TickITplus is an exciting new scheme launched in early 2011 by the Joint TickIT Industry Steering Committee (JTISC). To recognise the international intent of TickITplus, the JTISC has changed into the International TickITplus Association (ITA) with the aim of continuing to support, promote and development the TickITplus scheme. One of the primary aims of the scheme is to capitalise on the strengths of TickIT, but also to adopt many of the new techniques being used in today’s world.
Some of the key goals being to:
adopt a full process driven approach
introduce capability assessment concepts
accommodate multiple requirement standards
strengthen the commitment to improvements
The TickIT scheme existed for over 20 years and although it was at the forefront of encouraging good IT engineering practices, it was beginning to show its age. Back in the early 90’s, TickIT was introducedprimarily to address issues within the classic software development areas. Over the years, IT has diversified significantly such that now there is much less development being undertaken. There is however a greater emphasis in system integration and configuration, attention to availability and security management and increased trends towards the provision of IT related services to name a few.
TickIT has only ever provided guidance on the interpretation of ISO 9001 and while the use of processes was encouraged, by being tied to ISO 9001 it was still predominantly requirements driven. ISO 9001:2000 significantly strengthened the process based approach, but it still remained mainly requirements driven although newer standards, such as ISO/IEC 20000-1 and particularly ISO 27001, are more clearly process based. The TickIT guide did incorporate ISO 12207 but only to provide guidance on the use of good software lifecycle processes.
Another impact of being tied to ISO 9001 was that TickIT audits could only result in a pass or fail. Customers are starting to need, and even demand, clearer indications of supplier’s performance in key processes to provide better criteria for supplier selection. One very strong indication of process performance can be establish through capability assessments complying with ISO/IEC 15504 part 2, also known as SPICE (Software Process Improvement and Capability Determination).
There has been much talk of integrated management systems and combined assessments, and this is particularly relevant when organisations are adopting closely related standards such as ISO 9001, ISO/IEC 20000-1 and ISO 27001. The benefits are clearly seen through easier deployment of processes, greater cost effective maintenance and more efficient third party assessments.
TickITplus addresses all these aspects through:
defining a core set of well defined processes that provide complete coverage for a range of organisational activities.
adopting graded levels of maturity and a capability assessment approach based on ISO/IEC 15504 part 2.
providing mappings between the core processes and multiple requirement and reference standards.
introducing the concept of formally trained and registered organisational practitioners with the aim of supporting ongoing improvements, increasing process capabilities and participating in formal assessments.
TickITplus defines 5 levels of maturity consistent with the requirements stated within ISO/IEC 15504 part 2. These levels are, in ascending order, foundation, bronze, silver, gold and platinum. These levels are sequentially achieved through the application of process attributes and capability assessments although at the foundation level the emphasis is mainly on practices and work products. It was recognised that existing TickIT organisations will want to progress through the grades at their own pace and as improvements allow. Consequently, the foundation level exists to allow organisations to transition across to TickITplus with minimal effort and then start their process maturity journey. For further information on the approach to the grades and capability assessments, see TickITplus Levels.
There are 40 processes defined in the Base Process Library that collectively cover business, engineering, functional and support activities. Each process is assigned as type A, type B/C or type M and is grouped into one of six defined categories. Each process also contributes to one or more of the eight Scope Profiles which represent common organisational IT activities. For further information on the structure and mapping, see TickITplus Components.
The scheme has been designed to allow multiple IT related requirement and reference standards to be mapped into the process library and initially this will include the mandatory ISO 9001. As the scheme develops, further requirement and reference standards, including requirement standards such as ISO/IEC 20000-1 and ISO 27001, and reference standards like BS 25999, ISO/IEC 25030 and IEC 61508 are likely to be added. These will be mapped across to existing or enhanced processes. For background information on the standards incorporated into the scheme, see TickITplus Standards.
Over the years, far more organisational staff took part in TickIT training than did registered auditors and yet apart from the certificates awarded at the end of the courses, no formal recognition was ever available. The committee recognises the importance and benefits gained by organisations from having qualified practitioners and has formally defined the role of TickITplus Practitioner, which is aligned with the development route for Assessors. The Practitioner is seen as providing an important contribution to organisational improvements and system assessments, and can, where appropriate, participate during formal assessments. For further information on Practitioners, see TickITplus Assessments.
A TickITplus Kick Start Guide is available that provides a very good introduction to the TickITplus scheme. The guide and other TickITplus documentation can be obtained from the TickITplus resource page.