Skip Navigation
Angelo State University
Information Technology Staff Resources

Search Site

Information for:

Security

The security team is responsible for guiding the use of information security controls to protect ASU’s most sensitive information (protected data).

Example project:
Two-factor authentication

Skills

Each of the skills includes a distinct description for each relevant level. As you move across the levels, you will see that there is increasing responsibility and accountability. In some cases a skill does not apply at all levels, so a description is not given.

  • Availability Management

    The definition, analysis, planning, measurement and improvement of all aspects of the availability of IT services. The overall control and management of service availability to ensure that the level of service delivered in all services is matched to or exceeds the current and future agreed needs of the business, in a cost effective manner.

    Enables

    Contributes to the availability management process and its operation and performs defined availability management tasks. Analyses service and component availability, reliability, maintainability and serviceability. Ensures that services and components meet and continue to meet all of their agreed performance targets and service levels. Implements arrangements for disaster recovery and documents recovery procedures. Conducts testing of recovery procedures.

    Ensures/Advises

    Provides advice, assistance and leadership associated with the planning, design and improvement of service and component availability, including the investigation of all breaches of availability targets and service non-availability, with the instigation of remedial activities. Plans arrangements for disaster recovery together with supporting processes and manages the testing of such plans.

    Initiates/Influences

    Sets strategy and develops plans, policies and processes for the design, monitoring, measurement, reporting and continuous improvement of service and component availability, including the development and implementation of new availability techniques and methods.

  • Business Risk Management

    The planning and implementation of organization-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply or inappropriate disposal of materials, hardware or data.

    Enables

    Investigates and reports on hazards and potential risk events within a specific function or business area.

    Ensures/Advises

    Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Co-ordinates the development of countermeasures and contingency plans.

    Initiates/Influences

    Plans and manages the implementation of organization-wide processes and procedures, tools and techniques for the identification, assessment, and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change.

    Sets strategy, inspires, mobilizes

    Establishes strategy for addressing business risk arising from IT operations and IT-enabled change. Provides resources to implement the strategy, and delegates authority for detailed planning and execution of risk management activities.

  • Change Management

    The management of change to the service infrastructure including service assets, configuration items and associated documentation, be it via request for change (RFC), emergency changes, incidents or problems, providing effective control and treatment of risk to the availability, performance, security and compliance of the business services impacted.

    Assists

    Documents changes based on requests for change. Applies change control procedures.

    Applies

    Develops, documents and implements changes based on requests for change. Applies change control procedures.

    Enables

    Assesses, analyses, develops, documents and implements changes based on requests for change.

    Ensures/Advises

    Develops implementation plans for dealing with more complex requests for change, evaluates risks to integrity of infrastructure inherent in proposed implementations, seeks authority for those activities, reviews the effectiveness of change implementation, suggests improvement to organizational procedures governing change management. Leads the assessment, analysis, development, documentation and implementation of changes based on requests for change.

    Initiates/Influences

    Sets the organization’s policy for the management of change in live services and test environments, and ensures that the policy is reflected in practice.

  • Configuration Management

    The lifecycle planning, control and management of the assets of an organization (such as documentation, software and service assets, including information relating to those assets and their relationships. This involves identification, classification and specification of all configuration items (CIs) and the interfaces to other processes and data. Required information relates to storage, access, service relationships, versions, problem reporting and change control of CIs. The application of status accounting and auditing, often in line with acknowledged external criteria such as ISO 9000 and ISO/IEC 20000, throughout all stages of the CI lifecycle, including the early stages of system development.

    Assists

    Applies tools, techniques and processes for administering information (such as the tracking and logging of components and changes) related to configuration items.

    Applies

    Administers configuration items (CIs) and related information. Applies tools, techniques and processes for administering CIs and related information, ensuring protection of assets and components from unauthorized change, diversion and inappropriate use.

    Enables

    Manages configuration items (CIs) and related information. Applies and maintains tools, techniques and processes for identification, classification and control of CIs and ensuring related information is complete, current and accurate.

    Ensures/Advises

    Manages configuration items (CIs) and related information. Investigates and implements tools, techniques and processes for managing CIs and verifies that related information is complete, current and accurate.

