributors and supporters of SFIA and support its continual development. It is worth checking out the SFIA Foundation website to see what type of licence organisations hold, and whether they have experienced trainers and/or accredited consultants available to help you.  Some Partners operate globally, others have just one or two resources and operate in a single local area.

BSMimpact has Global Partner accreditation and has been involved in the SFIA Foundation for many years; Director Matthew Burrows is a member of the SFIA Council and was the Design Authority for the version 6 release. Director Simon Roller is also a member of the SFIA Council and was part of the version 6 project team.


Accredited Trainers

A SFIA Accredited Training Provider is an organisation that has had its “Understanding SFIA” course material assessed by the SFIA Foundation against their published syllabus, and is therefore approved to deliver the accredited training course.  

Every Accredited course delivered is subject to a royalty fee paid to the SFIA Foundation for each individual attending the course and must be delivered by a SFIA Accredited Consultant.  If an individual is looking to become an accredited SFIA Consultant, it is imperative that they attend an “Understanding SFIA” training course by an Accredited Training Provider. 

BSMimpact has taken training further than the standard accredited course, and now offers a full suite of SFIA training, including courses focused solely on Role Profiling and Job Descriptions, and how to be a SFIA Assessor. Whilst the SFIA Foundation accreditation currently only defines a syllabus for the “Understanding SFIA” course, BSMimpact offers individuals and organisations a choice, allowing them to focus on their specific objectives and use of SFIA.


 Accredited Consultants

Accredited Consultants are required to provide evidence of their SFIA and other relevant experience during the accreditation process to qualify. 

To apply, individuals must pay a nominal evaluation fee, complete the Accredited “Understanding SFIA” course (from an accredited SFIA Training Partner) and submit a CV.

As an option, individuals may include a case study, demonstrating evidence relating to a number of areas – for example, human capital management policies and practices, hands on involvement in the skills development process, IT industry knowledge, and/or practical involvement of the implementation of SFIA.  For the full list of qualification areas, check out   

BSMimpact currently have 18 SFIA Accredited consultants spread across the globe, primarily concentrated around our core hubs in Australia, New Zealand, USA and the UK. These consultants are a combination of permanent staff and Associate consultants. 


Do your homework!

SFIA really is a great framework and the list of benefits is long – if implemented and used properly.  If you want to use SFIA within your organisation, do your homework.  The website is a great starting point. 

Have a look at the Accredited SFIA Partners and check out whether they are licenced to deliver SFIA consultancy and training, and have Accredited Consultants listed. If you’re not sure, make sure you ask! 

Feel free to ask us a question – we’re very happy to provide you with information on our global reach, credentials and experience.  


Why is SIAM such a puzzle?


Many organisations are looking at Service Integration and Management (SIAM) as the next big thing. Others are scratching their heads and wondering what it is all about.

For starters, Service Integration and Management has been around for some time, although often referred to as Supplier Integration or Service Aggregation. As a model, SIAM helps define the interconnects between the suppliers of services and the consumers of services, and is used in many of our larger organisations to manage complex supplier activities.

Within the SIAM model, there are several defined processes. These processes are variants of the ITIL© (IT Infrastructure Library) processes, mainly used in Service Operations, Service Transition and Service Design. SIAM process models call out several elements that need to be defined within a process model. What is defined and the level of definition is often at the discretion of the SIAM design team, but at a minimum, the model should include: –

  • Process Activities (swim lanes)
  • Roles and Responsibilities
  • Data elements
  • Ownership rights

For example, let’s take an Incident Management process, one very typical in most Service or Help Desks environments. An Incident comes in to the Service Desk and is triaged by the Service Desk Analyst. If they are unable to resolve the incident they will transfer the incident to a 2nd level resolver group. That resolver group may well be a Service Provider who accepts the incident and eventually resolves it. The Incident Management process with its SIAM ‘interconnects’ defines how the incident is transferred between the two organisations. Each person will have a defined Role within the process, which will be the same for each service provider. What is transferred between the Service Provider and the Service Desk is defined in the data elements. Lastly, who owns the data when the Service Provider is disengaged is also defined.

