A definition of the scope of TickIT

 

 


Homepage
TickIT Scheme
TickIT News
TickIT Products
Certification Bodies
Auditor Registration
TickIT Forum
Certified Organisations
Contact Us
Disc Homepage
BSI Homepage



A definition of the scope of TickIT

Introduction

The scope of the TickIT Scheme, which has been approved by the United Kingdom Accreditation Service (UKAS) and the Swedish Board for Accreditation and Conformity Assessment (SWEDAC), is defined on this page.

These definitions are, with minor modifications, the result of joint activity between BSI Committee BRD/3/1 (now replaced by JTISC/-) and the Association of British Certification Bodies (ABCB). The Independent International Organization for Certification (IIOC) has also participated through its representation on the TickIT Industry Committee.

The scope definitions are used by accreditation authorities and certification bodies to determine whether a TickIT auditor should be assigned to carry out or participate in an audit; however, only those Certification Bodies that have been accredited within the TickIT procedures are allowed to issue TickIT-endorsed ISO 9001 certificates.

Where TickIT is relevant

TickIT applies whenever a certification client carries out software development in the circumstances described below. In this context, software is defined as 'intellectual creation comprising the programs, procedures, rules and any associated documentation pertaining to the operation of a data processing system' (ISO 2382-1:1994).

Software product or service development

TickIT applies whenever software development is carried out and the software is incorporated in the delivered product or service of the organization applying for certification, irrespective of the medium on which the software is held or supplied.

TickIT is applicable:

  • when the software is the totality of the delivered product
  • to embedded software, including the development of programmable hardware devices where software tools are used to determine device functionality
  • when embedded software is being developed for hardware designs based on microprocessors, including the development of application software for Programmable Logic Controllers (PLCs), however, application software for stand-alone PLCs which execute non-complex, non-critical functions is deemed to be excluded

Internal software development

TickIT applies where:

  • in-house software development is undertaken that significantly affects the quality of the delivered product or service (whether this contains software or not), for example:
    • in the provision of financial services
    • in the provision of information and communications services
    • in the testing of manufactured product
    • in the provision of engineering and technical services
  • in-house software development is undertaken that is related to the administration of an organization rather than product or service quality, for example payroll, and where the organization applying for certification wishes this capability to be covered by the certification process (and included in the scope of certification)

The provision of data or parameter values by users to applications software (for example the use of an existing spreadsheet model where minimal new logic is defined, or data input to numerically controlled machines) is not considered to be software development, and is outside the TickIT scope.

Software replication

TickIT applies to software replication activities, regardless of their separation from software development activities (either functionally or across business enterprise boundaries). Care must be taken in the application of this case, since it is considered that simple replication activity, where sufficient steps have been taken to preserve the configuration of the software against the introduction of error during the activity, may be satisfactorily assessed by non-TickIT registered auditors. An example of the type of case which may be excluded, when it exists in isolation, is the operation of dedicated proprietary CD-ROM and diskette duplication machines.

Software-related services

TickIT applies in cases of software-related services where significant configuration management takes place.

Facilities management

TickIT applies to instances of information technology facilities management where software development and/or maintenance and/or software configuration is part of the management contract.

Computer operations services

TickIT applies to computer operations services, where applications or systems software support, development and/or maintenance forms a part of the overall service offered.

Systems integration services

TickIT applies to systems integration services (hard-ware/software combination), whenever there is a soft-ware component, even if there is no coding involved. Auditors of such services may need hardware integration experience in addition to the attributes of a TickIT auditor.

Installation of application software on personal computers is not considered to be a systems integration service.

Peripheral services

TickIT applies to peripheral services (examples being consultancy, commissioning installation, software or system sales) where software evaluation and/or selection forms a part.

Installation of application software on personal computers is not considered to be a peripheral service.

Software archiving and storage

TickIT applies to software archiving and storage services, or the provision of escrow services, where significant configuration management of the software forms a part of the services provided.

Subcontracting

TickIT applies to subcontracting and associated integration activities of prime contractors of systems that depend upon software for functionality. This also includes the subcontracting of software testing and certification activities which are not already accredited by agencies such as UKAS and NaVLAP.

Exclusions from TickIT scope

TickIT does not apply in the following circumstances (where no software development is involved):

  • software stock holding (warehousing)
  • software sales (over the counter, mail-order)
  • installation of application software on personal computers (see above)
  • provision of data or parameter values by users of application software (see above)
  • the operation of dedicated proprietary CD-ROM and diskette duplication machines, when carried out as an isolated business activity (see above)

 

 


Top of the page

© Copyright BSI 1995-2009