    Initiates/Influences

    Manages the organization’s configuration management system and champions the business value and company policies for the configuration management system. Ensures that processes are in place for consistent classification and management of CIs, and for verification and audit of configuration records. Contributes strongly to the business service knowledge management system. Manages the research and development of tools, processes and techniques.

  • Conformance Review

    The independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, such as ISO 27001, local standards, best practice, or other documented requirements. May relate to, for example, asset management, network security tools, firewalls and internet security, sustainability, real-time systems and application design.

    Applies

    Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or services. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.

    Enables

    Plans programs to review activities, processes, products or services. Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences. Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment.

    Ensures/Advises

    Evaluates and independently appraises the internal control of automated business processes, based on investigative evidence and assessments undertaken by self or team. Ensures that independent appraisals follow agreed procedure and advises others on the review process. Provides advice to management on ways of improving the effectiveness and efficiency of their control mechanisms. Identifies and evaluates associated risks and how they can be reduced.

    Initiates/Influences

    Specifies organizational procedures for the internal or third-party assessment of an activity, process, product or service, against recognized criteria, such as BS EN ISO 9000/14000. Develops plans for review of technology systems, including the review of implementation and use of standards and the effectiveness of operational and process controls. May manage the review, conduct the review or manage third party reviewers. Identifies areas of risk and specifies interrogation programs. Recommends improvements in processes and control procedures. Provides advice and guidance. Authorizes the issue of formal reports to management on the extent of compliance of systems with standards, regulations and/or legislation.

  • Continuity Management

    The provision of service continuity planning and support. This includes the identification of information systems which support critical business processes, the assessment of risks to those systems’ availability, integrity and confidentiality and the coordination of planning, designing, testing and maintenance procedures and contingency plans to address exposures and maintain agreed levels of continuity. This function should be performed as part of, or in close cooperation with, the function which plans business continuity for the whole organization.

    Enables

    Provides input to the service continuity planning process and implements resulting plans.

    Ensures/Advises

    Owns the service continuity planning process and leads the implementation of resulting plans. Coordinates the identification by specialists across the organization of information and communication systems which support the critical business processes, and the assessment of risks to the availability, integrity, and confidentiality of those systems. Evaluates the critical risks associated with these systems and identifies priority areas for improvement. Coordinates the planning, designing, testing of maintenance procedures and contingency plans to address exposure to risk and ensure that agreed levels of continuity are maintained.

  • Information Assurance

    The leadership and oversight of information assurance, setting high level strategy and policy, to ensure stakeholder confidence that risk to the integrity of information in storage and transit is managed pragmatically, appropriately and in a cost effective manner.

    Ensures/Advises

    Provides authoritative advice and guidance on Information assurance architecture and strategies to manage identified risk. Is familiar with major legislation relevant to security of information. Interprets security and assurance policies and contributes to development of standards and guidelines that comply with these. Uses testing to support information assurance.

    Initiates/Influences

    Develops corporate Information security policy, standards and guidelines. Prepares and maintains organizational strategies that address the evolving business risk and information control requirements. Operates as a focus for Information assurance governance expertise for the organization, working effectively with strategic organizational functions such as legal experts and technical support to provide authoritative advice and guidance on the requirements for security controls. Ensures architectural principles are applied during design to reduce risk, and advances assurance standards through ensuring rigorous security testing.

    Sets strategy, inspires, mobilizes

    Establishes and manages Information assurance strategy and policies in accordance with appropriate standards. Plans and implements processes to take forward the strategy and policies. Provides leadership and guidelines for provision of Information assurance requirements across all of the organization’s information and information systems.

  • Information Content Authoring

    The planning, design and creation of textual information, supported where necessary by graphical content. This material may be delivered electronically (for example, as collections of web pages) or otherwise. This skill includes managing the quality assurance and authoring processes for the material being produced.

    Contributes

    Contributes, under instruction, to the production and distribution of documentation items, to testing the content and layout of specific deliverables, and to the configuration of documentation items and files.

