Competency framework COMPUTING AND INTERNET CERTIFICATE (C2i)

Transcription

1 Competency framework COMPUTING AND INTERNET CERTIFICATE (C2i) Mission Numérique pour l'enseignement Supérieur (MINES - DGESIP) (Digital Mission for Higher Education) Ministry of Higher Education and Research June 2012

2 MINES - DGESIP Page 2 of 22 June 2012

3 COMPETENCE REFERENCE FRAMEWORK FOR C2I LEVEL 2 ENGINEERING PROFESSIONS The competence reference framework for C2i level 2 "" (C2i2mi) consists of: Three cross-cutting domains covering all C2i level 2 certificates, tailored to the engineering professions: Domain D1: To know and respect the rights and obligations linked to digital activities in a professional context Domain D2: To manage strategies for the research and exploitation of digital information and maximising its use Domain D3: To foster professional collaboration using digital technology Two specific domains for the engineering professions professional field: Domain D4: Mastering the processes involved in a security policy in order to participate in its implementation Domain D5: Steering overall management of the information system MINES - DGESIP Page 3 of 22 June 2012

4 CROSS- CUTTING DOMAINS Detailed Competence Reference Framework for C2i Level 2 - DOMAIN D1: TO KNOW AND RESPECT THE RIGHTS AND OBLIGATIONS LINKED TO DIGITAL ACTIVITIES IN A PROFESSIONAL CONTEXT Domains Competencies 1. To adhere to and integrate legislation relating to the protection of individual freedoms D1: To know and respect the rights and obligations linked to digital activities in a professional context 2. To adhere to and integrate legislation on digital works related to the professional field 3. To adhere to and integrate the legal aspects related to the protection and accessibility of professional information : The creation and processing of digital information are governed and ordered by a set of laws, regulations and legal decisions which all professionals must know and adhere to when exercising their profession. This means in particular that the professional should be in a position: to clearly distinguish between digital information of a personal nature and digital information of a professional nature; to handle and distribute professional data under a legal framework, whether or not they contain information of a personal nature; to adapt their behaviour and practices on the basis of the legal provisions to which users are subject. The specifics of implementing this domain for engineering professions within their work: Engineers are required to act as project owners in information system projects. They therefore have to ensure that the prevailing data processing legislation is complied with in the projects they are working on and in their work in general. MINES - DGESIP Page 4 of 22 June 2012

5 COMPETENCE D1.1: TO ADHERE TO AND INTEGRATE LEGISLATION RELATING TO THE PROTECTION OF INDIVIDUAL FREEDOMS Within the scope of an engineering project, it is necessary to understand, comply with and ensure compliance with the French Law on Data Processing and Freedoms 1, and with company-specific IT charters, taking into account legislation on the right to privacy (personal data, corporate data, cybersurveillance of employees, etc.). Identifying sensitive data as defined by the Commission Nationale de l'informatique et des Libertés (CNIL), and first and foremost personal data that the company may be expected to handle Applying the obligations relating to processing personal data both within the company and in the event of outsourcing Registering a file or the processing of personal data, or if applicable consulting with the company s data protection officer (DPO) Applying and ensuring the application of a charter within the professional activities. Engineers are required to identify the responsibilities of parties within the company (managers, employees with or without assigned authority). They must be able to apply the charter in their activities and ensure that the people reporting to them also apply the charter. It should be noted that the effectiveness and legal use of the charter depend on it being properly distributed and understood. Engineers must be able to explain this to their teams. Depending on the position held, engineers may be responsible for ensuring awareness within their area of authority Taking into account legislation regarding the cybersurveillance of employees and respect for their privacy. This involves differentiating the surveillance concepts for the purposes of security or legal enforceability with the aim of adapting their behaviour to suit the situation. Engineers are required to clearly identify these concepts so as to use audit information in a legally compliant way. Engineers must be able to propose a means of ensuring compliance enabling this information to have legal validity (registration, time-limits on holding such data, employee notification, etc.) Identifying situations where legal expertise should be sought Associated knowledge General principles of the French Law on Data Processing and Freedoms and specific details thereof compared with equivalent international and European legislation Role, mission, rights and powers of the CNIL; role of the company s Data Protection Officer (DPO) Importance of having a charter and keeping it current, and the corresponding ethical value (recommending good practices) and/or legal value (with applicable penalties) 2 Responsibilities of the company managers and persons with delegated authority (IT managers, network administrators, etc.) with respect to the cybersurveillance of employees and respect of privacy 1 Law No of 6 January This involves making a distinction between the two roles and knowing how to decipher any penalties imposed. It also involves knowing that, to be legally valid, it has to be approved by the staff representatives or the legal representative bodies of the groups to which it applies. MINES - DGESIP Page 5 of 22 June 2012

