What, Why and how? Transition to TickITplus... Welcome and Introduction

Similar documents
What, Why and how? Transition to TickITplus... Welcome and Introduction

TickITplus Webinar. The Essentials Made Clear

Base Process Library. The TickITplus scheme. Version Release

What are the top ten benefits of adopting TickITplus?

Kick Start Guide. TickITplus. Dave Wynn Reviewed by JTISC

TickIT Plus the Future of TickIT!

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

CMMI V2.0 MODEL AT-A-GLANCE. Including the following views: Development Services Supplier Management. CMMI V2.0 outline BOOKLET FOR print.

Post Graduate Engineer End Point Assessment Plan

ISACA All Rights Reserved.

CEPA Certified and European Standard EN 16636:2015

CASS TOES FOR FUNCTIONAL SAFETY MANAGEMENT ASSESSMENT (IEC : 2010)

PG&E Gas Operations. Gas Safety Excellence API 1173

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

The following Standard reflects employers requirements for the skills, knowledge and behaviours expected from someone to be competent in the job role.

Procedure 11 Recruitment and Training

Level 4 NVQ Diploma in Customer Service. Qualification Specification

DORNERWORKS QUALITY SYSTEM

Facilitating relationships that build businesses.

ITIL Intermediate: Release, Control and Validation Lesson Plan

The Chartered Project Professional Standard

Level 4 NVQ Diploma in Customer Service. Qualification Specification

Does a strategic approach to asset management make a difference?

SCAF Workshop Recruitment, Retention and Professional Development

IT Service Catalogue. every interaction is a personal journey...

This resource is associated with the following paper: Assessing the maturity of software testing services using CMMI-SVC: an industrial case study

EX0-114_Wins_Exam. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0

IT Service Management Foundation based on ISO/IEC20000

ISO 9001:2015 Expectations

Supports and coaches more than 150 IT Staff in change, release and problem management activities.

Assessment plan: Paraplanner

JOB DESCRIPTION. Manager Service Management Technical Systems & Proposed band. Job family

Laboratory Quality Assurance Manager & Laboratory Assessor RULES & HANDBOOK

Transitioning from TickIT to TickITplus at the National Physical Laboratory

Digital Industries Apprenticeship: Assessment Plan. Unified Communications Technician. Published in November 2016

Insurance Professional

How to to transition to ISO One year on. Rob Acker Business Continuity Lead Assessor LRQA Ltd

ISO (SPiCE) Assessment

Fiat Group Automobiles Policy for Software Quality Improvement

CMMI for Services Quick Reference

Qualification title: OAL Level 3 Diploma in Supply Chain Practice (FMCG) Qualification number (QN): 603/3161/6

INTLCO Training Guide. We Train Professionals TM INTLCO All Rights Reserved

Recruitment Consultant Level 3 End Point Assessment

LEVEL 4 CERTIFICATE IN POLICE FIRST LINE MANAGEMENT (RQF) Syllabus July 2017 Version 5

IHE PROFESSIONAL CERTIFICATE IN

Eur Ing Ian Hogarth CEng CIWE CEWE EWIE FWeldI Compliance Verification Engineer for TWI Certification Ltd.

Getting Started. Introduction to Membership Levels. Information Required to Complete and Submit Your Questionnaire

9100 revision Changes presentation clause-by-clause. IAQG 9100 Team November 2016

Passit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2

UKAS Supplement for the Accreditation of Environmental Verifiers for EMAS (the EU Eco Management and Audit Scheme Regulation 1221/2009)

Food and Drink Advanced Process Operator Apprenticeship Standard Level 3. End-point Assessment Plan

Quality Manual Template ISO 9001:2015 Quality Management System

Digital Industries Apprenticeship: Assessment Plan. IS Business Analyst. March 2017

Getting Started Introduction to Membership Levels Information Required to Complete and Submit Your Questionnaire 02 Getting Started - June v1