Different processes will have different levels of integration. Processes like Incident Management and Change Management are tightly integrated like a relay race, with a well defined ‘baton’ exchange between different runners. Other processes are more coordinated, like a high jump. As long as only one person jumps at one time (and no one gets hit with a Javelin), all is good.

Where does SFIA fit in?

Defining the skills required for each of the roles within the SIAM model is where SFIA, the Skills Framework for the Information Age, comes in. SFIA defines the skills within roles and helps define development gaps within individuals. Each of the SIAM roles within the process model will have a set of skills. Making sure people have the right skills for each role they perform ensures the model works smoothly.

How, who, and what

If the SIAM process model defines the how, and the SFIA roles define the who, then COBIT defines the what. COBIT 5, from ISACA, is an all-encompassing framework that covers all aspects of IT Governance and Management, and helps define what each role within the SIAM model is responsible for. It is not prescriptive like other process frameworks, instead it has a pragmatic approach as to what needs to occur in a well-managed and governed environment. COBIT has often been a tool used by Information System Auditors; it is now a framework of choice for those wanting to create a Top Down operating model for IT. Choose what you want to govern and manage via COBIT, decide how you do it from the vast array of process methodologies in the market, and then choose who does what based on their SFIA Skills. By including the Responsibilities from COBIT into Role Profiles and Position Descriptions, you close the loop between what you want to do and who is responsible and accountable.

Add ISO\IEC 20000 to the puzzle

For organisations who need to baseline their current capability, we turn to ISO\IEC 20000. The International Standard for Service Management helps us determine the ability for an organisation to adopt a SIAM model, either as a SIAM Manager (the Service Integrator) or a Service Line (Service Provider or Service Tower). For SIAM to be successful, a level of compliance needs to be achieved across all Service Providers, especially in the Integrated processes. Identifying where you have gaps in your maturity now will save you lots of heartache and pain in the future, as a fully functional SIAM model will put undue stress on your existing processes and capabilities. Whilst many external Service Providers may already be ISO20000 compliant, internal IT organisations may not. This is the biggest challenge for many organisations. All service providers are treated equal in a pure play SIAM model. Therefore, if an internal IT function is delivering services, then it is performing the role of a Service Provider, and needs to adhere to the same processes as the other Service Providers. This can create a conflict within the model if not handed effectively, as many Service Providers want to take on the role of the SIAM Manager, or Service Integrator, thereby creating a conflict of interest. The same can be said if special treatment is given to Internal Service providers by an Internal SIAM Manager. SIAM needs to have strong Governance for it to be effective.

Why travel down the SIAM path?

So given the challenges in creating a SIAM based model, why are organisations going down this path? One reason is the amount of Service Providers organisations are using. According to Gartner in 2014, back in 2000 most outsourcing arrangements were confined to a single prime Service Provider. In 2005 it became more of a Best of Breed approach, with maybe 3-4 providers. Multi-sourcing became popular in 2010, with maybe 10+ providers. Today many organisations have 15-20 Service Providers, some of these being cloud based. Many organisations have wanted to embrace the cloud for some time, and have even created a ‘Cloud-1st’ strategy. What has been missing was how to do it. SIAM, for many organisations, has provided that missing piece of the puzzle, and helped enable their cloud strategy.

As more organisations struggle to transform to a Digital economy, and harness all that the cloud can offer, SIAM will cease to be such a puzzle, and become more the answer they have been looking for.

About the Author

Simon Roller is a Director and Principal Consultant for BSMimpact. He is an authority in Governance and Management frameworks, and an expert in Service Integration and Management. He is an ITIL v3 Expert, Certified Information Systems Auditor, Certified in Governance Enterprise IT and a Certified Information System Security Professional. Simon is also an Accredited SFIA consultant and on a number of global expert groups for Governance, SFIA and SIAM.


Don’t be a Fool – get your SFIA skills right

Simon Roller gives an account of the ISACA Oceania CACS 2016 event and explains how mapping COBIT and SFIA together can offer great value.

This week I attended  and spoke at the ISACA Oceania CACS event in the Gold Coast in Queensland. The annual event is a regular haunt for those involved with Auditing and IT Security, and the event had a great turn out with over 200 delegates attending, plus a number of sponsors.