6 Legislation relating to the monitoring of employees via electronic means. Legal framework of the monitoring of employees, which is constantly evolving in line with technological and ICT developments COMPETENCE D1.2: TO ADHERE TO AND INTEGRATE LEGISLATION ON DIGITAL WORKS RELATED TO THE PROFESSIONAL FIELD Within the scope of a project, engineers are required to know how to identify the professional situations that may involve compliance with legislation on intellectual property of digital works. Applying legislation on the protection of works. In particular, engineers must be able to cite sources, request authorisation to use certain content and differentiate between the concepts of rights to presentation, replication and translation Deciphering the legal wording associated with a digital work Within the scope of an engineer s own works it useful to be aware of the benefits of having the work licensed so that terms of use can be imposed (Creative Commons, GNU GPL, CECILL, copyleft, proprietary license, etc.) Associated knowledge Concepts relating to works protected by copyright and the specifics of software applications Administrative, criminal and civil responsibilities relating to the infringement of intellectual property (software infringement, counterfeiting, illegal downloads, etc.) COMPETENCE D1.3: TO ADHERE TO AND INTEGRATE THE LEGAL ASPECTS RELATING TO THE PROTECTION AND ACCESSIBILITY OF PROFESSIONAL INFORMATION Engineers are required to be able to identify professional situations affected by legislation on the provision of information and those affected by data protection. They must know how to ensure the availability and integrity of data that has to be public, and the confidentiality of personal data. Understanding the mechanisms required to guarantee the authenticity of a document Recognising the legal value of a digital document, including technical understanding of encryption and electronic signatures Recognising the integrity of a digital document Implementing various methods for protecting and securing the professional data available within the company MINES - DGESIP Page 6 of 22 June 2012

7 Associated knowledge Detailed Competence Reference Framework for C2i Level 2 - Legislation governing the process of making data available and data protection The concept of the integrity of a digital document Methods for the protection and securing of professional data Obligations to make public data available and accessible The concept of accessibility and its legal implications with respect to IT systems and adaptation of workstations 3 3 Reference could be made to the recommendations of the W3C with respect to accessibility (Section 508, WCAG, etc. ) and legislation in Europe (Accessiweb in France, D.D.A. 1995, Law no , 2005 in Europe). MINES - DGESIP Page 7 of 22 June 2012

8 DOMAIN D2: TO MANAGE STRATEGIES FOR THE RESEARCH AND EXPLOITATION OF DIGITAL INFORMATION AND MAXIMISING ITS USE Domains Competences 1.To produce and implement a strategy for researching information in a professional context D2: To manage strategies for the research and exploitation of 2. To produce and implement a strategy for monitoring information in a digital information and maximising professional context its use 3. To produce a strategy for developing and maximising use of professional competences : Information today lies at the heart of every economic activity. It can be considered both as an aid in decisionmaking and also as an instrumental resource in a communication strategy. In this context, professionals must be able to: identify their requirements in terms of information; locate the right information; evaluate and apply the information obtained. The specifics of implementing this domain for engineering professions within their work: Engineers need to be able to identify the relevant sources of information and to structure the information retrieved with a view to creating documents intended to be distributed and retained. COMPETENCE D2.1: TO PRODUCE AND IMPLEMENT A STRATEGY FOR RESEARCHING INFORMATION IN A PROFESSIONAL CONTEXT Having covered aspects relating to document searches in Level 1 of C2i, the specific nature of this competence basically involves identifying relevant sources of information for the search. Engineers are required to identify the shortcomings of the general search engines, particularly with respect to the invisible web (or deep web): protected access document databases, multimedia documents (images, animations, videos, sound files, etc.), documents without public links, blogs, social networks, RSS feeds, etc. They are required to be able to select suitable tools for their search in line with their area of activity (technical and scientific databases). Being able to adopt an information search methodology using digital resources MINES - DGESIP Page 8 of 22 June 2012

