[Registered Qual & Unit Std Home page] [Search Qualifications] [Search Unit Standards]
SAQA All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.
SOUTH AFRICAN QUALIFICATIONS AUTHORITY 
REGISTERED QUALIFICATION: 

Advanced Occupational Certificate: Data Security Practitioner 
SAQA QUAL ID QUALIFICATION TITLE
125099  Advanced Occupational Certificate: Data Security Practitioner 
ORIGINATOR
Development Quality Partner-MICT SETA 
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY NQF SUB-FRAMEWORK
QCTO - Quality Council for Trades and Occupations  OQSF - Occupational Qualifications Sub-framework 
QUALIFICATION TYPE FIELD SUBFIELD
Advanced Occupational Cert  Field 10 - Physical, Mathematical, Computer and Life Sciences  Information Technology and Computer Sciences 
ABET BAND MINIMUM CREDITS PRE-2009 NQF LEVEL NQF LEVEL QUAL CLASS
Undefined  173  Not Applicable  NQF Level 06  Regular-ELOAC 
REGISTRATION STATUS SAQA DECISION NUMBER REGISTRATION START DATE REGISTRATION END DATE
Registered  EXCO 0936/25  2025-11-13  2029-11-13 
LAST DATE FOR ENROLMENT LAST DATE FOR ACHIEVEMENT
2030-11-13   2033-11-13  

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.  

This qualification does not replace any other qualification and is not replaced by any other qualification. 

PURPOSE AND RATIONALE OF THE QUALIFICATION 
The purpose of this qualification is to prepare a learner to function as a Data Security Expert. A Data Security Expert safeguards sensitive data from unauthorised access, breaches, and cyber threats; designs and implements security measures to protect data integrity, confidentiality, and availability, using a combination of technical tools, protocols, and strategies, encryption, network security, threat assessment, and incident response. Data Security Experts stay updated on the latest cybersecurity trends and vulnerabilities to ensure organisations comply with relevant laws and regulations. They proactively identify and mitigate risks to maintain trust and protect valuable assets in today's digital world.

The qualification equips learners with skills to build a comprehensive data security posture, from proactive measures (data protection, risk assessments, and compliance) to reactive responses (incident management, forensics and remediation) in order to maintain a robust and proactive data security posture, protecting both the organization's assets and the privacy of its stakeholders. These tasks are critical for safeguarding organisational data, infrastructure and systems and maintaining trust with clients and stakeholders.

Learners will be able to implement secure business processes that encompass robust retention policies with a defined lifecycle, detailing how data is moved, stored, and eventually destroyed. They will ensure effective systems including version control, as well as strict authentication and authorization protocols to create, amend, or delete data securely. These processes align with the definition of "processing" under frameworks like POPIA, ensuring compliance with legal standards. Additionally, these practices should be integrated into a Minimum Baseline Standard, Third-Party Risk Management Framework, and Contract Management to ensure comprehensive data governance.

A qualified learner will be able to:
  • Implement security measures to safeguard sensitive information from unauthorized access, breaches, and cyberattacks and ensure prompt recovery after an incident.
  • Adhere to data protection regulations to mitigate threats, maintain resilience and maintain legal and operational compliance.


    Typical Graduate attributes:
  • Technically inclined.
  • Critical thinking.
  • Communication.
  • Articulative.
  • Vigilant.
  • Ethical.
  • Observant.
  • Meticulous.

    Rationale:
    In today's digital age, the need for data security experts is more critical than ever. As organisations increasingly rely on digital systems to process sensitive data into information, the risks of cyberattacks, data breaches, and unauthorised access have grown exponentially. With an emphasis on data integrity, protection, and mop-up strategies after incidents, data security experts play a vital role in safeguarding valuable assets by designing robust security frameworks, detecting vulnerabilities, and responding to threats. This expertise ensures compliance with legal regulations, safeguards customer trust, and mitigates the broader risks stemming from cyber incidents. By focusing on both pre-emptive measures and post-incident recovery, they help organizations maintain resilience. As technology evolves, the demand for skilled professionals in this field continues to rise, making their role indispensable to businesses and governments alike.

