ANOTHER FIRST – NEXOR ACHIEVES TICKITPLUS CERTIFICATION
In December 2010, Nexor became the first UK company to be awarded TickITplus certification as a result of a transition assessment by external certifying body, LRQA (Lloyds Register Quality Assurance). This is an achievement that further demonstrates Nexor’s commitment to business professionalism and shows that Small and Medium Enterprises (SMEs) can lead the way in process maturity.
TickITplus replaces the ageing TickIT scheme and is designed to expand beyond the original focus on software development to cater for the more diverse needs of the IT industry today by providing a more comprehensive measure of capability. The Joint TickIT Industry Steering Committee (JTISC) brought together a broad range of stakeholders to develop the new approach, which incorporates capability levels whilst ensuring suitability for all sizes of organisation.
Nexor, with its mature experience of ISO9001 quality and ISO27001 information security management system standards, was able to contribute to the preparation of the Base Process Library – one of the key constructs of the scheme – which organisations use to create their own Process Reference Models.
Each Base Process has a purpose and an outcome and encompasses all the elements considered to be good practice.
Nexor’s Business Improvement Manager, Irene Dovey, comments: “A major benefit was going through the Process Areas and undertaking what was, in effect, a gap analysis. This helped us to test how robust our processes are and identify areas for improvement.”.
Steve Kingan, CEO, adds: “Part of Nexor’s strategy is to develop a world class professional capability. We were the first enterprise to be formally recognised under the Intellect Business Certificate programme and I am delighted that Nexor is the first to achieve recognition under the TickITplus banner.
“This scheme is a major enhancement of the long standing best practice standard for information technology and is a very pragmatic implementation of the principles of capability maturity. We believe that it will enhance our competitive edge and give new customers and partners increased confidence of our overall capability and the quality of our delivery.”.
Providing guidance and practical support to Nexor in preparation for TickITplus, Dave Wynn of Omniprove comments: “It was a real pleasure working with Nexor on this important initiative and seeing how enthusiastic the team were in using TickITplus to improve their processes. This achievement is a reward to the commitment given by Nexor to be seen as a company always pushing ahead with improvements and I’m convinced they will continue through to higher levels”.
TickITplus offers a number of benefits to different stakeholders. For customers, TickITplus can be used as a measure of a supplier’s process capability and maturity, especially in procurement selection exercises, to reduce risk.
For organisations implementing TickITplus, business risk is reduced as a result of increased capability, embedded best practice and creation of a culture of continuous improvement. Multiple quality standards can also be assessed in one audit.
Going forward, Nexor will continue to support the scheme, which is currently being reviewed by UKAS (United Kingdom Accreditation Service) and is anticipated to shortly become fully accredited. Nexor is currently providing input into TickITplus Scheme Guidance Notes, which will eventually be published to provide advice to organisations on best practice.
Additionally, as the scheme evolves from the current Foundation Level to Bronze and Silver later this year – with Gold and Platinum beyond that – Nexor will maintain its leading edge by aiming for early certification at the highest level available.
RECENT BLOG POSTS
The NCSC (National Cyber Security Centre) published 14 cloud security principles in 2016. These principles are designed to give guidance to cloud service providers in order to protect their customers. But do the customers themselves have a responsibility for their own security? Nexor investigates the role of the customer in keeping their data secure.
Traditionally, our approach to managing cyber security risks has been ‘static’ – in the sense that the threat analysis, risk assessment and treatment plan are performed as manual operations ‘up front’ of solution deployment – usually as part of a Secure Development Lifecycle (SDL) – such as Nexor’s CyberShield Secure Development methodology.
For our 2017 Christmas greetings we ran a Nexor Treasure Hunt asking our customers to find the link between Nexor and the buildings in the images below.
Be the first to know about developments in secure information exchange