End-Point Assessment Plan

EPA Plan ST0119 version: 1.2

Introduction and overview

This page explains the requirements for end-point assessment (EPA) for the digital and technology solutions professional degree-apprenticeship. End-point assessment organisations (EPAOs) must follow this when designing and delivering the EPA.

Digital and technology solutions professional apprentices, their employers and training providers should read this document.

A degree-apprenticeship awards a degree with the achievement of the apprenticeship. The degree learning outcomes must be aligned with the knowledge, skills and behaviours (KSBs) in the apprenticeship. The degree must be completed, passed and awarded alongside the digital and technology solutions professional degree-apprenticeship.

The apprentice must complete their training and meet the gateway requirements before starting their EPA. The EPA will assess occupational competence.

A degree-apprenticeship must be delivered by a Higher Education Provider (HEP) that is on both the register of apprenticeship training providers (RoATP) and the register of end-point assessment organisations (RoEPAO). The apprentice’s employer must select an HEP who is on both registers.

If the HEP is using a credit framework, the EPA must contribute to the total credit value, and must be delivered in line with this EPA plan. However, the number of credits devoted to EPA may vary across HEP’s. The recommended EPA contribution is 30 credits of the total credit value.

A full-time digital and technology solutions professional apprentice typically spends 48 months on-programme (this means in training before the gateway). The apprentice must spend at least 12 months on-programme and complete the required amount of off-the-job training in line with the apprenticeship funding rules.

This EPA should then be completed within an EPA period lasting typically 48 months.

Occupational competence is outlined by the EPA grade descriptors and determined, when assessed in line with this EPA plan, by an independent assessor who is an occupational expert and confirms the overall EPA grade.

Assessment method 1 - Project Report with presentation, questions and answers:

  • Fail
  • Pass
  • Distinction

Assessment method 2 - Professional Discussion underpinned by a portfolio:

  • Fail
  • Pass
  • Distinction

The result from each assessment method is combined to decide the overall degree-apprenticeship grade. The following grades are available for the degree-apprenticeship:

  • Fail
  • Pass
  • Merit
  • Distinction

EPA Summary

The apprentice must:

  • complete training to develop the knowledge, skills and behaviours (KSBs) outlined in this degree-apprenticeship’s occupational standard

  • complete training towards English and mathematics qualifications in line with the apprenticeship funding rules

  • work towards all required elements of the digital and technology solutions professional degree-apprenticeship except undertaking the EPA

  • The qualification required is:Digital and Technology Solutions Professional
  • compile a portfolio of evidence

End-point assessment gateway

The apprentice’s employer must be content that the apprentice has attained sufficient KSBs to complete the degree-apprenticeship.

The apprentice must:

  • confirm they are ready to take the EPA

  • have achieved English and mathematics qualifications in line with the apprenticeship funding rules

  • have completed and passed all required elements of the digital and technology solutions professional degree-apprenticeship except the EPA

For the project report with presentation, questions and answers, the apprentice must submit a Project title and summary. To ensure the project allows the apprentice to meet the KSBs mapped to this assessment method to the highest available grade, the EPAO should sign-off the project’s title and scope at the gateway to confirm it is suitable.

For the professional discussion underpinned by a portfolio, the apprentice must submit a portfolio of evidence.

The apprentice must submit the gateway evidence to their EPAO, including any organisation specific policies and procedures requested by the EPAO.

End-point assessment - typically 3 months

The grades available for each assessment method are below

Project Report with presentation, questions and answers:

  • Fail
  • Pass
  • Distinction

Professional Discussion underpinned by a portfolio:

  • Fail
  • Pass
  • Distinction

Overall EPA and degree-apprenticeship can be graded:

  • Fail
  • Pass
  • Merit
  • Distinction

Professional recognition

This degree-apprenticeship aligns with:British Computer Society for Registered IT Technician (RITTech)

Duration of end-point assessment period

The EPA is taken in the EPA period. The EPA period starts when the EPAO confirms the gateway requirements have been met and is typically 3 months.

The EPAO should confirm the gateway requirements have been met and the EPA should start as quickly as possible.

EPA Gateway

The apprentice’s employer must be content that the apprentice has attained sufficient KSBs to complete the degree-apprenticeship. The employer may take advice from the apprentice’s training provider, but the employer must make the decision. The apprentice will then enter the gateway.

The apprentice must meet the gateway requirements before starting their EPA.

They must:

  • confirm they are ready to take the EPA
  • have achieved English and mathematics qualifications in line with the apprenticeship funding rules
  • have completed and passed all required elements of the Digital and Technology Solutions Professional degree-apprenticeship except the EPA
  • submit a Project title and summary for the project report with presentation, questions and answers

The apprentice will scope out and provide a summary of what the project will cover and will submit this to the EPAO at the gateway. This should demonstrate that the work-based project report will provide sufficient opportunity for the apprentice to meet the KSBs mapped to this method. The summary is not formally assessed and will typically be no longer than 500 words.

The project proposal needs to include a summary of the project plan, research requirements, an overview of how the project will be planned to include timeframes and the date the work-based project report must be submitted to the independent assessor taking into account the deadlines stipulated within this end-point assessment plan. The EPAO will sign off the project summary within 2 weeks of the Gateway to ensure sufficient scope to meet the KSBs mapped to this assessment method.

  • submit a Portfolio of evidence for the professional discussion underpinned by a portfolio

  • apprentices must compile a portfolio of evidence during the on-programme period of the apprenticeship

  • it must contain evidence related to the KSBs that will be assessed by the professional discussion

  • the portfolio of evidence will typically contain 6 discrete pieces of evidence

  • evidence must be mapped against the KSBs

  • evidence may be used to demonstrate more than one KSB; a qualitative as opposed to quantitative approach is suggested

  • evidence sources may include:

  • workplace documentation/records, for example workplace policies/procedures, records

  • witness statements

  • assignments

  • annotated photographs

  • video clips (maximum total duration 10 minutes); the apprentice must be in view and identifiable

This is not a definitive list; other evidence sources are possible.

  • Although it is expected that apprentices at degree level will be reflective in their practice, it should be noted that the EPA assesses individuals on evidence of output against the KSBs, not reflective accounts or any methods of self-assessment.

  • any employer contributions should focus on direct observation of performance (for example witness statements) rather than opinions

  • the evidence provided must be valid and attributable to the apprentice; the portfolio of evidence must contain a statement from the employer and apprentice confirming this

  • the portfolio of evidence must be submitted to the EPAO at the gateway

The portfolio of evidence is not directly assessed. It underpins the professional discussion and therefore should not be marked by the EPAO. EPAOs should review the portfolio of evidence in preparation for the professional discussion but are not required to provide feedback after this review of the portfolio.

The apprentice must submit the gateway evidence to their EPAO, including any organisation specific policies and procedures requested by the EPAO.

Project Report with presentation, questions and answers

Overview

A project involves the apprentice completing a significant and defined piece of work that has a real business application and benefit.

NB - The project may be undertaken pre-gateway, however, the Project Report must be completed after the apprentice has gone through the gateway.

A Digital and Technology Solutions Project may take years and not all projects experience a full life cycle, sometimes being abandoned for cost reasons or change of business strategy. A Digital Technology Solutions Professional may be one of a multidisciplined team and therefore may not control the timescale of the project. Therefore a project (or part project) cannot be designed or delayed to fit into the EPA timescale nor the specification of the EPAO as results can range from successful new recommendations on process, product or decommission. This cannot be predicted.

