Course Content
Component 1: Fundamentals of IT
This is a core component as it provides a solid foundation in the fundamentals of hardware, networks, software, the ethical use of computers andhow business uses IT.
Component 2: Global Information
This unit helps develop an understanding of how organisations use information both internally and externally whilst gaining a deeper appreciation of the legislation impacting on this area.
Component 3: Cyber Security
Studying this unit provides the opportunity to gain knowledge and understanding of the range of threats, vulnerabilities and risks that impact on both individuals and organisations. Whilst studying for this unit students will learn about the solutions that can be used to prevent or deal with cyber security incidents resulting from these challenges.
Component 4: Internet of Everything
In this unit we investigate the way the internet is impacting on society and our everyday lives and devices we use.
Component 5: Product Development
Learn about different product design methodologies and the role of the product development life cycle. In addition, students will discover the factors that influence product developments.
| Component | Assessment | Duration | Weighting |
|---|---|---|---|
| 1: Fundamentals of IT | Written exam | 1h 30m | 25% |
| 2: Global Information | Written exam | 1h 30m | 25% |
| 3: Cyber Security | Written paper | 1h | 16.6% |
| 4: Internet of Everything | Practical | N/A | 16.6% |
| 5: Product Development | Practical | N/A | 16.6% |
Year 12
Half Term 1 (Sept-Nov)
Half Term 2 (Nov – Dec)
Half Term 3 (Jan – Feb)
Half Term 4 (Feb – March)
Half Term 5 (April – May)
Half Term 6 (May – July)
Half Term 1 (Sept-Nov)
Focus and Topic
- TBC
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- TBC
Half Term 2 (Nov – Dec)
Focus and Topic
- TBC
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- TBC
Half Term 3 (Jan – Feb)
Focus and Topic
- TBC
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- TBC
Half Term 4 (Feb – March)
Focus and Topic
- TBC
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- TBC
Half Term 5 (April – May)
Focus and Topic
- TBC
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- TBC
Half Term 6 (May – July)
Focus and Topic
- TBC
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- TBC
Year 13
Half Term 1 (Sept-Nov)
Half Term 2 (Nov – Dec)
Half Term 3 (Jan – Feb)
Half Term 4 (Feb – March)
Half Term 5 (April – May)
Half Term 6 (May – July)
Half Term 1 (Sept-Nov)
Focus and Topic
- Unit 2: Global Information
- Unit 3: Cyber Security
Core Knowledge
- Unit 2:
- 1. Devices & The Internet
- Holders of Information: Categories (e.g., individuals, businesses, governments, healthcare) and locations (e.g., developed/developing countries, urban/rural). This includes understanding the global divide in access and technology.
- Information Storage Media: Types of media (e.g., paper, optical, magnetic, solid-state) and their characteristics, advantages, and disadvantages.
- Information Access and Storage Devices: Types of devices (e.g., handheld, portable, fixed, shared/cloud storage) and their characteristics and purpose.
- The Internet and WWW Technologies:
- The Internet as a global network of networks.
- Types of connections (e.g., copper-cable, optical-fibre, satellite) and their characteristics (speed, range).
- Network types using World Wide Web (WWW) software: Internet (public/open access), Intranet (private/closed access), and Extranet (private/part shared access).
- Information Formats: Various ways information is presented online (e.g., web pages, blogs, podcasts, streamed media, social media, document stores).
- 2. Information Styles & Quality
- Information Styles: The way information is presented (e.g., text, numeric, graphic, audio, video, tactile images, braille).
- Information Classification: Categorising information based on sensitivity (e.g., sensitive vs. non-sensitive, public vs. private, personal vs. business, confidential vs. classified).
- Quality of Information: Characteristics that determine information quality (e.g., validity, reliability, completeness, currency, timeliness, bias).
- Information Management: Methods and importance of managing data and information effectively.
- 3. Categories & Analysis
- Data vs. Information: The fundamental difference—data is raw facts and figures; information is processed data that has context and meaning.
- Information Categories: How information is used by individuals and organisations (e.g., communication, decision-making, planning, security).
