430 likes | 567 Views
TickITplus – what it can do for you. Talk to BCS Hants March 2012 Graham Gee Quality & InfoSec Manager. Graham Gee. BSc in Astrophysics and PhD in Submillimetre Astronomy at Queen Mary College, University of London 26+ years in IT industry
E N D
TickITplus – what it can do for you Talk to BCS Hants March 2012 Graham Gee Quality & InfoSec Manager
Graham Gee • BSc in Astrophysics and PhD in Submillimetre Astronomy at Queen Mary College, University of London • 26+ years in IT industry • Wide range of employers, clients, market sectors • Previously 10 years in mainland Europe (NL, CH, B, D) • 20+ years in quality assurance, consultancy and management • Last 4.5 years Quality & InfoSec Manager at IPL in Bath • 20 years as MBCS, <1 as FBCS • BCS Council member/trustee in early 00’s – change programme
IPL background • Trusted, independent consulting & solutions house • 30 year track record • 260 staff, £28m+ turnover • Business/mission critical contexts • Consistently exceed expectations • Multiple market sectors • Re-defined strategy (MBO April ‘08) • Intelligent Business • Four service offerings • Business and technical consulting • Solution delivery, managed services • Raising our profile • Official Business Partner
IPL Differentiators • Quality & adaptability of staff • Depth of business & technical knowledge • Execution & delivery • Quality of output • Value for money • Long term business relationships • Commercial flexibility • Transparency & trust • Size & scale
Aerospace & Defence Avionics systems Mission planning Crypto key management Secure communications Network management In-flight refuelling Ministry of Defence Flight Refuelling EADS Thales Logica GE Aviation
Banking & Finance Online financial product applications Core banking systems Asset & unit pricing control Liquidity reporting Data migration & integration Pensions policy administration Nationwide Clydesdale Bank Bank of England Barclays Bristol & West Investments
Emergency Services Core policing systems ISS4PS compliance Collision recording ANPR data analysis GIS & crime mapping Mobile data solutions EADS FiReControl Hertfordshire Constabulary Kent Police Northamptonshire Police NPIA Wiltshire Police
Government Web portals Web-enabled Information Complaints handling “Digital Britain” testing GIS & mapping applications Local Authorities Audit Commission Met Office Government Ombudsmen Technology Strategy Board
Industry Data warehouse & applications Management information systems Information management & SOA Clinical drug trials data archive Medical devices A Global Energy Company Imperial Tobacco Group IBM GlaxoSmithKline Fertility Focus
Telecoms, Broadcast & Media GSM core network systems Transmission and QoS management Intelligent Networks Multimedia services Network/Service Management Systems Technical Launch Services Nokia Music Ericsson NSN Aepona O2 Orange Ubiquisys
Transport Amey Atkins Highways Agency Mouchel TfL Wincanton Traffic control centre systems Managed motorways Intelligent transport systems Transport logistics Asset management
IPL’s Focus on Quality • IPL’s origins more than 30 years ago in UK Aerospace and Defence • Range of market sectors/customers, business/mission critical contexts • Objective since 1979 “to provide customers with high quality, high reliability software within timescale, budget and specification” • “Quality is the responsibility of all individuals within the Company” • More than 20 years ago (before SEI’s CMM existed) • By 1988 IPL’s QMS and processes were aligned to the international standard ISO 9001 and a few years later the TickIT software sector-specific scheme • TickIT was largely adopted by the UK software development industry • Especially in IPL’s core market sector with high quality requirements
TickIT • Built into certification to ISO 9001 with regular external assessment by specially qualified auditors (in IPL’s case this is six-monthly by BSI and now LRQA) • Was mandatory for many years for software companies working directly or indirectly for MoD • Is a best practice guide aligned with international standards ISO 9001, ISO 9000-3 and ISO 12207
QMS Pressures 2010-2012 • Wide range of market sectors, systems, applications and technologies • Increasing emphasis on business processes rather than detailed technical procedures • QMS not kept pace with changing world – needs modern approach, flexible, responsive, look-and-feel • Process-based approach and measurement: • Services Business Manual, TickITplus • Managed services: • Application take-on, support, ITIL, ISO20000? • IP generation: Product development
Accreditations & Affiliations ISO 14001:2004 ISO 9001:2008/TickIT ISO 27001:2005
TickITplus • Was due to launch in January 2011 • 3-year “clock” to migrate from TickIT started ticking in Dec 2011 • Adds process capability assessment, with levels mapped to international standard ISO/IEC 15504, similar to CMMI • So moves TickIT to same basis as CMMI but also • Backed by UK plc (including BSI, BCS, Intellect, MoD) • Integral part of certification to international standard ISO 9001 by certification bodies such as BSI, LRQA and DNV • Requires mapping of project, technical, organisational, IT-specific, agreement and maturity processes to the Base Processes Library
Steps to TickITplus: 2006-2010 • TickIT lead auditor course in 2006: • Declininginterest in the scheme; only one accredited trainer in the UK; • Auditor and company registrations dropping; only ever good practice guidance; • CMMI stolen march in India and elsewhere from its US origins • Joined IPL in Oct 2007 aiming to bring QMS into 21st century • Long experience in Quality/TickIT and with BCS • TickITplus coming “soon” as UK alternative to CMMI… • Occasionally we get pressure around our plans w.r.t. CMMI in questionnaires and responses • Happened again at end of 2010 around Thales preferred supplier selection • TickITplus was a long time coming – chronic lack of communication