PASA GUIDANCE. Trustees Administration Governance Checklist. July 2018

Software Quality Engineering Courses Offered by The Westfall Team

TEAM LEADER LEVEL 3 TALENT DEVELOPMENT PROGRAMME

Does Assurance Add Value? (We Don t Know What We Don t Know Until We Know It) John Mitchell. PhD, MBA, CEng, CITP, FBCS, CFIIA, CISA, CGEIT, QiCA, CFE

GUYANA NATIONAL BUREAU OF STANDARDS SCHEDULE OF TRAINING PROGRAMMES FOR MARCH TO DECEMBER 2018 Manufacturing and Service Organisations

INTERNAL AUDIT DIVISION

Effective competence assurance management is as easy as itb. competence assurance

Operations/ Departmental Manager Apprenticeship. Assessment Plan

Service Strategy Quick Reference Guide

Software Quality Engineering Courses Offered by The Westfall Team

JOB DESCRIPTION ORGANISATIONAL STRUCTURE MAIN PURPOSE OF ROLE KEY RESPONSIBILITIES

QP 02 Audit and Certification Procedure

Management and key people development. In partnership with. ILM Level QUALIFICATIONS. Certificate and Diploma in Leadership and Management

AUTOMOTIVE SPICE v3.1 POCKET GUIDE

Project Execution Approach

Five Star Environmental Audit Specification August 2016

Procedure 14 Internal Audits

CENTRE (Common Enterprise Resource)

Software Project & Risk Management Courses Offered by The Westfall Team

Because good people make a great business

IMDRF. Final Document. Regulatory Authority Assessor Competence and Training Requirements. IMDRF MDSAP Work Group

Internal Quality Assurance Policy

ISO at Scottish Water. Colin Duguid. Lesley Juskowiak. November 2014

Summary of TL 9000 R4.0 Requirements Beyond ISO 9001:2000

Health and Safety Management Profile (HASMAP)

Practical Process Improvement: the Journey and Benefits

Why SAM-iQ? 2 SAM-iQ Specification 3 SAM-iQ Online Tools 4 The Four Distinct Phases 6 SAM-iQ Portal 7 SAM-iQ Assessments 8 The SAM Maturity

QUALIFICATION HANDBOOK

Introduction to PM². Laurent Kummer COEPM² Team

handbook Level 5 NVQ Diploma in Management (QCF) MD05

EX Exam : Title : ITIL Foundation v.3. Ver :

General requirements for the competence of testing and calibration laboratories. In this presentation:

BSA International Certification Co. Private Limited.

Level 5 Award in Understanding Event and Incident Response Management in the Water and Environmental Industries

INTERNATIONAL STANDARD

International Civil Aviation Organization FIRST INFORMATION MANAGEMENT PANEL (IMP/1) Montreal, Canada January, 25 30, 2015

Commentary on BS ISO 55000/01/02 Standards for asset management

Assessment plan: Facilities Management Supervisor Apprenticeship

Team Leader/ Supervisor Apprenticeship. Assessment Plan

Compliance through Competence Welding coordinator competence assessment for railway vehicle components

ITIL V3 Foundation (Classified Questions) Page 1 of Which of the following questions does Service Strategy help answer with its guidance?

1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General

Vendor: ISEB. Exam Code: BH Exam Name: ITIL V3 Foundation Certificate in IT Service Management. Version: Demo

PASS4TEST IT 인증시험덤프전문사이트

Level 3 Diploma in Management. Qualification Specification

Transcription:

Transition to TickITplus... What, Why and how? Welcome and Introduction Peter Lawrence MSc FBCS CITP FCQI CQP Chairman Joint TickIT Industry Standards Committee

Agenda Morning Welcome and benefits of TickITplus TickITplus Overview Benefits from using the Business Process Library (BPL) Constructing your Process Reference Model (PRM) Assessor and practitioners Peter Lawrence JTISC Chairman Peter Lawrence & Phil Willoughby LRQA s ICT Technical Manager 11.15 Break and Refreshments Continued 12.30 Lunch.