9 Identifying information sources relating to their area of activity Analysing the validity, relevance and value of the digital information retrieved Organising the information retrieved to make it available Contributing to the selection of tools geared to the context of the company Associated knowledge Web browsing tools (general search engines, business intelligence tools, etc.) COMPETENCE D2.2: TO PRODUCE AND IMPLEMENT A STRATEGY FOR MONITORING INFORMATION IN A PROFESSIONAL CONTEXT Company competitiveness depends greatly on their ability to innovate and their knowledge of their competitive environments. Business intelligence processes are thus essential for companies. Engineers therefore must be familiar with information monitoring as an essential building block in any business intelligence process. Setting up a technological monitoring system geared to their area of activity Identifying sources and types of information that can be used to feed a monitoring process Knowing how to use technical tools tailored to continuously retrieve this information (RSS feeds, professional social networks, dedicated business intelligence tools) Associated knowledge Methodologies for setting up business intelligence processes aligned to identified strategic objectives Techniques tailored to continuously retrieve this information (RSS feeds, professional social networks, dedicated business intelligence tools) COMPETENCE D2.3: TO PRODUCE A STRATEGY FOR DEVELOPING AND MAXIMISING USE OF PROFESSIONAL COMPETENCES As technology continually evolves, engineers must develop and enhance their competences on an ongoing basis. To this end, it is in their interest to create and manage throughout their career a portfolio of competences (which could take the form of an e-portfolio) enabling them to advance their professional skillset. In view of the use of online tools, engineers must be aware of the extent and consequences of their digital identity (e-reputation) in a professional context. Creating their own portfolio of professional competences and keeping it updated throughout their career Identifying and using digital resources geared to their context to develop their professional competences Making effective use of social networks, blogs, etc., for the purposes of developing their professional network MINES - DGESIP Page 9 of 22 June 2012

10 Associated knowledge Detailed Competence Reference Framework for C2i Level 2 - The concept of e-reputation Processes involved in VAE (Validation of acquired experience), the accreditation of prior and experiential learning Tools for managing competency portfolios Social networks and areas of application (Viadeo, LinkedIn, Experteer, Facebook, Twitter, Google+, etc.) MINES - DGESIP Page 10 of 22 June 2012

11 DOMAIN D3: TO FOSTER PROFESSIONAL COLLABORATION USING DIGITAL TECHNOLOGY Domains Competences 1. To foster collaborative work using digital technologies D3: To foster professional collaboration using digital technology 2. To coordinate and lead collaborative activities in a digital environment 3. To adapt, modify and transmit data whilst respecting inter-operability in a context of collaborative professional work : New communication tools can be used to enhance collaborative activities within professional bodies. They can be used to gather and process knowledge produced collectively across projects managed remotely. Professional users involved in running a collaborative project therefore must be able to: - identify the digital tools required to implement the project; - lead and coordinate groups working remotely; - take into account the technical and organisational constraints involved in exchanging digital information. The specifics of implementing this domain for engineering professions within their work: An engineer s work requires various exchanges within and between companies. These exchanges may involve communicating routine information or administrative or technical data. Numerous digital tools facilitating such exchanges are used within a corporate setting, but their use must be carefully controlled to ensure that communications and/or transmissions are effective. In data exchange, professionals must be aware of the limits of remote exchanges, the customary formats and the appropriate level of security for confidential data (see Domain 4, Mastering the security of data and information systems). MINES - DGESIP Page 11 of 22 June 2012