    Assists

    Develops a broad understanding of technical publication concepts, tools and methods and the way in which these are implemented. Develops an understanding of publication development support activities, such as information gathering, user task analysis, creating draft documentation, and illustration, and printing and publishing. Works with colleagues and clients to create new sections of technical documentation through all stages of the publication process as support literature.

    Applies

    Liaises with clients/users to clarify details of requirements. Designs, creates and tests moderately complex, well-engineered information deliverables with specified content and layout. Manages the configuration of documentation items and files, within own area of responsibility.

    Enables

    Determines the documentation needs of users. Designs individual documentation plans. Creates drafts for review of information format and content. Organizes the production and distribution of approved documentation items. Designs the content and appearance of complex information deliverables (e.g. web pages) in collaboration with clients/users. Creates and tests complex, well-engineered deliverables with specified content and layout. Manages the configuration of documentation items and files, within own area of responsibility.

    Ensures/Advises

    Designs overall support information package plans. Manages small teams of authors, ensuring that they are aware of and work to relevant standards. Advises on appropriate documentation formats and documentation systems to satisfy requirements. Organizes reviews of draft material.

    Initiates/Influences

    Manages documentation projects, ensuring that adequate procedures, standards, tools and resources are in place and implemented to ensure the appropriate quality of material developed by document content creators within the organization. Manages relationships with stakeholders, ensuring that they receive the information that they need. Manages reviews of draft material.

  • Information Security

    The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

    Applies

    Applies and maintains specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems and to enhance resilience to unauthorized access. Contributes to vulnerability assessments. Recognizes when an IT network/system has been attacked internally, by a remote host, or by malicious code, such as virus, worm or Trojan etc., or when a breach of security has occurred. Takes immediate action to limit damage, according to the organization’s security policy, which may include escalation to next level, and records the incident and action taken. Demonstrates effective communication of security issues to business managers and others. Performs basic risk assessments for small information systems.

    Enables

    Conducts security risk and vulnerability assessments for defined business applications or IT installations in defined areas, and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls (e.g. the key controls defined in ISO27001). Performs risk and vulnerability assessments, and business impact analysis for medium size information systems. Investigates suspected attacks and manages security incidents.

    Ensures/Advises

    Obtains and acts on vulnerability information and conducts security risk assessments for business applications and computer installations; provides authoritative advice and guidance on security strategies to manage the identified risk. Investigates major breaches of security, and recommends appropriate control improvements. Interprets security policy and contributes to development of standards and guidelines that comply with this. Performs risk assessment, business impact analysis and accreditation for all major information systems within the organization. Ensures proportionate response to vulnerability information, including appropriate use of forensics.

    Initiates/Influences

    Provides leadership and guidelines on information assurance security expertise for the organization, working effectively with strategic organizational functions such as legal experts and technical support to provide authoritative advice and guidance on the requirements for security controls. Provides for restoration of information systems by ensuring that protection, detection, and reaction capabilities are incorporated.

  • IT Operations

    The operation and control of the IT infrastructure (typically hardware, software, data stored on various media, and all equipment within wide and local area networks) required to deliver and support IT services and products to meet the needs of a business. Includes preparation for new or changed services, operation of the change process, the maintenance of regulatory, legal and professional standards, and the monitoring of performance of systems and services in relation to their contribution to business performance, their security and their sustainability.

    Contributes

    Contributes, under instruction, to system operation.

    Assists

    Carries out agreed operational procedures of a routine nature. Contributes to maintenance, installation and problem resolution.

    Applies

    Carries out agreed operational procedures, including network configuration, installation and maintenance. Uses network management tools to collect and report on network load and performance statistics. Contributes to the implementation of maintenance and installation work. Uses standard procedures and tools to carry out defined system backups, restoring data where necessary. Identifies operational problems and contributes to their resolution.

    Enables

    Provides technical expertise to enable the correct application of operational procedures. Uses network management tools to determine network load and performance statistics. Contributes to the planning and implementation of maintenance and installation work. Implements agreed network changes and maintenance routines. Identifies operational problems and contributes to their resolution, checking that they are managed in accordance with agreed standards and procedures. Provides reports and proposals for improvement to specialists, users and managers.

  • Problem Management

    The resolution (both reactive and proactive) of problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies to prevent future incidents.