The project must give the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method.

The project must meet the needs of the employer’s business and be relevant to the apprentice’s occupation and apprenticeship. The EPAO must confirm that it provides the apprentice with the opportunity to demonstrate the KSBs mapped to this assessment method to the highest available grade. The EPAO must refer to the grading descriptors to ensure that projects are pitched appropriately.

This assessment method has 2 components:

  • Project with report
  • presentation with questions and answers

Rationale

This assessment method is being used because a project is a fundamental activity within the sectors in which a DTSP works. Every specialism within the DTSP apprenticeship works within a project-based approach and so this is a valid way of measuring competence.

The project may be undertaken pre-gateway, however, the Project Report must be completed after the apprentice has gone through the gateway.

A Digital and Technology Solutions Project may take years and not all projects experience a full life cycle, sometimes being abandoned for cost reasons or change of business strategy. A Digital Technology Solutions Professional may be one of a multidisciplined team and therefore may not control the timescale of the project. Therefore a project (or part project) cannot be designed or delayed to fit into the EPA timescale nor the specification of the EPAO as results can range from successful new recommendations on process, product or decommission. This cannot be predicted.

Component 1: Project with a project report

Delivery

The project report with presentation, questions and answers must be structured to give the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method to the highest available grade.

The apprentice’s project can be based on any of the following:

  • a specific problem
  • a recurring issue
  • an idea or opportunity

To ensure the project allows the apprentice to meet the KSBs mapped to this assessment method to the highest available grade, the EPAO should sign-off the project’s title and scope at the gateway to confirm it is suitable. The project output must be in the form of a report.

The apprentice must start the project report after the gateway. They must complete and submit the to the EPAO by the end of week report 12 of the EPA period. The employer should ensure the apprentice has the time and resources, within this period, to plan and complete their project. The apprentice must complete their project and the production of its components unaided.

The apprentice may work as part of a team to complete the project which could include technical internal or external support. However, the project report must be the apprentice’s own work and reflective of their own role and contribution. The apprentice and their employer must confirm that the project report is the apprentice’s own work when it is submitted.

The report must include at least:

  • an introduction
  • the scope of the project (including key performance indicators and stakeholder engagement)
  • how the outcomes would be achieved
  • a project plan
  • research and findings
  • project outcomes
  • recommendations and conclusions.

The project report has a word count of 6000 words. A tolerance of 10% above or below the word count is allowed at the apprentice’s discretion. Appendices, references and diagrams are not included in this total. The project report must map, in an appendix, how it evidences the KSBs mapped to this assessment method.

Component 2: Presentation with questions

Delivery

In the presentation with questions the apprentice delivers a presentation to an independent assessor on a set subject. The independent assessor must ask questions following the presentation. This gives the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method.

The apprentice must prepare and submit their presentation speaker notes and supporting materials presentation with questions and answers. The independent assessor must ask questions after the presentation. The presentations must include:

  • an overview of the project
  • the project scope (including key performance indicators)
  • summary of actions undertaken by the apprentice
  • project outcomes and how these were achieved

The apprentice must prepare and submit their presentation speaker notes and supporting materials to the EPAO at the same time as the report by the end of week 12 of the EPA period.

The apprentice must notify the EPAO, at that point, of any technical requirements for the presentation. During the presentation, the apprentice must have access to:

  • presentation software
  • a copy of the project report and presentation
  • notes
  • computer

The independent assessor must have at least 2 weeks to review the project output(s) and presentation speaker notes and supporting materials, to allow them to prepare questions. 

The EPAO must give the apprentices at least 14 days notice of the presentation with questions.

The apprentice must deliver their presentation to the independent assessor on a one-to-one basis.

The independent assessor must ask questions after the presentation.

The purpose of the questions is to explore and verify the apprentice’s understanding of their project area in relation to the apprenticeship standard.

The presentation and questions must last 60 minutes. This will typically include a presentation of 30 minutes and questioning lasting 30 minutes. The independent assessor can increase the total time of the presentation and questioning by up to 10%. This time is to allow the apprentice to complete their last point or respond to a question if necessary.

The independent assessor must ask at least 4 questions. They must use the questions from the EPAO’s question bank or create their own questions in-line with the EPAO’s training. Follow up questions are allowed where clarification is required.

The independent assessor must use the full time available for questioning. The independent assessor must make the grading decision. The project components must be assessed holistically by the independent assessor when they are deciding the grade.

The independent assessor must make the grading decision. The project components must be assessed holistically by the independent assessor when they are deciding the grade.

The independent assessor must keep accurate records of the assessment. They must record:

  • the KSBs demonstrated in the report and presentation
  • the apprentice’s answers to questions
  • the KSBs demonstrated in answers to questions
  • the grade achieved 

Assessment location

The presentation with questions must take place in a suitable venue selected by the EPAO (for example the EPAO’s or employer’s premises).The presentation with questions should take place in a quiet room, free from distractions and influence.

The presentation with questioning can be conducted by video conferencing. The EPAO must have processes in place to verify the identity of the apprentice and ensure the apprentice is not being aided.

Question and resource development

The EPAO must develop a purpose-built assessment specification and question bank. It is recommended this is done in consultation with employers of this occupation. The EPAO should maintain the security and confidentiality of EPA materials when consulting employers. The assessment specification and question bank must be reviewed at least once a year to ensure they remain fit-for-purpose.  

The assessment specification must be relevant to the occupation and demonstrate how to assess the KSBs mapped to this assessment method. The EPAO must ensure that questions are refined and developed to a high standard. The questions must be unpredictable. A question bank of sufficient size will support this.

The EPAO must ensure that the apprentice has a different set of questions in the case of re-sits or re-takes.

EPAO must produce the following materials to support the project report with presentation, questions and answers:

  • Independent assessor EPA materials which include:
  • training materials
  • administration materials
  • moderation and standardisation materials
  • guidance materials
  • grading guidance
  • question bank
  • EPA guidance for the apprentice and the employer

The EPAO must ensure that the EPA materials are subject to quality assurance procedures including standardisation, training, and moderation.

Professional Discussion underpinned by a portfolio

Overview

In the professional discussion, an independent assessor and apprentice have a formal two-way conversation. It gives the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method.

The apprentice can refer to and illustrate their answers with evidence from their portfolio of evidence.

Rationale

This assessment method is being used because:

  • breadth of the core of the standard and opportunities to evidence across this throughout the duration of the programme
  • allows the opportunity to explore depth of understanding surrounding the relevant specialist KSBs

Delivery

The professional discussion must be structured to give the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method to the highest available grade.

An independent assessor must conduct and assess the professional discussion.

The purpose of the independent assessor’s questions will be to explore the following topics and themes:

Theme A: Underlying Principles

Theme B: Technical Solutions

Theme C: Innovation & Response

Theme D: Legal, Ethics & Landscape

The EPAO must give an apprentice 14 days notice of the professional discussion.

The independent assessor must have at least 2 weeks to review the supporting documentation.

The apprentice must have access to their portfolio of evidence during the professional discussion.

The apprentice can refer to and illustrate their answers with evidence from their portfolio of evidence however, the portfolio of evidence is not directly assessed.