12 COMPETENCE D3.1 TO FOSTER COLLABORATIVE WORK USING DIGITAL TECHNOLOGIES : The task of organising collaborative work frequently falls within the remit of a professional engineer, whether in running a team or in the numerous interactions with suppliers and/or customers. Digital technologies today offer many tools, which may have very different objectives depending on the nature of the intended exchange. The exchange may be synchronous (web meetings, video conferences, etc.) or asynchronous ( , Wiki platform, project management platform, etc.). Engineers therefore need to select the most suitable tool and ensure their team members can also access it. They must also ensure that their team members can access the essential information for using the selected tool. When selecting tools engineers must also take into account the level of experience of these partners (level, training time, training costs) as this may adversely impact their team work. : Within the scope of a project, discovering what tools partners have available, the participants' user levels and the type of data processed within the project (nature, format, quality, etc.). Defining the conventions for digital exchanges at a project scoping meeting Anticipating difficulties relating to collaborative work with a view to guiding selection of the tools and planning implementation of the best strategy (training deployment, management of confidentiality, security of data, access to tools and data) Selecting the collaborative tool offering the most appropriate cost/quality/deadline ratio for the project Watching out for new digital exchange tools Identifying models associated with documents depending on their type (confidential, restricted, etc.) Knowing how to define metadata and retrieve it in different situations Identifying the type of data or document created (and edited) at each stage Understanding the information flows to identify points of collaboration and assigned roles (principles of workflow) Associated knowledge: Document naming conventions Available synchronous and asynchronous tools, dependent on the confidentiality of information and security rules 4 The concept of metadata and contexts of use The concept of information flows (data and documents) and document lifecycle 4 For example, tools such as Google documents, Cloud computing or Skype may not necessarily be usable in certain work contexts MINES - DGESIP Page 12 of 22 June 2012

13 COMPETENCE D3.2 COORDINATING AND FACILITATING COLLABORATIVE ACTIVITIES IN A DIGITAL ENVIRONMENT : The profession of the engineer is intrinsically linked with team working. Exchanges increasingly occur within a digital environment, fostering remote working. The engineer is therefore expected to be able to organise the circulation, classification and evolution of documents necessary to an activity. They must therefore also be able to define the various roles incumbent on the participants charged with producing the documents (authors, reviewers, etc.). As facilitator, the engineer is required to also be able to coordinate on-line meetings, impose an operational mode on digital platforms, define the rules of good practice, ensure accessibility for partners and comply with confidentiality rules by setting an appropriate level of security. : Justifying the benefits of digital tools for managing a project between partners at different geographical locations and using them to coordinate participants Specifying the roles and responsibilities of everyone in the system Adopting, and ensuring others adopt, behaviour compliant with the rules of good conduct for each tool in an activity to ensure cooperation between participants Being able to organise a collaborative work space Defining and exploiting a workflow: being able to set the rules for managing, qualifying and revising the various statuses of a piece of information or document (draft, approved, distributed, etc.) Associated know-how: Project management databases (planning and planning management tool, generation of task sheets, activity reports, dashboards, etc.) Knowledge of available collaborative project software and asynchronous & synchronous tools COMPETENCE D3.3 ADAPTING, MODIFYING AND PASSING ON DATA, RESPECTING INTEROPERABILITY IN A PROFESSIONAL COLLABORATIVE WORK CONTEXT : Digital data exchanged may vary widely in terms of size and nature. Resources are as likely to comprise administrative documents (in text or spreadsheet files) as they are very large technical data files produced by sector-specific software. In addition the engineer must understand and comply with the confidentiality of resources conveyed and shared. Interoperability therefore has to be ensured not only at the level of immediate external or internal exchanges, but also at the level of the standard imposed by the company. : Selecting the appropriate tool and protocol for the amount and confidentiality of data to be exchanged ( , ftp, http, https, etc.) Defining the confidentiality level of data to be exchanged and implementing appropriate processes MINES - DGESIP Page 13 of 22 June 2012

