Advanced Occupational Certificate: Data Security Practitioner

The purpose of this qualification is to prepare a learner to function as a Data Security Expert. A Data Security Expert safeguards sensitive data from unauthorised access, breaches, and cyber threats; designs and implements security measures to protect data integrity, confidentiality, and availability, using a combination of technical tools, protocols, and strategies, encryption, network security, threat assessment, and incident response. Data Security Experts stay updated on the latest cybersecurity trends and vulnerabilities to ensure organisations comply with relevant laws and regulations. They proactively identify and mitigate risks to maintain trust and protect valuable assets in today's digital world.

The qualification equips learners with skills to build a comprehensive data security posture, from proactive measures (data protection, risk assessments, and compliance) to reactive responses (incident management, forensics and remediation) in order to maintain a robust and proactive data security posture, protecting both the organization's assets and the privacy of its stakeholders. These tasks are critical for safeguarding organisational data, infrastructure and systems and maintaining trust with clients and stakeholders.

Learners will be able to implement secure business processes that encompass robust retention policies with a defined lifecycle, detailing how data is moved, stored, and eventually destroyed. They will ensure effective systems including version control, as well as strict authentication and authorization protocols to create, amend, or delete data securely. These processes align with the definition of "processing" under frameworks like POPIA, ensuring compliance with legal standards. Additionally, these practices should be integrated into a Minimum Baseline Standard, Third-Party Risk Management Framework, and Contract Management to ensure comprehensive data governance.

A qualified learner will be able to

• Implement security measures to safeguard sensitive information from unauthorized access, breaches, and cyberattacks and ensure prompt recovery after an incident.
• Adhere to data protection regulations to mitigate threats, maintain resilience and maintain legal and operational compliance.

Typical Graduate attributes

• Technically inclined.
• Critical thinking.
• Communication.
• Articulative.
• Vigilant.
• Ethical.
• Observant.
• Meticulous.

Rationale

In today's digital age, the need for data security experts is more critical than ever. As organisations increasingly rely on digital systems to process sensitive data into information, the risks of cyberattacks, data breaches, and unauthorised access have grown exponentially. With an emphasis on data integrity, protection, and mop-up strategies after incidents, data security experts play a vital role in safeguarding valuable assets by designing robust security frameworks, detecting vulnerabilities, and responding to threats. This expertise ensures compliance with legal regulations, safeguards customer trust, and mitigates the broader risks stemming from cyber incidents. By focusing on both pre-emptive measures and post-incident recovery, they help organizations maintain resilience. As technology evolves, the demand for skilled professionals in this field continues to rise, making their role indispensable to businesses and governments alike.

The following related qualification is currently registered on the NQF

• Advanced Occupational Certificate: Cybersecurity Practitioner, NQF Level 6.

This qualification is a cornerstone for a secure and thriving digital ecosystem. It promotes innovation, fosters trust, and builds a resilient foundation for the future. The sector benefits from an advanced data security qualification through improved cybersecurity measures, reduced vulnerabilities, and enhanced compliance with regulations. It equips professionals with the skills to prevent breaches, protecting sensitive data and organizational reputation. The sector benefits from improved cybersecurity posture, enhanced trust and reputation, compliance with regulations and, innovation enablement as organisations can confidently adopt new technologies without compromising data integrity, confidentiality and availability.

The Advanced Occupational Certificate: Data Security Practitioner benefits society by safeguarding personal information, reducing cybercrime, and fostering trust in digital interactions. It empowers professionals to protect sensitive data, ensuring privacy and security for individuals and organisations. This enhances public confidence in using online services, minimises fraud and identity theft, and promotes a safer digital environment. Ultimately, it strengthens resilience against cyber threats, contributing to a more secure and technologically confident society. Society benefits from protection of personal privacy, reduction in cybercrime, public awareness and resilience against threats.

The qualification boosts the economy by reducing financial losses from cyberattacks, fostering trust in digital transactions, and enabling secure business operations. It drives job creation in the growing cybersecurity sector and attracts global investments by ensuring robust data protection. With improved security, organisations can innovate confidently, enhancing productivity and competitiveness. A secure digital landscape also supports uninterrupted economic activities, contributing to sustained economic growth. Benefits include reduced economic losses, global competitiveness, business continuity, and emerging technologies.

Typical learners for the qualification include individuals currently employed in cybersecurity and data engineering who want to further their careers into advanced threat analysis, data protection, company resilience, post-disaster data recovery and compliance regulations.

Typical occupations in which the qualifying learner will operate include

• Data Protection.
• Cyber Defence.
• Risk and Compliance.
• Data Governance.
• Post-Disaster Data Recovery.
• Information Security Analysis.
• Security Consultation.
• Security Architect.
• Security Engineering.
• Incident Responding.
• Compliance Analysis.
• Security Research.

