TickITplus
What is TickITplus?
TickITplus, which replaced the TickIT scheme, is a software quality certification scheme designed to enourage good software development, auditing and certification practices.
The scheme is intended to be a generic framework for defining, assessing and enabling continual improvement of IT processes, where IT is used in its fullest sense of covering all IT-related management, development and computer-related activities.
What's on this page?
TickITplus Resources
TickITplus Base Process Library (BPL)
At the heart of the TickITplus scheme is a process model called the Base Process Library (BPL). The Base Process Library comprises 40 process defintions which cover the full range of IT activities, ensuring a consistent approach to process definition and assessment. The Base Process Library is available in softcover and download formats from our website.
TickITplus Core Scheme Requirements
The TickITplus Core Scheme Requirements specifiy the requirements for undertaking an accredited TickITplus assessment that meets the audit requirementsof ISO17021 whilst also following the principles in ISO/IEC 15504-2.
The TickITplus Core Scheme Requirements are also available in softcover and download formats from our website.
TickITplus Guides
IT Governance stocks all the official TickITplus guides:
Tickitplus Courses
IT Governance, a TickITplus accredited training provider, runs the TickITplus Foundation Training Course throughout the year. This 2-day course is the starting level for everyone involved in TickITplus and is particularly suitable for those new to the scheme. We highly recommended it for anyone taking the TickITplus Foundation Exam. Read more about the TickITplus Foundation Training Course here.
Why TickITplus?
TickITplus was launched in 2011 by BSI’s JTISC (Joint TickIT Industry Steering Committee). The principal aims of the scheme are to capitalise on the strengths of TickIT, whilst recognising the changes in software development. Some of the key goals are to:
-
Adopt a full process-driven approach to business systems management
-
Introduce capability assessment concepts
-
Accommodate the requirements of multiple standards, e.g. ISO 9001, ISO/IEC 20000-1 (IT service management) and ISO/IEC 27001 (information security management)
-
Strengthen the commitment to improvements
-
Enable collaborative assessments to be undertaken more formally.
Benefits of TickITplus
TickITplus was introduced as a replacement for the TickIT scheme to reflect developments in technology, IT software and emerging standards including ISO2000, ISO27001, ISO2207 and ISO15288.
The key benefits of TickITplus are:
For organisations:
-
Encourage and promote continuous improvements
-
Support process development to meet business needs
-
Institutionalise good processes and practices
-
Reduce business risk as capability increases
-
Reduce assessment disruption
-
Involve staff in assessments.
For customers:
-
Provide better criteria for supplier selection
-
Offer clear indications of suppliers’ process capabilities
-
Allow better risk management
For assessment organisations
-
Provide a clear, well-defined structure for conduction assessments with consistent results.
From TickIT to TickITplus
The TickIT scheme has existed since the early 1990s and, although at the forefront of encouraging good IT engineering, auditing and certification practices, it became outdated.
The original scheme was introduced primarily to address issues within the classic software development areas. Over the years, IT provision has diversified leading to less bespoke development activity. There is greater emphasis on, for example, package adaptation, system integration and configuration, internet applications, etc.
From its launch, TickIT only ever provided guidance on the interpretation of ISO 9001 and, although the use of processes was encouraged, it was always predominantly requirements-driven. Even with the introduction of the 2000 edition of ISO 9001, which significantly strengthened the process-based approach, TickIT still retained a requirements-driven approach at heart.
By comparison, newer requirements standards, such as ISO/IEC 20000-1 and ISO/IEC 27001, were emerging and were more clearly process-based.
Another consequence of being tied to ISO 9001 was that TickIT audits could only result in a pass or a fail - now seen as a serious limitation. Customers often need, and even demand, clearer indications of supplier performance in key business processes, such as risk management, to provide better criteria for supplier selection.
One indication of process performance can be established through capability assessments complying with ISO/IEC 15504-2. However, many companies have created integrated management systems and have requirements for combined assessments.
This is particularly relevant when organisations are adopting closely related standards such as ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001. The benefits are clearly seen through easier deployment of processes, greater cost-effective maintenance and more efficient third-party assessments.
TickITplus was designed to address all these shortcomings by:
-
Defining a core set of processes that provide complete coverage for a range of organisational activities
-
Adopting graded levels of process capability assessment and a maturity approach based on ISO/IEC 15504-2
-
Providing relationships between the core processes and combinations of standards
-
Introducing the concept of having formally-trained practitioners within an organisation to support ongoing improvements, promoting higher levels of process capability.
Forty processes have been defined. they cover business, engineering, functional and support activities, and are contained within a database maintained by JTISC, called the BPL (Base Process Library). Processes are grouped into one of six defined categories.
TickITplus defines five levels of maturity of an organisation, consistent with the requirements stated within ISO/IEC 15504-2. These levels are, in ascending order, Foundation, Bronze, Silver, Gold and Platinum.
Levels from Bronze to Platinum are attained by assessing (using capability assessments) whether an organisation has met certain process criteria.
Compliance at the Foundation level is determined by ensuring an organisation has identified processes correctly and is operating those processes.
It is recognised that existing TickIT organisations will want to progress through the graded levels at their own pace and as improvements allow. Consequently, the Foundation level exists to allow organisations to progress to TickITplus with minimal effort and then start their process maturity journey.
The scheme has been designed to allow combinations of IT-related requirement and reference standards to be mapped into the BPL, which will initially include ISO 9001. As the scheme develops, further requirements and reference standards could be added according to demand, such as:
-
ISO/IEC 20000-1, Information technology – Service management - Specification
-
ISO/IEC 27001, Information technology – Security techniques – Information security management systems - Requirements
-
ISO/IEC 25030, Software engineering – Software product quality requirements and evaluation (SQuaRE)
-
IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems
-
BS 25999, Business continuity management.
These would then be mapped across to the existing or enhanced processes.