Halderstone Academy

Halderstone Capability Framework

A structured capability model for professionals responsible for governance, risk, control, assurance, and improvement in modern management systems

Overview
Capability domains
Roles
Capability levels
Disciplines

Overview

Management systems are widely used to address organisational challenges such as quality, security, privacy, environmental responsibility, AI governance, and operational resilience. While the subject matter varies, the underlying professional capabilities required to design, operate, and improve these systems are remarkably similar.

The Halderstone Capability Framework organises these capabilities into a small number of capability domains. These domains describe the core professional competencies required to design governance structures, analyse risks and impacts, translate requirements into operational controls, evaluate system effectiveness, implement change, and support structured decision-making.

Capability domains

The framework groups management system competencies into six capability domains. These domains represent the core professional capabilities required to design, implement, and improve management systems across disciplines.

Capability domains

The framework groups management system competencies into six capability domains. These domains represent the core professional capabilities required to design, implement, and improve management systems across disciplines.

01 Governance

Governance & Strategic Framing

Ability to define scope, accountability, and strategic alignment of management systems within organizational objectives and external requirements

Learn more

01 Governance

Governance & Strategic Framing

Ability to define scope, accountability, and strategic alignment of management systems within organizational objectives and external requirements

Learn more

02 Risk

Risk, Impact & Harm Analysis

Ability to identify exposure, evaluate impact pathways and significance, and prioritize risks using structured, defensible methods

Learn more

02 Risk

Risk, Impact & Harm Analysis

Ability to identify exposure, evaluate impact pathways and significance, and prioritize risks using structured, defensible methods

Learn more

03 Controls

Control & Operational Design

Ability to translate risk analysis results into proportionate controls and lifecycle control points as well as defined responsibilities

Learn more

03 Controls

Control & Operational Design

Ability to translate risk analysis results into proportionate controls and lifecycle control points as well as defined responsibilities

Learn more

04 Assurance

Assurance, Audit & Evidence

Ability to evaluate whether governance and controls operate as intended through monitoring, evidence assessment, and structured reviews or audits

Learn more

04 Assurance

Assurance, Audit & Evidence

Ability to evaluate whether governance and controls operate as intended through monitoring, evidence assessment, and structured reviews or audits

Learn more

05 Transformation

Change, Integration & Improvement

Ability to plan and manage implementation or improvement initiatives and sustain effectiveness through structured change processes

Learn more

05 Transformation

Change, Integration & Improvement

Ability to plan and manage implementation or improvement initiatives and sustain effectiveness through structured change processes

Learn more

06 Decisions

Strategic Decision & Value Architecture

Ability to structure complex decisions under uncertainty, balance trade-offs, and make defensible system-level recommendations

Learn more

06 Decisions

Strategic Decision & Value Architecture

Ability to structure complex decisions under uncertainty, balance trade-offs, and make defensible system-level recommendations

Learn more

Capability levels

The framework also distinguishes different levels of professional capability. These levels reflect the depth of understanding, responsibility, and practical judgement expected from professionals operating management systems.

Capability levels

The framework also distinguishes different levels of professional capability. These levels reflect the depth of understanding, responsibility, and practical judgement expected from professionals operating management systems.

Conceptual

At this level, people understand principles, are able to interpret requirements correctly, and to explain structural relationships within a management system.

Conceptual

At this level, people understand principles, are able to interpret requirements correctly, and to explain structural relationships within a management system.

Applied

At this level, people are able to design and implement a capability within a defined scope using structured methods and defensible outputs.

Applied

At this level, people are able to design and implement a capability within a defined scope using structured methods and defensible outputs.

Strategic

At this level, people can make system-level decisions under uncertainty, including evaluation of complex trade-offs, and take accountability for their recommendations.

Strategic

At this level, people can make system-level decisions under uncertainty, including evaluation of complex trade-offs, and take accountability for their recommendations.

Roles

Roles define how capabilities are applied in practice. Each role emphasizes a distinct perspective on designing, operating, assuring, or steering management systems.

Roles

Roles define how capabilities are applied in practice. Each role emphasizes a distinct perspective on designing, operating, assuring, or steering management systems.

Manager

Responsible for implementing, operating, and improving management systems in practice

Learn more

Manager

Responsible for implementing, operating, and improving management systems in practice

Learn more

Auditor

Responsible for independently evaluating the effectiveness of management systems across contexts

Learn more

Auditor

Responsible for independently evaluating the effectiveness of management systems across contexts

Learn more

Executive

Responsible for strategic direction, oversight, and accountability at organisational level

Learn more

Executive

Responsible for strategic direction, oversight, and accountability at organisational level

Learn more

Management system disciplines

The Halderstone Capability Framework separates professional capabilities from the disciplinary context in which they are applied.

The same core capabilities — such as governance design, risk analysis, operational control design, assurance, change management, and structured decision-making — apply across many management system disciplines. What varies between disciplines is the subject matter knowledge, regulatory context, and domain-specific practices.

Halderstone training modules and tracks therefore combine capabilities from the framework with discipline-specific knowledge.

ISO/IEC 42001

AI Management

Governance and management of AI systems, including risk management, lifecycle control, and organisational oversight

Learn more

ISO/IEC 42001

AI Management

Governance and management of AI systems, including risk management, lifecycle control, and organisational oversight

Learn more

ISO 22301

Business Continuity Management

Managing organisational resilience and ensuring critical activities can continue during disruptions

Learn more

ISO 22301

Business Continuity Management

Managing organisational resilience and ensuring critical activities can continue during disruptions

Learn more

ISO/IEC 27701

Data Protection Management

Protecting personal data and managing privacy obligations across organisational processes and systems

Learn more

ISO/IEC 27701

Data Protection Management

Protecting personal data and managing privacy obligations across organisational processes and systems

Learn more

ISO 14001

Environmental Management

Managing environmental impacts, compliance obligations, and operational controls across organisational activities

Learn more

ISO 14001

Environmental Management

Managing environmental impacts, compliance obligations, and operational controls across organisational activities

Learn more

ISO/IEC 27001

Information Security Management

Protecting information assets through risk management, operational controls, and governance structures

Learn more

ISO/IEC 27001

Information Security Management

Protecting information assets through risk management, operational controls, and governance structures

Learn more

ISO 9001

Quality Management

Ensuring products and services consistently meet customer and regulatory requirements

Learn more

ISO 9001

Quality Management

Ensuring products and services consistently meet customer and regulatory requirements

Learn more

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Explore Halderstone

Explore Halderstone

Explore Halderstone