This qualification was developed in collaboration with following relevant stakeholders

• Skills Development Providers.
• Employers.
• Practitioners.
• Post-School Education and Training Institutions.

Recognition of Prior Learning (RPL)

RPL for Access

Learners may use the RPL process to gain access to training opportunities for a qualification if they do not meet the formal, minimum entry requirements for admission. RPL assessment provides an alternative access route into a qualification.

Such an RPL assessment may be developed, moderated and conducted by the accredited Skills Development Provider that offers that specific qualification. Such an assessment must ensure that the learner is able to display the equivalent level of competencies required for access, based on the NQF level descriptors.

RPL for credits

For exemption from modules through RPL, learners who have gained the stipulated competencies of the modules of a qualification through any means of formal, informal or non- formal learning and/or work experience, may be awarded credits towards relevant modules, and gaps identified for training, which is then concluded.

RPL for Access to the External Integrated Summative Assessment (EISA)

Learners who have gained the stipulated competencies of the modules of a qualification through any means of formal, informal or non-formal learning and/or work experience, may be awarded credits towards relevant modules, and gaps identified for training, which is then concluded. A valid Statement of Results is required for admission to the EISA in which confirmation is provided that all internal assessment criteria for all modules in the related curriculum document have been achieved.

Upon successful completion of the EISA, RPL learners will be issued with the QCTO certificate for the qualification. Quality Partners are responsible for ensuring the RPL mechanism and process for qualifications and part-qualification(s) is approved by the QCTO.

Entry Requirements

An NQF Level 05 qualification in Cybersecurity/ Computer Science/ Programming/ Data processing or ICT.

This qualification is made up of compulsory Knowledge, Practical Skill and Work Experience Modules

Knowledge Modules

• 251102-004-00-KM-01: Risk Management: Assessment and Vulnerability Analysis, Level 6, 4 Credits.
• 251102-004-00-KM-02: Data Protection and Encryption, Level 6, 4 Credits.
• 251102-004-00-KM-03: Advanced Safeguarding of Valuable Assets: Designing Robust Security Frameworks, Level 6, 6 Credits.
• 251102-004-00-KM-04: Pre-emptive Measures and Post- Incident Data Recovery, Level 6, 6 Credits.
• 251102-004-00-KM-05: Monitoring and Incident Response, Level 6, 6 Credits.
• 251102-004-00-KM-06: Threat Intelligence and Emerging Technologies, Level 6, 5 Credits.
• 251102-004-00-KM-07: Advanced Data Restoration, Business Continuity and Mop-Up Strategies, Level 6, 8 Credits.
• 251102-004-00-KM-08: Performance Measurement and Optimisation for Secure Data Management, Level 6, 6 Credits.
• 251102-004-00-KM-09: Advanced Compliance, Policy Development, and Ethics for Data Security Experts, Level 6, 12 Credits.
• 251102-004-00-KM-10: Security Awareness, Collaboration, and Vendor Coordination, Level 6, 4 Credits.
• 251102-004-00-KM-11, Leadership and Strategic Thinking, Level 6, 8 Credits.

Total number of credits for Knowledge Modules: 69

Practical Skill Modules

• 251102-004-00-PM-01: Develop and Implement Data Security Policies, Level 6, 8 Credit.
• 251102-004-00-PM-02: Implement and Monitor Data Protection and Security Measures, Level 6, 8 Credit.
• 251102-004-00-PM-03: Conduct Risk Management and Assessment, Level 6, 8 Credits.
• 251102-004-00-PM-04: Safeguard Business Continuity, Level 6, 8 Credits.
• 251102-004-00-PM-05: Conduct Mop-Up ensuring Business Continuity and Data Recovery, Level 6, 4 Credits.
• 251102-004-00-PM-06: Monitor Compliance with Security Policies, Procedures, and Best Practices, Level 6, 8 Credits.
• 251102-004-00-PM-07: Measure Performance Metrics and Drive Continuous Improvement, Level 6, 8 Credits.
• 251102-004-00-PM-08: Conduct Mop-Up for Business Continuity and Data Recovery: Capstone Project, Level 6, 12 Credits.

Total number of credits for Practical Skill Modules: 64

Work Experience Modules

• 251102-004-00-WM-01: Data Protection and Security Measures Implementation and Monitoring Processes, Level 6, 8 Credits.
• 251102-004-00-WM-02: Risk Management and Security Assessment Processes, Level 6, 8 Credits.
• 251102-004-00-WM-03: Business Continuity and Incident Response Processes, Level 6, 8 Credits.
• 251102-004-00-WM-04: Post-incident Recovery and Business Continuity Processes, Level 6, 8 Credits.
• 251102-004-00-WM-05: Performance Metrics and Continuous Improvement Processes, Level 6, 8 Credits.

Total number of credits for Work Experience Modules: 40

1. Implement data protection and security measures.
2. Conduct risk assessment and management.
3. Safeguard business continuity.
4. Develop data security and compliance monitoring policy.
5. Measure data security performance metrics.

