What is TickITplus?
TickITplus™, which replaced the TickIT scheme, is a software quality certification scheme designed to encourage good software development, auditing and certification practices.
The scheme is intended to be a generic framework for defining, assessing and enabling continual improvement of IT processes, where IT is used in its fullest sense of covering all IT-related management, development and computer-related activities.
What's on this page?
TickITplus Base Process Library (BPL)
At the heart of the TickITplus™ scheme is a process model called the Base Process Library (BPL). The Base Process Library comprises 40 process definitions which cover the full range of IT activities, ensuring a consistent approach to process definition and assessment. The Base Process Library is available in softcover and download formats from our website.
TickITplus Core Scheme Requirements
The TickITplus Core Scheme Requirements specify the requirements for undertaking an accredited TickITplus assessment that meets the audit requirements of ISO17021, whilst also following the principles in ISO/IEC 15504-2.
The TickITplus Core Scheme Requirements are also available in softcover and download formats from our website.
IT Governance stocks all the official TickITplus guides:
IT Governance, a TickITplus-accredited training provider, runs the TickITplus Foundation Training Course throughout the year. This two-day course is the starting level for everyone involved in TickITplus and is particularly suitable for those new to the scheme. We highly recommended it for anyone taking the TickITplus Foundation Exam. Read more about the TickITplus Foundation Training Course here.
TickITplus was launched in 2011 by BSI’s Joint TickIT Industry Steering Committee (JTISC). The principal aims of the scheme are to capitalise on the strengths of TickIT, whilst recognising the changes in software development. Some of the key goals are to:
adopt a full process-driven approach to business systems management;
introduce capability assessment concepts;
accommodate the requirements of multiple standards, e.g. ISO9001, ISO20000-1 (IT service management) and ISO27001 (information security management);
strengthen the commitment to improvements;
enable collaborative assessments to be undertaken more formally.
Benefits of TickITplus
TickITplus was introduced as a replacement for the TickIT scheme to reflect developments in technology, IT software and emerging standards including ISO2000, ISO27001, ISO2207 and ISO15288.
The key benefits of TickITplus are:
To encourage and promote continuous improvements
To support process development to meet business needs
To institutionalise good processes and practices
To reduce business risk as capability increases
To reduce assessment disruption
To involve staff in assessments
To provide better criteria for supplier selection
To offer clear indications of suppliers’ process capabilities
To allow better risk management
For assessment organisations
To provide a clear, well-defined structure for conducting assessments with consistent results.
From TickIT to TickITplus
The TickIT scheme has existed since the early 1990s and, although at the forefront of encouraging good IT engineering, auditing and certification practices, it became outdated.
The original scheme was introduced primarily to address issues within the classic software development areas. Over the years, IT provision has diversified, leading to less bespoke development activity. There is greater emphasis on, for example, package adaptation, system integration and configuration, internet applications, etc.
From its launch, TickIT only ever provided guidance on the interpretation of ISO9001 and, although the use of processes was encouraged, it was always predominantly requirements-driven. Even with the introduction of the 2000 edition of ISO9001, which significantly strengthened the process-based approach, TickIT still retained a requirements-driven approach at heart.
By comparison, newer requirements standards, such as ISO20000-1 and ISO27001, were emerging and were more clearly process-based.
Another consequence of being tied to ISO9001 was that TickIT audits could only result in a pass or a fail, which is now seen as a serious limitation. Customers often need, and even demand, clearer indications of supplier performance in key business processes such as risk management to provide better criteria for supplier selection.
One indication of process performance can be established through capability assessments complying with ISO15504-2. However, many companies have created integrated management systems and have requirements for combined assessments.
This is particularly relevant when organisations are adopting closely related standards such as ISO9001, ISO20000-1 and ISO27001. The benefits are clearly seen through easier deployment of processes, greater cost-effective maintenance and more efficient third-party assessments.
TickITplus was designed to address all these shortcomings by:
defining a core set of processes that provide complete coverage for a range of organisational activities;
adopting graded levels of process capability assessment and a maturity approach based on ISO15504-2;
providing relationships between the core processes and combinations of standards;
introducing the concept of having formally trained practitioners within an organisation to support ongoing improvements, promoting higher levels of process capability.
40 processes have been defined, which cover business, engineering, functional and support activities, and are contained within a database maintained by JTISC, called the BPL (Base Process Library). Processes are grouped into one of six defined categories.
TickITplus defines five levels of maturity of an organisation, consistent with the requirements stated within ISO15504-2. These levels are, in ascending order: Foundation, Bronze, Silver, Gold and Platinum.
Levels from Bronze to Platinum are attained by assessing (using capability assessments) whether an organisation has met certain process criteria.
Compliance at the Foundation level is determined by ensuring an organisation has identified processes correctly and is operating those processes.
It is recognised that existing TickIT organisations will want to progress through the graded levels at their own pace and as improvements allow. Consequently, the Foundation level exists to allow organisations to progress to TickITplus with minimal effort and then start their process maturity journey.
The scheme has been designed to allow combinations of IT-related requirement and reference standards to be mapped into the BPL, which will initially include ISO9001. As the scheme develops, further requirements and reference standards could be added according to demand, such as:
ISO/IEC 20000-1, Information technology – Service management - Specification
ISO/IEC 27001, Information technology – Security techniques – Information security management systems - Requirements
ISO/IEC 25030, Software engineering – Software product quality requirements and evaluation (SQuaRE)
IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems
BS 25999, Business continuity management.
These would then be mapped across to the existing or enhanced processes.