Last updated

TickIT is a certification program for companies in the software development and computer industries, supported primarily by the United Kingdom and Swedish industries through UKAS and SWEDAC respectively. Its general objective is to improve software quality.



In the 1980s, the UK government's CCTA organisation promoted the use of IT standards in the UK public sector, with work on BS5750 (Quality Management) leading to the publishing of the Quality Management Library and the inception of the TickIT assessment scheme with DTI, MoD and participation of software development companies.


The TickIT scheme has been updated to become TickITplus, a new website TickITplus is now available.

TickITplus adds a new dimension to the existing TickIT Scheme combining industry best practice with International IT standards. It provides ISO 9001:2008 accredited certification with a Capability Grading for all sizes and types of IT organisations. It cross-references ISO/IEC 15504 (Information technology — Process assessment) and ISO/IEC 12207 (Systems and software engineering — Software life cycle processes) amongst others. In addition it promotes Auditor and Practitioner competency and training within established qualification standards.


In addition to a general objective of improving software quality, one of the principles of TickIT is to improve and regulate the behaviour of auditors working in the information technology sector through training, and subsequent certification of auditors. The International Register of Certificated Auditors manages the registration scheme for TickIT auditors.

Software development organizations seeking TickIT Certification are required to show conformity with ISO 9000.

Major objective was to provide industry with a practical framework for the management of software development quality by developing more effective quality management system certification procedures. These involved:

The TickIT Guide

TickIT also includes a guide. This provides guidance in understanding and applying ISO 9001 in the IT industry. It gives a background to the TickIT scheme, including its origins and objectives. Furthermore, it provides detailed information on how to implement a Quality System and the expected structure and content relevant to software activities. The TickIT guide also assists in defining appropriate measures and/or metrics. The TickIT Guide contains the official guidance material for TickIT. It is directed at a wide audience: senior managers and operational staff of software suppliers and in-house development teams, purchasers and users of software based systems, certification bodies and accreditation authorities, third party and internal auditors, auditor training course providers and IT consultants.

Part A: Introduction to TickIT and the Certification Process
This presents general information about the operation of TickIT and how it relates to other quality initiatives such as Process Improvement.

Part B: Guidance for Customers
This describes the issues relating to quality management system certification in the software field from the viewpoint of the customer who is initiating a development project, and explains how the customer can contribute to the quality of the delivered products and services.

Part C: Guidance for Suppliers
This presents information and guidance to software and software service providing organizations, including in house developers, on the construction of their quality management systems using the TickIT procedures. This part also indicates how organizations can assess and improve the effectiveness of their quality management systems.

Part D: Guidance for Auditors
This gives guidance to auditors on the conduct of assessments using the TickIT procedures.

Part E: Software Quality Management System Requirements – Standards Perspective
This contains guidance to help organizations producing software products and providing software-related services interpret the requirements of BS EN ISO 9001:2000. It follows the clause sequence of the Standard.

Part F: Software Quality Management System Requirements – Process Perspective
This identifies and elaborates upon the good practice required to provide effective and continuous control of a software quality management system. It is organized around the basic processes required for software development, maintenance and support and follows the structure set out in ISO/IEC 12207:1995.

Appendix 1: Management and Assessment of IT Processes

Appendix 2: Case study: Using the EFQM Excellence Model

Appendix 3: Case Study: ISO/IEC 15504 - Compatible Process Assessments

Appendix 4: Case study: Software Process Improvement The CMMSM Way

Standards information and references

Glossary of terms

Related Research Articles

The ISO 9000 family of quality management systems (QMS) is a set of standards that helps organizations ensure they meet customers and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of quality management systems, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfil.

ISO/IEC/IEEE 12207Systems and software engineering – Software life cycle processes is an international standard for software lifecycle processes. First introduced in 1995, it aims to be a primary standard that defines all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.

ISO/IEC 15504Information technology – Process assessment, also termed Software Process Improvement and Capability Determination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.

Quality management ensures that an organization, product or service is consistent. It has four main components: quality planning, quality assurance, quality control and quality improvement. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. What a customer wants and is willing to pay for it determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Thus, quality can be defined as fitness for intended use or, in other words, how well the product performs its intended function.

ISO/IEC 20000 is the first international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

IEC 61508 is an international standard published by the International Electrotechnical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

The ISO/IEC 15288 is a systems engineering standard covering processes and lifecycle stages. Initial planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common systems engineering process framework was recognized. The previously accepted standard MIL STD 499A (1974) was cancelled after a memo from SECDEF prohibited the use of most United States Military Standards without a waiver. The first edition was issued on 1 November 2002. Stuart Arnold was the editor and Harold Lawson was the architect of the standard. In 2004 this standard was adopted as IEEE 15288. ISO/IEC 15288 has been updated 1 February 2008 as well as on 15 May 2015.

ISO 22000 is a standard developed by the International Organization for Standardization dealing with food safety. It is a general derivative of ISO 9000.

ISO 13485Medical devices -- Quality management systems -- Requirements for regulatory purposes is an International Organization for Standardization (ISO) standard published for the first time in 1996; it represents the requirements for a comprehensive quality management system for the design and manufacture of medical devices. This standard supersedes earlier documents such as EN 46001 and EN 46002 (1996), the previously published ISO 13485, and ISO 13488.

ISO/IEC 17024: Conformity assessment - General requirements for bodies operating certification of persons is an International Standard which specifies criteria for the operation of a Personnel Certification Body. The standard includes requirements for the development and maintenance of the certification scheme for persons upon which the certification is based.

In software engineering, a software development process is the process of dividing software development work into distinct phases to improve design, product management, and project management. It is also known as a software development life cycle (SDLC). The methodology may include the pre-definition of specific deliverables and artifacts that are created and completed by a project team to develop or maintain an application.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely human errors, hardware failures and operational/environmental stress.

ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2018 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.

ISO/IEC 29110: Systems and Software Life Cycle Profiles and Guidelines for Very Small Entities (VSEs) International Standards (IS) and Technical Reports (TR) are targeted at Very Small Entities (VSEs). A Very Small Entity (VSE) is an enterprise, an organization, a department or a project having up to 25 people. The ISO/IEC 29110 is a series of international standards and guides entitled "Systems and Software Engineering — Lifecycle Profiles for Very Small Entities (VSEs)". The standards and technical reports were developed by working group 24 (WG24) of sub-committee 7 (SC7) of Joint Technical Committee 1 (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission.

ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

ISO/IEC JTC 1/SC 7 Software and systems engineering is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of engineering of software products and systems. The international secretariat of ISO/IEC JTC 1/SC 7 is the Bureau of Indian Standards (BIS) located in India.

Tudor IT Process Assessment

Tudor IT Process Assessment (TIPA®) is a methodological framework for process assessment. Its first version was published in 2003 by the Public Research Centre Henri Tudor based in Luxembourg. TIPA is now a registered trademark of the Luxembourg Institute of Science and Technology (LIST). TIPA offers a structured approach to determine process capability compared to recognized best practices. TIPA also supports process improvement by providing a gap analysis and proposing improvement recommendations.

The Annex L is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex L is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS are aligned and the compatibility of these standards is enhanced.