IPL corporate presentation (v2.8)

TickITplus – what it can do for you
Talk to BCS Hants
March 2012
Graham Gee
Quality & InfoSec Manager
Graham Gee
BSc in Astrophysics and PhD in Submillimetre Astronomy at
Queen Mary College, University of London
26+ years in IT industry
Wide range of employers, clients, market sectors
Previously 10 years in mainland Europe (NL, CH, B, D)
20+ years in quality assurance, consultancy and management
Last 4.5 years Quality & InfoSec Manager at IPL in Bath
20 years as MBCS, <1 as FBCS
BCS Council member/trustee in early 00’s – change programme
IPL background
Trusted, independent
consulting & solutions house
30 year track record
260 staff, £28m+ turnover
Business/mission critical contexts
Consistently exceed expectations
Multiple market sectors
Re-defined strategy (MBO April ‘08)
• Intelligent Business
• Four service offerings
• Business and technical consulting
• Solution delivery, managed services
• Raising our profile
Use this layout for text on
Official Business
top of a vertically
IPL Differentiators
Quality & adaptability of staff
Depth of business & technical knowledge
Execution & delivery
Quality of output
Value for money
Long term business relationships
Commercial flexibility
Transparency & trust
Size & scale
Aerospace & Defence
Avionics systems
Mission planning
Crypto key management
Secure communications
Network management
In-flight refuelling
Ministry of Defence
Flight Refuelling
GE Aviation
Banking & Finance
Online financial product applications
Core banking systems
Asset & unit pricing control
Liquidity reporting
Data migration & integration
Pensions policy administration
Clydesdale Bank
Bank of England
Bristol & West Investments
Emergency Services
Core policing systems
ISS4PS compliance
Collision recording
ANPR data analysis
GIS & crime mapping
Mobile data solutions
EADS FiReControl
Hertfordshire Constabulary
Kent Police
Northamptonshire Police
Wiltshire Police
Web portals
Web-enabled Information
Complaints handling
“Digital Britain” testing
GIS & mapping applications
Local Authorities
Audit Commission
Met Office
Government Ombudsmen
Technology Strategy Board
Data warehouse & applications
Management information systems
Information management & SOA
Clinical drug trials data archive
Medical devices
A Global Energy Company
Imperial Tobacco Group
Fertility Focus
Telecoms, Broadcast & Media
GSM core network systems
Transmission and QoS management
Intelligent Networks
Multimedia services
Network/Service Management Systems
Technical Launch Services
Nokia Music
Traffic control centre systems
Managed motorways
Intelligent transport systems
Transport logistics
Asset management
Highways Agency
IPL’s Focus on Quality
IPL’s origins more than 30 years ago in UK Aerospace and Defence
Range of market sectors/customers, business/mission critical contexts
Objective since 1979 “to provide customers with high quality, high
reliability software within timescale, budget and specification”
“Quality is the responsibility of all individuals within the Company”
More than 20 years ago (before SEI’s CMM existed)
By 1988 IPL’s QMS and processes were aligned to the international standard
ISO 9001 and a few years later the TickIT software sector-specific scheme
TickIT was largely adopted by the UK software development industry
Especially in IPL’s core market sector with high quality requirements
Built into certification to ISO 9001 with regular external
assessment by specially qualified auditors (in IPL’s case this
is six-monthly by BSI and now LRQA)
Was mandatory for many years for software companies
working directly or indirectly for MoD
Is a best practice guide aligned with international standards
ISO 9001, ISO 9000-3 and ISO 12207
QMS Pressures 2010-2012
Wide range of market sectors, systems, applications and technologies
Increasing emphasis on business processes rather than detailed
technical procedures
QMS not kept pace with changing world – needs modern approach,
flexible, responsive, look-and-feel
Process-based approach and measurement:
Services Business Manual, TickITplus
Managed services:
Application take-on, support, ITIL, ISO20000?