14 Defining a specific interoperability convention with partners (General Interoperability Framework (GIF), transfer standards, etc.) Ensuring the existence and integrity of data and metadata throughout the project, and use of this Associated know-how: Tools available for exchanging data and associated limitations (maximum data size, security level ensured, external access, etc.) The concept of transfer standards (General Interoperability Guidelines for user environments) The concept of non-disclosure agreements (NDA) before any exchange of confidential data Different formats for representing data handled by the engineer and the properties of these formats (open, proprietary, standardised, etc.) MINES - DGESIP Page 14 of 22 June 2012

15 DOMAINS SPECIFIC TO C2i Level 2 engineering professions DOMAIN D4: MASTERING THE SECURITY OF DATA AND INFORMATION SYSTEMS Domains Competencies 1 - Mastering the processes involved in a security policy in order to participate in its implementation 2. Identifying the parties involved in setting up the security policy and ascertaining their legal responsibilities 3. Identifying and ranking data so that it can be D4: Mastering the security of data and information appropriately used systems 4. Assessing the security of procedures and knowing the limitations of tools so that information can be processed in accordance with the location and mode of access 5. Estimating the intentional and accidental risks in order that the necessary measures can be taken Using digital resources in the management and exchange of information requires for all sectors of activity the ability to plan and manage risks relating to communicating, storing and processing of professional data. Engineers must therefore be able to help establish an information security policy. To do so, they must in particular be able to: identify the key players within the security policy, rank the sensitive information, assess the security of data processing procedures, estimate the intentional and accidental risks. MINES - DGESIP Page 15 of 22 June 2012

16 COMPETENCE D4.1: MASTERING THE PROCESSES INVOLVED IN A SECURITY POLICY IN ORDER TO PARTICIPATE IN ITS IMPLEMENTATION : A security policy enables a company to protect itself from the risks inherent in data management. It is set out in a document describing the strategic objectives of such protection and the rules to be applied to achieve this. This competence must be based on general knowledge that should lead to good practices. : Understanding the role and importance of a document defining the security policy to be adopted for information systems, its overall scope and the need to keep it updated Identifying the security requirements inherent in their activities within the scope of the information systems with which they interact Adapting their behaviour and that of their team in compliance with the establishment s security policy in their specific activity sector Associated knowledge: The characteristics expected of an information system in terms of security (availability, integrity, confidentiality, authenticity) Existence of methods that can be adopted for setting up a security policy for information systems COMPETENCE D4.2: IDENTIFYING THE PARTIES INVOLVED IN SETTING UP THE SECURITY POLICY AND ASCERTAINING THEIR LEGAL RESPONSIBILITIES A security policy within a company has a number of objectives. The principle of civil liability imposes on companies the obligation to protect their information systems, so that such systems cannot be abused to perform third party attacks. The company also has to protect its know-how and data, in particular the personal data handled within the company. Setting up a security policy is a task for the company s management, but also affects all parties involved within the company. : Identifying the role of each party involved in applying a security policy, and in particular their managerial and individual responsibility within the company Identifying the main types of responsibility of the parties within the company, and the legal implications Associated knowledge: The concept of the user s legal responsibility and implications on a security policy The functions of an information systems security manager and IT manager, and the required separation of roles MINES - DGESIP Page 16 of 22 June 2012