The professional discussion must last for 60 minutes. The independent assessor can increase the time of the professional discussion by up to 10%. This time is to allow the apprentice to respond to a question if necessary.

The independent assessor must ask at least 4 questions. Follow-up questions are allowed where clarification is required. The independent assessor must use the questions from their EPAO’s question bank or create their own questions in-line with the EPAO’s training.

The independent assessor must make the grading decision. he independent assessor must keep accurate records of the assessment. They must record:

  • the apprentice’s answers to questions
  • the KSBs demonstrated in answers to questions
  • the grade achieved 

Assessment location

The professional discussion must take place in a suitable venue selected by the EPAO (for example the EPAO’s or employer’s premises).

The professional discussion can be conducted by video conferencing. The EPAO must have processes in place to verify the identity of the apprentice and ensure the apprentice is not being aided.

The professional discussion should take place in a quiet room, free from distractions and influence.

Question and resource development

The EPAO must develop a purpose-built assessment specification and question bank. It is recommended this is done in consultation with employers of this occupation. The EPAO should maintain the security and confidentiality of EPA materials when consulting employers. The assessment specification and question bank must be reviewed at least once a year to ensure they remain fit-for-purpose.  

The assessment specification must be relevant to the occupation and demonstrate how to assess the KSBs mapped to this assessment method. The EPAO must ensure that questions are refined and developed to a high standard. The questions must be unpredictable. A question bank of sufficient size will support this.

The EPAO must ensure that apprentice has a different set of questions in the case of re-sits or re-takes.

The EPAO must produce the following materials to support the professional discussion underpinned by a portfolio:

  • independent assessor assessment materials which include:
  • training materials
  • administration materials
  • moderation and standardisation materials
  • guidance materials
  • grading guidance
  • question bank
  • EPA guidance for the apprentice and the employer

The EPAO must ensure that the EPA materials are subject to quality assurance procedures including standardisation, training, and moderation.

Grading

Project Report with presentation, questions and answers

THEME KSBS PASS APPRENTICES MUST DEMONSTRATE ALL THE PASS DESCRIPTORS** DISTINCTION - APPRENTICES MUST DEMONSTRATE ALL THE PASS DESCRIPTORS AND ALL OF THE DISTINCTION DESCRIPTORS
(Core) The Organisational Context K1 K2 Identifies the role digital technology solutions play in gaining a competitive advantage by adapting and exploiting them (K1)Explains the principles of strategic decision making concerning the acquisition or development of digital and technology solutions. (K2) N/A
(Core) Project Requirements S3 B3 Analyses relevant evidence to produce a proposal for a digital and technology based project in line with legal, ethical and regulatory requirements whilst ensuring the protection of personal data, safety and security (S3,B3) N/A
(Core) Project Planning and Resources K3 K4 K15 S2 S14 Produces a project plan which estimates risks and opportunities and determines mitigation strategies.’ (K3, S2)Evaluates appropriate techniques and approaches that are used in creating a business case (K4)The project applies techniques to estimate cost and time resource constraints.’ (K15)Researches information on innovative technologies/approaches and investigates and evaluates them in the development of a digital and technology solution. (S14) N/A
(Core) Solution Proposal S1 Analyses the business problem behind the project proposal to identify the role of digital and technology solutions. (S1) Justifies their choice of digital and technology solutions for specific roles in the project proposal. (S1)
(Core) Project Delivery K5 S5 S6 Carries out the identified solution proposal utilising a range of digital tools and standard approaches. (K5, S5) Manages the project delivery to achieve digital and technology solutions. (S6) Justifies the selection and use of standard processes and methods. (K5, S5)
(Core) Project Evaluation K17 K18 S13 Justifies their methods of research and evaluation which determined the selection of digital and technology solutions identified for the project. (K18)Presents an overview of the project to appropriate stakeholders using appropriate language and style. (K17, S13, B5) Compares and contrasts their chosen digital technology solution to alternative approaches within their research outcomes. (K18,S13)
(Software Engineer) Technical Solutions K25 K26 K27 Analyses the factors affecting product quality and the approaches controlling them throughout the project development process. (K25/SEK5).Selects and applies software tools appropriate to the Software Engineering project solution. (K26/SEK6)Outlines approaches to the interpretation and use of artefacts. (K27/SEK7) Evaluates the impact of approaches used to control product quality throughout the project development process. (K25/SEK5)
(Software Engineer) Innovation and Response S16 S17 S18 S19 S22 Identifies and defines a non-routine, unspecified software engineering problem. (S16/SES1) Recommends a software engineering solution that is appropriate for the project brief. (S17/SES2)Selects and applies analysis methods, approaches and techniques in software engineering projects to deliver an outcome that meets requirements. (S18/SES3) Demonstrates how they implement software engineering projects using appropriate software engineering methods, approaches and techniques. (S19/SES4)Evaluates their selection of approach, methodology, analysis and outcomes to identify both lessons learned and recommendations for improvements to future projects software engineering projects. (S22/SES7) Evaluates their choice of software engineering solution for the project brief. (S17/SES2) Justifies their choice of analysis methods approaches and techniques. (S18/SE3)Compares and contrasts the implementation of their software engineering solution with alternative approaches. (S22/SES7)
(Cyber Security Analyst) Underlying Principles K45 K51 Explains the principles of cyber security tools and techniques as related to the project. (K45/CSK1) Relates the principles of security architectures and methodologies to the project. (K51/CSK7) N/A
(Cyber Security Analyst) Innovation and Response K52 S42 S46 S47 Describes approaches to deployment of cyber security technology components in digital systems to provide security functionality. (K52/CSK8)Demonstrate how they recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends in the project. (S42/CSS3)Demonstrate how they analyse cyber security requirements in the project against other design requirements for systems or products and identify conflicting requirements and recommend appropriate solutions with clear explanation of costs/benefits. (S46/CSS7)Demonstrate how they lead the design and build of systems in accordance with a security case to address organisational challenges in the project. (S47/CSS8) Justifies their choice of approach to deployment of cyber security technology components in digital systems to provide security functionality within the project. (K52/CSK8)
(Cyber Security Analyst) Technical Solutions S40 S44 Demonstrate how they discover, identify and analyse security threats, attack techniques and vulnerabilities using cyber security architectures, methodologies, tools and techniques to recommend mitigation and security controls in the project. (S40/CSS1) Selects and applies cyber security tools and techniques in relation to the risks identified in the context of the project. (K41/CSK1, S44/CSS5) Critically evaluates how they discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls in the project (S40/CSS1)
(Network Engineer) Underlying Principles K61 K62 K66 Explain the role of physical and/or virtual network component and their impact within a project. (K61/NEK1)Explain network fundamentals concepts (protocols, features etc.) and the relationships between them that are relevant to a specific project undertaken. (K62/NEK2)Describe key security concepts and security programme elements. (K66/NEK6) N/A
(Network Engineer) Innovation and Response S56 S57 S60 S62 Demonstrate how they identify and collate stakeholder network needs. (S56/NES1)Demonstrate how they plan, design, document and develop network solutions taking into consideration stakeholder requirements and define appropriate operational policies. (S57/NES2)Demonstrate how they implement, test and validate networks from a design, explaining the chosen design and implementation. (S60/NES5)Demonstrate how they research and evaluate emerging network technologies, utilising appropriate sources of evidence, to support an objective recommendation. (S62/NES7) Critically evaluate how they plan, design, document and develop network solutions taking into consideration stakeholder requirements and define appropriate operational policies. (S57/NES2)Critically evaluate how they research and evaluate emerging network technologies, utilising appropriate sources of evidence, to support an objective recommendation. (S62/NES7)
(Network Engineer) Technical Solutions S63 Demonstrate how security concerns or attacks are investigated and mitigated. (S63/NES8) N/A