Agenda Afternoon How to transition from TickIT to TickITplus using the Core Scheme Requirements (CSR) TickITplus case studies reflecting on experiences implementing TickITplus and lessons learnt: Nexor Ltd Irene Dovey CSC Colin Walford CGI Bill Martin & Paul Breslin 15.30 Break and Refreshments 16.30 Finish. Question and Answers Session Summary and Close Phil Willoughby LRQA s ICT Technical Manager TickITplus panel Peter Lawrence

Welcome and TickITplus Update Peter Lawrence MSc FBCS CITP FCQI CQP Chairman Joint TickIT Industry Standards Committee

The TickITplus Framework Critical dependency on IT systems Changing IT landscape Emerging (converging) standards ISO 20000 (ITIL/Service Management) ISO 27001 (Security Risk Management) ISO 12207 (Software Lifecycle) ISO 15288 (System Lifecycle) Demand for a graded approach (ISO 15504, SPICE) Flexibility and graded costs Differentiation and competitive advantage

The TickITplus Drivers Established in 1991 to address growing concerns in the UK for the supply of dependable software and IT systems Specifies best practice, along with requirements for the formal qualification of ISO 9001 assessors within the IT sector Has been through five revisions, but is not perceived to have kept pace with the changes in the IT industry in particular the growing focus on services over software New approach: to broaden appeal provide an integrated assessment framework regain lost credibility and customer confidence re-vitalise and re-energise auditors.

The TickITplus Enhancements Built on multiple international standards UKAS accredited Third party verified Straightforward migration Up-to-date and competent assessors Focuses on outcomes and business drivers Promotes positive and cooperative relationships with certification body Encourages systematic and ongoing improvement Provides a benchmarking framework

The Clock is Ticking... Existing TickIT approvals will expire by the end of 2014

TickITplus Principle From Conformance to Performance FOUNDATION (Conformance) Establish standard processes across the organisation Integrated Management System (ex.qms) Acting Checking Planning Doing Continual Improvement VISION (Performance) Characterise underlying performance and drive systematic improvement ENTRY Policy and working practices are formally documented BRONZE Processes are systematic and deployed with a managed framework SILVER Processes are measured and a baseline of repeatable performance is established GOLD Process Improvements are implemented through quantitative evaluations PLATINUM Processes are continuously improved Continual improvement achieved through standardization and active assessment

TickITplus Documentation Requirements & Implementation Specification Outline Technical Specification TickITplus Project Documentation Administration Design Specification Technical Design Specification Assessor & Practitioner Qualification Criteria Training Course & Examination Criteria Delivering Quality in IT TickITplus Core Scheme Requirements TickITplus Base Process Library TickITplus Process Guidance TickITplus Requirements for Assessors and Practitioners TickITplus Requirements for Training and Examinations TickITplus Kick Start Guide TickITplus Scheme Documentation TickITplus Implementation Guidance Slide 10

TickITplus Scope Profiles Legal and Compliance Service Management Systems & Software Development & Support Project & Programme Management Corporate Strategy Planning & Management Information Management & Security Product Validation, Quality & Measurement IT Systems Engineering & Infrastructure Dealing with the delivery of products or services within a legal and compliance framework; covering business analysis, corporate responsibility, risk and compliance audit Operations in a service management environment; delivering IT based services to clients either outsourced or internal All aspects of systems and software development, both traditional and new methodologies. Long term support and maintenance. Multidiscipline programme and project delivery as a specialist area: analysis, reporting, risk and general project management. Taking an organisational wide view of IT operations, long term planning, high level management. Delivery of information and systems to meet both data and security requirements. Independent testing and validation of product and services. Ensuring quantitative quality and measurements are applied to product development and delivery. Operations involving network and data handling systems, server farms, data centres and supporting infrastructure.