17 COMPETENCE D4.3: IDENTIFYING AND RANKING DATA SO THAT IT CAN BE APPROPRIATELY USED Any approach to securing data by necessity begins with identifying the sensitivity of each item of data. It would be expensive, idealistic and costly to protect all the company s data with the same level of security. The process of securing data is thus based on ranking of the data. Engineers must be aware that ranking data makes sense only if processing rules are associated with the data at each stage of the document s lifecycle. : Identifying at each stage of a document s lifecycle the rules for processing and storing the data associated with each level of sensitivity Selecting the IT tools in line with the sensitivity of the information handled Selecting and using several discrete tools to comply with redundant storage requirements for a sensitive file Complying with confidentiality requirements by encrypting the data Associated knowledge: The standard setting out good practices issued by AFNOR (XPX ), which proposes classifying and handling information according to its level of sensitivity, for example as white information (information that can be easily and legally accessed), grey information (information that can legally be accessed, but knowledge of the existence and means of access to which tends to present difficulties) or black information (information for restricted distribution for which access or use is explicitly protected) The characteristics expected of an information system in terms of security (availability, integrity, confidentiality, authenticity) The means of storing information Processes for encrypting data COMPETENCE D4.4: ASSESSING THE SECURITY OF PROCEDURES AND KNOWING THE LIMITATIONS OF TOOLS SO THAT INFORMATION CAN BE PROCESSED IN ACCORDANCE WITH THE LOCATION AND MODE OF ACCESS Engineers must be aware of how weaknesses evolve in the procedures and tools implemented. In this respect, if the information handled is subject to a particular level of confidentiality, they should display a critical attitude to the use of ICT tools and the application of procedures. Identifying the usage typology of access to the company network, assigning a risk and confidentiality level to each type of access Complying with network access restrictions imposed by the company: ñ complying with the company s authentication system, in particular if this is based on the use of passwords alone (strong passwords, non-disclosure, non-abuse, unique scope of application) MINES - DGESIP Page 17 of 22 June 2012

18 ñ complying with the terms and conditions of external access imposed by the company (not deactivating company antivirus software or firewall, always using VPN connection, etc.) Associated knowledge The purpose of each authentication and communication protocol (unencrypted protocols, SSL, WEP/WPA, VPN, authentication 802.1x, etc.) COMPETENCE D4.5: ESTIMATING THE INTENTIONAL AND ACCIDENTAL RISKS IN ORDER THAT THE NECESSARY MEASURES CAN BE TAKEN Any risk analysis is based on assessing the threats, weaknesses and impacts. In this context, engineers must be able to identify the principal intentional risks from the perspective of the threats and weaknesses affecting the information system. Identifying the main accidental risks that may affect the company s information system, and the backup measures that can be applied Identifying external or internal intentional human risks, and backup measures that can be applied (main intentional risks, from the perspective of threats to as well as weaknesses within the information system) Managing the backup and archiving of a document in compliance with the company approach to organising information Knowing how to identify a social engineering -type attack Associated knowledge Role of risk analysis methods for information systems 5 Main types of attack (technological and human) that may affect an information system 5 Type: Méhari (CLUSIF) or EBIOS (DCSSI) and ISO MINES - DGESIP Page 18 of 22 June 2012

19 DOMAIN D5: STEERING OVERALL MANAGEMENT OF THE INFORMATION SYSTEM Domains Competences 1. Understanding issues around information systems from the perspective of the project owner 2. Identifying the participants and stages involved in an information system project to ensure clear leadership D5: Steering overall management of the information system 3. Expressing every aspect of the requirement and ensuring these are taken into account by the project manager throughout the life of the project 4. Meeting the requirements of interoperability and accessibility from the perspective of the project owner 5. Interpreting a document modelling professional processes or data The information system concerns the complete assembly of processes that enable management of the company s information and information flows, including all resources (people, sector applications, IT infrastructures, etc.) so that such information can be managed and distributed. Engineers therefore represent the project owner, in other words the party identifying a need and defining the purpose of the project, the schedule and the budget. The project manager is responsible for the technical implementation of the project. The team on the project owner's side must therefore have sufficient competences for effective dialogue with the project management side. If this is not the case, support services may be needed for the project owner. MINES - DGESIP Page 19 of 22 June 2012

