TickIT is a certification program for companies in the software development and computer industries, supported primarily by the United Kingdom and Swedish industries through UKAS and SWEDAC respectively. Its general objective is to improve software quality.
In the 1980s, the UK government's CCTA organisation promoted the use of IT standards in the UK public sector,with work on BS5750 (Quality Management) leading to the publishing of the Quality Management Library and the inception of the TickIT assessment scheme with DTI, MoD and participation of software development companies.
The TickIT scheme has been updated to become TickITplus, a new website TickITplus is now available.
TickITplus adds a new dimension to the existing TickIT Scheme combining industry best practice with International IT standards. It provides ISO 9001:2008 accredited certification with a Capability Grading for all sizes and types of IT organisations. It cross-references ISO/IEC 15504 (Information technology — Process assessment) and ISO/IEC 12207 (Systems and software engineering — Software life cycle processes) amongst others. In addition it promotes Auditor and Practitioner competency and training within established qualification standards.
In addition to a general objective of improving software quality, one of the principles of TickIT is to improve and regulate the behaviour of auditors working in the information technology sector through training, and subsequent certification of auditors. The International Register of Certificated Auditors manages the registration scheme for TickIT auditors.
Software development organizations seeking TickIT Certification are required to show conformity with ISO 9000.
Major objective was to provide industry with a practical framework for the management of software development quality by developing more effective quality management system certification procedures. These involved:
TickIT also includes a guide. This provides guidance in understanding and applying ISO 9001 in the IT industry. It gives a background to the TickIT scheme, including its origins and objectives. Furthermore, it provides detailed information on how to implement a Quality System and the expected structure and content relevant to software activities. The TickIT guide also assists in defining appropriate measures and/or metrics. The TickIT Guide contains the official guidance material for TickIT. It is directed at a wide audience: senior managers and operational staff of software suppliers and in-house development teams, purchasers and users of software based systems, certification bodies and accreditation authorities, third party and internal auditors, auditor training course providers and IT consultants.
Part A: Introduction to TickIT and the Certification Process
This presents general information about the operation of TickIT and how it relates to other quality initiatives such as Process Improvement.
Part B: Guidance for Customers
This describes the issues relating to quality management system certification in the software field from the viewpoint of the customer who is initiating a development project, and explains how the customer can contribute to the quality of the delivered products and services.
Part C: Guidance for Suppliers
This presents information and guidance to software and software service providing organizations, including in house developers, on the construction of their quality management systems using the TickIT procedures. This part also indicates how organizations can assess and improve the effectiveness of their quality management systems.
Part D: Guidance for Auditors
This gives guidance to auditors on the conduct of assessments using the TickIT procedures.
Part E: Software Quality Management System Requirements – Standards Perspective
This contains guidance to help organizations producing software products and providing software-related services interpret the requirements of BS EN ISO 9001:2000. It follows the clause sequence of the Standard.
Part F: Software Quality Management System Requirements – Process Perspective
This identifies and elaborates upon the good practice required to provide effective and continuous control of a software quality management system. It is organized around the basic processes required for software development, maintenance and support and follows the structure set out in ISO/IEC 12207:1995.
Appendix 1: Management and Assessment of IT Processes
Appendix 2: Case study: Using the EFQM Excellence Model
Appendix 3: Case Study: ISO/IEC 15504 - Compatible Process Assessments
Appendix 4: Case study: Software Process Improvement The CMMSM Way
Standards information and references
Glossary of terms
The ISO 9000 family of quality management systems (QMS) is a set of standards that helps organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of quality management systems, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfil.
ISO/IEC/IEEE 12207Systems and software engineering – Software life cycle processes is an international standard for software lifecycle processes. First introduced in 1995, it aims to be a primary standard that defines all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.
ISO/IEC 15504Information technology – Process assessment, also termed Software Process Improvement and Capability Determination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.
