Transcript The TickIT Plus Project

The
Project
Redevelopment of the TickIT ISO9001
certification scheme
Derek Irving, TickITplus Project Manager
07/07/2015
Issue 3
1
The need for change
•
•
•
•
•
Changes in IT environments – focus on services
Process capability approaches
Customer confidence
Pressure on costs
Broaden appeal
07/07/2015
Issue 3
2
TickITplus Project
• JTISC – TickIT Committee
–
–
–
–
–
Key suppliers: Logica, Detica, Deloitte
Key customers: MoD
Certification bodies: BSI, LRQA, DNV
Industry bodies: GAMP
Regulators: IRCA, UKAS, SWEDAC
• BSI administration
• BCS and Intellect support
• DIUS funding
07/07/2015
Issue 3
3
Key features of TickITplus (1)
• Integrated with ISO 9001 Accredited
Certification
• Capability and Process Dimensions
– Process Capability (ISO/IEC 15504-2)
• 4 organisational maturity grades
– Extended standards option
• ISO/IEC 20000 – Service Management
• ISO/IEC 27001 – Information Security
• ISO/IEC 25030 – Product Measurement
07/07/2015
Issue 3
4
Key features of TickITplus (2)
• Non-certificated (self and independently
assessed) options
• Requirements based scheme - with
guidance
• TickITplus Office direct control
– Auditor registration, training and examination
control
• Formal improvements – part of certification
07/07/2015
Issue 3
5
Key features of TickITplus (3)
• Revised qualifications and skills for
Auditors and Practitioners
• Revised training – specialist providers
• Revised documentation structure
• Base Processes Library – used to build
assessed Process Reference Model
• Web based support infrastructure
07/07/2015
Issue 3
6
Capability Dimension
• Based on ISO/IEC 15504-2
• Bronze
Level 2: Managed
– Starting point enabling transfer from current TickIT
• Silver
• Gold
• Platinum
07/07/2015
Level 3: Established
Level 4: Predictable
Level 5: Optimising
Issue 3
7
Process Reference Model
• Formal model defined
• Process types:
– Type A – Mandatory as defined by ISO 9001 or other standards
included
– Type B – Scope dependant – implicitly or explicitly in scope statement
(including ISO 9001 clause 7 processes)
– Type C – Supplementary processes – relevant to activities but not core
• Assessed attributes based on process types
• Based on defined Base Processes Library
07/07/2015
Issue 3
8
Requirements standards
• Based on scope – defined on certificate
–
–
–
–
ISO 9001 – core requirements
ISO/IEC 20000 – Service Management (optional)
ISO/IEC 27001 – Information Security (optional)
ISO/IEC 25030 – Software Product Quality (optional)
– Scope defined “Reference” standards
07/07/2015
Issue 3
9
Compliance Standards
• Define TickITplus compliance
requirements
– BS EN 45011 (ISO/IEC Guide 65) – Product
Certification Body accreditation
– ISO/IEC 15504-2 – Process Assessment
07/07/2015
Issue 3
10
Structural Standards
• Integral to scheme’s structure
–
–
–
–
–
ISO/IEC 15504-5 – Process assessment model
ISO/IEC 12207 – Software processes base model
ISO/IEC 15288 – System processes base model
ISO/IEC 15939 – Measurement processes
ISO/IEC 38500 – Corporate governance of IT
07/07/2015
Issue 3
11
Continuous Improvement
• Key ISO 9001 requirement but difficult to
measure
• Based on capability grade
– Silver: Improvement plan submitted to CB and
approved
– Gold: Plan drives surveillance planning and
assessment based on set target achievements
– Platinum: Optimising capability measure,
improvements have to be sustained
07/07/2015
Issue 3
12
TickITplus Assessments
• Bronze
– Transfer level
– Provide Process Reference Model to CB
– Minimal additions to ensure PRM level 2 compliance
and consistency with ISO 9001 findings
• Silver – Platinum
– Increasing levels of assessment to meet ISO/IEC
15504 requirements at levels 3 - 5
– Improvements monitoring
07/07/2015
Issue 3
13
Non-certified TickITplus
• Promote TickITplus process model for noncertified organisations
• Availability of low cost or free documentation for
development
• TickITplus Practitioner qualification
• Encourage self and independent assessment
• Fast track option if certification is eventually
sought
07/07/2015
Issue 3
14
TickITplus Auditor grades
• Grading matches assessment levels
– Bronze, Silver, Gold, Platinum
• Transition from current TickIT to TickITplus Bronze with
basic course only
• Specialist IT skills defined using SFIA* model – no
longer focused on software development only
• No compulsion to progress beyond Bronze grade
* Skills Framework for the Information Age
07/07/2015
Issue 3
15
TickITplus Practitioners
• Intended for non auditors, i.e. quality managers,
developers, consultants etc.
• Practitioner and Advanced Practitioner grades
• SFIA based skills profiles
07/07/2015
Issue 3
16
TickITplus training
• New courses to be developed
– Initial, Intermediate and Advanced
• Use of existing specialised trainers for ISO/IEC
15504, ISO/IEC 20000 etc.
• Basic quality training outside scheme
• CBT for Initial course – minimal cost
07/07/2015
Issue 3
17
TickITplus documentation
• Revised, on-line, regularly updated, free or low
cost as appropriate
–
–
–
–
Marketing and business justification material
Scheme introduction and guide
Quick start and self assessment guide
Certification requirements and guide to development
of model
– Auditor and practitioner requirements
– Certification scheme requirements
07/07/2015
Issue 3
18
TickITplus – Project schedule
•
•
•
•
Launch date June 2009
Trials planned for October 2008 onwards
Opportunities for personal or company involvement
Current status: (August 08)
–
–
–
–
–
Specification approved and design underway
Training and skills criteria in preparation
Trials planning – seminars booked
Marketing strategy, website development
Business planning
07/07/2015
Issue 3
19
TickITplus Trials
• Open invite for trials participation – organisations and
auditors
• Presentation and planning seminars booked in
September and October (London)
• Range of participation options
–
–
–
–
–
Internal process modelling
Internal audits
3rd party audits
Reporting methods
Improvements planning
07/07/2015
Issue 3
20
TickITplus migration
• 3 years from launch
• Existing TickIT certificates – Bronze grade after
re-assessment
• Existing TickIT Auditors – Bronze grade after
initial training
07/07/2015
Issue 3
21
summary (1)
• Greater appeal – easier to use
• Wide range:
– self development and assessment
– independent assessment
– full accredited ISO 9001 + key IT standards
certification with organisation process maturity
• Greater benefit – harder and more worth (and
cost) as levels increase
07/07/2015
Issue 3
22
summary (2)
•
•
•
•
Ease of transition
Standards based model
Extend beyond software development
Redefined Auditors and Practitioners skills and
grades
07/07/2015
Issue 3
23