    The following related qualification is currently registered on the NQF:
  • Advanced Occupational Certificate: Cybersecurity Practitioner, NQF Level 6.

    This qualification is a cornerstone for a secure and thriving digital ecosystem. It promotes innovation, fosters trust, and builds a resilient foundation for the future. The sector benefits from an advanced data security qualification through improved cybersecurity measures, reduced vulnerabilities, and enhanced compliance with regulations. It equips professionals with the skills to prevent breaches, protecting sensitive data and organizational reputation. The sector benefits from improved cybersecurity posture, enhanced trust and reputation, compliance with regulations and, innovation enablement as organisations can confidently adopt new technologies without compromising data integrity, confidentiality and availability.

    The Advanced Occupational Certificate: Data Security Practitioner benefits society by safeguarding personal information, reducing cybercrime, and fostering trust in digital interactions. It empowers professionals to protect sensitive data, ensuring privacy and security for individuals and organisations. This enhances public confidence in using online services, minimises fraud and identity theft, and promotes a safer digital environment. Ultimately, it strengthens resilience against cyber threats, contributing to a more secure and technologically confident society. Society benefits from protection of personal privacy, reduction in cybercrime, public awareness and resilience against threats.

    The qualification boosts the economy by reducing financial losses from cyberattacks, fostering trust in digital transactions, and enabling secure business operations. It drives job creation in the growing cybersecurity sector and attracts global investments by ensuring robust data protection. With improved security, organisations can innovate confidently, enhancing productivity and competitiveness. A secure digital landscape also supports uninterrupted economic activities, contributing to sustained economic growth. Benefits include reduced economic losses, global competitiveness, business continuity, and emerging technologies.

    Typical learners for the qualification include individuals currently employed in cybersecurity and data engineering who want to further their careers into advanced threat analysis, data protection, company resilience, post-disaster data recovery and compliance regulations.

    Typical occupations in which the qualifying learner will operate include:
  • Data Protection.
  • Cyber Defence.
  • Risk and Compliance.
  • Data Governance.
  • Post-Disaster Data Recovery.
  • Information Security Analysis.
  • Security Consultation.
  • Security Architect.
  • Security Engineering.
  • Incident Responding.
  • Compliance Analysis.
  • Security Research.

    This qualification was developed in collaboration with following relevant stakeholders:
  • Skills Development Providers.
  • Employers.
  • Practitioners.
  • Post-School Education and Training Institutions. 
    		•

    LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING 
    Recognition of Prior Learning (RPL):
    RPL for Access:
    Learners may use the RPL process to gain access to training opportunities for a qualification if they do not meet the formal, minimum entry requirements for admission. RPL assessment provides an alternative access route into a qualification.

    Such an RPL assessment may be developed, moderated and conducted by the accredited Skills Development Provider that offers that specific qualification. Such an assessment must ensure that the learner is able to display the equivalent level of competencies required for access, based on the NQF level descriptors.

    RPL for credits:
    For exemption from modules through RPL, learners who have gained the stipulated competencies of the modules of a qualification through any means of formal, informal or non- formal learning and/or work experience, may be awarded credits towards relevant modules, and gaps identified for training, which is then concluded.

    RPL for Access to the External Integrated Summative Assessment (EISA):
    Learners who have gained the stipulated competencies of the modules of a qualification through any means of formal, informal or non-formal learning and/or work experience, may be awarded credits towards relevant modules, and gaps identified for training, which is then concluded. A valid Statement of Results is required for admission to the EISA in which confirmation is provided that all internal assessment criteria for all modules in the related curriculum document have been achieved.
    Upon successful completion of the EISA, RPL learners will be issued with the QCTO certificate for the qualification. Quality Partners are responsible for ensuring the RPL mechanism and process for qualifications and part-qualification(s) is approved by the QCTO.