    Applies

    Investigates problems in systems and services. Assists with the implementation of agreed remedies and preventative measures.

    Enables

    Initiates and monitors actions to investigate and resolve problems in systems and services. Assists with the implementation of agreed remedies and preventative measures.

    Ensures/Advises

    Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Coordinates the implementation of agreed remedies and preventative measures. Analyses patterns and trends.

  • Release and Deployment

    The management of the processes, systems and functions to package, build, test and deploy changes and updates (which are bounded as “releases”) into a live environment, establishing or continuing the specified Service, to enable controlled and effective handover to Operations and the user community.

    Applies

    Uses the tools and techniques for specific areas of release and deployment activities. Administers the recording of activities, logging of results and documents technical activity undertaken. May carry out early life support activities such as providing support advice to initial users.

    Enables

    Assesses and analyses release components. Provides input to scheduling. Carries out the builds and tests in coordination with testers and component specialists maintaining and administering the tools and methods – manual or automatic - and ensuring, where possible, information exchange with configuration management. Ensures release processes and procedures are maintained. 

    Ensures/Advises

    Leads the assessment, analysis, planning and design of release packages, including assessment of risk. Liaises with business and IT partners on release scheduling and communication of progress. Conducts post release reviews. Ensures release processes and procedures are applied.

    Initiates/Influences

    Sets the release policy for the organization in the context of both development and production/operations. Ensures that management processes, tools, techniques and personnel are in place to ensure that the transition of services, service components and packages are planned and compliant and that test and validation and configuration management are partnered in all release and deployment activities. Provides authorization for critical release activity and point of escalation.

  • Security Administration

    The authorization and monitoring of access to IT facilities or infrastructure in accordance with established organizational policy. Includes investigation of unauthorized access, compliance with relevant legislation and the performance of other administrative duties relating to security management.

    Applies

    Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges, and operates agreed logical access controls and security systems. Maintains agreed security records and documentation.

    Enables

    Investigates identified security breaches in accordance with established procedures and recommends any required actions. Assists users in defining their access rights and privileges, and administers logical access controls and security systems. Maintains security records and documentation.

    Ensures/Advises

    Drafts and maintains the policy, standards, procedures and documentation for security. Monitors the application and compliance of security operations procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly investigated. Ensures that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete.

    Initiates/Influences

    Develops strategies for ensuring both the physical and electronic security of automated systems. Ensures that the policy and standards for security are fit for purpose, current and are correctly implemented. Reviews new business proposals and provides specialist advice on security issues and implications.

  • Service Desk and Incident Management

    The processing and coordination of appropriate and timely responses to incident reports, including channelling requests for help to appropriate functions for resolution, monitoring resolution activity, and keeping clients appraised of progress towards service restoration.

    Contributes

    Receives and handles requests for support following agreed procedures. Promptly allocates calls as appropriate. Maintains relevant records.

    Assists

    Receives and handles requests for support following agreed procedures. Responds to common requests for support by providing information to enable resolution and promptly allocates unresolved calls as appropriate. Maintains records and advises relevant persons of actions taken.

    Applies

    Receives and handles requests for support following agreed procedures. Responds to common and uncommon requests for support by providing information to enable incident resolution and promptly allocates unresolved calls as appropriate. Maintains records and advises relevant persons of actions taken.

    Enables

    Ensures that incidents and requests are handled according to agreed procedures. Ensures that documentation of the supported components is available and in an appropriate form for those providing support. Creates and maintains support documentation.

    Ensures/Advises

    Ensures that the inventory of components to be supported is complete and current. Drafts and maintains policy, standards and procedures for the service desk and incident management. Schedules the work of service desk staff to meet agreed service levels.

  • Stakeholder Relationship Management

    During the design, management and implementation of business change and throughout the service lifecycle, the analysis and coordination of relationships with and between stakeholders, taking account of the services they use.

    Enables

    Collects and uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Helps develop and enhance customer and stakeholder relationships. Implements a communications strategy, including, for example; handling of complaints; problems and issues; managing resolutions; corrective actions and lessons learned; collection and dissemination of relevant information appropriately.

