Nexor - TickITplus

Nexor became the first UK company to achieve the transition to the upgraded TickITplus scheme in December 2010, a full five months ahead of its formal launch in May 2011.

Nexor - Ahead of the game

Nexor - Ahead of the game

Nexor became the first UK company to achieve the transition to the upgraded TickITplus scheme in December 2010, a full five months ahead of its formal launch in May 2011.

The organisation had been closely involved with the development of the new scheme as an active member of a Working Group focussed on developing the TickITplus Base Process Library (BPL) under the auspices of the Joint TickIT Industry Steering Committee (JTISC). The JTISC group had brought together a broad range of stakeholders that were tasked with defining a way forward. They wanted to develop a more flexible approach that was in keeping with the increasingly diverse needs of the IT industry.

TickITplus replaces the TickIT scheme which was introduced around 20 years ago as guidance to ISO 9001 for the software development industry. The new scheme has introduced for the first time a tiered approach to process maturity with organisations able to be externally assessed against a series of levels ranging from Foundation through to Platinum. This approach allows organisations to more easily demonstrate their capability and process maturity, while providing a solid basis for organisational improvements.

The upgraded scheme is underpinned by a Base Process Library (BPL) which currently contains 22 base processes. It was here that Nexor was able to contribute during the development by helping with the preparation of the BPL which organisations use to create their own Process Reference Models.

The search for best practice

The search for best practice

The team at Nexor had been looking for some time to establish a framework for best practice and process maturity. Initially, they adopted the Capability Maturity Model integration (CMMI™) as a basis for continual improvement. However this was not the ideal fit as Irene Dovey, Business Improvement Manager explains.

“Nexor has always invested in best practice and while CMMI™ is incredibly strong, as we delved deeper into the model, we felt it was more prescriptive than an organisation of our size with limited resource could justify. When we found out about the development of the TickITplus scheme, we felt this would give us what we were looking for - a valuable and pragmatic way of demonstrating the maturity of our processes.

“Whereas the previous TickIT scheme comes from a pass or fail perspective, the upgraded version with the competency gradings gives us the opportunity to differentiate ourselves in the marketplace.

“We believe that if TickITplus gets the support and exposure it deserves, it could provide a valuable and pragmatic lighter version that assists towards implementing some of the leading, higher profile maturity models on the market today.”

Making the transition

Making the transition

The team at Nexor began the transition by going through each of the process areas and carrying out a gap analysis against the TickITplus requirements.

An integral part of this exercise, was the preparation of a Process Reference Model (PRM) and this provided the basis of the evidence required for the TickITplus assessment together with a business improvement action plan for areas which needed further attention.  The rigour needed to go through the production of the PRM prompted the organisation to take a fresh look at its processes. This helped them test the robustness of each process and also identify areas for improvement.

Nexor selected the Systems and Software Development and Maintenance Scope Profile. As the scheme takes a new approach and had yet to be published, the team at Nexor felt they needed additional guidance. Andy Kays, Head of Operations explains why they chose this route. “Our consultant, Dave Wynn of Omniprove is involved in the TickIT Steering Committee and so understood what was needed. There was no guidance or support documentation available to us because the scheme had not yet been published.  Dave was therefore able to translate how the scheme works and give us guidance on how to present our processes in line with the Scheme requirements.”

And for organisations who are considering putting a quality management system in place, the TickITplus model is ideal. Organisations that are running their business in an effective way will already have a lot of processes in place to meet the requirements of the scheme.

Nexor is already seeing benefits from having reviewed each of the Process Areas and was able to identify where they were duplicating effort. Andy Kays explains, “An example of this is in procurement where we had a number of different people getting involved that didn’t need to be. So, we made one person responsible for purchasing third party equipment which not only avoids confusion but has saved time, effort and money.”

Another area in which the company has made changes is in its service delivery. “The sales team, having won client business, would come back into the office and brief the engineering team. During the life of the project, the engineering team would liaise with the client as needed on specific aspects. This often meant additional and valuable information being learnt by the engineers.

“However, this information was not routinely being fed back into the sales teams. This in turn meant that when the sales person visited the client again they could find themselves out of touch. This loop has now been closed with a formalised debrief from engineering to sales at the end of a project,” Andy concludes.

Certification

Certification

The plan all along had been to make an early transition to the upgraded scheme. As part of the TickITplus pilot, Nexor had volunteered to be the first organisation to undertake external assessment with its long standing certification body and partner in the TickITplus Working Group, LRQA. 

“We really didn’t know what to expect from the assessment and although we had prepared well and had all the evidence on hand to show our LRQA assessors there was still a real sense of anticipation,” comments Irene.

“We were very aware that we were the first organisation to take this step and probably because of this, there was a real buzz and a sense of excitement during the assessment. We found it a far more interactive experience than a standard ISO 9001 TickIT audit and our assessor was challenging in his questions, which was good.”

“The upgraded scheme, with its Base Process Library, demands more than a standard ISO 9001 TickIT audit and seems to go a lot deeper. We covered a lot of ground in the assessment, which looked at most of our processes. Our assessor took a pragmatic approach, looking at demonstrable evidence and, importantly, we felt he was showing a full understanding of our business,” Irene concludes.

Nexor now plans to undertake a capability assessment at Bronze or Silver level, dependent on the development of these later this year.

Our advice

Our advice

If you are currently certified to ISO 9001 TickIT and wish to retain TickIT approval you will need to make the transition to TickITPlus Foundation level within the next three years. The Base Process Library and Guidance documents are now available to help you take this step. Here, Nexor’s Irene Dovey and Andy Kays offer their advice based on their experiences with the implementation of the TickITplus scheme.

  • Guidance documentation will be published shortly making it easier for organisations to make the transition from the existing to the upgraded scheme. When we were working through the initial steps, support material was not available. Therefore, you may not need to use consultants as we chose to do.
  • Make TickITPlus part of your normal process improvement process.
  • Keep in mind you do not have to produce the exact work products used as examples in the Process Reference Model. You may combine or use differently named work products to achieve the same effect.
  • Get those who are directly involved in doing the work to review the relevant Process Area and identify gaps.
  • Develop an Action Plan based on a gap analysis. Include the small changes that will add value to current practices as well as the more fundamental requirements. Review on a ‘little and often’ basis to add to the momentum of implementing improvements.
  • Review the Process Area base practices in conjunction with the TickITplus Guide to add further context.
  • Where possible, add links to documents referenced in the Process Reference Model to save time both during the TickITplus assessment and in future reviews when updating the PRM.

Keep in mind the Purpose and the Outcome of the Process Area when reviewing the base practices to help interpret how this is done within your own company.

About Nexor

About Nexor

Nexor connects, transforms and protects sensitive information in cyberspace.  Dedicated to the defence and security industry, Nexor provides an end-to-end capability to manage secure information exchange, enable cross domain interoperability, prevent data loss and promote collaborative working by building solutions to enforce corporate security policies. 

Standards: ISO 9001 quality
TickITPlus Foundation level
ISO 27001 information security
Website:  www.nexor.com