Scope Profiles and Processes

Implementation and Assessment JTISC Base Process Library Creation & Maintenance Organisations Assessors Certification Bodies Scope Determination and Defining Certification Requirements BPL Process Reference Model Contract Org QMS Assessment Strategy Documentation and PRM Review Readiness Review Assessment Planning Process Assessment Model Report Assessment Schedule Corrective Action & Improvements Conduct Assessment TickITplus Certificate Process Assessment Model Report Technical Review and Certificate Award

Two Modes of Assessment Exploration Confirmation Evidence does not need to be made available at the start of the assessment Evidence of adequate implementation of Base Practices and Work Products must be sought by external assessment team members The evidence must be tested by correlation to other evidence Interview will be used and must include external assessor Evidence is expected to be made available at the start of the assessment Any team member can confirm the evidence The evidence must be tested by correlation with other evidence Multiple samples are not necessary Interviews must be held to confirm the prepared sample and must include external assessor.

Assessment Coverage A calculation based on: Number of people in the TickITplus Scope Number of people covered by the Implemented Process Sample Number of hours effort planned for the Assessment. Assessment Mode F dation Bronze Silver Gold Platinum Confirmation 0.5 1 1.5 1.5 1.5 Exploration 1 2 3 3 3 Slide 15

The Next Steps Capability Assessment (ISO15504) Level 5: Optimising Level 4: Predictable Platinum Gold The Measurement Framework Capability Level Process Attributes Rating Scale Level 3: Established Silver Level 2: Managed Bronze Level 1: Performed Foundation Level 0: Incomplete

Problem Management - A Case Study

Problem Management - A Case Study Identify and Log Problem Categorise Prioritise Investigation and Diagnosis Review again Known Errors Identify Root Causes Solution

Problem Management - A Case Study Reported Incidents (Priority 1 and Priority 2)

Problem Management - A Case Study Reported Incidents

Problem Management - A Case Study Do we always define the problem well enough? (are we likely to have more than one incident related to a single problem type?) Do we always define a true chronology of events that lead to the failure? (NOT just to the resolution of the incident) WHAT happened (to which CI)? Do we always identify the factor(s) that CAUSE the failure (cause and effect)? For example, a physical cause (e.g., hardware failure), a people cause (doing something they should not or not doing something they should), a process or system cause... A Cause or a Symptom? Why? Why? Why? Why? Why? Do we always identify (not just corrective but) true preventative actions? Whilst accepting that there may be no single action that will solve the problem... But a iterative collection of actions could work toward it? Whilst accepting that there may be multiple factors at work and may require multiple types of preventative actions? Do we always define the required outcome for a given action? Do we confirm this was achieved before closing the action? Do we always confirm the impact of completed actions? Has the problem ACTUALLY been eliminated (or at least reduced)?

Transition to TickITplus... What, Why and how? TickITplus Overview Phil Willoughby & Peter Lawrence Presentation slides developed by Dave Wynn Ceng BSc MBCS Lead TickITplus Capability Assessor Omniprove Ltd

So why TickITplus? Background TickIT was introduced in 1991 - over 20 years ago Emphasis on process capabilities and improvement Today It was aimed primarily at software development The IT sector is now much more diverse It provided only guidance Organisations value clearly specified requirements Linked to ISO 9001 it provided only a pass/fail result Desire for better differentials in supplier selection.

Key Benefits For organisations: Encourage and promote continuous improvements Support process development to meet business needs Institutionalise good processes and practices Reduce business risk as capability increases Reduce assessment disruption Involving organisational staff in assessments For customers: Provide better criteria for supplier selection purposes Offer clear indications of suppliers process capabilities Allow better risk management For assessment organisations: Provide a clear, well defined structure for conduction assessments with consistent and repeatable results.

