Evolution of TickITplus
TickITplus was launched in 2011 by the British Standards Institute (BSI)'s Joint TickIT Industry Steering Committee (JTISC). The principal aims of the Scheme were to capitalize on the strengths of the existing TickIT scheme whilst recognizing the changes in today's world of software development.
What was TickIT?
In 1987, ISO 9001 was introduced as a standard for Quality Management Systems, based on the British Standard, BS 5750. The TickIT scheme was created by the Department of Trade and Industry (DTI) in the early 1990s when it was found that ISO 9001, which worked well as a manufacturing standard, did not work so well for software development. The TickIT Scheme provided guidance for ISO 9001 in the production of software and it was also possible to gain Certification in ISO 9001 with TickIT. Its reference documents included ISO 9000-3:1997 (Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software) and the TickIT Guide.
From its launch, TickIT only ever provided guidance and, although the use of processes was encouraged because it was tied to ISO 9001, it was still predominantly requirements-driven. The 2000 edition of ISO 9001 significantly strengthened the process-based approach, but in essence it still remained requirements-driven, even though the TickIT Guide Issue 5 incorporated the process definitions of ISO/IEC 12207 to provide guidance on the use of good software lifecycle processes. By comparison, newer requirements standards, such as ISO/IEC 20000-1 and ISO/IEC 27001, had emerged which were more clearly process-based.
The TickIT scheme was controlled by the Joint TickIT Industry Steering Committee (JTISC), formed in 2006 to bring together all the committees who had governed the scheme with the groups who had an interest in it. The Committee was accountable to the BSI’s Standards Policy and Strategy Committee and jointly administered by the British Computer Society (BCS), BSI Standards Development, and Intellect (The IT Industry Trade Body, now called Tech-UK).
Why was TickITplus needed?
TickITplus grew from the desire of JTISC, soon after its formation, to enhance the TickIT scheme following a survey of scheme users. The survey had indicated that users would like recognition of their improvements, similar to the five levels of capability and maturity in the Capability Maturity Model Integration (CMMI) from the Software Engineering Institute (SEI) in USA, and that they would like to include other standards like those for IT Service Management.
Another consequence of being tied to ISO 9001 was that TickIT assessments could only result in a pass or a fail and this was seen as a serious limitation. Customers were starting to need, and even demand, clearer indications of supplier performance in key business processes, such as risk management, to provide better criteria for supplier selection. One very strong indication of process performance can be established through capability assessments complying with ISO/IEC 15504-2.
The result is a set of requirements that can be used to allow achievement of ISO 9001 plus, if required, ISO/IEC 20000 (Information Technology: Service Management) and ISO/IEC 27001 (Information Technology: Security Techniques) with five levels to be used to indicate capability:
- Foundation - for those companies taking the initial step into TickITplus,
- Bronze - the processes are written down, but specific to each project or department. It is for new entrants and the first step from Foundation,
- Silver - the processes are available and projects tailor them to suit,
- Gold - the processes are measured and controlled,
- Platinum - metrics are used for process improvement.
TickITplus has now taken over from TickIT, which was permanently retired at the end of November 2014. The key goals of TickITplus are to:
- adopt a full process-driven approach to business systems management
- introduce capability assessment concepts
- accommodate multiple requirement standards, e.g. ISO 9001, ISO/IEC 20000-1 (IT service management) and ISO/IEC 27001 (information security management)
- strengthen the commitment to improvements
- enable collaborative assessments to be undertaken more formally.