My presentation was well supported, mainly by those who focus on governance and audit. The presentation looked at how we can map COBIT and SFIA together, and the value of this mapping. We have talked about this before at other events, as we are great fans of both these frameworks, but this time we incorporated elements of Management (ITIL) as well as workload analysis. There was some great feedback from those who attended, as most had not realised the linkages between COBIT and SFIA, and how COBIT can be used to define the core responsibilities within a role and SFIA the core skills to support a role. Many of the auditors had “aha!” lightbulb moments, as they could see the potential value of including COBIT activities and SFIA skills in position descriptions, and using that to ensure that all the core COBIT processes were supported by people within their organisations.

Earlier in the day, I attended a keynote presentation where the ‘T’ shaped roles were discussed. “Mr T”,  as us ‘non Millenniums’ like to call him, is an individual who has a detailed set of skills in one area and a broad set of skills in another.

Mr T first got mentioned when we discussed Agile Development, and now is included in DevOps and other operating model variants. Using the mapping between COBITs responsibilities, SFIA skills and COBIT activities, we can see which of Mr T’s skills (punching people – SFIA skill: HPWF) are core versus additional qualities like modelling gold jewels (SFIA skill: WTGN) are important to his role.

After the session, a number of people spoke about the value of this, and one individual mentioned that the presentation made the whole conference worthwhile –  great feedback indeed! Most also agreed they would start to use SFIA as part of their auditing activities and discuss its adoption in their respective organisations.

If you are interested in the presentation, just reach out to us and we can send it on to you.

By the way, both the SFIA skills HPWF (Hitting People With Fists) and WTGN (Wearing Tacky Gold Necklaces) are not real SFIA skills, although with version 7 being discussed, watch this space…    


Simon Roller | Director | BSMimpact


ISACA Now – What cybersecurity skills do you need?

Matthew Burrows wrote a blog that was featured on the ISACA website, focusing on the area that has grown considerably since the publication of SFIA V5: cybersecurity.

Matthew states that “SFIA works well with the various cybersecurity frameworks and information security standards. However, it covers a much wider scope, defining skills needed across the complete digital information and communications technology landscape.  A number of new skills were defined and some existing skills re-worded in version 6 to account for the massive changes that have taken place in this area.

It’s not just about determining the headcount gap regarding the number of cybersecurity professionals, it assists in understanding HOW organisations can build their own cybersecurity capability.

By understanding the unique skills required, organisations can determine if the gaps are in knowledge, role design and/or professional skills. It helps determine who needs upskilling, which roles may require a re-design, and identify the relevant training, mentoring, knowledge transfer and other development activities.

Read the full article here



Digital Forensics and SFIA

An article focusing on the changes to SFIA in version 6, specifically around the Digital Forensics and Cyber Security space were discussed in an article written by Matthew Burrows for Digital Forensics magazine.  The article explains that SFIA works well with various cybersecurity frameworks and information security standards, but covers a much wider scope, defining skills needed across the complete digital information and communications technology landscape. 

Matthew explains some of the ways that SFIA helps in regard to digital forensics, cybersecurity and information security, SFIA is being used to:

  1. help quantify the skills/capability gaps 
  2. help close cybersecurity skill / capability gaps
  3. provide a consistent model for all (ICT) professions
  4. modular approach (skills and levels) provides greater flexibility for organisations to define their requirements for cybersecurity skills / jobs at all levels
  5. provides clarity on scope of cybersecurity qualifications
  6. enable and encourage generalist IT qualifications to include cybersecurity.

Once you have a baseline of the skills you have, there is a lot you can do with it:

  • Maximise the hidden or underutilised skills already present in the organisation.  SFIA baseline skills assessments always, in my experience, uncover skills which the organisation didn’t know it had within the existing resources.
  • Confirm professional development activity to close skills gaps for individuals, teams and organisations, including training, mentoring, self-study, special interest groups and a whole host of other interventions.
  • Recruitment – better job descriptions by using SFIA content, assessment of candidates using SFIA in order to create a clear skills mapping to ensure that the most appropriate candidates are short-listed, interviewed, and hired
  • Projects – planning of requirements based on skills and not just numbers of people, particularly effective in the rising number of agile-based projects where teams of individuals are needed for short focused sprints, where it is essential to get the correct skills
  • HR processes – improved staff retention, more effective recruitment, promotion and development.

