GCAF
Governance Competency Assurance Framework
What is GCAF
The Governance Competency Assurance Framework (GCAF) defines professional competence for governance, risk, assurance, and management system roles. It provides a structured, level-based model that helps organisations describe, assess, and develop governance capability with clarity and consistency.
GCAF underpins the competency requirements embedded within management system standards such as ISO 9001, ISO/IEC 27001, ISO/IEC 42001, ISO/IEC 27701, ISO 22301 and ISO 14001, by defining the behaviours, accountabilities and capabilities required to design, operate, review and improve effective governance systems across quality, information security, AI, privacy, continuity and environmental domains. It also supports auditor competence and role requirements aligned with ISO 19011.
What GCAF does
GCAF provides organisations with a clear, structured language for governance competence aligned to performance and ISO management system requirements.
GCAF can be mapped to selected professional skills frameworks, including SFIA, where governance activities intersect with governance, risk, audit, or supplier management disciplines.
Defines competence
Defines competence in governance leadership, accountability, risk control, management system design, operational governance, audit, and improvement.
Professional levels
Provides five professional levels from practitioner to executive authority.
Role profiles
Supports role profiles, assessment, and capability development.
Assurance of governance
Enables evidence-based, audit-ready assurance of governance capability.