20 COMPETENCE D5.1: UNDERSTANDING ISSUES AROUND INFORMATION SYSTEMS FROM THE PERSPECTIVE OF THE PROJECT OWNER Engineers must be able to understand the issues facing the project manager and the various solutions they may propose: software development or range of standard software applications, range of services, technical architectures, etc. They may also be expected to use models to describe the organisation of a company or service, information flows, associated processes and the company s environment. Modelling an information system at a functional level Understanding how an information system is modelled at a technical level Identifying the software components involved in a company s information system Differentiating between the main families of software solutions in conjunction with the company s main processes Associated knowledge Techniques for modelling an information system Main software architectures in terms of the general principles involved (third party architecture, thin client or thick client, application server, database server) Families of software used in managing a company: Human resource management (HRM) Accounting and financial management Customer relationship management (CRM) Production management Integrated management (Enterprise Resource Planning or ERP) COMPETENCE D5.2: IDENTIFYING THE PARTICIPANTS AND STAGES INVOLVED IN AN INFORMATION SYSTEM PROJECT TO ENSURE CLEAR LEADERSHIP Within the scope of an information system (IS) project, engineers must be able to identify the roles of management, project owner, project manager and project owner support. Understanding the roles and responsibilities of each party involved in an IS project Participating in the lifecycle management of an IS project based on a standard method MINES - DGESIP Page 20 of 22 June 2012

21 Understanding the economic, human and organisational impact of a project and being able to draw up a change management plan enabling: ñ planned start-up ñ defining the maintenance management methods for the application (TMA) ñ defining the means of user support Associated knowledge Methods for information system design (spiral lifecycle model, W-model, XP, SCRUM, etc.) and the role of corresponding participants COMPETENCE D5.3: EXPRESSING EVERY ASPECT OF THE REQUIREMENT AND ENSURING THESE ARE TAKEN INTO ACCOUNT BY THE PROJECT MANAGER THROUGHOUT THE LIFE OF THE PROJECT Identifying the requirements leading up to an information system project is one of the particular difficulties of this type of project. Here, engineers must be able to identify this particular difficulty by clearly stating the requirement to be met and how it is to be met. They must be able to prepare specifications, taking into account the technical and functional needs, in accordance with the service level, security and quality criteria to be applied to assess the pertinence of responses to these specifications. Expressing the requirements of the project owner Preparing technical and functional specifications Organising acceptance of an application Associated knowledge Methods that can be used to identify the technical and functional requirements of a project Methods for drawing up technical and functional specifications Methods of accepting an application COMPETENCE D5.4: MEETING THE REQUIREMENTS OF INTEROPERABILITY AND ACCESSIBILITY FROM THE PERSPECTIVE OF THE PROJECT OWNER Interoperability is the ability of an information system to share and exchange data and processes without any restriction in access or implementation. In this context, it is necessary to identify the (de facto) standard and norms, proprietary formats and open formats, in order to ensure timely compatibility or ongoing interoperability. Engineers are therefore required to know the main proprietary formats and open formats for current use in their specific area of activities, and how to use them properly. MINES - DGESIP Page 21 of 22 June 2012

22 Detailed Competence Reference Framework for C2i Level 2 - Together with their partners, defining the shared exchange formats in the following contexts: selecting the formats of document deliverables, defining the formats for exchanging data, in particular based on XML standards being aware of the need to use standard or open interoperable formats within the scope of data exchange Associated knowledge Main proprietary formats and open formats of digital documents Existence, principles and contexts of applying recommendations with respect to accessibility 6 -{}- Main models of integration with the IS when selecting a subsystem (integration based on service and integration via a database) Role of an LDAP directory COMPETENCE D5.5: INTERPRETING A DOCUMENT MODELLING PROFESSIONAL PROCESSES OR DATA Within the scope of an information system project, engineers must know how to interpret the models identifying the various IS users and relevant usage cases. Understanding the modelling of roles and usage cases Understanding and critically assessing a data model Understanding, critiquing and modelling the processing Understanding and critiquing a process model Associated knowledge A process and data modelling language (UML, MCD and MCT (Merise), etc.) 6 W3C Section 508, WCAG and French Disability Act no dated 11 February 2005 MINES - DGESIP Page 22 of 22 June 2012