Key Differences and Changes Process orientated, using primarily ISO/IEC 12207:2007 (software lifecycle processes) ISO/IEC 15288:2007 (system life cycle processes) Process capability based on ISO/IEC 15504-2:2003 Extended standards coverage Formal improvements required Changed from guidance to requirements based scheme Active organisational participation in assessments 3 key components Base Process Library (BPL) Process Reference Model (PRM) Process Assessment Model (PAM).

Process Capability Assessments Conducted to gain an appreciation of organisations processes against a defined measurement framework Characterises current practices in terms of the capability of the processes Examines processes to determine the effectiveness in achieving their goals (outcomes) Drives process improvements Using ISO 15504 part 2. leads to Process Improvement Process Assessment invokes motivates leads to Process Capability Determination

15504 Capability Dimension Level 5: Optimising Level 4: Predictable Platinum Gold The Measurement Framework Capability Level Process Attributes Rating Scale Level 3: Established Silver Level 2: Managed Bronze Level 1: Performed Foundation Level 0: Incomplete

Capability Dimension Level 0: Incomplete The process is not implemented or fails to achieve it Purpose Level 1: Performed The implemented process achieves its process purpose Level 2: Managed Level 3: Established The performed process is implemented in a managed fashion and its work products are appropriately established, controlled and maintained The managed process is now implemented using a defined process capable of achieving its process outcomes Level 4: Predictable The established process now operates within defined limits to achieve its process outcomes Level 5: Optimising The predictable process is continuously improved to meet relevant current project and business goals.

Capability Dimension Process Attributes & Generic Practices Level 2 Level 2: Managed PA 2.1 Performance management attribute: a) Objectives established b) Planned and monitored c) Adjusted to meet plans The performed process is implemented in a managed fashion and its work products are appropriately established, controlled and maintained d) Responsibilities and authorities defined, assigned and communicated e) Resources and information are identified, made available, allocated and used f) Interfaces between involved parties are managed.

Capability Dimension Process Attributes & Generic Practices Level 2 Level 2: Managed The performed process is implemented in a managed fashion and its work products are appropriately established, controlled and maintained PA 2.2 Work product management attribute: a) Requirements defined b) Requirements for documentation and control c) Appropriately identified, documented and controlled d) Reviewed in accordance with planned arrangements and adjusted as necessary.

Scheme Stakeholders Joint TickIT Industry Steering Committee (JTISC) Overall scheme control and direction Scheme Office Management Website Management General Administration Registration of Assessors and Practitioners Registration of Training Course Providers Provision of Examinations Standardisation, international harmonisation, certification, accreditation and general public interest requirements IT industry commercial requirements Accreditation of Certification Bodies for TickITplus Slide 31

Revised Documentation Requirements & Implementation Specification Outline Technical Specification TickITplus Project Documentation Administration Design Specification Technical Design Specification Assessor & Practitioner Qualification Criteria Training Course & Examination Criteria Delivering Quality in IT TickITplus Core Scheme Requirements TickITplus Base Process Library TickITplus Process Guidance TickITplus Requirements for Assessors and Practitioners TickITplus Requirements for Training and Examinations TickITplus Kick Start Guide TickITplus Scheme Documentation TickITplus Implementation Guidance Slide 32

Requirements Based Scheme ISO/IEC 20000-1 Service Management ISO 9001 Mandatory for Certification TickITplus Processes ISO/IEC 27001 Information Security Others Others Scope Reference Standards IEC 61508 System Safety ISO 22301 Business Continuity Slide 33

Practitioners Important part of the TickITplus scheme Would typically manage the PRM implementation Drive organisational improvements using TickITplus concepts Covered by recognised training and qualification paths similar to the Assessor route Essential to running effective external assessments Can lead and be a team member on internal assessments Only team member on external assessments but require recognised internal auditor qualification Will have their qualifications and possible conflicts of interest assessed by external team lead Can transition to Assessor with required auditor prerequisites that satisfy national Accreditation Bodies Foundation training is available from 4 Providers.

