11/04/23 Issue 3 1

The Project

Redevelopment of the TickIT ISO9001 certification scheme

Derek Irving, TickITplus Project Manager

11/04/23 Issue 3 2

The need for change

• Changes in IT environments – focus on services• Process capability approaches• Customer confidence• Pressure on costs• Broaden appeal

11/04/23 Issue 3 3

TickITplus Project

• JTISC – TickIT Committee– Key suppliers: Logica, Detica, Deloitte– Key customers: MoD– Certification bodies: BSI, LRQA, DNV– Industry bodies: GAMP– Regulators: IRCA, UKAS, SWEDAC

• BSI administration• BCS and Intellect support• DIUS funding

11/04/23 Issue 3 4

Key features of TickITplus (1)

• Integrated with ISO 9001 Accredited Certification

• Capability and Process Dimensions– Process Capability (ISO/IEC 15504-2)

• 4 organisational maturity grades

– Extended standards option • ISO/IEC 20000 – Service Management• ISO/IEC 27001 – Information Security• ISO/IEC 25030 – Product Measurement

11/04/23 Issue 3 5

Key features of TickITplus (2)

• Non-certificated (self and independently assessed) options

• Requirements based scheme - with guidance

• TickITplus Office direct control– Auditor registration, training and examination

control

• Formal improvements – part of certification

11/04/23 Issue 3 6

Key features of TickITplus (3)

• Revised qualifications and skills for Auditors and Practitioners

• Revised training – specialist providers

• Revised documentation structure

• Base Processes Library – used to build assessed Process Reference Model

• Web based support infrastructure

11/04/23 Issue 3 7

Capability Dimension

• Based on ISO/IEC 15504-2• Bronze Level 2: Managed

– Starting point enabling transfer from current TickIT

• Silver Level 3: Established• Gold Level 4: Predictable• Platinum Level 5: Optimising

11/04/23 Issue 3 8

Process Reference Model

• Formal model defined• Process types:

– Type A – Mandatory as defined by ISO 9001 or other standards included

– Type B – Scope dependant – implicitly or explicitly in scope statement (including ISO 9001 clause 7 processes)

– Type C – Supplementary processes – relevant to activities but not core

• Assessed attributes based on process types• Based on defined Base Processes Library

11/04/23 Issue 3 9

Requirements standards

• Based on scope – defined on certificate– ISO 9001 – core requirements– ISO/IEC 20000 – Service Management (optional)– ISO/IEC 27001 – Information Security (optional)– ISO/IEC 25030 – Software Product Quality (optional)

– Scope defined “Reference” standards

11/04/23 Issue 3 10

Compliance Standards

• Define TickITplus compliance requirements– BS EN 45011 (ISO/IEC Guide 65) – Product

Certification Body accreditation– ISO/IEC 15504-2 – Process Assessment

11/04/23 Issue 3 11

Structural Standards

• Integral to scheme’s structure– ISO/IEC 15504-5 – Process assessment model– ISO/IEC 12207 – Software processes base model– ISO/IEC 15288 – System processes base model– ISO/IEC 15939 – Measurement processes– ISO/IEC 38500 – Corporate governance of IT

11/04/23 Issue 3 12

Continuous Improvement

• Key ISO 9001 requirement but difficult to measure

• Based on capability grade– Silver: Improvement plan submitted to CB and

approved– Gold: Plan drives surveillance planning and

assessment based on set target achievements– Platinum: Optimising capability measure,

improvements have to be sustained

11/04/23 Issue 3 13

TickITplus Assessments

• Bronze– Transfer level– Provide Process Reference Model to CB– Minimal additions to ensure PRM level 2 compliance

and consistency with ISO 9001 findings

• Silver – Platinum– Increasing levels of assessment to meet ISO/IEC

15504 requirements at levels 3 - 5– Improvements monitoring

11/04/23 Issue 3 14

Non-certified TickITplus

• Promote TickITplus process model for non-certified organisations

• Availability of low cost or free documentation for development

• TickITplus Practitioner qualification• Encourage self and independent assessment• Fast track option if certification is eventually

sought

11/04/23 Issue 3 15

TickITplus Auditor grades

• Grading matches assessment levels– Bronze, Silver, Gold, Platinum

• Transition from current TickIT to TickITplus Bronze with basic course only

• Specialist IT skills defined using SFIA* model – no longer focused on software development only

• No compulsion to progress beyond Bronze grade

* Skills Framework for the Information Age

11/04/23 Issue 3 16

TickITplus Practitioners

• Intended for non auditors, i.e. quality managers, developers, consultants etc.

• Practitioner and Advanced Practitioner grades• SFIA based skills profiles

11/04/23 Issue 3 17

TickITplus training

• New courses to be developed– Initial, Intermediate and Advanced

• Use of existing specialised trainers for ISO/IEC 15504, ISO/IEC 20000 etc.

• Basic quality training outside scheme• CBT for Initial course – minimal cost

11/04/23 Issue 3 18

TickITplus documentation

• Revised, on-line, regularly updated, free or low cost as appropriate– Marketing and business justification material– Scheme introduction and guide– Quick start and self assessment guide– Certification requirements and guide to development

of model– Auditor and practitioner requirements– Certification scheme requirements

11/04/23 Issue 3 19

TickITplus – Project schedule

• Launch date June 2009• Trials planned for October 2008 onwards• Opportunities for personal or company involvement• Current status: (August 08)

– Specification approved and design underway– Training and skills criteria in preparation– Trials planning – seminars booked– Marketing strategy, website development– Business planning

11/04/23 Issue 3 20

TickITplus Trials

• Open invite for trials participation – organisations and auditors

• Presentation and planning seminars booked in September and October (London)

• Range of participation options– Internal process modelling– Internal audits– 3rd party audits– Reporting methods– Improvements planning

11/04/23 Issue 3 21

TickITplus migration

• 3 years from launch• Existing TickIT certificates – Bronze grade after

re-assessment• Existing TickIT Auditors – Bronze grade after

initial training

11/04/23 Issue 3 22

summary (1)

• Greater appeal – easier to use• Wide range:

– self development and assessment – independent assessment– full accredited ISO 9001 + key IT standards

certification with organisation process maturity

• Greater benefit – harder and more worth (and cost) as levels increase

11/04/23 Issue 3 23

summary (2)

• Ease of transition• Standards based model• Extend beyond software development• Redefined Auditors and Practitioners skills and

grades