IP generation: Product development
Accreditations & Affiliations
ISO 9001:2008/TickIT
ISO 27001:2005
ISO 14001:2004
Was due to launch in January 2011
3-year “clock” to migrate from TickIT started ticking in Dec 2011
Adds process capability assessment, with levels mapped to
international standard ISO/IEC 15504, similar to CMMI
So moves TickIT to same basis as CMMI but also
Backed by UK plc (including BSI, BCS, Intellect, MoD)
Integral part of certification to international standard ISO 9001 by certification bodies
such as BSI, LRQA and DNV
Requires mapping of project, technical, organisational, IT-specific, agreement and
maturity processes to the Base Processes Library
IPL’s 1st plan v. TickITplus levels
ISO 15504 process levels
1. Performed
2. Managed
TickITplus Target
Foundation 2011
3. Established
4. Predictable
5. Optimizing
Steps to TickITplus: 2006-2010
TickIT lead auditor course in 2006:
Declining interest in the scheme; only one accredited trainer in the UK;
Auditor and company registrations dropping; only ever good practice guidance;
CMMI stolen march in India and elsewhere from its US origins
Joined IPL in Oct 2007 aiming to bring QMS into 21st century
Long experience in Quality/TickIT and with BCS
TickITplus coming “soon” as UK alternative to CMMI…
Occasionally we get pressure around our plans w.r.t. CMMI in
questionnaires and responses
Happened again at end of 2010 around Thales preferred supplier selection
TickITplus was a long time coming – chronic lack of communication
Steps to TickITplus: during 2011
Transition of Certification Body to LRQA – December 2010
Kept the faith –> information sessions hosted at Intellect, early 2011
Speculative gap analysis cf. list of process titles – March/April 2011
Assessor/practitioner training by Dave Wynn for IT Governance – June
Base Process Library (BPL) finally published – also June 2011
Confirmed gap analysis (cf. BPL) –> 1st draft PRM – July 2011
3-year “clock” to migrate from TickIT started ticking in Dec 2011
LRQA Stage 1 assessment – end Sept 2011 -> 3 Minor N/Cs
LRQA Stage 2 assessment – Dec 2011 -> certification but 7 new Minor
N/Cs (just before Christmas!) and Corrective Action Plan
What does TickITplus involve?
Eight scope profiles (currently two)
40 processes (currently 22): organizational, project and technical
Mapped to four international standards (currently one and a half)
ISO 9001 
ISO 20000 and ISO 27001 – resp. Q2/Q3 2012
ISO 15504 – basis laid but rest later, possibly 2013
Combined assessor/practitioner training – overseen by gasq
Currently three UK Certification Bodies (BSI, DNV, LRQA)
Run by Joint TickIT Industry Steering Committee (JTISC)
What does TickITplus look like?
Scope profiles
Systems and Software Development and Support
Product Validation, Quality and Measurement
To come
Information Management and Security
Service Management
Project and Programme Management
Corporate Strategy Planning and Management
Legal and Compliance
IT Systems Engineering and Infrastructure
Organizational processes
Human Resource Management
Management Framework
Corporate Management and Legal
Infrastructure and Work Environment Management
Measurement and Analysis
Customer Focus
Risk Management
Lifecycle Model Management
Measurement and Analysis
Process ID
Process Purpose
To provide information to enable better decision making.
Process Name
Measurement and Analysis
Organizational Processes
Process Outcome
Process Base Practices
Input Work Products
Output Work Products
ISO 9001
BP.1 Define Measurement and Analysis Policy and Procedures
Business Plan
Measurement Policy
Measurements are
used to demonstrate
achievement of
business objectives,
to support decisions
and identify
Policies are established, approved and communicated to ensure that measures are identified, collected,
analysed, reported and used, to support the achievement of the business plan.
Measurement Procedures
Procedures are established for developing measures against key business objectives, to understand
performance. The procedures define the method for identifying, collecting, storing, analysing and using
Policies and procedures are periodically reviewed and updated in line with the business plan.
The policies and procedures are maintained under the management framework.
Measurement is embedded in the top-level documents for each management system.
[Business Needs]
Quality Policy
There is a specific Integrated Management Procedure (IMP02) focussed on audit and improvement
Strategy, Objectives, Targets,
Key Performance Measures
IS and ISMS Policies
BP.2 Identify Measurement Objectives and Data
Business Plan
Measurement Objectives
The organization establishes where measures are necessary and identifies the objectives and data sources
necessary to achieve them.
Stakeholder Requirements
Measurement Data Sources
IMP02, Audit and Improvement
The objectives and data sources are reviewed and agreed by stakeholders.
Company-level measurement objectives are defined for each management system. The top-level objectives Strategy, Objectives, Targets,
for the services business are in the SBM. There are more detailed measurement objectives in a document for Key Performance Measures
Operations which informs the specific objectives for each software project.