Professional Discussion underpinned by a portfolio

Fail - does not meet pass criteria

THEME KSBS PASS APPRENTICES MUST DEMONSTRATE ALL THE PASS DESCRIPTORS DISTINCTION APPRENTICES MUST DEMONSTRATE ALL THE PASS DESCRIPTORS AND ALL OF THE DISTINCTION DESCRIPTORS
(Core) The Organisational Context K7 Reviews the roles, functions and activities relevant to technology solutions within an organisation. (K7) N/A
(Core) Core Technical Concepts K6 K11 K12 K14 K16 Critically evaluates the nature and scope of common vulnerabilities in digital and technology solutions (K11)Explains core technical concepts for digital and technology solutions, including:- The approaches and techniques used throughout the digital and technology solution lifecycle and their applicability to an organisation’s standards and pre-existing tools.(K6)- Data gathering, data management, and data analysis.(K12, K14)- Computer networking concepts.(K16) N/A
(Core) Applied Technical Solutions K13 S4 S9 S10 S11 S12 Demonstrates the use of core technical concepts for digital and technology solutions, including:- Initiate, design, code, test and debug a software component for a digital and technology solution. (S4)- Security and resilience techniques. (S9)- Initiates, designs, implements and debugs a data product for a digital and technology solution. (S10)- Plans, designs and manages simple computer networks. (S12)- Applies the principles of data analysis for digital and technology solutions. (K13, S11) N/A
(Core) Leading and Working Together K8 K9 K10 S7 S8 B4 B6 B7 Explains how teams work effectively to produce a digital and technology solution applying relevant organisational theories using up to date awareness of trends and innovations. (K8, S7, B4,B6,B7) Describes the concepts and principles of leadership and management as they relate to their roleand how they apply them. (K9, K10,S8) N/A
(Core) Social Infrastructure - Legal, Ethical and Sustainability K19 K20 S15 B1 B2 B8 Applies relevant legal, ethical, social and professional standards to digital and technology solutions considering both technical and non-technical audiences and in line with organisational guidelines. (K19, S15, B1, B2, B5)Explains sustainable development approaches within digital technologies as they relate to their role including diversity and inclusion. (K20, B8) Justifies the application of relevant legal, ethical, social and professional standards to digital and technology solutions. (K19, S15)Evaluates the impact of sustainable digital technology practices of their organisation. (K20)
(Software Engineer) Underlying Principles K21 K22 K23 Describes scenarios covering all stages of a development lifecycle, identifying techniques and methods are applied in each case. (K21/SEK1)Explains the principles of a range of development techniques, for each stage of the software development cycle that produce artefacts and the contexts in which they can be applied. (K22/SEK2)Explains the principles of a range of development methods and approaches and the contexts in which they can be applied. (K23/ SEK3) N/A
(Software Engineer) Technical Solutions K24 K28 Describes. how to interpret and implement a design, compliant with functional, non-functional and security requirements. K24/SEK4Describes how tools that support teamwork can be used effectively. K28/SEK8 N/A
(Software Engineer) Innovation and Response S20 S21 Describes how they respond to changing priorities and problems arising within software engineering projects by making revised recommendations, and adapting plans as necessary, to fit the scenario being investigated. (S20/SES5)Explains how they determine, refine, adapt and use appropriate software engineering methods, approaches and techniques to evaluate software engineering project outcomes. (S21/SES6) Demonstrates how their actions have influenced the creation of appropriate plans within teams and contributed to project outcomes. (S20/SES5) Compares and contrasts how they respond to changing priorities and problems arising within software engineering projects by making revised recommendations, and adapting plans as necessary, to fit the scenario being investigated. (S20/SES5)
(Software Engineer) Legal, Ethics and Landscape S23 Describes how they extend and update software development knowledge with evidence from professional and academic sources by undertaking appropriate research to inform best practice and lead improvements in the organisation. (S23/SES8) N/A
(Cyber Security Analyst) Legal, Ethics and Landscape K46 K48 K50 S45 Explains the principles of quantitative and qualitative risk management theory including the role of risk stakeholders. (K46/CSK2)Describes the key legislative frameworks and the regulatory landscape for cyber security. (K48/CSK4)Explains the ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional. (K50/CSK6)Describes how they lead cyber security awareness campaigns and evaluate their effectiveness.(S45/CSS6) N/A
(Cyber Security Analyst) Technical Solutions K47 K49 S41 S43 Evaluates concepts and approaches to cyber security assurance. (K47/CSK3)Evaluates approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause. (K49/CSK5)Explains how they undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation. (S41/CSS2)Explains how they manage cyber security risk. (S43/CSS4) Critically evaluates how they undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation. (S41/CSS2)Critically evaluates how they manage cyber security risk. (S43/CSS4)
(Network Engineer) Technical Solutions K63 K67 K68 S58 S61 Explains the benefits and risks of cloud computing and the common integration deployments (private, public, hybrid) including the benefits and risks of virtualisation as a concept; key features of virtualisation and current cloud platforms available. (K63/NEK3)Explains Software Defined Networking and Network Function Virtualisation Core Principles. (K67/NEK7)Describe the key elements of mobile networks including some specific key functions and communication concepts. (K68/NEK8)Explains how they undertake network performance monitoring, including capacity management and auditing of IP addressing. (S58/NES3)Explains how they secure network systems, apply security policies, access and firewalls. (S61/NES6) Critically provide a comparative analysis between different cloud models stating their risks, strengths and weaknesses, considering their organisational needs. (K63/NEK3)Critically evaluates how they undertake network performance monitoring, including capacity management and auditing of IP addressing. (S58/NES3)
(Network Engineer) Underlying Principles K64 K65 Describe key factors that affect network performance and provide some mitigation strategies to increase quality of service. (K64/NEK4)Explains the principles of failure modes in protocols and how they could be addressed. (K65/NEK5) N/A
(Network Engineer) Innovation and Response S59 Explain approaches for investigating, troubleshooting and resolving network faults. (S59/NES4) Compare and contrast approaches for investigating, troubleshooting and resolving network faults. (S59/NES4)

Overall EPA grading

Performance in the EPA determines the overall grade of:

  • Fail
  • Pass
  • Merit
  • Distinction

An independent assessor must individually grade the project report with presentation, questions and answers and professional discussion underpinned by a portfolio in line with this EPA plan.

The EPAO must combine the individual assessment method grades to determine the overall EPA grade.

If the apprentice fails one assessment method or more, they will be awarded an overall fail.

To achieve an overall pass, the apprentice must achieve at least a pass in all the assessment methods. To achieve an overall EPA merit, the apprentice must achieve a pass in either assessment method and a distinction in the remaining method. To achieve an overall EPA distinction, the apprentice must achieve a distinction in both assessment methods.

