How does TickITplus work?
As with all standards, the project to gain TickITplus certification begins with a discussion with the chosen Certification body, who will eventually provide the organization with their Certificate(s), to confirm the standards chosen and to decide on the scope of the certification. From this information the required processes from the Base Process Library can be chosen.
The Base Process Library contains 40 processes, divided into 6 categories – Organizational, Project, Technical, Agreement, IT-specific and Maturity. The processes to use depend upon the standards against which the organization is being certified and these are described in Scope Profiles. For ISO 9001 the Scope Profile is ‘Systems and Software Development and Support’; for ISO 20000-1, the Scope Profile is ‘Service Management’.
Nine of the processes are mandatory regardless of your Scope Profile and are known as Type A (eight from the Organization category and one from the Technology category). These Type A processes provide the basic ISO 9001 conformance, There are 28 processes of Type B/C and are dependent upon which scope you choose; if they are in your chosen Scope Profile(s) they are mandatory (Type B) and, if not, they are optional (Type C). There is one type C and 2 Type M for the gold and platinum levels. For the ‘Systems and Software Development and Support’ Scope Profile there are 13 Type B processes (1 Organization, 3 Project and 9 Technology); for the ‘Service Management’ Scope Profile there are 17 Type B processes (2 Organization, 5 Project Management, 7 Technology, 1 IT-Specific and 2 Agreement).
Each Base Process delivers one or more Outcomes and there are several Base Practices which describe what is needed to deliver the Outcome. Base Practices include the expected Input Work Products and Output Work Products.
Once the Scope Profile comprising the Base Processes has been selected, the organization performs a gap analysis between their own processes (written or otherwise) and the Base Practices and, where necessary, updates their Management System. To help this, a formally trained Practitioner can used (for information about Practitioners see Requirements for Assessors and Practitioners).
To prepare for the Assessment, the organization will need to provide a cross-reference between the Base Practices and their own Management System. This is known as the Process Reference Model. This will be reviewed by the Assessor as part of the pre-assessment (Stage 1) activities to ensure that all the requirements of the scheme have been met.
The main assessment (Stage 2) will compare the Process Reference Model with the organization’s processes and records. There are two modes of assessment - Confirmation and Exploration. In Confirmation mode, a formally trained Practitioner identifies and collates the evidence required in advance, which is then verified by the Assessor. In Exploration mode, the Assessor will hold interviews and request and review the evidence to verify compliance with TickITplus.
A detailed description of the Scheme is provided in the Core Scheme Requirements.