Quality Policy
These are reviewed and agreed by the Quality Review Board (QRB, comprising COO, CTO and Quality
IS and ISMS Policies
Manager) for Quality, and the IS Forum for InfoSec.
Quality Objectives
Services Business Manual
Operations Quality Objectives
Quality Plan: Quality
ISMS Overview
BP.3 Collect and Analyse Measurement Data
Measurement Objectives
Measurement and Analysis Data 8.2.3
Measurement data is collected and stored in line with the collection method.
Measurement Data Sources
Measurement And Analysis
The measurement data is validated and any need for additional measurement is identified
The measurement data is analysed to provide indicators and recommendations to stakeholders.
Project processes
Project Management
Configuration and Change Management
Problem and Incident Management
To come
Decision Management
Information Management
IT Finance Management
Management Reporting
Project Management
Process ID
Process Purpose
To ensure that the projects meet their objectives.
Process Name
Project Management
Project Procedures
Process Outcome
Process Base Practices
Input Work Products
Output Work Products
BP.1 Establish Project Management Policies and Procedures
Business Plan
Project Management Policies
The organization
achieves project
objectives in a
controlled manner,
and delivery is on
time, in budget and
to quality.
Policies are established, approved and communicated that govern the project management methodology and
the delivery of projects.
ISO 9001
Project Management Procedures 4.2.3
Procedures are defined, approved and made available for use, to implement the project management
policies. The procedures cover project planning, tailoring, estimating, monitoring and control, resourcing,
reporting, escalation, together with supplier, stakeholder, risk and issue management
The policies and procedures are maintained under the management framework.
The Delivery Manual contains the processes related to project management. It was reviewed and approved
by a subset of the Board and Exec Committee. Supporting documents provide additional procedures. They
are made available via the intranet.
Delivery Manual
Annual Business Plan
SCOP-R: Project Control
Services Business Manual
Quality Objectives
Management Procedure 2:
Progress Reporting
SCOP-P 9001, Risk
BP.2 Scope the Project
Stakeholder Requirements
Scope Statement
A scope statement is defined for the project with deliverables agreed by stakeholders. The quality objectives
and the requirements for the project are established and documented.
Objectives, constraints and assumptions are recorded and agreed before project initiation
Projects select and tailor the appropriate lifecycle model, and the rationale is documented.
Estimates are produced against the agreed scope, including any necessary contingency. A budget for the
work to be undertaken is prepared.
The scope, objectives, constraints, selected approach, estimates and budget are reviewed by stakeholders
and approved by management.
The Delivery Manual and SCOP-R describe how to initiate a project.
Invitation to Tender/Request
for Proposal
The Project Plan and Quality Plan set out the key aspects for the project to be delivered.
Project scope and estimates will have been defined as part of the proposal process.
Delivery Manual: Initiate Project
SCOP-R: Project Control
Operations Quality Objectives
Project Plan
Quality Plan: Project Lifecycle
Technical processes
Data and Record Management
Integration Management
Transition and Release Management
Maintenance Management
Stakeholder Requirement Definition
Requirements Analysis
Architectural Design
Development Implementation
Architectural Design
Process ID
Process Purpose
To produce a top-level design that identifies the major components and interfaces of the product.
Process Outcome
Process Base Practices
BP.1 Establish Development Approach
The top-level design
addresses all the
system requirements,
with no defects found
in development.
Process Name
Architectural Design
Technical Processes
Input Work Products
Output Work Products
Lifecycle Model Description and Selected Lifecycle
Different development approaches are considered in formulating the architecture design, and an approach Assets
is selected that best meets the system requirements.
ISO 9001
The selection decision and supporting rationale is documented, reviewed and approved.
Initial development approach is captured in quality plan. Refined during requirements and design stages.
SCOP-P 800x, Software
Development Methods
Quality Plan
ETC Agile Framework
BP.2 Create Architectural Design
System Requirements
The top-level design is created taking into account the architectural standards of the organization.
Top Level Design
Traceability Report
The major components and interfaces necessary to meet the system requirements are identified. System
requirements are traceable to the major components.
Interfaces include interactions between system components, and between the system and the external
Design constraints, assumptions and dependencies are documented.
The system is designed to ensure that it meets the system requirements, external interfaces and selected
design standards.
System Requirements Spec
High Level Design
Quality Plan: Design Process
Traceability Matrix
Design specifications are produced in line with the design methodology selected. SCOP-P 2001 provides
the default format and content for design specs.