Grades from individual assessment methods must be combined in the following way to determine the grade of the EPA overall.

PROJECT REPORT WITH PRESENTATION, QUESTIONS AND ANSWERS PROFESSIONAL DISCUSSION UNDERPINNED BY A PORTFOLIO OVERALL GRADING
Fail Any grade Fail
Any grade Fail Fail
Pass Pass Pass
Pass Distinction Merit
Distinction Pass Merit
Distinction Distinction Distinction

Re-sits and re-takes

If the apprentice fails one or more assessment methods they can take a re-sit or a re-take at their employer’s discretion. The apprentice’s employer needs to agree that a re-sit or re-take is appropriate. A re-sit does not need further learning, whereas a re-take does.

The apprentice should have a supportive action plan to prepare for a re-sit or a re-take.

The employer and EPAO agree the timescale for a re-sit or re-take. A re-sit is typically taken within 3 months of the EPA outcome notification. The timescale for a re-take is dependent on how much re-training is required and is typically taken within 6 months of the EPA outcome notification.

If the apprentice fails the project assessment method, they must amend the project output in line with the independent assessor’s feedback. The apprentice will be given 4 weeks to rework and submit the amended report.

Failed assessment methods must be re-sat or re-taken within a 6-month period from the EPA outcome notification, otherwise the entire EPA will need to be re-sat or re-taken in full.

Re-sits and re-takes are not offered to an apprentice wishing to move from pass to a higher grade.

The apprentice will get a maximum EPA grade of merit for a re-sit or re-take, unless the EPAO determines there are exceptional circumstances.

Roles and responsibilities

Reasonable adjustments

The EPAO must have reasonable adjustments arrangements for the EPA.

This should include:

  • how an apprentice qualifies for reasonable adjustment
  • what reasonable adjustments may be made

Adjustments must maintain the validity, reliability and integrity of the EPA as outlined in this EPA plan.

Internal quality assurance

Internal quality assurance refers to the strategies, policies and procedures that EPAOs must have in place to ensure valid, consistent and reliable end-point assessment decisions.

EPAOs for this EPA must adhere to all requirements within the roles and responsibilities table and:

  • appoint independent assessors who also:
  • have relevant experience of the occupation to at least occupational level 6 gained in the last 3 years

Value for money Affordability of the EPA will be aided by using at least some of the following:

  • utilising digital remote platforms to conduct applicable assessment methods
  • using the employer’s premises
  • conducting assessment methods on the same day

