Level 3
Unit No:
Guided learning hours:
42 hours


Learners will develop an understanding of the IT systems, platforms and information security requirements that support different business functions in organisations. They will also learn about the different skills required for dealing with end users when supporting and delivering IT services in organisations.

Unit Learning Outcomes


Understand the IT systems, platforms and information security requirements that support business functions.

Business functions: strategy, design, transition, operations, continual improvement, Standard Operating Procedures (SOP).

Purpose and features: cross-functional, desktop applications, messaging systems, document management, HR systems, human resource information system (HRIS), sales/marketing, Customer Relationship Manager (CRM), finance systems, Enterprise Resource Planner (ERP), production flow systems (continuous, intermittent), network support (remote access, asset management, troubleshooting), help desk systems (fault management, troubleshooting.

Information security requirements: organisation procedures, ML (Joiner, Mover, Leaver), awareness, training (induction, etc), information security.

Security procedures: anti-malware checks, scheduling regular backups, authentication of credentials, password management and enforcement, patching software, configuration and setup of hardware and software, minimising human error, identifying and mitigating internal/external threats.

Legislation: Human Rights Act, Data Protection Act, Computer Misuse Act, information security (CIA framework), confidentiality.

Assessment Criteria

  • 1.1

    Explain the purpose and features of IT systems and platforms used to support business functions.

  • 1.2

    Explain the information security requirements and procedures that underpin business functions.


Understand the IT skills needed to support the delivery of IT systems and platforms to end users.

Service management skills: customer service skills, customer relationships, stakeholder management, technical skills, analytics, testing, design/architecture, service strategy skills, business modelling, business analysis, business process, business continuity, service operation skills.

Business skills (customer/stakeholder management): communication skills (oral, written, face-to-face, managing expectations, building rapport), time management skills (prioritisation, planning, collaboration), working to SLAs (compliance to contractual obligations, meeting expectations).

Technical skills: analytics (trend analysis, fault analysis, user profiling), testing (tool selection, methodologies), design (methodologies, requirements gathering, prototyping), hardware/software (configuration, installation, testing) fault logging (escalation, prioritisation).

Assessment Criteria

  • 2.1

    Analyse the different skills required to support the delivery of IT systems and platforms to end users.


Understand organisational IT requirements and operating procedures that support business functions.

CIA framework (confidentiality, integrity, availability).Types of information that should be protected (employee information, management information, organisational information).

Confidentiality authentication (multi-factor, two factor) no confidential information left out on desks not leaving confidential information visible on screens non-repudiation non-disclosure agreements (NDA) non-compete clauses safe storage of information: (locked rooms, password-protected drives, controlled access).

Integrity: encryption firewalls backups access control (permissions, geolocation, time-restricted logon, concurrent logons, device filtering) reporting (whistleblowing, escalation, information commissioner)

Availability: backups redundancy (Redundant Array of Independent Disks (RAID) devices, clustering, cloud) bandwidth planned downtime upgrades/patches.

Policies and procedures: Acceptable Use Policy, Password Policy, Security Policy, Disaster Recovery Policy, capacity planning and planned downtime, asset management, Service Level Agreements (SLA) IT Service Management (ITSM).

Standard Operating Procedures (SOP): step-by-step instructions to help employees carry out complex tasks to improve efficiency, to ensure uniformity, to reduce miscommunications, to ensure quality, to ensure compliance with standards/regulations.

Stages of a business continuity and disaster recovery plan: prioritisation of business restoration, preventative measures, test plan, planned maintenance, recovery strategies, IT systems, backup of data, transfer of services.

Assessment Criteria

  • 3.1

    Explain how the CIA framework can be used to protect data and information.

  • 3.2

    Summarise the policies and procedures required to support the use of different IT systems and platforms in organisations

  • 3.3

    Explain the stages of a business continuity and disaster recovery plan.


Understand document management processes and how they support business functions

Document management processes: backup strategy (archive, full, partial, incremental, differential), centralised storage (cloud, network), version control (naming conventions, file types, update history, publication), access control (password protection, classification, encryption), watermarking (copyright, draft, confidential), collaboration tools (mark-up, track changes, commenting, acceptance).

Assessment Criteria

  • 4.1

    Explain how document management is used to support business functions.