Download the full article here.


White Paper: Why is a good Project Manager so hard to find?

Given the amount of skills required to deliver a PRINCE2 project, it is not surprising that a project manager either walks on water or drowns in workload!

This white paper explores the range of skills that make up a Project Manager role, utilising both the PRINCE2 methodology and the Skills Framework for the Information Age (SFIA).

These insights will help to show that there are other factors influencing what makes a Project Manager “good”, and challenge the statement that “good” Project Managers are hard to find!

What are the barriers to success?

If we accept the PRINCE2 view of the world, and we acknowledge the different activities and skills required to run a project, we see the diversity of skills for a Project Manager is probably one of the greatest within the ICT profession.  There are a number of clues that can help us to determine what skills are really needed for each project, and they include:

  1. Having the ability to ‘spin the plates’on all the required activities whilst displaying the skills associated with these activities is a rare talent.  For example, often when a ‘technical’PM tries to run a ‘people or process’ oriented project, skills like RLMT, CNSL and CIPM may be lacking, and the desired outcome is not achieved. 
  2. Not all projects are the same, and the profile and mix of skill of a project manager needs to be aligned to the type and scope of the project brief.  Using a framework like SFIA helps organisations define the skills required to perform role, and mitigate the risk if a particular skill is missing. 
  3. Being trained in Project Management and the supporting technology will only be partially successful unless organisations create a supporting and nurturing environment to grow the skills and capabilities within their project management profession. Having a methodology like PRINCE2 is a useful governance model to assist with project delivery.  Linking this with a framework like SFIA will assist in developing the competencies required to support the project teams and deliver better business outcomes. 

Given the complexity and the diversity of business and IT projects, and the pressures to time, cost and quality, perhaps the issue is not that good Project Managers are hard to find.  We need to be more selective as to how Project Managers are used, and recognise the risks associated with skills gaps.


DTRA Case Study

US-based DTRA – Defence Threat Reduction Agency has one main focus: to keep Weapons of Mass Destruction out of the hands of terrorists and other enemies by locking down, monitoring, and destroying weapons and weapons related materials.  DTRA J6, Information Operations, serves as the underlying information technology and knowledge services entity for all of DTRA.

As the IT practitioner’s role is increasingly moving from a strict “technology” orientation to a more collaborate “innovating together” orientation, it was felt that the Skills Framework for the Information Age (SFIA) was a good fit to help transition the department from being technology focused to that of collaborative innovation.

BSMimpact were asked to conduct an “Understanding SFIA” training course and following this, perform a SFIA self-assessment using BSMimpact’s online tool.

Matthew was a great instructor, experienced and insightful in his sharing of important SFIA-driven procedures and practices for world-class IT professionals.  And the SFIA concepts appear to be a great fit for what our DTRA J6 is trying to accomplish – transition us to the brave, new world of future IT concepts and practices”.

– Donald Minner, DTRA J6 Information Operations Lead, Quality-Analysis-Synchronization Team.

Click on the link below to read the full case study.


Case Study – Vodafone

Consolidating disparate IT Services to become predictable, optimised and valued by the Business.

Vodafone had been going through an extended period of growth with an attendant expansion of its IT. This had led to the emergence of a disparate set of standards and processes, with a number of uncoordinated projects. The result was unsatisfactory levels of service performance and inefficient operations. With its heavy reliance on technology to deliver its business, these issues undermining the relationship between IT and the Business. In recognition of these issues, Vodafone created a Service Operations function to introduce formal Service Management discipline within IT. This function however needed additional skills and experience to give direction and focus to achieving its objectives.

The Solution

Starting with a small and focused Service Management implementation for one department, BSMimpact were able to identify the cause of wider service inefficiencies across IT. BSMimpact then presented a remedial plan designed to address the customers’ issues. Employee engagement is fundamental to business success in any service industry and this was a corner stone in our activity with Vodafone. Feedback was collected from employees within Service Operations and from internal customers and stakeholders across Vodafone. We also held workshops with key stakeholders to agree a set of design principles.

The Benefits

In addition to cost savings resulting from the removal of inefficient practices and duplicated projects, Vodafone realised benefit through the increased recognition of the value delivered by IT to the Business. This led to a more mature relationship between IT and the Business which supported future investment and development.