KSB Mapping Table

KNOWLEDGE ASSESSMENT METHODS  
K1: Core.How organisations adapt and exploit digital technology solutions to gain a competitive advantage. Project Report with presentation, questions and answers  
K2: Core.The principles of strategic decision making concerning the acquisition or development of digital and technology solutions. For example business architecture approaches such as capability models and target operating models. Project Report with presentation, questions and answers  
K3: Core.Principles of estimating the risks and opportunities of digital and technology solutions. Project Report with presentation, questions and answers  
K4: Core.Techniques and approaches involved in creating a business case for new digital and technology solutions. For example journey, product and capability mapping and value chains. Project Report with presentation, questions and answers  
K5: Core.A range of digital technology solution development techniques and tools. Project Report with presentation, questions and answers  
K6: Core.The approaches and techniques used throughout the digital and technology solution lifecycle and their applicability to an organisation’s standards and pre-existing tools. Professional Discussion underpinned by a portfolio  
K7: Core.The roles, functions and activities within digital technology solutions within an organisation. Professional Discussion underpinned by a portfolio  
K8: Core.How teams work effectively to produce digital and technology solutions. Professional Discussion underpinned by a portfolio  
K9: Core.The concepts and principles of leadership. Professional Discussion underpinned by a portfolio  
K10: Core.Management techniques and theories. For example, effective decision making, delegation and planning methods, time management and change management. Professional Discussion underpinned by a portfolio  
K11: Core.The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks. Professional Discussion underpinned by a portfolio  
K12: Core.The role of data management systems within Digital and Technology Solutions. Professional Discussion underpinned by a portfolio  
K13: Core.Principles of data analysis for digital and technology solutions. Professional Discussion underpinned by a portfolio  
K14: Core.A range of quantitative and qualitative data gathering methods and how to appraise and select the appropriate method. Professional Discussion underpinned by a portfolio  
K15: Core.Principles of estimating cost, and time resource constraints within digital and technology solutions activities. Project Report with presentation, questions and answers  
K16: Core.Fundamental computer networking concepts in relation to digital and technology solutions. For example, structure, cloud architecture, components, quality of service. Professional Discussion underpinned by a portfolio  
K17: Core.Reporting techniques, including how to synthesise information and present concisely, as appropriate to the target audience. Project Report with presentation, questions and answers  
K18: Core.Techniques of robust research and evaluation for the justification of digital and technology solutions. Project Report with presentation, questions and answers  
K19: Core.Relevant legal, ethical, social and professional standards to a digital and technology solution. For example, Diversity, Accessibility, Intellectual Property, Data Protection Acts, Codes of Practice, Regulatory and Compliance frameworks. Professional Discussion underpinned by a portfolio  
K20: Core.Sustainable development approaches as applied to digital and technology solutions such as green computing. Professional Discussion underpinned by a portfolio  
K21: software engineering professional.How to operate at all stages of the software development life cycle and how each stage is applied in a range of contexts. For example, requirements analysis, design, development, testing, implementation. Professional Discussion underpinned by a portfolio  
K22: software engineering professional.Principles of a range of development techniques, for each stage of the software development cycle that produce artefacts and the contexts in which they can be applied. For example UML, unit testing, programming, debugging, frameworks, architectures. Professional Discussion underpinned by a portfolio  
K23: software engineering professional.Principles of a range of development methods and approaches and the contexts in which they can be applied. For example Scrum, Extreme Programming, Waterfall, Prince2, TDD. Professional Discussion underpinned by a portfolio  
K24: software engineering professional.How to interpret and implement a design, compliant with functional, non-functional and security requirements including principles and approaches to addressing legacy software development issues from a technical and socio-technical perspective. For example architectures, languages, operating systems, hardware, business change. Professional Discussion underpinned by a portfolio  
K25: software engineering professional.The factors affecting product quality and approaches for how to control them throughout the development process. For example security, code quality, coding standards. Project Report with presentation, questions and answers  
K26: software engineering professional.How to select and apply a range of software tools used in Software Engineering. Project Report with presentation, questions and answers  
K27: software engineering professional.Approaches to the interpretation and use of artefacts. For example UML, unit tests, architecture. Project Report with presentation, questions and answers  
K28: software engineering professional.Approaches to effective team work and the range of software development tools supporting effective teamwork. For example, configuration management, version control and release management. Professional Discussion underpinned by a portfolio Project Report with presentation, questions and answers
K45: cyber security professional .Principles of cyber security tools and techniques. Project Report with presentation, questions and answers  
K46: cyber security professional .Principles of quantitative and qualitative risk management theory including the role of risk stakeholders. Professional Discussion underpinned by a portfolio  
K47: cyber security professional .Concepts and approaches to cyber security assurance. Professional Discussion underpinned by a portfolio  
K48: cyber security professional .Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018 , Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001. Professional Discussion underpinned by a portfolio  
K49: cyber security professional .Approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause. Professional Discussion underpinned by a portfolio  
K50: cyber security professional .Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional. Professional Discussion underpinned by a portfolio  
K51: cyber security professional .Principles of common security architectures and methodologies. Project Report with presentation, questions and answers  
K52: cyber security professional .Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example hardware and software to implement security controls. Project Report with presentation, questions and answers  
K61: network engineering professional.The role and function of virtual or physical network components and functions and typical topologies and service architectures. Project Report with presentation, questions and answers  
K62: network engineering professional.The main network protocols in use, their purpose, features and relationship to each other. For example, Ethernet, IP (Internet Protocol), TCP (Transmission Control Protocol), OSPF (Open Shortest Path First). Project Report with presentation, questions and answers  
K63: network engineering professional.The benefits and risks of cloud computing and the common integration deployments (private, public, hybrid). Including the benefits and risks of virtualisation as a concept; key features of virtualisation and current cloud platforms available. Professional Discussion underpinned by a portfolio  
K64: network engineering professional.The main factors that affect network performance, and how to mitigate these on network performance by implementing changes to QoS. For example, Traffic Shaping, Policing, Queuing, Topology (physical and logical), and Network Policy (Traffic Analysis, DPI (Deep Packet Inspection). Professional Discussion underpinned by a portfolio  
K65: network engineering professional.Principles of failure modes in protocols. For example, why a protocol may ‘hang’ and the effect of data communication errors and approaches to addressing failures to optimise network performance. Professional Discussion underpinned by a portfolio  
K66: network engineering professional.Key security concepts. For example threats, vulnerabilities, exploits, detection and mitigation techniques, and security program elements such as user awareness, physical access control, multi-layer defence models. Project Report with presentation, questions and answers  
K67: network engineering professional.SDN (Software Defined Networking) and Network Function Virtualisation Core Principles. For example, Control Plane Separation, flexibility, overlay networks, disassociation of software and hardware layers. Professional Discussion underpinned by a portfolio  
K68: network engineering professional.Key elements of mobile networks. For example RAN (Radio Access Network), EPC (Evolved Packet Core), IMS (IP Multimedia Subsystem) including some specific key functions such as S/P/U-Gateways and the concepts in communicating over free-space media such as interference, ground bounce, encryption and in mobile endpoint platforms such as tracking user location and roaming. Professional Discussion underpinned by a portfolio  
SKILL ASSESSMENT METHODS
S1: Core.Analyse a business problem to identify the role of digital and technology solutions. Project Report with presentation, questions and answers
S2: Core.Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project. Project Report with presentation, questions and answers
S3: Core.Analyse a business problem in order to specify an appropriate digital and technology solution. Project Report with presentation, questions and answers
S4: Core.Initiate, design, code, test and debug a software component for a digital and technology solution. Professional Discussion underpinned by a portfolio
S5: Core.Apply relevant standard processes, methods, techniques and tools. For example, ISO Standards, Waterfall, Agile in a digital and technology solution project. Project Report with presentation, questions and answers
S6: Core.Manage digital and technology solutions projects. For example, identifying and resolving deviations from specification, applying appropriate Project Management methodologies. Project Report with presentation, questions and answers
S7: Core.Work effectively within teams, leading on appropriate digital technology solution activities. Professional Discussion underpinned by a portfolio
S8: Core.Apply relevant organisational theories. For example, change management principles, marketing approaches, strategic practice, and IT service management to a digital and technology solutions project. Professional Discussion underpinned by a portfolio
S9: Core.Apply relevant security and resilience techniques to a digital and technology solution. For example, risk assessments, mitigation strategies. Professional Discussion underpinned by a portfolio
S10: Core.Initiate, design, implement and debug a data product for a digital and technology solution. Professional Discussion underpinned by a portfolio
S11: Core.Determine and use appropriate data analysis techniques. For example, Text, Statistical, Diagnostic or Predictive Analysis to assess a digital and technology solutions. Professional Discussion underpinned by a portfolio
S12: Core.Plan, design and manage simple computer networks with an overall focus on the services and capabilities that network infrastructure solutions enable in an organisational context. Professional Discussion underpinned by a portfolio
S13: Core.Report effectively to colleagues and stakeholders using the appropriate language and style, to meet the needs of the audience concerned. Project Report with presentation, questions and answers
S14: Core.Research, investigate, and evaluate innovative technologies or approaches in the development of a digital and technology solution. Project Report with presentation, questions and answers
S15: Core.Apply relevant legal, ethical, social and professional standards to a digital and technology solution. Professional Discussion underpinned by a portfolio
S16: software engineering professional.Identify and define software engineering problems that are non-routine and incompletely specified. Project Report with presentation, questions and answers
S17: software engineering professional.Provide recommendations as to the most appropriate software engineering solution. Project Report with presentation, questions and answers
S18: software engineering professional.Use appropriate analysis methods, approaches and techniques in software engineering projects to deliver an outcome that meets requirements. Project Report with presentation, questions and answers
S19: software engineering professional.Implement software engineering projects using appropriate software engineering methods, approaches and techniques. Project Report with presentation, questions and answers
S20: software engineering professional.Respond to changing priorities and problems arising within software engineering projects by making revised recommendations, and adapting plans as necessary, to fit the scenario being investigated. Professional Discussion underpinned by a portfolio
S21: software engineering professional.Determine, refine, adapt and use appropriate software engineering methods, approaches and techniques to evaluate software engineering project outcomes. Professional Discussion underpinned by a portfolio
S22: software engineering professional.Evaluate learning points arising from software engineering work undertaken on a project including use of methods, analysis undertaken, selection of approach and the outcome achieved, in order to identify both lessons learnt and recommendations for improvements to future projects. Project Report with presentation, questions and answers
S23: software engineering professional.Extend and update software development knowledge with evidence from professional and academic sources by undertaking appropriate research to inform best practice and lead improvements in the organisation. Professional Discussion underpinned by a portfolio
S40: cyber security professional .Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls. Project Report with presentation, questions and answers
S41: cyber security professional .Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation. Professional Discussion underpinned by a portfolio
S42: cyber security professional .Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends. Project Report with presentation, questions and answers
S43: cyber security professional .Manage cyber security risk. Professional Discussion underpinned by a portfolio
S44: cyber security professional .Use appropriate cyber security technology, tools and techniques in relation to the risks identified. Project Report with presentation, questions and answers
S45: cyber security professional .Lead cyber security awareness campaigns and evaluate their effectiveness. Professional Discussion underpinned by a portfolio
S46: cyber security professional .Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits. Project Report with presentation, questions and answers
S47: cyber security professional .Lead the design and build of systems in accordance with a security case to address organisational challenges. Project Report with presentation, questions and answers
S56: network engineering professional.Identify and collate stakeholder needs in relation to computer network requirements, plans and designs. Project Report with presentation, questions and answers
S57: network engineering professional.Plan, design, document, and develop the relevant elements of a computer network within an organisation or between organisations, taking into account customer requirements (performance, scale), constraints (budget, equipment availability), and define policies for their use. Project Report with presentation, questions and answers
S58: network engineering professional.Monitor performance and ensure networks are configured correctly and perform as expected by designers or architects. Undertake capacity management and audit of IP addressing and hosted devices. Professional Discussion underpinned by a portfolio
S59: network engineering professional.Investigate, troubleshoot and resolve data network faults in local and wide area environments, using information from multiple sources, Physically or Remotely by console connection. Recommend and implement short term fixes to restore service and, or, quality of experience and recommend longer term changes to prevent recurrence or reduce impact of future occurrences. Professional Discussion underpinned by a portfolio
S60: network engineering professional.Implement computer networks from a design including testing and validation. This includes populating variables in configurations, for example, IP addresses and subsequent application of configuration to equipment such as routers, switches, firewalls. Project Report with presentation, questions and answers
S61: network engineering professional.Secure network systems by establishing and enforcing policies, and defining and monitoring access. Support and administer firewall environments in line with IT security policy. Professional Discussion underpinned by a portfolio
S62: network engineering professional.Research and evaluate emerging network technologies and assess relevance to current network requirements. Provide an objective opinion on how new features and technologies may be incorporated as required by the organisation. Project Report with presentation, questions and answers
S63: network engineering professional.Investigate security concerns or attacks. For example, Distributed Denial of Service (DDOS), port scanning, assessing key metrics and indicators, evidencing the chosen steps to mitigate. Project Report with presentation, questions and answers
BEHAVIOUR ASSESSMENT METHODS
B1: Core.Has a strong work ethic and commitment in order to meet the standards required. Professional Discussion underpinned by a portfolio
B2: Core.Reliable, objective and capable of both independent and team working. Professional Discussion underpinned by a portfolio
B3: Core.Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security. Project Report with presentation, questions and answers
B4: Core.Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work. Professional Discussion underpinned by a portfolio
B5: Core.Interacts professionally with people from technical and non-technical backgrounds. Presents data and conclusions in an evidently truthful, concise and appropriate manner. Project Report with presentation, questions and answers
B6: Core.Participates in and shares best practice in their organisation, and the wider community for aspects relevant to digital and technology solutions. Professional Discussion underpinned by a portfolio
B7: Core.Maintains awareness of trends and innovations in the subject area, utilising a range of academic literature, online sources, community interaction, conference attendance and other methods which can deliver business value. Professional Discussion underpinned by a portfolio
B8: Core.Champions diversity and inclusion in their work ensuring that digital technology solutions are accessible. Professional Discussion underpinned by a portfolio