    Entry Requirements:
    An NQF Level 05 qualification in Cybersecurity/ Computer Science/ Programming/ Data processing or ICT. 

    RECOGNISE PREVIOUS LEARNING? 

    QUALIFICATION RULES 
    This qualification is made up of compulsory Knowledge, Practical Skill and Work Experience Modules:

    Knowledge Modules:
  • 251102-004-00-KM-01: Risk Management: Assessment and Vulnerability Analysis, Level 6, 4 Credits.
  • 251102-004-00-KM-02: Data Protection and Encryption, Level 6, 4 Credits.
  • 251102-004-00-KM-03: Advanced Safeguarding of Valuable Assets: Designing Robust Security Frameworks, Level 6, 6 Credits.
  • 251102-004-00-KM-04: Pre-emptive Measures and Post- Incident Data Recovery, Level 6, 6 Credits.
  • 251102-004-00-KM-05: Monitoring and Incident Response, Level 6, 6 Credits.
  • 251102-004-00-KM-06: Threat Intelligence and Emerging Technologies, Level 6, 5 Credits.
  • 251102-004-00-KM-07: Advanced Data Restoration, Business Continuity and Mop-Up Strategies, Level 6, 8 Credits.
  • 251102-004-00-KM-08: Performance Measurement and Optimisation for Secure Data Management, Level 6, 6 Credits.
  • 251102-004-00-KM-09: Advanced Compliance, Policy Development, and Ethics for Data Security Experts, Level 6, 12 Credits.
  • 251102-004-00-KM-10: Security Awareness, Collaboration, and Vendor Coordination, Level 6, 4 Credits.
  • 251102-004-00-KM-11, Leadership and Strategic Thinking, Level 6, 8 Credits.

    Total number of credits for Knowledge Modules: 69

    Practical Skill Modules:
  • 251102-004-00-PM-01: Develop and Implement Data Security Policies, Level 6, 8 Credit.
  • 251102-004-00-PM-02: Implement and Monitor Data Protection and Security Measures, Level 6, 8 Credit.
  • 251102-004-00-PM-03: Conduct Risk Management and Assessment, Level 6, 8 Credits.
  • 251102-004-00-PM-04: Safeguard Business Continuity, Level 6, 8 Credits.
  • 251102-004-00-PM-05: Conduct Mop-Up ensuring Business Continuity and Data Recovery, Level 6, 4 Credits.
  • 251102-004-00-PM-06: Monitor Compliance with Security Policies, Procedures, and Best Practices, Level 6, 8 Credits.
  • 251102-004-00-PM-07: Measure Performance Metrics and Drive Continuous Improvement, Level 6, 8 Credits.
  • 251102-004-00-PM-08: Conduct Mop-Up for Business Continuity and Data Recovery: Capstone Project, Level 6, 12 Credits.

    Total number of credits for Practical Skill Modules: 64

    Work Experience Modules:
  • 251102-004-00-WM-01: Data Protection and Security Measures Implementation and Monitoring Processes, Level 6, 8 Credits.
  • 251102-004-00-WM-02: Risk Management and Security Assessment Processes, Level 6, 8 Credits.
  • 251102-004-00-WM-03: Business Continuity and Incident Response Processes, Level 6, 8 Credits.
  • 251102-004-00-WM-04: Post-incident Recovery and Business Continuity Processes, Level 6, 8 Credits.
  • 251102-004-00-WM-05: Performance Metrics and Continuous Improvement Processes, Level 6, 8 Credits.

    Total number of credits for Work Experience Modules: 40 
    		•

    EXIT LEVEL OUTCOMES 
    1. Implement data protection and security measures.
    2. Conduct risk assessment and management.
    3. Safeguard business continuity.
    4. Develop data security and compliance monitoring policy.
    5. Measure data security performance metrics. 

