Question Framework and Scoring System

Introduction to the Question Framework

The Digital Pillar Question Framework is designed to provide clarity and consistency in evaluating your organisation’s digital and cybersecurity maturity. Each question in the assessment tool is structured to align with specific architecture themes, sub-themes, and exemplar statements, ensuring a comprehensive evaluation. See the walkthrough below to see how the questions are structured. This example is shown from the downloadable excel tool to show how the structure is laid out. The online digital platform provides an AI assisted assessment experience.

The latest question assessment excel sheet can be downloaded below:

Framing the Question

Each question is thoughtfully developed to guide organisations through a detailed evaluation process:

• Theme and Sub-Themes

  • Questions are grouped under architecture areas (Business, Data, Application, Technology, Security).

  • Sub-themes provide a more granular focus, such as Data Management or Cybersecurity Controls.

• Exemplar Statements

  • These statements represent ideal outcomes or benchmarks for each sub-theme.

  • For example, under Data Management: Bronze Level: “Secure storage and access controls are in place, ensuring data is organised and protected.”

• Consider Column

  • Provides additional context to guide the respondent in understanding the specific requirements of the question.

  • For example: “Does the organisation maintain a documented and tested incident response plan?”

• The Question

  • Focused, clear prompts that evaluate practices, such as: “Are critical business systems backed up using secure and encrypted methods to ensure recoverability?”

• Performance Type

  • Each question evaluates specific performance categories:

    • Capability: Processes, tools, and people-related competencies.

    • Metric/KPI: Quantifiable metrics measuring progress.

    • IGP: Indicators of Good Practice, such as adherence to industry standards.

Maturity Model

The Maturity Model evaluates each question on a 0–3 scale, enabling organisations to measure their progression from foundational to optimised practices:

• 0 – Not Considered: No current practices or consideration for the capability.

• 1 – Defined: Initial planning or awareness exists, but implementation is limited.

• 2 – Managed: Policies and processes are operational, with basic oversight.

• 3 – Optimised: Fully embedded and continuously improved practices.

This scoring system provides clarity on where an organisation currently stands and offers a roadmap for advancing maturity levels.

Integration, Scoring, and Evidence

To ensure accuracy and relevance, the assessment incorporates features for integrating external frameworks, assigning scores, and gathering evidence.

• Integration with Existing Frameworks

  • Questions can be linked to established frameworks like AeroExcellence or SIRI.

  • Responses to these frameworks may auto-fill corresponding maturity levels in the Digital Pillar, streamlining the process.

• Scoring: Current, Compliance, Target

  • Current Score: Reflects where the organisation currently stands.

  • Compliance Score: Indicates adherence to mandatory standards (e.g., GDPR, ISO).

  • Target Score: Helps set achievable improvement goals.

• Evidence Requirements (Silver and Gold)

  • For advanced levels, evidence must substantiate responses, such as:

    • Compliance certifications (e.g., ISO 27001, Cyber Essentials).

    • Documented policies, processes, or audit reports.

Using the Framework for Continuous Improvement

The structured nature of the question framework ensures that each response contributes to a deeper understanding of organisational maturity. By focusing on specific sub-themes, exemplar statements, and performance types, organisations can:

• Pinpoint strengths and weaknesses.

• Prioritise improvement actions.

• Benchmark against industry standards and peers.

Look next at the Core Assessment Sections.