Quality management ensures that an organization, product or service is consistent. It has four main components: quality planning, quality assurance, quality control and quality improvement. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. What a customer wants and is willing to pay for it determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Thus, quality can be defined as fitness for intended use or, in other words, how well the product performs its intended function.
ISO/IEC 20000 is the first international standard for service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
ISO/IEC 17025General requirements for the competence of testing and calibration laboratories is the main ISO standard used by testing and calibration laboratories. In most countries, ISO/IEC 17025 is the standard for which most labs must hold accreditation in order to be deemed technically competent. In many cases, suppliers and regulatory authorities will not accept test or calibration results from a lab that is not accredited. Originally known as ISO/IEC Guide 25, ISO/IEC 17025 was initially issued by the International Organization for Standardization in 1999. There are many commonalities with the ISO 9000 standard, but ISO/IEC 17025 is more specific in requirements for competence and applies directly to those organizations that produce testing and calibration results and is based on somewhat more technical principles. Laboratories use ISO/IEC 17025 to implement a quality system aimed at improving their ability to consistently produce valid results. It is also the basis for accreditation from an accreditation body.
IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.
The ISO/IEC 15288 is a systems engineering standard covering processes and lifecycle stages. Initial planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common systems engineering process framework was recognized. The previously accepted standard MIL STD 499A (1974) was cancelled after a memo from SECDEF prohibited the use of most United States Military Standards without a waiver. The first edition was issued on 1 November 2002. Stuart Arnold was the editor and Harold Lawson was the architect of the standard. In 2004 this standard was adopted as IEEE 15288. ISO/IEC 15288 has been updated 1 February 2008 as well as on 15 May 2015.
An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.
ISO/IEC 17024: Conformity assessment - General requirements for bodies operating certification of persons is an International Standard which specifies criteria for the operation of a Personnel Certification Body. The standard includes requirements for the development and maintenance of the certification scheme for persons upon which the certification is based.
IPL Information Processing Limited, commonly known as IPL, is a privately owned European software services company headquartered in Bath, UK, providing business consultancy, technical consultancy, IT solutions and support services. The firm was founded in 1979 and employs 278 staff. For the year ended 30 September 2014, the company posted a turnover of £27.3m.
ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. ISO 31000:2018 provides principles and generic guidelines on managing risks faced by organizations.
ISO/IEC 29110: Systems and Software Life Cycle Profiles and Guidelines for Very Small Entities (VSEs) International Standards (IS) and Technical Reports (TR) are targeted at Very Small Entities (VSEs). A Very Small Entity (VSE) is an enterprise, an organization, a department or a project having up to 25 people. The ISO/IEC 29110 is a series of international standards and guides entitled "Systems and Software Engineering — Lifecycle Profiles for Very Small Entities (VSEs)". The standards and technical reports were developed by working group 24 (WG24) of sub-committee 7 (SC7) of Joint Technical Committee 1 (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission.
ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission(IEC) in 2005 and then revised in 2013. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. A European update of the standard was published in 2017. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit.
ISO/IEC JTC 1/SC 7 Software and systems engineering is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of engineering of software products and systems. The international secretariat of ISO/IEC JTC 1/SC 7 is the Bureau of Indian Standards (BIS) located in India.
eCOGRA is a London-based internationally approved testing agency and player protection and standards organisation. The company was established in 2003 in the United Kingdom and introduced the first formal self-regulation program to the online gambling industry in 2003. eCOGRA is also a leading independent and internationally accredited testing laboratory, inspection body and certification body, specializing in the certification of online gaming software and the audit of Information Security Management Systems.
Tudor IT Process Assessment (TIPA®) is a methodological framework for process assessment. Its first version was published in 2003 by the Public Research Centre Henri Tudor based in Luxembourg. TIPA is now a registered trademark of the Luxembourg Institute of Science and Technology (LIST). TIPA offers a structured approach to determine process capability compared to recognized best practices. TIPA also supports process improvement by providing a gap analysis and proposing improvement recommendations.
The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS are aligned and the compatibility of these standards is enhanced.