    ASSOCIATED ASSESSMENT CRITERIA 
    Associated Assessment Criteria for Exit Level Outcome 1:
    ELO 1: Implement data protection and security measures.
  • Apply, monitor, and maintain robust security measures to safeguard sensitive data from unauthorized access and breaches, with compliance ensured to regulatory frameworks and industry standards.
  • Deploy and monitor security tools, technologies, and solutions to maintain a secure environment and effectively protect data, networks, and systems from security threats.
  • Install and set up access controls and user management systems to allow only authorized access to data and enforce least-privilege principles.
  • Assess new technologies, processes, and infrastructure for potential risks and their impact on the organisation's data security posture, with necessary adjustments made to prevent vulnerabilities.

    Associated Assessment Criteria for Exit Level Outcome 2:
    ELO 2: Conduct risk assessment and management.
  • Perform risk assessments and vulnerability analyses to identify and address data security weaknesses.
  • Conduct data security audits to evaluate the organisation's security posture and compliance with industry standards.
  • Design and implement disaster data recovery and business continuity strategies to minimize data loss and operational downtime.
  • Establish crisis management protocols to ensure rapid incident response and recovery.
  • Assess the value and associated risks of company data to prioritise security investments and strategies.

    Associated Assessment Criteria for Exit Level Outcome 3:
    ELO 3: Safeguard business continuity.
  • Develop and execute remediation plans to strengthen security resilience and prevent recurrence of incidents.
  • Establish and maintain robust disaster recovery plan to ensure preparedness for unexpected incidents.
  • Secure data, networks, and infrastructure (end-to-end) to protect against cyber threats and system failures.
  • Reconfigure and restore infrastructure in case of collapse to minimise disruption and enable continued operations.
  • Achieve and maintain an optimal security posture across the organisation.

    Associated Assessment Criteria for Exit Level Outcome 4:
    ELO 4: Develop data security and compliance monitoring policy.
  • Develop and implement comprehensive security policies, procedures, and best practices in alignment with industry standards and regulatory requirements.
  • Maintain compliance with data protection laws.
  • Adhere to organisational data security regulations.
  • Document security procedures, guidelines, and incident reports to establish clear protocols for team reference.
  • Conduct internal security audits to assess and improve security controls.

    Associated Assessment Criteria for Exit Level Outcome 5:
    ELO 5: Measure data security performance metrics.
  • Reduce security incidents and optimise system performance through proactive monitoring and preventive measures.
  • Improve handling of large data uploads.
  • Optimise data processing performance.
  • Analyse interactive reports to identify areas for performance enhancement.
  • Optimise security monitoring processes to improve incident response times.

    Integrated Assessment:
    Integrated Formative Assessments:
    Formative assessments are conducted throughout the training of learners. A range of formal, non-formal, and informal ongoing assessment activities are used to focus on teaching and learning outcomes to improve learner attainment.

    Formative assessments are conducted continuously by the facilitator to feed into further learning, to identify strengths and weaknesses, and to ensure the learner's ability to apply knowledge, skills and workplace experience gained.

    Formative Assessments are conducted by the accredited Skills Development Provider (SDP), and a variety of ongoing assessment methods may be used, for example, quizzes, assignments, tests, scenarios, role play, and interviews. Continuous feedback must be provided.

    Integrated Summative Assessments:
    Integrated Assessment involves all the different types of assessment tasks required for a particular qualification, such as written assessment of theory and practical demonstration of competence. To achieve this, the Internal Assessment Criteria (IAC) for all modules as found in the QCTO curriculum document must be followed.
    An accredited SDP should implement a well-designed, formal, relevant, and final internal Summative Assessment strategy for all modules to prepare learners for the EISA. These assessments evaluate learning achievements relating to the achievement of each module of the relevant components of the qualification.

    Internal Summative Assessments are developed, moderated and conducted by the SDP at the end of each module or after integration of relevant modules, e.g. applied knowledge tests, workplace tasks, practical demonstrations, simulated tasks/demonstrations, projects, case studies, etc.