- Stages of Data Analysis: The process of examining, cleaning, transforming, and modelling data to find useful information.
- Data Analysis Tools and Information Systems.
- 4. Legislation
- UK Legislation: Relevant laws like the Data Protection Act (DPA), Computer Misuse Act, Copyright Design and Patents Act, and the Freedom of Information Act.
- Global Legislation: International frameworks and regulations (e.g., GDPR).
- Green IT: Consideration of environmental practices in IT (e.g., the “3 R’s”: Reduce, Reuse, Recycle).
- 5. Flow of Information
- Data Types and Sources: Understanding different types of data (e.g., quantitative, qualitative) and whether it originates from an internal or external source.
- Data Flow Diagrams (DFDs): Visualising how data moves through a system.
- Information Systems: Types of systems (e.g., open and closed) and how they manage information.
- 6. Security & Protection
- Security Principles: Core principles like Confidentiality, Integrity, and Availability (CIA triad).
- Risks and Impacts: Identifying potential threats to information and the consequences of security breaches.
- Protection Measures: Implementing safeguards:
- Physical Protection (e.g., security tags, alarms, locks, access control).
- Logical Protection (e.g., firewalls, encryption, passwords, anti-malware).
- Unit 3:
- LO1: Understand Cyber Security Aims
- Define Cyber Security.
- Master the CIA Triad (Confidentiality, Integrity, Availability) and its relevance.
- Know the six main Types of Incidents (Unauthorised Access, Data Modification, DoS, Destruction, Theft, Disclosure).
- Categorise data types that need protection: Personal, Organisation, State.
- LO2: Understand Issues Surrounding Cyber Security
- Differentiate System, Physical, and Data Threats.
- Identify and define key Types of Attackers (e.g., Hacktivist, Cyber-Criminal, Insider, Script Kiddie).
- Know common Attacker Motivations (e.g., Financial Gain, Espionage, Thrill, Publicity).
- Identify Targets (People, Equipment, Organisation, Information).
- Detail the Impacts of an incident (Loss, Disruption, Safety).
- Understand Legal, Ethical, and Operational implications (e.g., GDPR, CMA).
- LO3: Understand Solutions to Cyber Security Issues
- Define Asset and Risk Mitigation.
- Know the functions of Vulnerability Testing and Penetration Testing.
- Differentiate between Intrusion Detection/Prevention Systems (IDS/IPS).
- List and define key Security Controls for all categories:
- Software: Firewalls, Anti-malware, Patch Management.
- Hardware: Physical devices (routers, physical firewalls).
- Physical: Biometrics, Alarms, Access Control.
- Procedural: Access Management, Data Backup, Staff Training.
- Data Protection: Encryption (at rest/in transit), Cryptography.
- LO4: Understand How to Manage Cyber Security Incidents
- Know the five main stages of Incident Response (Preparation → Identification → Containment → Eradication → Recovery).
- Understand the importance of Containing and assessing the Extent of the Incident.
- Know the purpose of a Cyber Security Incident Report and the role of the Audit Trail.
- Differentiate between a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP).
Core Skills
- Information Literacy: Being able to identify, locate, and understand different types of information sources (internal, external, public, private) and their formats (text, audio, video, etc.).
- Technological Awareness: Knowing the purpose and characteristics of various storage media (magnetic, solid-state, cloud) and access devices (fixed, portable, handheld).
- Networking Concepts: Understanding how the internet, Intranets, and Extranets function, and the characteristics of different connection types (e.g., fibre optic vs. satellite).
- Legal & Ethical Frameworks: Familiarity with key national and international legislation (e.g., GDPR, DPA) that governs the storage and flow of information.
- Data vs. Information Differentiation: The ability to distinguish between raw data and meaningful information and understand the process of turning one into the other.
- Quality Assessment: The skill to evaluate the quality of information based on criteria such as validity, reliability, currency, and bias.
- Impact Analysis: Understanding and assessing the impacts of information flow on individuals and organisations, including the concept of the digital divide.
- Security Risk Evaluation: Analysing the potential risks and impacts of security breaches and evaluating protection measures against the CIA Triad (Confidentiality, Integrity, Availability).
