| Q1 What is TickIT? TickIT is a UK scheme (accreditation
scheme) for approving Certification bodies who operate ISO 9001 registration
schemes in the domain of IT. The primary aim of the scheme is to ensure that
Certification bodies are competent to audit IT companies and that the
Certification bodies work in a consistent manner. It is not as many people
expect about approval of software developers or products.
At the last count (September 2005) there were 12 certification bodies offering
Certification under the TickIT scheme, you can get the current list in PDF
here.
Q2 What is the difference between TickIT and ISO 9001?
If you work for a company seeking ISO 9001 registration then there is NO difference
between ISO 9001 and TickIT. When the TickIT approved Certification body
arrives to audit your company it will be auditing you against the requirements
of ISO 9001, there are no additional or different requirements, although there
is additional guidance information for auditors. The guidance comes in 2 types.
-
UK specific in the TickIT Guide (at version 5.5 December 2007)
- International ISO 90003:2004
Q3 What is the purpose of ISO 90003 (Previously ISO 9000-3) ?
ISO 90003:2004, is a guideline document. If you are not into standards speak;
guideline means that there are no requirements. It is all entirely
optional. The purpose of the document is to help Quality System authors and
auditors understand the requirements of ISO 9001 as they apply in an IT domain.
Note 90003 is not intended to be used as an audit document, the guidance
included tends to be quite general and is by no means complete, issues such as
safety critical software, and requirements capture for package software are not
addressed.
A Final note in case you might not trust what I have said, here is a direct
quote from the scope of ISO 90003:2004
This International Standard provides guidance for organizations in the
application of ISO 9001:2000 to the acquisition, supply, development, operation
and maintenance of computer software and related support services. It does not
add to or otherwise change the requirements of ISO 9001:2000.
Q4 How do I become a TickIT Auditor?
In short you have to attend an IRCA approved 5 day TickIT Lead Auditor Course
and then perform a specified number of Audits. (usually 5). The full
details are in IRCA162.pdf (www.irca.org/downloads/IRCA162.pdf)
(IRCA have also introduced 3 day TickIT Internal Auditor course)
IRCA have recently changed the grades and qualificatons necessary to become a
TickIT auditor. The have extended the number of grades available; removed the
requirement for an interview and changed the audit criteria needed to qualify.
So if you have been on a TickIT Lead Auditor course recently you may want to
take another look at the changed requirements. One of the key changes is the
removal of the requirement to perform 3rd part audits. See the document at
www.irca.org/downloads/IRCA162.pdf
Note: If you are already been on a Lead Auditor course and you
have a good understanding of IT issues then there will not be great value in
attending a TickIT Lead Auditor course unless you want to become a fully
qualified TickIT auditor; then you will need the TickIT Lead Auditor
Qualification.
Q5 When is TickIT Relevant?
When an organisation makes the decision to seek ISO 9001 certification, the
chosen certification body should determine whether the organization performs
activities that will require the presence of a TickIT auditor (comptent IT
auditor) during the assessment process. There is nothing stopping the
organization specifically requesting an assessment under the TickIT scheme, and
in fact this is often the case. The TickIT web site has a page that
describes the situations that require the certification body to
deploy TickIT auditors
Q6 Should we require TickIT as a contractual condition on Suppliers?
It is not unusual to see organisations contractual specify TickIT in a
contract, however this practice would appear to fall foul of EU law, since
TickIT is a UK only scheme specifying TickIT would exclude ISO9001 certificates
from other countries. The more correct approach would seem be to require
Accredited Certification, this would include both the UK and other countries
approach to ISO 9001 certification.
Q7 Which is Better TickIT or CMM ?
This is an increasingly common question but is equivalent to asking which is
better chalk or cheese ? TickIT is simply ISO 9001 Certification with
extra constraints placed on the Certification body performing the registration.
You could, maybe unkindly, describe TickIT as a hurdle that needs to be jumped,
CMM on the other hand is a system for measuring the maturity of the
software processes of an organization. For the record an organisation that has
obtained a TickIT accredited ISO 9001 certificate should be at least level 3
(Defined) on the CMM scale.
There is a proposal on the table to effectivly create a hybrid TickIT CMM scheme,
the proposed name is TicKIT Plus. The details have not been finalised (December
2007)
Q8 Who runs TickIT Training Courses ?
IRCA the organisation that registers TickIT auditors
maintains a list of approved training organisations you need to search
through this and look for the word TickIT. We run LRQA's
and Pera's
TickIT courses so will give them a quick plug. If you wish to know the basic
content of a TickIT Lead Auditor course then the following
course criteria is published by
IRCA, which lays out the mandatory content of a Lead TickIT Auditor
Course. This document is intentended for Course providers but is still worth a
look.There is also
Q9 My organisation pays for TickIT Certification, what do we get ?
A couple of thing to check, does your organisation ISO 9001 certificate state
TickIT or have the TickIT logo, if so you should be listed on the TickIT
website under TickIT Organisations,
there is a PDF of all the TickIT organisations listed here. Another thing to
check is whether the auditor sent by your Certification body has the correct
qualifications. All the qualified TickIT auditors are listed on the TickIT
website under auditor registration.
Now assuming you are getting a TickIT auditor and TickIT shows up on your
Certificate the final question :
- Do you get value for money? There are numerous different ways to answer
this; quality of service being one of the more important aspects. If you ask
the simpler question, do I pay a reasonable amount then when your 3
yearly Certification comes round for renewal, send out an invitation to tender
to some or all the other TickIT Certification bodies and ask for a quote for
the next three years.
|