    The results of these final formal summative assessments must be recorded. These results, which include the Statement of Work Experience results, where applicable, contribute to the Statement of Results (SoR) that is a requirement for admission to the EISA. An SoR, using the template provided by the Quality Partner, is issued by the accredited SDP for qualifications and part-qualifications. The SDP must produce a valid Statement of Results for each learner, indicating the final result and the date on which the competence in each module, of each component, was achieved. Learners are required to produce this SoR, together with their ID document or alternative ID document, at the point of the EISA.

    External Integrated Summative Assessment (EISA) - a national assessment
    The Quality Partner is responsible for the management, conduct, and implementation of the External Integrated Summative Assessment (EISA), in accordance with QCTO set standards. Competence in the EISA is a requirement for certificating a learner.

    For entrance into the EISA, the learner requires a valid Statement of Results issued by the accredited institution indicating:

    The attainment of all the Knowledge, Practical and Work Experience modules.
    Or
    The attainment of all modules for the Knowledge and Application Components. 
    		•

    INTERNATIONAL COMPARABILITY 
    This qualification was compared to the following international qualifications:

    Country: Scotland
    Institution: Scottish Qualifications Authority (SQA).
    Qualification title: Diploma in Digital Technology: Cyber Security.
    Level: SQA Level 6.
    Duration: 12 to 18 months .

    The Diploma in Digital Technology: Cyber Security is at SCQF Level 6 and is designed to develop learners' competence in cybersecurity. It covers key areas such as cyber risk management, security governance, network vulnerability analysis, security controls, ethical hacking, and incident response. The qualification is suitable for school leavers, professionals seeking career advancement, and those looking to start a business. Progression opportunities include HNC/HND courses, higher-level diplomas, and employment in the digital sector. It is offered through employers, colleges and training providers.

    The qualification typically lasts between 12 to 18 months in an apprenticeship format, depending on prior learning and individual progress. It is delivered through a blended learning approach, combining online coursework, hands-on practical experience, and work-based learning.

    The Diploma in Digital Technology: Cyber Security has no formal entry requirements, and admission is at the discretion of the training centre. Some institutions, such as Elite Modern Apprenticeships Scotland, have no formal entry requirements but expect applicants to be in a relevant job role. Others, like City of Glasgow College, require at least three National Level 5 qualifications (including English and Mathematics or Computing Science) or equivalent experience.

    The qualification entails eight (8) mandatory units and one optional unit. These include:
  • Applying Problem Solving Approaches.
  • Producing Documentation to Support Organisational Process Delivery.
  • Defining Requirements to Support Project Delivery.
  • Developing Meta-Skills and Personal Practice.
  • Supporting Cyber Security Governance.
  • Contributing to the Implementation of Cyber Security Controls.
  • Contributing to Cyber Security Risk Assessment and Management.
  • Contributing to Cyber Security Awareness Programmes.
  • Contributing to Network Vulnerability Analysis.
  • Supporting Cyber Security Incident Response and Management.

    Similarities:
    The two qualifications share similarities in terms of duration, which is between 12 and 18 months, are at the same level of complexity, provide for a blended delivery mode, content include risk management, security governance, network vulnerability analysis, security controls, security awareness creation, and incident response and management and include a work experience component.

    Differences:
    Both qualifications differ in entry requirements and focus. The South African (SA) qualification focuses on enhancing the security posture of a company, mop-up after incidents, and especially on prompt recovery, availability, security and protection of data after incidents of any kind, being cyber breaches or physical incidents while the focus of the Scottish qualification is toward dealing with cyber threats, cybersecurity controls and vulnerability.

    Country: Australia.
    Institution: Australian Health and Science Institute.
    Qualification title: Diploma of Information Technology (Cyber Security).

