1 / 23

The Project

The Project. Redevelopment of the TickIT ISO9001 certification scheme. Derek Irving, TickITplus Project Manager. The need for change. Changes in IT environments – focus on services Process capability approaches Customer confidence Pressure on costs Broaden appeal.

neka
Download Presentation

The Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Project Redevelopment of the TickIT ISO9001 certification scheme Derek Irving, TickITplus Project Manager Issue 3

  2. The need for change • Changes in IT environments – focus on services • Process capability approaches • Customer confidence • Pressure on costs • Broaden appeal Issue 3

  3. TickITplus Project • JTISC – TickIT Committee • Key suppliers: Logica, Detica, Deloitte • Key customers: MoD • Certification bodies: BSI, LRQA, DNV • Industry bodies: GAMP • Regulators: IRCA, UKAS, SWEDAC • BSI administration • BCS and Intellect support • DIUS funding Issue 3

  4. Key features of TickITplus (1) • Integrated with ISO 9001 Accredited Certification • Capability and Process Dimensions • Process Capability (ISO/IEC 15504-2) • 4 organisational maturity grades • Extended standards option • ISO/IEC 20000 – Service Management • ISO/IEC 27001 – Information Security • ISO/IEC 25030 – Product Measurement Issue 3

  5. Key features of TickITplus (2) • Non-certificated (self and independently assessed) options • Requirements based scheme - with guidance • TickITplus Office direct control • Auditor registration, training and examination control • Formal improvements – part of certification Issue 3

  6. Key features of TickITplus (3) • Revised qualifications and skills for Auditors and Practitioners • Revised training – specialist providers • Revised documentation structure • Base Processes Library – used to build assessed Process Reference Model • Web based support infrastructure Issue 3

  7. Capability Dimension • Based on ISO/IEC 15504-2 • Bronze Level 2: Managed • Starting point enabling transfer from current TickIT • Silver Level 3: Established • Gold Level 4: Predictable • Platinum Level 5: Optimising Issue 3

  8. Process Reference Model • Formal model defined • Process types: • Type A – Mandatory as defined by ISO 9001 or other standards included • Type B – Scope dependant – implicitly or explicitly in scope statement (including ISO 9001 clause 7 processes) • Type C – Supplementary processes – relevant to activities but not core • Assessed attributes based on process types • Based on defined Base Processes Library Issue 3

  9. Requirements standards • Based on scope – defined on certificate • ISO 9001 – core requirements • ISO/IEC 20000 – Service Management (optional) • ISO/IEC 27001 – Information Security (optional) • ISO/IEC 25030 – Software Product Quality (optional) • Scope defined “Reference” standards Issue 3

  10. Compliance Standards • Define TickITplus compliance requirements • BS EN 45011 (ISO/IEC Guide 65) – Product Certification Body accreditation • ISO/IEC 15504-2 – Process Assessment Issue 3

  11. Structural Standards • Integral to scheme’s structure • ISO/IEC 15504-5 – Process assessment model • ISO/IEC 12207 – Software processes base model • ISO/IEC 15288 – System processes base model • ISO/IEC 15939 – Measurement processes • ISO/IEC 38500 – Corporate governance of IT Issue 3

  12. Continuous Improvement • Key ISO 9001 requirement but difficult to measure • Based on capability grade • Silver: Improvement plan submitted to CB and approved • Gold: Plan drives surveillance planning and assessment based on set target achievements • Platinum: Optimising capability measure, improvements have to be sustained Issue 3

  13. TickITplus Assessments • Bronze • Transfer level • Provide Process Reference Model to CB • Minimal additions to ensure PRM level 2 compliance and consistency with ISO 9001 findings • Silver – Platinum • Increasing levels of assessment to meet ISO/IEC 15504 requirements at levels 3 - 5 • Improvements monitoring Issue 3

  14. Non-certified TickITplus • Promote TickITplus process model for non-certified organisations • Availability of low cost or free documentation for development • TickITplus Practitioner qualification • Encourage self and independent assessment • Fast track option if certification is eventually sought Issue 3

  15. TickITplus Auditor grades • Grading matches assessment levels • Bronze, Silver, Gold, Platinum • Transition from current TickIT to TickITplus Bronze with basic course only • Specialist IT skills defined using SFIA* model – no longer focused on software development only • No compulsion to progress beyond Bronze grade * Skills Framework for the Information Age Issue 3

  16. TickITplus Practitioners • Intended for non auditors, i.e. quality managers, developers, consultants etc. • Practitioner and Advanced Practitioner grades • SFIA based skills profiles Issue 3

  17. TickITplus training • New courses to be developed • Initial, Intermediate and Advanced • Use of existing specialised trainers for ISO/IEC 15504, ISO/IEC 20000 etc. • Basic quality training outside scheme • CBT for Initial course – minimal cost Issue 3

  18. TickITplus documentation • Revised, on-line, regularly updated, free or low cost as appropriate • Marketing and business justification material • Scheme introduction and guide • Quick start and self assessment guide • Certification requirements and guide to development of model • Auditor and practitioner requirements • Certification scheme requirements Issue 3

  19. TickITplus – Project schedule • Launch date June 2009 • Trials planned for October 2008 onwards • Opportunities for personal or company involvement • Current status: (August 08) • Specification approved and design underway • Training and skills criteria in preparation • Trials planning – seminars booked • Marketing strategy, website development • Business planning Issue 3

  20. TickITplus Trials • Open invite for trials participation – organisations and auditors • Presentation and planning seminars booked in September and October (London) • Range of participation options • Internal process modelling • Internal audits • 3rd party audits • Reporting methods • Improvements planning Issue 3

  21. TickITplus migration • 3 years from launch • Existing TickIT certificates – Bronze grade after re-assessment • Existing TickIT Auditors – Bronze grade after initial training Issue 3

  22. summary (1) • Greater appeal – easier to use • Wide range: • self development and assessment • independent assessment • full accredited ISO 9001 + key IT standards certification with organisation process maturity • Greater benefit – harder and more worth (and cost) as levels increase Issue 3

  23. summary (2) • Ease of transition • Standards based model • Extend beyond software development • Redefined Auditors and Practitioners skills and grades Issue 3

More Related