SCOP-P 200x, design standards
The approach to traceability depends upon customer requirements, the nature of system under
development and any applicable standards (e.g. higher levels of DO-178B) plus the design methodology
and modelling tools being used.
BP.3 Review Architectural Design
Top Level Design
The top-level design is reviewed by stakeholders to ensure all system requirements have been adequately
Review Records
Top Level Design
Customer Notifications
The customer is advised of any adverse impact on cost, schedule and customer needs arising from the
proposed top-level design, along with possible alternatives.
The review approach is defined in the Quality Plan. Detailed reviews can include Preliminary and Critical
Design Reviews with customer involvement.
High Level Design
High Level Design
Quality Plan: Review Process
Review Records
SCOP-P 4001, Review
BP.4 Manage Architecture Changes
Change Request
Change Record
Changes to the top-level design are formally controlled through the change control process.
Changes to the top-level design are reviewed by stakeholders for their impact on cost, schedule and
customer needs.
The results of the review are communicated to stakeholders, and records maintained.
What has TickITplus done for us?
TickITplus lessons/benefits
Modern, pragmatic, detailed process/practice requirements NOT good
practice guidance (cf. TickIT)
Based on international standards - ISO 9001 and ISO 15504 (aka. SPICE)
Scheme to be extended to allow combined assessment with ISO 20000
and ISO 27001
Regular, professional and independently assured assessments by
certification bodies - currently BSI, DNV and LRQA in the UK cf. CMMI
Much less bureaucratic than CMMI
BUT TickITplus Foundation level (currently 22 processes) is only
equivalent to CMMI Levels 2/3 (resp. 7/11 processes) with capability
maturity dimension based on ISO 15504 to be added
IPL – where next with TickITplus?
LRQA surveillance visit – end March 2012
Some processes clearly need improving/redefining
Configuration/change management Integration management
Lifecycle model management
LRQA’s recertification visit at end of August 2012
Extension to cover ISO 27001 later in 2012?
Could consider adding additional scope profiles?
Move up to Bronze (OK) and Silver (difficult) when available
Share the good news with the UK IT community via BCS, LRQA, Intellect,
with Omniprove and Nexor
Quality & InfoSec Manager
[email protected]
01225 475287
Eveleigh House
Grove Street
Bath BA1 5LR
01225 475000
Additional slides
To be used as required
Aerospace &
Banking &
Broadcast &
A Global Energy
Engagement Models
Long term relationship via a range of engagement models
Managing risk
• Time-boxed
• Risk/reward
• Fixed price
• Time & materials
• Gain share
• IPR ownership
• Bid-stage engagement
• Teaming agreement
• Single consultant
• Managed team of >50
• Your premises
• IPL’s offices
• Quick commercial response
• Start within days
Business Consulting
Identifying the business need
Information management
Business analysis
Business process management
Business case preparation
IS strategy
Programme management
Technical Consulting
Analysing the technical options
Client-side - procurement support, technical project
management, design authority
Project specific - rapid prototyping, requirements
capture, architecture design
Subject matter expertise – eg telecoms technologies,
secure communications, geospatial technologies
Bid support - expert advice and technology
Solution Delivery
Delivering the solution
Full life-cycle implementation
Software development
Systems integration
Mitigating risk and sharing development burden
Reducing development timescales
3rd party product expertise
Accredited quality methodology
Predictable, reliable, transparent delivery
Managed Services
Supporting commercial solutions
On-going support and maintenance services
Secure, modern premises
3rd party application support
System hosting
Reducing overall cost of ownership
Freeing organisation to focus
on core skills and strategic projects
UK facilities & staff
Working with IPL
“IPL is our strategic software partner...track record of delivering
high quality, leading edge software...”
Commercial Director
“IPL brought a fresh and independent look at the way we
develop systems...helped us to take a valuable step back from the
day-to-day detail...together, we will develop more successful
“...a first class and dependable software development service...
contributed value at many levels in the design and development
Working with IPL
“Very competent, very proactive, willing to assist, reliable and
Programme Manager
“Actually appear to live the culture of customer support and
commitment. Deliver what they say they are going to deliver
when they say they are going to deliver”
Programme Manager
“They are a reliable, professional outfit...work hard to
understand the clients requirements and deliver against them”
Application Support Manager

similar documents