Mapping of KSBs to grade themes

Project report with presentation, questions and answers

KBS GROUPED BY THEME KNOWLEDGE SKILLS BEHAVIOUR
(Core) The Organisational Context K1 K2 How organisations adapt and exploit digital technology solutions to gain a competitive advantage. (K1)The principles of strategic decision making concerning the acquisition or development of digital and technology solutions. For example business architecture approaches such as capability models and target operating models. (K2) None None
(Core) Project Requirements S3 B3 None Analyse a business problem in order to specify an appropriate digital and technology solution. (S3) Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security. (B3)
(Core) Project Planning and Resources K3 K4 K15 S2 S14 Principles of estimating the risks and opportunities of digital and technology solutions. (K3)Techniques and approaches involved in creating a business case for new digital and technology solutions. For example journey, product and capability mapping and value chains. (K4)Principles of estimating cost, and time resource constraints within digital and technology solutions activities. (K15) Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project. (S2)Research, investigate, and evaluate innovative technologies or approaches in the development of a digital and technology solution. (S14) None
(Core) Solution Proposal S1 None Analyse a business problem to identify the role of digital and technology solutions. (S1) None
(Core) Project Delivery K5 S5 S6 A range of digital technology solution development techniques and tools. (K5) Apply relevant standard processes, methods, techniques and tools. For example, ISO Standards, Waterfall, Agile in a digital and technology solution project. (S5)Manage digital and technology solutions projects. For example, identifying and resolving deviations from specification, applying appropriate Project Management methodologies. (S6) None
(Core) Project Evaluation K17 K18 S13 Reporting techniques, including how to synthesise information and present concisely, as appropriate to the target audience. (K17)Techniques of robust research and evaluation for the justification of digital and technology solutions. (K18) Report effectively to colleagues and stakeholders using the appropriate language and style, to meet the needs of the audience concerned. (S13) None
(Software Engineer) Technical Solutions K25 K26 K27 The factors affecting product quality and approaches for how to control them throughout the development process. For example security, code quality, coding standards. (K25)How to select and apply a range of software tools used in Software Engineering. (K26)Approaches to the interpretation and use of artefacts. For example UML, unit tests, architecture. (K27) None None
(Software Engineer) Innovation and Response S16 S17 S18 S19 S22 None Identify and define software engineering problems that are non-routine and incompletely specified. (S16)Provide recommendations as to the most appropriate software engineering solution. (S17)Use appropriate analysis methods, approaches and techniques in software engineering projects to deliver an outcome that meets requirements. (S18)Implement software engineering projects using appropriate software engineering methods, approaches and techniques. (S19)Evaluate learning points arising from software engineering work undertaken on a project including use of methods, analysis undertaken, selection of approach and the outcome achieved, in order to identify both lessons learnt and recommendations for improvements to future projects. (S22) None
(Cyber Security Analyst) Underlying Principles K45 K51 Principles of cyber security tools and techniques. (K45)Principles of common security architectures and methodologies. (K51) None None
(Cyber Security Analyst) Innovation and Response K52 S42 S46 S47 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example hardware and software to implement security controls. (K52) Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends. (S42)Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits. (S46)Lead the design and build of systems in accordance with a security case to address organisational challenges. (S47) None
(Cyber Security Analyst) Technical Solutions S40 S44 None Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls. (S40)Use appropriate cyber security technology, tools and techniques in relation to the risks identified. (S44) None
(Data Analyst) Underlying Principles K54 K56 K58 How to critically analyse, interpret and evaluate complex information from diverse datasets. (K54)Sources of data such as files, operational systems, databases, web services, open data, government data, news and social media. (K56)How Data Analytics operates within the context of data governance, data security, and communications. (K58) None None
(Data Analyst) Innovation and Response S50 S52 S53 S54 S55 None Find, present, communicate and disseminate data analysis outputs effectively and with high impact through creative storytelling, tailoring the message for the audience. Visualise data to tell compelling and actionable narratives by using the best medium for each audience, such as charts, graphs and dashboards. (S50)Apply a range of techniques for analysing quantitative data such as data mining, time series forecasting, algorithms, statistics and modelling techniques to identify and predict trends and patterns in data. (S52)Apply exploratory or confirmatory approaches to analysing data. Validate and and test stability of the results. (S53)Extract data from a range of sources. For example, databases, web services, open data. (S54)Analyse in detail large data sets, using a range of industry standard tools and data analysis methods. (S55) None
(Network Engineer) Underlying Principles K61 K62 K66 The role and function of virtual or physical network components and functions and typical topologies and service architectures. (K61)The main network protocols in use, their purpose, features and relationship to each other. For example, Ethernet, IP (Internet Protocol), TCP (Transmission Control Protocol), OSPF (Open Shortest Path First). (K62)Key security concepts. For example threats, vulnerabilities, exploits, detection and mitigation techniques, and security program elements such as user awareness, physical access control, multi-layer defence models. (K66) None None
(Network Engineer) Innovation and Response S56 S57 S60 S62 None Identify and collate stakeholder needs in relation to computer network requirements, plans and designs. (S56)Plan, design, document, and develop the relevant elements of a computer network within an organisation or between organisations, taking into account customer requirements (performance, scale), constraints (budget, equipment availability), and define policies for their use. (S57)Implement computer networks from a design including testing and validation. This includes populating variables in configurations, for example, IP addresses and subsequent application of configuration to equipment such as routers, switches, firewalls. (S60)Research and evaluate emerging network technologies and assess relevance to current network requirements. Provide an objective opinion on how new features and technologies may be incorporated as required by the organisation. (S62) None
(Network Engineer) Technical Solutions S63 None Investigate security concerns or attacks. For example, Distributed Denial of Service (DDOS), port scanning, assessing key metrics and indicators, evidencing the chosen steps to mitigate. (S63) None

