Select regional store:


What is TickITplus?

TickITplus™, which replaced the TickIT scheme, is a software quality certification scheme designed to encourage good software development, auditing and certification practices.

The scheme is intended to be a generic framework for defining, assessing and enabling continual improvement of IT processes, where IT is used in its fullest sense of covering all IT-related management, development and computer-related activities.


What's on this page?

TickITplus Resources

TickITplus Base Process Library (BPL)

At the heart of the TickITplus™ scheme is a process model called the Base Process Library (BPL). The Base Process Library comprises 40 process definitions which cover the full range of IT activities, ensuring a consistent approach to process definition and assessment. The Base Process Library is available in softcover and download formats from our website.

TickITplus Core Scheme Requirements

The TickITplus Core Scheme Requirements specify the requirements for undertaking an accredited TickITplus assessment that meets the audit requirements of ISO17021, whilst also following the principles in ISO/IEC 15504-2.

The TickITplus Core Scheme Requirements are also available in softcover and download formats from our website.

TickITplus Guides

IT Governance stocks all the official TickITplus guides:

Tickitplus Courses

IT Governance, a TickITplus-accredited training provider, runs the TickITplus Foundation Training Course throughout the year. This two-day course is the starting level for everyone involved in TickITplus and is particularly suitable for those new to the scheme. We highly recommended it for anyone taking the TickITplus Foundation Exam. Read more about the TickITplus Foundation Training Course here.

Why TickITplus?

TickITplus was launched in 2011 by BSI’s Joint TickIT Industry Steering Committee (JTISC). The principal aims of the scheme are to capitalise on the strengths of TickIT, whilst recognising the changes in software development. Some of the key goals are to:

  • adopt a full process-driven approach to business systems management;
  • introduce capability assessment concepts;
  • accommodate the requirements of multiple standards, e.g. ISO9001, ISO20000-1 (IT service management) and ISO27001 (information security management);
  • strengthen the commitment to improvements;
  • enable collaborative assessments to be undertaken more formally.

enefits of TickITplus

TickITplus was introduced as a replacement for the TickIT scheme to reflect developments in technology, IT software and emerging standards including ISO2000, ISO27001, ISO2207 and ISO15288.

The key benefits of TickITplus are:

For organisations:

  • To encourage and promote continuous improvements
  • To support process development to meet business needs
  • To institutionalise good processes and practices
  • To reduce business risk as capability increases
  • To reduce assessment disruption
  • To involve staff in assessments

For customers:

  • To provide better criteria for supplier selection
  • To offer clear indications of suppliers’ process capabilities
  • To allow better risk management

For assessment organisations

  • To provide a clear, well-defined structure for conducting assessments with consistent results.

From TickIT to TickITplus

The TickIT scheme has existed since the early 1990s and, although at the forefront of encouraging good IT engineering, auditing and certification practices, it became outdated.

The original scheme was introduced primarily to address issues within the classic software development areas. Over the years, IT provision has diversified, leading to less bespoke development activity. There is greater emphasis on, for example, package adaptation, system integration and configuration, internet applications, etc.

From its launch, TickIT only ever provided guidance on the interpretation of ISO9001 and, although the use of processes was encouraged, it was always predominantly requirements-driven. Even with the introduction of the 2000 edition of ISO9001, which significantly strengthened the process-based approach, TickIT still retained a requirements-driven approach at heart.

By comparison, newer requirements standards, such as ISO20000-1 and ISO27001, were emerging and were more clearly process-based.

Another consequence of being tied to ISO9001 was that TickIT audits could only result in a pass or a fail, which is now seen as a serious limitation. Customers often need, and even demand, clearer indications of supplier performance in key business processes such as risk management to provide better criteria for supplier selection.

One indication of process performance can be established through capability assessments complying with ISO15504-2. However, many companies have created integrated management systems and have requirements for combined assessments.

This is particularly relevant when organisations are adopting closely related standards such as ISO9001, ISO20000-1 and ISO27001. The benefits are clearly seen through easier deployment of processes, greater cost-effective maintenance and more efficient third-party assessments.

TickITplus was designed to address all these shortcomings by:

  • defining a core set of processes that provide complete coverage for a range of organisational activities;
  • adopting graded levels of process capability assessment and a maturity approach based on ISO15504-2;
  • providing relationships between the core processes and combinations of standards;
  • introducing the concept of having formally trained practitioners within an organisation to support ongoing improvements, promoting higher levels of process capability.

40 processes have been defined, which cover business, engineering, functional and support activities, and are contained within a database maintained by JTISC, called the BPL (Base Process Library). Processes are grouped into one of six defined categories.

TickITplus defines five levels of maturity of an organisation, consistent with the requirements stated within ISO15504-2. These levels are, in ascending order: Foundation, Bronze, Silver, Gold and Platinum.

Levels from Bronze to Platinum are attained by assessing (using capability assessments) whether an organisation has met certain process criteria.

Compliance at the Foundation level is determined by ensuring an organisation has identified processes correctly and is operating those processes.

It is recognised that existing TickIT organisations will want to progress through the graded levels at their own pace and as improvements allow. Consequently, the Foundation level exists to allow organisations to progress to TickITplus with minimal effort and then start their process maturity journey.

The scheme has been designed to allow combinations of IT-related requirement and reference standards to be mapped into the BPL, which will initially include ISO9001. As the scheme develops, further requirements and reference standards could be added according to demand, such as:

  • ISO/IEC 20000-1, Information technology – Service management - Specification
  • ISO/IEC 27001, Information technology – Security techniques – Information security management systems - Requirements
  • ISO/IEC 25030, Software engineering – Software product quality requirements and evaluation (SQuaRE)
  • IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems
  • BS 25999, Business continuity management.

These would then be mapped across to the existing or enhanced processes.

This website uses cookies. View our cookie policy