    Ensures/Advises

    Develops and maintains one or more defined communication channels and/or stakeholder groups, acting as a single point of contact. Gathers information from the customer to understand their needs (demand management) and detailed requirements. Facilitates open communication and discussion between stakeholders, using feedback to assess and promote understanding of need for future changes in services, products and systems. Agrees changes to be made and the planning and implementation of change. Maintains contact with the customer and stakeholders throughout to ensure satisfaction. Captures and disseminates technical and business information.

    Initiates/Influences

    Supports business change, acting as a single point of contact for senior stakeholders, facilitating relationships between them. Ensures that stakeholders understand available IT services, and promotes financial and commercial awareness in order to deliver value-for-money. Conducts analysis of demand for services and influences stakeholders to ensure that the necessary investments are made to deliver required services. Negotiates at senior level on technical and commercial issues, to ensure that customers, suppliers and other stakeholders understand and agree what will meet their needs, and that appropriate service level agreements are defined. Oversees monitoring of relationships including lessons learned and appropriate feedback. Initiates improvement in services, products and systems.

    Sets strategy, inspires, mobilizes

    Is responsible for defining the strategic approach to understanding the needs of the business (demand management) and works with suppliers to meet these needs. Establishes and promotes the overall vision for how IT can support the business. Defines, and gains agreement on, the principles for establishing effective relationships between stakeholders, including responsibility for the relationship between IT functions and end users.

  • Supplier Relationship Management

    On behalf of a client organization, the identification and management of external suppliers to ensure successful delivery of products and services required by the business.

    Assists

    Assists in the collection and reporting on supplier performance data. Assists with the routine day to day communication between the organization and suppliers.

    Applies

    Acts as the routine contact point between organization and supplier. Collects and reports on supplier performance data.

    Enables

    Collects performance data and investigates problems. Monitors and reports on supplier performance, customer satisfaction, and market intelligence. Resolves or escalates problems. Implements supplier service improvement actions and programs. Monitors performance.

    Ensures/Advises

    Maintains a broad understanding of the commercial IT environment, how the organization sources, deploys and manages external partners and when it is appropriate to use in-house resources. Develops and manages contracts with suppliers to meet key performance indicators and agreed targets, taking account of information security of third parties. Is responsible for the liaison between the organization and designated supplier(s). Carries out benchmarking and makes use of supplier performance data to ensure that supplier performance is properly monitored and regularly reviewed. Is responsible for the management and implementation of supplier service improvement actions and programs. May be responsible for managing a discrete IT function or service in a multi-supplier environment.

    Initiates/Influences

    Influences policy and procedures covering the selection of suppliers, tendering and procurement, promoting good practice in third party management with respect to information security. Deploys highly developed commercial skills to identify external partners, engaging with professionals in other related disciplines (e.g. procurement specialists, lawyers) as appropriate. Is responsible for defining commercial communications, and the management and maintenance of the relationship between the organization and the supplier. Measures the perception about how services are delivered, how this influences the performance of the supplier and their perception of own organization’s performance. Ensures that processes and tools are in place to conduct benchmarking. Conducts supplier analysis and assesses effectiveness across the supply chain. Promotes good practice with regard to third party information security.

    Sets strategy, inspires, mobilizes

    Determines overall supplier management strategy, embracing effective management and operational relationships at all levels. Establishes a framework to monitor the service provided and ensure value for money over the lifetime of the contract. Puts in place and has overall responsibility for conformance to legislation; supply chain management; commercial governance; policies for selection of suppliers and benchmarking their performance. Represents the company in any serious disputes involving suppliers.

  • Technology Audit

    The independent, risk-based assessment of the adequacy and integrity of controls in information processing systems, including hardware, software solutions, information management systems, security systems and tools, communications technologies - both web-based and physical. The structured analysis of the risks to achievement of business objectives, including the risk that the organization fails to make effective use of new technology to improve delivery and internal effectiveness.

    Enables

    Contributes to risk-based audit of existing and planned technology systems. Identifies IT risk in detail, assesses and tests the effectiveness of control measures and prepares formal reports in order to provide independent assurance on an organization’s information security, integrity and resilience.