- Contextual Justification: The ability to explain and justify the selection of specific storage media, devices, or network technologies based on a given scenario or organisational need.
- Vulnerability Identification: The ability to spot and classify weaknesses in systems (technical flaws, procedural gaps, human error) that attackers could exploit.
- Threat Intelligence Application: Analysing the characteristics, motivations, and methods of different attacker types (e.g., insider, cyber-criminal) and using this knowledge to predict potential threats.
- Impact Evaluation: The skill to quantify and explain the severity of a security incident across various domains: financial loss, reputational damage, legal non-compliance (e.g., GDPR fines), and operational disruption.
- CIA Triad Application: Critically assessing the risk to Confidentiality, Integrity, and Availability in any given scenario and prioritising protection efforts accordingly.
- Mitigation Strategy Planning: The ability to select and propose a balanced set of controls (Physical, Hardware, Software, Procedural) to effectively reduce identified risks.
- Control Justification: Explaining the function and necessity of specific controls (e.g., justifying the use of patch management to address system vulnerabilities or encryption to ensure data confidentiality).
- Testing and Validation: Understanding and evaluating the processes for proactive testing (Penetration Testing, Vulnerability Scanning) and continuous monitoring (IDS/IPS) to ensure security systems are effective.
- Policy Development: Applying knowledge of legal requirements (e.g., Computer Misuse Act) to recommend and critique organisational security procedures (e.g., user account management, backup policies).
- Systematic Response: The ability to outline and follow the structured Incident Response process (Containment, Eradication, Recovery) logically and efficiently.
- Audit and Investigation: Understanding the value of an Audit Trail and Incident Reports in determining the cause, extent, and impact of a breach, which is crucial for legal and internal reviews.
- Business Continuity Planning (BCP) Focus: Applying the knowledge of Disaster Recovery Plans (DRP) to ensure the organisation can quickly restore critical systems and continue operations with minimal downtime after an attack.
Assessment
- Interactive “low stakes” multiple choice assessment online for instant feedback at the end of topics.
- Exam questions taken from the examboard matching each section from Core Knowledge column.
Half Term 2 (Nov – Dec)
Focus and Topic
- Unit 2: Global Information
- Unit 3: Cyber Security
Core Knowledge
- As above.
- Prerelease scenarios for both exams will now be available.
- All content revisited with the specific scenarios to map on knowledge.
Core Skills
- As above.
Assessment
- Unit 2: 90 minute exam.
- Unit3: 60 minute exam.
Half Term 3 (Jan – Feb)
Focus and Topic
- Introduction to coursework unit 6: Application Design and scenario.
- Learning Objective 1: Understand how applications are designed.
- Learning Objective 2: Be able to investigate potential solutions for application developments.
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- Internal assessment and feedback ongoing until external moderation. (Pass, Merit, Distinction)
Half Term 4 (Feb – March)
Focus and Topic
- Learning Objective 3: Be able to generate designs for application solutions.
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- nternal assessment and feedback ongoing until external moderation. (Pass, Merit, Distinction)
Half Term 5 (April – May)
Focus and Topic
- Learning Objective 4:Be able to present application solutions to meet client and user requirements.
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- Internal assessment and feedback ongoing until external moderation. (Pass, Merit, Distinction)
Half Term 6 (May – July)
Focus and Topic
- Revisit all learning objectives for improvements based on feedback form external Moderator.
Core Knowledge
- TBC
Core Skills
- TBC
Assessment
- External Moderation
Key Info
- Start Date: September 2026
- Awarding Body: OCR
- Study Mode: Full Time
- Course Length: 2 Years
Entry Requirements
TBC
Complementary Subjects
- Maths
- Further Maths
- Physics
- Business Studies
- Social Sciences
Career Opportunities
Achievement in this qualification complements study in a wide range of subject areas and can help you prepare for using Information Technology in a wide range of working environments.
Employment opportunities in the computing and Information Technology areas are growing rapidly and include: Computer System Architects, Computer System Analysts, Data analysts, Information Security analysts, Network Administrators, Software developers and many more.