Chief information officers in medium to large organisations apply the skills and knowledge in this unit to direct the strategic planning, risk management and security of internal and external ICT infrastructure of their organisation.
Their job roles combine high-level management and business skills to perform strategic planning and direction of emerging and converging technologies within the ICT industry.
Not applicable.
1. Direct strategic planning for IT resources | 1.1 Analyse organisational environment 1.2 Ensure compliance with legislative and social requirements 1.3 Establish priorities based on organisational need 1.4 Establish required IT infrastructure 1.5 Lead the development and implementation of a strategic plan for IT resourcing |
2. Lead risk management of IT resources and processes | 2.1 Lead development of strategy for risk assessment 2.2 Ensure risk assessment complies with organisational policy 2.3 Ensure risk mitigation based on identified risks |
3. Direct quality assurance processes for IT services | 3.1 Lead the development of a quality assurance strategic plan 3.2 Monitor quality processes 3.3 Oversee the implementation of quality assurance strategies 3.4 Ensure continuous improvement |
Required skills
analytical skills to:
assess deficiencies in project processes and set-up
conduct enterprise resource planning and management
determine the validity of arguments
formulate a logical plan of action based on proposed solutions
investigate situations and provide recommendations and remedies
make effective decisions
probe for consistency in information or data presented
communication, teamwork and leadership skills to:
act as a positive role model
liaise with people working across different levels and in different contexts
negotiate
prepare reports to senior management
read and interpret an organisation's reports, policies and procedures in order to establish and review business continuity management framework
resolve conflicts
initiative, enterprise and problem-solving skills to:
assess vulnerabilities in organisational processes and infrastructure set-up
evaluate competitive technologies
solve problems individually and in teams in response to changing environments
translate a range of ideas into appropriate action
literacy skills to:
interpret reports dealing with complex ideas and concepts
read and interpret complex technical and non-technical information from a range of sources
review complex and unfamiliar information
numeracy skills to:
negotiate adjustments to operational budgets based on benefits-realisation plans
validate project estimation and cost-benefit analysis
planning and organisational skills to:
apply project management methods to reduce project and financial risks
establish and monitor the organisation's continuous improvement and planning processes
oversee project programs
research skills to undertake the necessary background research for the development and monitoring of the strategic management plans
technology skills to:
compare and recommend new technology solutions to improve organisational outcomes
evaluate complex information technology issues within the organisation's environment.
Required knowledge
AS/NZS ISO 31000:2009 Risk management
business continuity issues for the organisation
organisation’s industry and current functionality, including existing data and information systems
organisation's internal and external dependencies and interdependencies
organisational policies and procedures, including risk-management strategy
past and current internal, external and industry disruptions
relevant legislation and regulations that impact on business continuity, such as OHS, environment, duty of care, contract, company, freedom of information, industrial relations, privacy and confidentiality, due diligence, and records management.
The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.
Overview of assessment | |
Critical aspects for assessment and evidence required to demonstrate competency in this unit | Evidence of the ability to: develop a strategy to align IT services with organisational goals conduct risk analysis, including security for IT assets and implement procedures that identify where risk occurs and what measures need to be taken to handle the risk produce contingency plans for business continuity establish warning systems and an ongoing process that includes regular or programmed reviews of the risk profile confirm sufficient knowledge of security products and organisational security policy develop strategy for the implementation of appropriate processes and procedures that ensure that quality expectations are met. |
Context of and specific resources for assessment | Assessment must ensure access to: relevant strategic level enterprise documentation, including planning, financial, and IT infrastructure documentation relevant legislative policies. Where applicable, physical resources should include equipment modified for people with special needs. |
Method of assessment | A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit: direct observation of the candidate carrying out project work verbal or written questioning to assess required knowledge and skills review of reports and implementation plans portfolio of the project work undertaken. Note: The preferred assessment method is through a workplace project or through a simulated medium to large enterprise workplace. |
Guidance information for assessment | Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate. Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed. Indigenous people and other people from a non-English speaking background may need additional support. In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge. |
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.
Organisational environment may include: | business or management structure conglomerate of business entities external environment in which a business is operating, including contractors and externally provided services specific business entity way in which organisational members perceive and characterise their environment in an attitudinal and value-based manner. |
IT infrastructure may include: | architecture requirements: hardware software business, system, application, network, or people in the organisation comparing and contrasting expected performance criteria against vendor proposed offerings databases, applications, servers, operating system, gateways, application service provider (ASP) and internet service provider (ISP) work stations, personal computers, modems or other connectivity devices, networks, remote sites, and servers. |
Strategic plan may relate to: | components from separate disciplines, such as IT or human resources mission, vision and values objectives and targets organisational environment part of organisational strategic plan or a stand-alone document process of the organisation's definition of its strategy or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. |
Risk assessment may include: | coordinated and economical application of resources to minimise, monitor and control the probability or impact of unfortunate events or to maximise the realisation of opportunities establishment of a secure environment for IT assets identification, assessment and prioritisation of risks risk plans, gathering information, identifying threats, evaluating threats, developing scenarios, ranking risk, identifying counter measures, reporting and following up. |
Organisational policy may refer to: | documentation internal to the organisation that guides actions that are particular to the organisation issuing the policy, and guides processes that are most likely to achieve a desired outcome process of making important organisational decisions, including the identification of different alternatives, such as programs or spending priorities, and choosing among them on the basis of the impact they will have political, management, financial and administrative mechanisms arranged to reach explicit goals. |
Risk mitigation may include: | identification of one or more potential solutions to reduce or remove each risk if it arises implementation of policies or actions that identify risks in an existing or planned process. |
Quality processes: | may refer to: processes that analyse quality to make sure it conforms to specific requirements and complies with established plans processes, authorisations and responsibilities for quality control, quality assurance, continuous improvement, communications and responsibilities may contain: critical success factors measurement criteria inspection, audit, report and review procedures. |
Continuous improvement may include: | efforts that seek incremental improvement over time or breakthrough improvement at once ongoing effort to improve products, services or processes processes that are constantly evaluated and improved in the light of their efficiency, effectiveness and flexibility. |
General ICT
This unit contains employability skills.
No licensing, legislative, regulatory or certification requirements apply to this unit at the time of endorsement but users should confirm requirements with the relevant federal, state or territory authority.