13/06/2014issue 31 the project redevelopment of the tickit iso9001 certification scheme derek...
Post on 31-Mar-2015
215 Views
Preview:
TRANSCRIPT
11/04/23 Issue 3 1
The Project
Redevelopment of the TickIT ISO9001 certification scheme
Derek Irving, TickITplus Project Manager
11/04/23 Issue 3 2
The need for change
• Changes in IT environments – focus on services• Process capability approaches• Customer confidence• Pressure on costs• Broaden appeal
11/04/23 Issue 3 3
TickITplus Project
• JTISC – TickIT Committee– Key suppliers: Logica, Detica, Deloitte– Key customers: MoD– Certification bodies: BSI, LRQA, DNV– Industry bodies: GAMP– Regulators: IRCA, UKAS, SWEDAC
• BSI administration• BCS and Intellect support• DIUS funding
11/04/23 Issue 3 4
Key features of TickITplus (1)
• Integrated with ISO 9001 Accredited Certification
• Capability and Process Dimensions– Process Capability (ISO/IEC 15504-2)
• 4 organisational maturity grades
– Extended standards option • ISO/IEC 20000 – Service Management• ISO/IEC 27001 – Information Security• ISO/IEC 25030 – Product Measurement
11/04/23 Issue 3 5
Key features of TickITplus (2)
• Non-certificated (self and independently assessed) options
• Requirements based scheme - with guidance
• TickITplus Office direct control– Auditor registration, training and examination
control
• Formal improvements – part of certification
11/04/23 Issue 3 6
Key features of TickITplus (3)
• Revised qualifications and skills for Auditors and Practitioners
• Revised training – specialist providers
• Revised documentation structure
• Base Processes Library – used to build assessed Process Reference Model
• Web based support infrastructure
11/04/23 Issue 3 7
Capability Dimension
• Based on ISO/IEC 15504-2• Bronze Level 2: Managed
– Starting point enabling transfer from current TickIT
• Silver Level 3: Established• Gold Level 4: Predictable• Platinum Level 5: Optimising
11/04/23 Issue 3 8
Process Reference Model
• Formal model defined• Process types:
– Type A – Mandatory as defined by ISO 9001 or other standards included
– Type B – Scope dependant – implicitly or explicitly in scope statement (including ISO 9001 clause 7 processes)
– Type C – Supplementary processes – relevant to activities but not core
• Assessed attributes based on process types• Based on defined Base Processes Library
11/04/23 Issue 3 9
Requirements standards
• Based on scope – defined on certificate– ISO 9001 – core requirements– ISO/IEC 20000 – Service Management (optional)– ISO/IEC 27001 – Information Security (optional)– ISO/IEC 25030 – Software Product Quality (optional)
– Scope defined “Reference” standards
11/04/23 Issue 3 10
Compliance Standards
• Define TickITplus compliance requirements– BS EN 45011 (ISO/IEC Guide 65) – Product
Certification Body accreditation– ISO/IEC 15504-2 – Process Assessment
11/04/23 Issue 3 11
Structural Standards
• Integral to scheme’s structure– ISO/IEC 15504-5 – Process assessment model– ISO/IEC 12207 – Software processes base model– ISO/IEC 15288 – System processes base model– ISO/IEC 15939 – Measurement processes– ISO/IEC 38500 – Corporate governance of IT
11/04/23 Issue 3 12
Continuous Improvement
• Key ISO 9001 requirement but difficult to measure
• Based on capability grade– Silver: Improvement plan submitted to CB and
approved– Gold: Plan drives surveillance planning and
assessment based on set target achievements– Platinum: Optimising capability measure,
improvements have to be sustained
11/04/23 Issue 3 13
TickITplus Assessments
• Bronze– Transfer level– Provide Process Reference Model to CB– Minimal additions to ensure PRM level 2 compliance
and consistency with ISO 9001 findings
• Silver – Platinum– Increasing levels of assessment to meet ISO/IEC
15504 requirements at levels 3 - 5– Improvements monitoring
11/04/23 Issue 3 14
Non-certified TickITplus
• Promote TickITplus process model for non-certified organisations
• Availability of low cost or free documentation for development
• TickITplus Practitioner qualification• Encourage self and independent assessment• Fast track option if certification is eventually
sought
11/04/23 Issue 3 15
TickITplus Auditor grades
• Grading matches assessment levels– Bronze, Silver, Gold, Platinum
• Transition from current TickIT to TickITplus Bronze with basic course only
• Specialist IT skills defined using SFIA* model – no longer focused on software development only
• No compulsion to progress beyond Bronze grade
* Skills Framework for the Information Age
11/04/23 Issue 3 16
TickITplus Practitioners
• Intended for non auditors, i.e. quality managers, developers, consultants etc.
• Practitioner and Advanced Practitioner grades• SFIA based skills profiles
11/04/23 Issue 3 17
TickITplus training
• New courses to be developed– Initial, Intermediate and Advanced
• Use of existing specialised trainers for ISO/IEC 15504, ISO/IEC 20000 etc.
• Basic quality training outside scheme• CBT for Initial course – minimal cost
11/04/23 Issue 3 18
TickITplus documentation
• Revised, on-line, regularly updated, free or low cost as appropriate– Marketing and business justification material– Scheme introduction and guide– Quick start and self assessment guide– Certification requirements and guide to development
of model– Auditor and practitioner requirements– Certification scheme requirements
11/04/23 Issue 3 19
TickITplus – Project schedule
• Launch date June 2009• Trials planned for October 2008 onwards• Opportunities for personal or company involvement• Current status: (August 08)
– Specification approved and design underway– Training and skills criteria in preparation– Trials planning – seminars booked– Marketing strategy, website development– Business planning
11/04/23 Issue 3 20
TickITplus Trials
• Open invite for trials participation – organisations and auditors
• Presentation and planning seminars booked in September and October (London)
• Range of participation options– Internal process modelling– Internal audits– 3rd party audits– Reporting methods– Improvements planning
11/04/23 Issue 3 21
TickITplus migration
• 3 years from launch• Existing TickIT certificates – Bronze grade after
re-assessment• Existing TickIT Auditors – Bronze grade after
initial training
11/04/23 Issue 3 22
summary (1)
• Greater appeal – easier to use• Wide range:
– self development and assessment – independent assessment– full accredited ISO 9001 + key IT standards
certification with organisation process maturity
• Greater benefit – harder and more worth (and cost) as levels increase
11/04/23 Issue 3 23
summary (2)
• Ease of transition• Standards based model• Extend beyond software development• Redefined Auditors and Practitioners skills and
grades
top related