What is TickITplus?

TickITplus offers a flexible, multi-level approach to IT quality and certification assessment and can be applied at whatever level is deemed appropriate to the quality and process maturity of the organization and the needs of its customers. While ISO 9001 is the mandatory standard, TickITplus can also provide certification for other IT Standards under one certification arrangement.

Many companies have created integrated management systems and have requirements for combined assessments. This is particularly relevant when organizations are adopting closely related standards such as ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001. The benefits are clearly seen through easier deployment of processes, greater cost effective maintenance and more efficient third-party assessments.

TickITplus has forty defined processes, grouped into six defined categories and collectively; they cover business, engineering, functional and support activities. The Processes required will depend upon the Standards that the organization requires and the Scope of their Certification(s). An example for an organization, which requires only ISO 9001 (the core mandatory standard for TickITplus) and has a certification scope of ‘Systems and Software Development and Support’, will only require compliance to 21 processes, of which 8 are mandatory for any standards and scopes; an organization that also requires ISO 20000-1, which will have a scope of ‘Service Management’, will require only an additional 15 processes. The processes are described in the Base Process Library (BPL).

TickITplus defines five levels of maturity of an organization, consistent with the requirements stated within ISO/IEC 15504-2. These levels are, in ascending order, Foundation, Bronze, Silver, Gold and Platinum. Levels from Bronze to Platinum are progressed by determining whether an organization has complied with certain process attributes by means of capability assessments. Compliance at the Foundation level is determined by making sure that an organization has identified processes correctly and is operating those processes.

The current version of the BPL (1.4.0) covers the following standards:

  • BS EN ISO 9001: 2015 - Quality Management Systems. Requirements
  • BS ISO/IEC 20000-1: 2018 - Information technology: Service management. Service management system requirements
  • BS 10754-1:2018 - Information technology. Systems trustworthiness. Governance and management specification
  • BS EN ISO/IEC 27001: 2013 - Information technology - Security techniques - Information security management systems - Requirements
  • BS EN ISO/IEC 27001: 2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements
  • ISO 26262: 2011 - Road vehicles. Functional safety

How is it managed?

TickITplus.org is owned by GASQ (Global Association for Software Quality) and is managed on behalf of the International TickITplus Association (ITA).

The membership of ITA includes a wide range of stakeholders from across the IT and quality sectors, all committed to developing robust solutions that both meet and adapt to the needs of end-users. ITA includes expert representatives from the UK Accreditation Service, certification bodies, organisations offering TickITplus training, industry associations and academics.