Grade Qualifications Foundation Quality and IT Skills and Experience Min 5 years (or 4 with IT related degree) in IT related work Min 2 years quality related work Education and Professional Recognised national certificate in Secondary Education at primary level or above Recognised national certificate in an IT related subject at diploma level or above Recognised national quality Lead Auditor registration Assessor CPD Hours Min 25 CPD hours over last 2 years TickITplus qualifications Completion of the TickITplus Foundation Course and examination pass IT Skills Profile (BPL/SFIA) General level 4 across specialist profile (self declared) Level 5 on specialist profile as Lead Qualifying TickITplus Audits Foundation Assessments only None required for Team Member only 5 Assessment Credits and at least 1 assessment as Lead under supervision. (Exemptions for transferring TickIT Auditors) Quality and IT Skills and Experience Min 5 years (or 4 with IT related degree) in IT related work Min 2 years quality related work Education and Professional Recognised national certificate in Secondary Education at primary level or above Recognised national certificate in an IT related subject at diploma level or above Audit experience Recognised national Auditor registration (IRCA or equivalent) to be on an external assessment Practitioner CPD Hours Min 25 CPD hours over last 2 years TickITplus qualifications Completion of the TickITplus Foundation course and examination pass IT Skills Profile (BPL/SFIA) General level 3 across specialist profile (self declared) Level 5 on specialist profile as Internal Lead or External Member Qualifying TickITplus Audits Foundation Internal Assessments None required for Team Member or Lead Foundation External Assessments None required for Team Member

Key Components Base Process Library (BPL) Process Reference Model (PRM) Process Assessment Model (PAM)

BPL Overview It is maintained by JTISC It provides a set of all IT and IT related Processes It describes processes in terms of purpose, outcomes, base practices and work products Base Process Library (BPL) It defines the Scope Profiles and mappings between processes and requirements and reference standards It is used to create Process Reference Models.

TickITplus Processes TYPE A PROCESSES Human Resource Management Management Framework Corporate Management & Legal Infrastructure & Work Environment Management Improvement Measurement & Analysis Customer Focus Risk Management Data and Record Management TYPE M PROCESSES Quantitative Performance Management Quantitative Process Improvement Mandated at Gold and Platinum Level SCOPE DEPENDENT TYPE B/C PROCESSES Capacity Management Integration Management Verification Validation Operations Management Maintenance Management Disposal Requirements Analysis Stakeholder Requirements Definition Service Level Management Transition & Release Management Architecture Design Organisational Processes Technical Processes Development Implementation Continuity, Availability & Contingency Management Acquisition & Contracts Management Supply Management & Business Relationships Lifecycle Model Management Project Portfolio Management Resource Management Security Management Maturity Processes Agreement Processes Domain Engineering Asset and Program Management Project Management Configuration & Change Management Decision Management Information Management Problem & Incident Management IT Finance Management Management Reporting Project Processes IT Specific Processes