    Ensures/Advises

    Manages risk-based audit of existing and planned technology systems. Identifies areas of risk and evaluates adequacy and effectiveness of organization’s approach to risk in use of IT. Assesses and communicates associated risks of a complex nature to middle and senior managers. Recommends changes in processes and control procedures based on audit findings. Provides general and specific advice. Collates conclusions and recommendations, and presents audit findings to management regarding the effectiveness and efficiency of control mechanisms in information systems. Engages with providers of other IT assurance such as compliance audits, quality assurance functions and other technical specialists.

    Initiates/Influences

    Specifies organizational procedures for the assessment of an activity, process, product or service, against recognized criteria, such as ISO 27001. Develops plans for risk-based audit coverage of technology systems for inclusion in audit planning and uses experience to ensure audit coverage is sufficient to provide the business with assurance of adequacy and integrity. Leads and manages complex technical audits, managing specialists contracted to contribute highly specialized technical knowledge and experience. Identifies areas of risk and specifies interrogation programs. Recommends changes in processes and control procedures based on audit findings, including, where appropriate, the assessment of safety-related software systems to determine compliance with standards and required levels of safety integrity. Provides general and specific advice, and authorizes the issue of formal reports to management on the effectiveness and efficiency of control mechanisms.

    Sets strategy, inspires, mobilizes

    Ensures that there is planned audit coverage across the organization, and liaises with executives to ensure that this coverage is relevant and understood. Directs use of risk analysis to identify areas for in-depth review. Evaluates the effectiveness of corporate IT strategy and governance and makes recommendations for development. Agrees terms of reference for audits with clients. Plans audit cycle, and leads and manages audit function. Determines the need for and manages the effective use of additional IT experts. Reports at the most senior level on the findings, relevance and recommendations for improvement. Represents the audit function at the Audit Committee of the organization.

  • Testing

    Testing embraces the planning, design, management, execution and reporting of tests, using appropriate testing tools and techniques and conforming to agreed process standards and industry specific regulations. The purpose of testing is to ensure that new and amended systems, configurations, packages, or services, together with any interfaces, perform as specified, and that the risks associated with deployment are adequately understood and documented. Testing includes the process of engineering, using and maintaining testware (test cases, test scripts, test reports, test plans, etc) to measure and improve the quality of the software being tested.

    Contributes

    Executes given test scripts under supervision. Records results and reports issues. Develops an understanding of the role of testing within system development, as a tool for design improvement as well as a validation process.

    Assists

    Defines test conditions for given requirements. Designs test cases and creates test scripts and supporting data, working to the specifications provided. Interprets, executes and records test cases in accordance with project test plans. Analyses and reports test activities and results. Identifies and reports issues and risks.

    Applies

    Reviews requirements and specifications, and defines test conditions. Designs test cases and test scripts under own direction, mapping back to predetermined criteria, recording and reporting outcomes. Analyses and reports test activities and results. Identifies and reports issues and risks associated with own work.

    Enables

    Accepts responsibility for creation of test cases using own in-depth technical analysis of both functional and non-functional specifications (such as reliability, efficiency, usability, maintainability and portability). Creates traceability records, from test cases back to requirements. Produces test scripts, materials and regression test packs to test new and amended software or services. Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards. Records and analyses actions and results, and maintains a defect register. Reviews test results and modifies tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others.

    Ensures/Advises

    Coordinates and manages planning of the system and/or acceptance tests within a development or integration project or program. Takes responsibility for integrity of testing and acceptance activities and coordinates the execution of these activities. Provides authoritative advice and guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test processes, including test plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process improvements, and contributes to corporate testing standards and definition of best practice.

    Initiates/Influences

    Determines testing policy, and owns the supporting processes. Takes responsibility for the management of all testing activities within a development or integration project or program. Manages all risks associated with the testing and takes preventative action when any risks become unacceptable. Assesses and advises on the practicality of testing process alternatives. Initiates improvements to test processes and directs their implementation. Assesses suppliers’ development and testing capabilities. Determines project testing standards for all phases, influencing all parties to conform to those standards. Manages client relationships with respect to all testing matters.

ASU Logo