    The Diploma of Information Technology (Cyber Security) offered by the Australian Health and Science Institute (AHSI) is an Australian Qualification Framework Level 5 that is delivered over 76 weeks and designed to equip students with essential IT and cybersecurity skills. The course addresses the growing demand for cybersecurity professionals, preparing students for roles such as Network Administrator, IT Administrator, and Cybersecurity Assistant.

    Entry Requirements:
  • 18+ years of age have completed Year 12
    Or
  • Equivalent and possess basic computer skills.
  • Entry requirements provide for international students.

    The qualification focuses on planning and implementing complex IT networks, managing virtual computing environments, analysing cyber threats, and protecting critical infrastructure. It covers strategic ICT needs, network security, cyber threat analysis, disaster recovery planning, and ethical considerations in cybersecurity. Students gain both theoretical knowledge and practical experience through industry-relevant exercises, workshops, and site visits to IT and cybersecurity organisations.

    Upon completion, qualifying learners can pursue roles in IT and cybersecurity, including Network Administrator, Systems Administrator, Cybersecurity Assistant or IT Support Specialist.

    The course consists of 20 units (6 core and 14 elective), including:
    Core Units:
  • Matching ICT solutions with business strategy.
  • Promoting workplace cybersecurity best practices.
  • Applying IP, ethics, and privacy in ICT environments.
  • Leading and facilitating teams.
  • Developing and originating new concepts.
  • Managing client problems Elective Units.

    Common Elective Units:
  • Managing network security.
  • Gathering, analysing, and interpreting threat data.
  • Utilising design methodologies for security architecture.
  • Protecting critical infrastructure.
  • Developing and evaluating incident response plans.
  • Installing and managing complex ICT networks.

    Similarities:
  • Both qualifications share similar content related to data security namely, securing and maintaining data integrity within IT systems, safeguarding sensitive data and IT assets. Other topics, such as network security, cyber threat analysis, and incident response planning, also contribute to data security strategies.
  • In terms of governance and ethics, the qualification covers intellectual property (IP) rights, ethical considerations, and privacy laws relevant to IT and cybersecurity with a focus on ensuring legal compliance and ethical decision-making in IT practices and practical component.

    Differences:
  • The Advanced Occupational Certificate: Data Security Expert focuses on enhancing the security posture of an organisation, mop-up after incidents, and especially on prompt recovery, availability, security and post incident data protection of any kind, being cyber breaches or physical incidents.
  • The focus of the Australian Diploma of Information Technology (Cyber Security) is toward dealing with cyber threats, managing virtual computing environments, analysing cyber threats, and protecting critical infrastructure, with no specific qualification entry requirements.

    Conclusion:
    Advanced Occupational Certificate: Data Security Expert compares favourably with the international qualifications in terms of content, duration and module components. 
    		•

    ARTICULATION OPTIONS 
    This qualification provides opportunities for horizontal, vertical and diagonal articulation options.

    Horizontal Articulation:
  • Advanced Occupational Certificate: Cybersecurity Practitioner, NQF Level 06.
  • Diploma in Computer Science, NQF Level 06.

    Vertical Articulation:
    Advanced Occupational Diploma: Chief Information Officer: Cybersecurity, NQF Level 07.

    Diagonal Articulation:
    Bachelor of Science in Computer Science, NQF Level 07. 
    		•

    MODERATION OPTIONS 
    N/A. 

    CRITERIA FOR THE REGISTRATION OF ASSESSORS 
    N/A. 

    NOTES 
    Additional Legal or Physical Entry Requirements:
  • None.

    Criteria for the accreditation of providers:
  • Accreditation requirements, against which Skills Development Providers (SDP) and Assessment Centres, will be accredited, is found in the Curriculum Document, as listed below.
  • Curriculum code: 251102-004-00-00

    Encompassed Trade(s):
  • None.

    Assessment Quality Partner (AQP):
    Media, Information and Communication Technologies SETA. 
    		•

    LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION: 
     
    NONE 


    PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION: 
    This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.
     
    NONE 


    All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.