What is a Process? Controls Inputs Process Outputs Resources Outcomes S2-0800DP

Example BPL Process Risk Management Process ID ORG.8 Process Name Risk Management Process Category Organisational Processes Type A Process Purpose To avoid or mitigate potential future events that could adversely affect reaching business objectives Version v1r1 Process Outcomes Process Base Practice Input Work Products Risks are managed and business objectives are not adversely affected by unexpected conditions or events. ORG.8.BP.1 Define Risk Management Procedure The organisation s approach for managing risk is defined, reviewed, documented and controlled within the Integrated Management System (IMS). Output Work Products ISO 9001 Risk Management Procedure 4.2.2 b) 4.2.3 ISO 20000 3.2 c) ISO 27000 ORG.8.BP.2 Establish Risk Management Plan Risk management plans are defined for use by the organisation. This risk management plan includes the approach to be taken, roles and responsibilities, timescales and thresholds for triggering action. Business Plan Stakeholder Requirements Risk Management Procedure Risk Management Plan 5.1 a) 5.5.1 A9.2.1 ORG.8.BP.3 Identify and Analyse Risks Risks, both internal and external, are identified, analysed and documented to determine the priority for action. Business Needs Business Objectives Risk Management Plan Risks 8.5.3 4.2 d) A9.2.5 A14.1.2 ORG.8.BP.4 Track Risks The status of each risk is monitored and appropriate actions are taken to address risks, where planned triggers are activated or defined thresholds are exceeded. Actions are reviewed to ascertain their effectiveness and changes made. The risk management documentation is updated with the status of current risks. All actions are tracked to closure and records are maintained. Risk Management Plan Risks Risk Records 8.5.3 4.2 d) ORG.8.BP.5 Report Status and Escalate The status of each risk, together with any actions, is reported to stakeholders. Where actions are not effectively addressing the risk they are escalated. Risk Records Risk Reports 8.5.3 5.6.2 d) 4.2 d) ORG.8.BP.6 Analyse Risk Management Performance Data from across the organisation is reviewed and analysed in order to identify and address common or reoccurring risks. Risks Improvement Request 8.2.3 5.6.3 a) S4-1000DP

Scope Profiles Legal and Compliance Service Management Systems & Software Development & Support Project & Programme Management Corporate Strategy Planning & Management Information Management & Security Product Validation, Quality & Measurement IT Systems Engineering & Infrastructure Dealing with the delivery of products or services within a legal and compliance framework; covering business analysis, corporate responsibility, risk and compliance audit Operations in a service management environment; delivering IT based services to clients either outsourced or internal All aspects of systems and software development, both traditional and new methodologies. Long term support and maintenance. Multidiscipline programme and project delivery as a specialist area: analysis, reporting, risk and general project management. Taking an organisational wide view of IT operations, long term planning, high level management. Delivery of information and systems to meet both data and security requirements. Independent testing and validation of product and services. Ensuring quantitative quality and measurements are applied to product development and delivery. Operations involving network and data handling systems, server farms, data centres and supporting infrastructure.

Scope Profiles and BPL Processes Table 1 in the BPL identifies which Processes are required for each Profile When a Profile is selected all the ticked Processes become mandatory Type B/C becomes B You can be assessed against one or more Profiles AND optionally any other processes Type C processes

PRM Overview It is produced and maintained by the organisation It is derived from the BPL but can be extended for organisational specific process needs Introduces defined processes through tailoring Process Reference Model (PRM) Maps Type-A, Type-B and any Type-C processes used to the organisational IMS Guidance on creating a PRM in ISO/IEC TR 24748, PAS 99, ISO/IEC TR 90005 Primary role of the Practitioner to create the PRM.

Example PRM Defined Process Risk Management

Process Assessment Model Produced by the assessor but involving the organisations Derived from the PRM Identifies the assessment Implemented Processes Sample It brings together process performance and process capability indicators Process Assessment Model (PAM) Records the Process Outcome ratings and identifies associated nonconformances Provides the basis for calculating Process Capability and Organisational Maturity Once completed provides the record of assessment.

Implementation and Assessment JTISC Base Process Library Creation & Maintenance Organisations Assessors Certification Bodies Scope Determination and Defining Certification Requirements BPL Process Reference Model Contract Org QMS Assessment Strategy Documentation and PRM Review Readiness Review Assessment Planning Process Assessment Model Report Assessment Schedule Corrective Action & Improvements Conduct Assessment TickITplus Certificate Process Assessment Model Report Technical Review and Certificate Award

Transition to TickITplus... What, Why and how? How to transition from TickIT to TickITplus Certificate Renewal and Transitional Assessments Foundation Level Phil Willoughby Ceng MBCS CITP MCQI LRQA ICT Technical Manager

TickITplus delivery process Contract Preparation PRM Review Assessment Planning Readiness Review The Assessment Technical review Certification

Contract Preparation Assessment Strategy Scope of Business Number of Staff TickITplus Grade Profile Number of Defined Processes Number and Size of Workgroups Contract Preparation Quotation in mandays.