Professional discussion underpinned by a portfolio

KSBS GROUPED BY THEME KNOWLEDGE SKILLS BEHAVIOUR
(Core) The Organisational Context K7 The roles, functions and activities within digital technology solutions within an organisation. (K7) None None
(Core) Core Technical Concepts K6 K11 K12 K14 K16 The approaches and techniques used throughout the digital and technology solution lifecycle and their applicability to an organisation’s standards and pre-existing tools. (K6)The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks. (K11)The role of data management systems within Digital and Technology Solutions. (K12)A range of quantitative and qualitative data gathering methods and how to appraise and select the appropriate method. (K14)Fundamental computer networking concepts in relation to digital and technology solutions. For example, structure, cloud architecture, components, quality of service. (K16) None None
(Core) Applied Technical Solutions K13 S4 S9 S10 S11 S12 Principles of data analysis for digital and technology solutions. (K13) Initiate, design, code, test and debug a software component for a digital and technology solution. (S4)Apply relevant security and resilience techniques to a digital and technology solution. For example, risk assessments, mitigation strategies. (S9)Initiate, design, implement and debug a data product for a digital and technology solution. (S10)Determine and use appropriate data analysis techniques. For example, Text, Statistical, Diagnostic or Predictive Analysis to assess a digital and technology solutions. (S11)Plan, design and manage simple computer networks with an overall focus on the services and capabilities that network infrastructure solutions enable in an organisational context. (S12) None
(Core) Leading and Working Together K8 K9 K10 S7 S8 B4 B6 B7 How teams work effectively to produce digital and technology solutions. (K8)The concepts and principles of leadership. (K9)Management techniques and theories. For example, effective decision making, delegation and planning methods, time management and change management. (K10) Work effectively within teams, leading on appropriate digital technology solution activities. (S7)Apply relevant organisational theories. For example, change management principles, marketing approaches, strategic practice, and IT service management to a digital and technology solutions project. (S8) Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work. (B4)Participates in and shares best practice in their organisation, and the wider community for aspects relevant to digital and technology solutions. (B6)Maintains awareness of trends and innovations in the subject area, utilising a range of academic literature, online sources, community interaction, conference attendance and other methods which can deliver business value. (B7)
(Core) Social Infrastructure - Legal, Ethical and Sustainability K19 K20 S15 B1 B2 B8 Relevant legal, ethical, social and professional standards to a digital and technology solution. For example, Diversity, Accessibility, Intellectual Property, Data Protection Acts, Codes of Practice, Regulatory and Compliance frameworks. (K19)Sustainable development approaches as applied to digital and technology solutions such as green computing. (K20) Apply relevant legal, ethical, social and professional standards to a digital and technology solution. (S15) Has a strong work ethic and commitment in order to meet the standards required. (B1)Reliable, objective and capable of both independent and team working. (B2)Champions diversity and inclusion in their work ensuring that digital technology solutions are accessible. (B8)
(Software Engineer) Underlying Principles K21 K22 K23 How to operate at all stages of the software development life cycle and how each stage is applied in a range of contexts. For example, requirements analysis, design, development, testing, implementation. (K21)Principles of a range of development techniques, for each stage of the software development cycle that produce artefacts and the contexts in which they can be applied. For example UML, unit testing, programming, debugging, frameworks, architectures. (K22)Principles of a range of development methods and approaches and the contexts in which they can be applied. For example Scrum, Extreme Programming, Waterfall, Prince2, TDD. (K23) None None
(Software Engineer) Technical Solutions K24 K28 How to interpret and implement a design, compliant with functional, non-functional and security requirements including principles and approaches to addressing legacy software development issues from a technical and socio-technical perspective. For example architectures, languages, operating systems, hardware, business change. (K24)Approaches to effective team work and the range of software development tools supporting effective teamwork. For example, configuration management, version control and release management. (K28) None None
(Software Engineer) Innovation and Response S20 S21 None Respond to changing priorities and problems arising within software engineering projects by making revised recommendations, and adapting plans as necessary, to fit the scenario being investigated. (S20)Determine, refine, adapt and use appropriate software engineering methods, approaches and techniques to evaluate software engineering project outcomes. (S21) None
(Software Engineer) Legal, Ethics and Landscape S23 None Extend and update software development knowledge with evidence from professional and academic sources by undertaking appropriate research to inform best practice and lead improvements in the organisation. (S23) None
(Cyber Security Analyst) Legal, Ethics and Landscape K46 K48 K50 S45 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders. (K46)Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018 , Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001. (K48)Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional. (K50) Lead cyber security awareness campaigns and evaluate their effectiveness. (S45) None
(Cyber Security Analyst) Technical Solutions K47 K49 S41 S43 Concepts and approaches to cyber security assurance. (K47)Approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause. (K49) Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation. (S41)Manage cyber security risk. (S43) None
(Network Engineer) Technical Solutions K63 K67 K68 S58 S61 The benefits and risks of cloud computing and the common integration deployments (private, public, hybrid). Including the benefits and risks of virtualisation as a concept; key features of virtualisation and current cloud platforms available. (K63)SDN (Software Defined Networking) and Network Function Virtualisation Core Principles. For example, Control Plane Separation, flexibility, overlay networks, disassociation of software and hardware layers. (K67)Key elements of mobile networks. For example RAN (Radio Access Network), EPC (Evolved Packet Core), IMS (IP Multimedia Subsystem) including some specific key functions such as S/P/U-Gateways and the concepts in communicating over free-space media such as interference, ground bounce, encryption and in mobile endpoint platforms such as tracking user location and roaming. (K68) Monitor performance and ensure networks are configured correctly and perform as expected by designers or architects. Undertake capacity management and audit of IP addressing and hosted devices. (S58)Secure network systems by establishing and enforcing policies, and defining and monitoring access. Support and administer firewall environments in line with IT security policy. (S61) None
(Network Engineer) Underlying Principles K64 K65 The main factors that affect network performance, and how to mitigate these on network performance by implementing changes to QoS. For example, Traffic Shaping, Policing, Queuing, Topology (physical and logical), and Network Policy (Traffic Analysis, DPI (Deep Packet Inspection). (K64)Principles of failure modes in protocols. For example, why a protocol may ‘hang’ and the effect of data communication errors and approaches to addressing failures to optimise network performance. (K65) None None
(Network Engineer) Innovation and Response S59 None Investigate, troubleshoot and resolve data network faults in local and wide area environments, using information from multiple sources, Physically or Remotely by console connection. Recommend and implement short term fixes to restore service and, or, quality of experience and recommend longer term changes to prevent recurrence or reduce impact of future occurrences. (S59) None