Read the full case study by clicking on the link below.


Matthew Burrows talks SFIA at SITS15

Matthew Burrows joined the ITSM Global Podcast team at SITS15 to talk about SFIA, what’s changing in Version 6 and the benefits organizations can get out of using SFIA!


Using SFIA to identify & address workforce skills gaps

Matthew Burrows presents a webinar with Accredited SFIA Partner, Learning Tree, in February 2016. In it he discusses how organisations can identify the skills they have and the skills they need using SFIA.


Case Study: LPI

Developing staff skills to prepare for the Department’s transformation to a services organisation.

Land and Property Information (LPI) is a division of the Department of Finance, Service and Innovation.  They are the key provider of land information services in New South Wales, Australia, which includes spatial information, titling information and valuations.

Steven Woodhouse, the Chief Information Officer of the Department had created a strategy to turn the ICT department from a traditional environment into a services organisation.

“I wanted us to work as a service organisation within LPI” commented Steven.  To do this, he had to set up a vision of what the organisation would look like.  In order to see this ‘future state’, they needed to understand their current situation.  LPI turned to SFIA to understand what skills they had currently, and to determine what skills they needed in the future.

Download the full case study (link below) to view their SFIA Assessment findings and an outline of Phase 2 – Performance Management.

We needed to get a flatter, more streamlined structure that allowed for the movement of skills from one place to another, plus we needed to enhance some skills and not worry about others.  The performance management component was recognised as a logical next step, where our aim was to make people want to participate in performance management.  That’s why we tied our next phase of our SFIA journey in with performance management.


All things ITSM catches up on SFIA6

The All Things ITSM team catches up with Matthew Burrows at the itSMF Australia Conference in August 2015.  Here he discusses the SFIA 6 launch in Sydney, explains the global spread of the uptake of SFIA, where it fits amongst Cobit and ITIL, and much more!  Take a look at the video by clicking the link below.



What’s new in SFIAV6 – Launch Event

Matthew Burrows and Mike Chad provide an update at the Developing Digital Talent conference (July 1, 2015), on the latest release of SFIA (v6). They share the detailed changes between version 5 and version 6.


An Introduction to SFIA6

SFIA Version 6 was released in 2015. each described at one or more of 7 levels of responsibility. To aid navigation, SFIA structures the skills into 6 categories, each with a number of sub-categories…. check out this 2&1/2 minute video for more information!


Case Study: CenSus

Understanding individual skills of current staff at CenSus using SFIA provided invaluable data.

Central Sussex (CenSus) Partnership ICT provides ICT Infrastructural support services for the Horsham, Mid-Sussex District Councils and the Adur-Worthing Partnership. The organisation was formed in 2006 with Adur, Horsham and Mid-Sussex participating. Worthing subsequently joined in 2011. The CenSus ICT team also supports the CenSus Revenues and Benefits Service that provides benefit processing for Adur, Horsham and Mid-Sussex councils.

The CenSus ICT Team has three principal locations (Horsham, Haywards Heath & Worthing) and has been formed from the respective Council teams.

The intention and plan at CenSus was to form a single team capable of providing ICT support services for the participating organisations, both for Business As Usual (BAU) activities and for transformational and developmental projects. To do this, it was necessary to understand the skills and capability of each team member to ensure that the right people were in the right roles.

It was determined that the Skills Framework for the Information Age (SFIA) was a framework that could be used to identify ICT skills and understand if there were any skills gaps. BSMimpact were engaged to help CenSus implement SFIA. With the arrival of the new Interim Head Of CenSus ICT (himself SFIA accredited) it had been determined that a skills assessment for the 46 staff involved should be undertaken prior to any possible reorganization of the service. To make sure that the service was able to meet current and future demands in a rapidly changing environment, they needed to know what skills and capabilities were present within the team.  This included not only technical skills, but also professional and customer service skills.

An excellent service provided by a thoroughly professional organisation. BSMimpact’s Consultants were knowledgeable and had sufficient experience to be able to put the information gathered into a suitable context.” – Ian Henderson, Interim Head Of CenSus ICT

For the full Case Study, download the PDF below.