Introduction - TickITplus
TickITplus is the first major upgrade of the existing ISO 9001 TickIT sector scheme in over 15 years of operation. It will radically change the way software and IT within the framework of international standards and quality certification is used.
Why is it needed?
Technology and working practices change and this is especially true of the software and IT sectors.
When the TickIT sector scheme was introduced in the early 1990s it served to fill the urgently perceived gap in providing software trained assessors/auditors and the infrastructure needed to certify software development organisations to ISO 9001.
Over the intervening period there have been a number of updates to the guidance material, but the scheme, its purpose and operation has remained the same.
Organisations have now come to rely much more on technology and consequently they and their managers and IT professionals demand more of the processes and infrastructure that support it.
TickITplus aims to meet these increased demands whilst at the same time offering a far more flexible, open and usable structure.
How is TickITplus different from TickIT?
In short TickITplus adds a Capability Dimension to the existing TickIT scheme.
There is considerable flexibility in the way that this additional dimension can be added.
This flexibility allows a business to select the level of capability to be attained and assessed; flexibility to include additional IT related standards; and flexibility to operate either within or outside the certification environment.
The Capability Dimension is based on ISO/IEC 15504: an IT Process Assessment standard, (to which CMMI is referenced), TickITplus will be graded into 5 levels, 4 of them dealing with capability: Foundation – requiring a process model definition only, and Bronze, Silver, Gold and Platinum, equating to levels 2 – 5 of the ISO/IEC 15504 model. With only minor changes for compatibility, Foundation is equivalent to current TickIT certification.
Once transitioned to the new scheme, an organisation will have the option of which level they wish to aim for.
Organisations will also have the option of including additional relevant standards under their TickITplus ISO 9001 certification, most notably ISO/IEC 20000-1: IT Service Management and ISO/IEC 27001: Information Security Management Systems, but it is anticipated that others standards will be included.
With TickITplus, much of the new scheme is now requirements rather than guidance; this becomes increasingly the case as the capability levels increase, including requirements for formal improvement planning and the expectation that a fuller scope of an organisation’s operations will be covered.
TickITplus will remain a fully accredited scheme operating under ISO 9001 certification. However we are aware that not everyone wants certification; small companies or those who perceive no additional benefit in external assessment will also be encouraged to use the TickITplus documents and processes for self assessment.
The Base Processes Library
In order to provide a consistent approach to process definition and assessment, TickITplus introduces the concept of the Base Processes Library, (BPL).
The BPL will be a required part of the scheme, issued and maintained by TickITplus, comprising of 40 IT related process definitions, designed to cover the full range of IT activities.
It is currently available in PDF form for general reading and it is also available in a more useable form in MS Word. As the market develops, TickITplus related tools will become available to assist organisations in implementing the requirements of TickITplus.
Using this library and the defined Scope Profiles, users will be able to define their Process Reference Model, (PRM), used to define the scope of certification.
See the downloads section for more information on the BPL concepts.
What TickITplus means to Users and Customers
A completely new structure of online documentation will be prepared, some of it free, which will contain all the requirements and guidance for operating the scheme.
Training will now focus on software and IT quality principals and assessing and operating the scheme. Basic quality and specialised training provision will be provided by currently established training organisations. Assessors will be graded into Foundation, Intermediate or Advanced levels and a new definition of TickITplus Practitioner will be introduced, with specialist training, for those not involved in assessing but who still need to use the system – Quality Managers, Internal Assessors, Consultants etc. At Bronze levels and above, the use of qualified Practitioners within certified organisations will become part of the requirements.
It is also intended to match TickITplus more closely with the needs of industry and hence a set of Skills Profiles is being developed based on the Base Process Library and SFIA model grades. This will have the effect of not only opening up the scheme to assessors with other than software development expertise – areas such as information security, network engineering and corporate IT management will be addressed – but will also allow a better allocation of auditing skills on assessments.