TickITplus delivery process Contract Preparation PRM Review Assessment Planning Readiness Review The Assessment Technical review Certification

Documentation and PRM Review Assessment Strategy PRM Management System Documents Documentation & PRM Review Report Decision to proceed Non-conformities Versions of all documents.

Review Highlights Alignment of Strategy and PRM Complies with CSR requirements Carried out by the Lead Assessor Preferably on site Demonstrates the organisation understands Ensures the organisation is ready for the Stage 2 Assessment Organisations improvement plan.

TickITplus delivery process Contract Preparation PRM Review Assessment Planning Readiness Review The Assessment Technical review Certification

Assessment Planning Assessment Strategy Improvement Plan Previous PAMs Assessment Reports Assessment Planning Assessment Plan Schedule Resources.

Planning Highlights Can be initiated at any time in the pre-assessment activity Finalised after the Readiness Review Confirmation or exploration modes selected Creates the initial PAM Determines the Implemented Process Sample.

Assessment Readiness Review Has the organisation prepared for the Assessment? internal assessments and corrective action (at Foundation they can be TickIT type) improvement Plan is being implemented and monitored people allocated to plan activities (exploration mode) practitioner required evidence collected by the (confirmation mode) assessment logistics arranged no significant changes since PRM Review or Assessment Planning activities Can be conducted on site or remotely.

TickITplus delivery process Contract Preparation PRM Review Assessment Planning Combined Review Readiness Review The Assessment Technical review Certification

The Assessment opening meeting process verification team agreement on the findings completion of the PAM (other than at a transitional assessment) report generation closing meeting.

Process Verification The defined processes are verified against the PAM by examining the IPS using the agreed assessment mode For Foundation level the single Process Attribute (PA), Process Performance needs to be assessed All defined processes assessed.

Findings Findings are graded following team discussion Positive and negative observations Major and minor non-conformities The characterisation (rating) of PA s is based on the number and type of nonconformities.

Converting findings to ratings Findings Comments and notes FI LI PI NI No findings Positive observations only Negative observations only Team decision based on the balance of positive and negative observation, risks, quantity of observations. Consideration should be given to raising a minor NC. 1 Minor NC Team decision based on the balance of any positive and negative observations and risks Multiple Minor NCs Team decision based on the balance of any positive and negative observations, risks, quantity of NCs. Consideration should be given to raising a major NC 1 Major NC Team decision based on the impact, risks, severity of any minor NCs, or positive and negative observations Multiple Major NCs

TickITplus delivery process Contract Preparation PRM Review Assessment Planning Readiness Review The Assessment Technical review Certification

Certification

Transitional Assessments Designed to be simpler than a full initial or certificate renewal visit: PRM review, Planning and Readiness Review combined PAM not required Only 50% of type B s require assessment Carried out by your regular Lead Assessor No characterisation required.

Transition Integrating with existing six monthly visits Visit Additional Visit Visit + 1 Request Transition PRM, Planning and Readiness Reviews Assessment Visit Additional visit Visit + 1

Summary Transitional Assessments are a gentler route to TickITplus The Core Scheme requirements document explains everything.

Transition to TickITplus... What, Why and how? Nexor s TickITplus Journey Irene Dovey Business Improvement Manager Nexor Ltd

Transition to TickITplus... What, Why and how? TickITplus... what it can do for you Colin Walford Global ISO Certification Manager CSC

Transition to TickITplus... What, Why and how? TickITplus Conformance to performance Bill Martin Assurance and Improvement Manager CGI Paul Breslin ICT Sector Leader UK DNV Business Assurance

Transition to TickITplus... What, Why and how? Question and Answer Session

Transition to TickITplus... What, Why and how? Summary and Close

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback