Sub-Themes and Capabilities

Introduction to Sub-Themes and Capabilities

The Digital and Cybersecurity Pillar framework is built around sub-themes, which focus on specific areas of capability within each architecture domain (e.g., Strategy under Business Architecture or Data Management under Data Architecture). These sub-themes provide the structure for evaluating digital maturity.

To assess these sub-themes, the framework incorporates capabilities, Indicators of Good Practice (IGPs), and Metrics/KPIs. Together, these elements provide measurable criteria for benchmarking maturity, identifying gaps, and planning improvements.

How Sub-Themes Drive Focus

Sub-themes define what needs to be assessed in each architecture domain. They narrow the scope, ensuring critical aspects of digital maturity and cybersecurity are not overlooked.

Example Sub-Theme: Data Management (Data Architecture)

Definition: Secure storage and access controls are in place, ensuring data is organised and protected.
Purpose: To establish the foundational ability to manage and safeguard data, supporting operational goals and compliance.

Capabilities, IGPs, and KPIs: The Building Blocks

Each sub-theme is supported by underlying capabilities, IGPs, and Metrics/KPIs to provide measurable insights into maturity.

Example: Data Management

Capabilities:
- Processes: Secure data storage and retrieval processes documented and followed.
- Tools: Use of data storage tools with access controls and backup capabilities.
- People: Defined roles for managing access and data integrity.
Indicators of Good Practice (IGPs):
- Not applicable at this foundational level.
Metrics/KPIs:
- Percentage of data secured with proper access controls.
- Number of unauthorised access incidents.

Progressing Through Maturity Levels

Sub-themes and their capabilities form the foundation for evaluating and improving maturity. Each is mapped to the maturity model’s three levels: Bronze, Silver, and Gold.

Bronze (Foundational)

Focus: Establish essential capabilities for compliance and basic security.

Example Outcome: Secure storage processes are documented and implemented with basic access controls.

Silver (Managed)

Focus: Formalise and manage practices to ensure consistency and resilience.

Example Outcome: Automated tools for backup and periodic audits of data access are in place.

Gold (Optimised)

Focus: Optimise practices for continuous improvement and advanced resilience.

Example Outcome: Fully encrypted storage, real-time monitoring, and predictive analytics for proactive data management.

Why Sub-Themes and Capabilities Matter

Clarity: Sub-themes break down each architecture domain into manageable focus areas.
Measurability: Capabilities, IGPs, and KPIs ensure progress is evaluated quantitatively and qualitatively.
Improvement: This structure provides a roadmap for advancing through the maturity model, targeting specific areas for development.

What’s Next?

Explore detailed assessments for each sub-theme in the Assessment Guide.
Find actionable steps for improvement in the Best Practice Resources.

PreviousExemplar Statements and Maturity Model NextOverview of the Pathway Levels (Bronze, Silver, Gold)

Last updated 3 months ago

Was this helpful?