Steps to TickITplus: during 2011 • Transition of Certification Body to LRQA – December 2010 • Kept the faith –> information sessions hosted at Intellect, early 2011 • Speculative gap analysis cf. list of process titles – March/April 2011 • Assessor/practitioner training by Dave Wynn for IT Governance – June • Base Process Library (BPL) finally published – also June 2011 • Confirmed gap analysis (cf. BPL) –> 1st draft PRM – July 2011 • 3-year “clock” to migrate from TickIT started ticking in Dec 2011 • LRQA Stage 1 assessment – end Sept 2011 -> 3 Minor N/Cs • LRQA Stage 2 assessment – Dec 2011 -> certification but 7 new Minor N/Cs (just before Christmas!) and Corrective Action Plan
What does TickITplus involve? • Eight scope profiles (currently two) • 40 processes (currently 22): organizational, project and technical • Mapped to four international standards (currently one and a half) • ISO 9001 • ISO 20000 and ISO 27001 – resp. Q2/Q3 2012 • ISO 15504 – basis laid but rest later, possibly 2013 • Combined assessor/practitioner training – overseen by gasq • Currently three UK Certification Bodies (BSI, DNV, LRQA) • Run by Joint TickIT Industry Steering Committee (JTISC)
Scope profiles • Currently • Systems and Software Development and Support • Product Validation, Quality and Measurement • To come • Information Management and Security • Service Management • Project and Programme Management • Corporate Strategy Planning and Management • Legal and Compliance • IT Systems Engineering and Infrastructure
Organizational processes • Human Resource Management • Management Framework • Corporate Management and Legal • Infrastructure and Work Environment Management • Improvement • Measurement and Analysis • Customer Focus • Risk Management • Lifecycle Model Management
Project processes • Currently • Project Management • Configuration and Change Management • Problem and Incident Management • To come • Decision Management • Information Management • IT Finance Management • Management Reporting
Technical processes • Data and Record Management • Integration Management • Verification • Validation • Transition and Release Management • Maintenance Management • Stakeholder Requirement Definition • Requirements Analysis • Architectural Design • Development Implementation
TickITplus lessons/benefits • Modern, pragmatic, detailed process/practice requirements NOT good practice guidance (cf. TickIT) • Based on international standards - ISO 9001and ISO 15504 (aka. SPICE) • Scheme to be extended to allow combined assessment with ISO 20000 and ISO 27001 • Regular, professional and independently assured assessments by certification bodies - currently BSI, DNV and LRQA in the UK cf. CMMI • Much less bureaucratic than CMMI • BUT TickITplus Foundation level (currently 22 processes) is only equivalent to CMMI Levels 2/3 (resp. 7/11 processes) with capability maturity dimension based on ISO 15504 to be added
IPL – where next with TickITplus? • LRQA surveillance visit – end March 2012 • Some processes clearly need improving/redefining • Configuration/change management Integration management • Lifecycle model management Improvement • LRQA’s recertification visit at end of August 2012 • Extension to cover ISO 27001 later in 2012? • Could consider adding additional scope profiles? • Move up to Bronze (OK) and Silver (difficult) when available • Share the good news with the UK IT community via BCS, LRQA, Intellect, with Omniprove and Nexor
Questions? Eveleigh House Grove Street Bath BA1 5LR 01225 475000 Dr Graham Gee FBCS CITP TSSF Quality & InfoSec Manager graham.gee@ipl.com 01225 475287
Additional slides To be used as required
Customers Banking & Finance Aerospace & Defence Emergency Services Government
Customers Telecoms, Broadcast & Media Transport Industry A Global Energy Company
Engagement Models Long term relationship via a range of engagement models • Managing risk • Time-boxed • Risk/reward • Fixed price • Flexibility • Time & materials • Gain share • IPR ownership Partnership • Bid-stage engagement • Teaming agreement Staffing • Single consultant • Managed team of >50 • Location • Your premises • IPL’s offices Availability • Quick commercial response • Start within days
Business Consulting • Identifying the business need • Information management • Business analysis • Business process management • Business case preparation • IS strategy • Programme management
Technical Consulting • Analysing the technical options • Client-side - procurement support, technical project management, design authority • Project specific - rapid prototyping, requirements capture, architecture design • Subject matter expertise – eg telecoms technologies, secure communications, geospatial technologies • Bid support - expert advice and technology recommendations
Solution Delivery • Delivering the solution • Full life-cycle implementation • Software development • Systems integration • Mitigating risk and sharing development burden • Reducing development timescales • 3rd party product expertise • Accredited quality methodology • Predictable, reliable, transparent delivery
Managed Services • Supporting commercial solutions • On-going support and maintenance services • 3rd party application support • System hosting • Reducing overall cost of ownership • Freeing organisation to focuson core skills and strategic projects • Secure, modern premises • UK facilities & staff
Working with IPL “IPL is our strategic software partner...track record of delivering high quality, leading edge software...” Commercial Director “IPL brought a fresh and independent look at the way we develop systems...helped us to take a valuable step back from the day-to-day detail...together, we will develop more successful solutions...” CIO “...a first class and dependable software development service... contributed value at many levels in the design and development cycle” CTO
Working with IPL “Very competent, very proactive, willing to assist, reliable and effective.” Programme Manager “Actually appear to live the culture of customer support and commitment. Deliver what they say they are going to deliver when they say they are going to deliver” Programme Manager “They are a reliable, professional outfit...work hard to understand the clients requirements and deliver against them” Application Support Manager