Associated Assessment Criteria for Exit Level Outcome 1

ELO 1: Implement data protection and security measures.

• Apply, monitor, and maintain robust security measures to safeguard sensitive data from unauthorized access and breaches, with compliance ensured to regulatory frameworks and industry standards.
• Deploy and monitor security tools, technologies, and solutions to maintain a secure environment and effectively protect data, networks, and systems from security threats.
• Install and set up access controls and user management systems to allow only authorized access to data and enforce least-privilege principles.
• Assess new technologies, processes, and infrastructure for potential risks and their impact on the organisation's data security posture, with necessary adjustments made to prevent vulnerabilities.

Associated Assessment Criteria for Exit Level Outcome 2

ELO 2: Conduct risk assessment and management.

• Perform risk assessments and vulnerability analyses to identify and address data security weaknesses.
• Conduct data security audits to evaluate the organisation's security posture and compliance with industry standards.
• Design and implement disaster data recovery and business continuity strategies to minimize data loss and operational downtime.
• Establish crisis management protocols to ensure rapid incident response and recovery.
• Assess the value and associated risks of company data to prioritise security investments and strategies.

Associated Assessment Criteria for Exit Level Outcome 3

ELO 3: Safeguard business continuity.

• Develop and execute remediation plans to strengthen security resilience and prevent recurrence of incidents.
• Establish and maintain robust disaster recovery plan to ensure preparedness for unexpected incidents.
• Secure data, networks, and infrastructure (end-to-end) to protect against cyber threats and system failures.
• Reconfigure and restore infrastructure in case of collapse to minimise disruption and enable continued operations.
• Achieve and maintain an optimal security posture across the organisation.

Associated Assessment Criteria for Exit Level Outcome 4

ELO 4: Develop data security and compliance monitoring policy.

• Develop and implement comprehensive security policies, procedures, and best practices in alignment with industry standards and regulatory requirements.
• Maintain compliance with data protection laws.
• Adhere to organisational data security regulations.
• Document security procedures, guidelines, and incident reports to establish clear protocols for team reference.
• Conduct internal security audits to assess and improve security controls.

Associated Assessment Criteria for Exit Level Outcome 5

ELO 5: Measure data security performance metrics.

• Reduce security incidents and optimise system performance through proactive monitoring and preventive measures.
• Improve handling of large data uploads.
• Optimise data processing performance.
• Analyse interactive reports to identify areas for performance enhancement.
• Optimise security monitoring processes to improve incident response times.

Integrated Assessment

Integrated Formative Assessments

Formative assessments are conducted throughout the training of learners. A range of formal, non-formal, and informal ongoing assessment activities are used to focus on teaching and learning outcomes to improve learner attainment.

Formative assessments are conducted continuously by the facilitator to feed into further learning, to identify strengths and weaknesses, and to ensure the learner's ability to apply knowledge, skills and workplace experience gained.

Formative Assessments are conducted by the accredited Skills Development Provider (SDP), and a variety of ongoing assessment methods may be used, for example, quizzes, assignments, tests, scenarios, role play, and interviews. Continuous feedback must be provided.

Integrated Summative Assessments

Integrated Assessment involves all the different types of assessment tasks required for a particular qualification, such as written assessment of theory and practical demonstration of competence. To achieve this, the Internal Assessment Criteria (IAC) for all modules as found in the QCTO curriculum document must be followed.

An accredited SDP should implement a well-designed, formal, relevant, and final internal Summative Assessment strategy for all modules to prepare learners for the EISA. These assessments evaluate learning achievements relating to the achievement of each module of the relevant components of the qualification.

Internal Summative Assessments are developed, moderated and conducted by the SDP at the end of each module or after integration of relevant modules, e.g. applied knowledge tests, workplace tasks, practical demonstrations, simulated tasks/demonstrations, projects, case studies, etc.

The results of these final formal summative assessments must be recorded. These results, which include the Statement of Work Experience results, where applicable, contribute to the Statement of Results (SoR) that is a requirement for admission to the EISA. An SoR, using the template provided by the Quality Partner, is issued by the accredited SDP for qualifications and part-qualifications. The SDP must produce a valid Statement of Results for each learner, indicating the final result and the date on which the competence in each module, of each component, was achieved. Learners are required to produce this SoR, together with their ID document or alternative ID document, at the point of the EISA.

External Integrated Summative Assessment (EISA) - a national assessment

The Quality Partner is responsible for the management, conduct, and implementation of the External Integrated Summative Assessment (EISA), in accordance with QCTO set standards. Competence in the EISA is a requirement for certificating a learner.

For entrance into the EISA, the learner requires a valid Statement of Results issued by the accredited institution indicating:

The attainment of all the Knowledge, Practical and Work Experience modules.

Or

The attainment of all modules for the Knowledge and Application Components.