ISO/IEC 5230:2020 was published by the International Standards Organisation on 14 December 2020 and formalises OpenChain as an international standard.
OpenChain is the world’s leading programme for open source software compliance. It’s a project of the Linux Foundation, and establishes a framework for licence compliance for Open Source software.
Modern software development increasingly involves using open source: it’s not unusual for a single application to contain thousands of different open source components. Each is subject to copyright, and each is subject to a licence. There are hundreds of different licences, each with differing requirements. Breach of any one licence can lead to breach of copyright claims, injunction and costs. OpenChain provides a framework to ensure that all the licences are respected, and that decisions relating to licence compliance are all recorded. Following similar practice in the pharmaceutical, food and manufacturing businesses, ISO/IEC 5230:2020 provides a framework for ensuing traceability, compliance and record keeping for those components, and a management structure to ensure that they happen.
Purchasers dealing with an OpenChain/ ISO/IEC 5230:2020 compliant supplier are reassured it has a robust set of practices, policies and procedures in place to ensure that the software purchased has been developed to meet the licence requirements, and that the supplier can provide the documentation needed to ensure both parties can comply. This drastically reduces friction and simplifies purchasing. It’s why companies like Scania are starting to insist that their software suppliers are ISO/IEC 5230:2020 compliant.
Suppliers maintaining ISO/IEC 5230:2020 compliance helps reduce risk of IP infringement. It sets companies apart from its competitors, and enables them to participate in sales to an increasing number of companies which are preferring or demanding ISO/IEC 5230:2020 compliance from their suppliers.
“We’ve been embedded in the development of OpenChain from an early stage, and it’s already delivered great results for our clients. The publication of ISO/IEC 5230:2020 opens a new chapter, and it’s certain that ISO/IEC 5230:2020 compliance will become an industry norm – the advantages are so clear for suppliers and customers alike”.
“The OpenChain Project has built with International Standard for open source license compliance with a single goal in mind: making sure that user companies from multiple industry segments can build and deploy quality open source compliance programs.
The provision of services like Third-Party Certification around the International Standard is a critical part of providing choice and support to these companies. I am delighted to welcome the new Orcro certification process to market. Andrew and his team have been a pivotal part of the OpenChain development process and are perfectly positioned to ensure user companies can obtain assistance in adhering to our ISO standard.”
Moorcrofts LLP (also an OpenChain partner) and its sister company Orcro have been advising clients on open source compliance issues for many years. Orcro couples its unique legal, industry and supply-chain expertise with a team of world-class consultants who understand the unique compliance challenges which face development projects in fields as diverse as web apps, iOS, Android, Docker containers, embedded systems and IoT.
Orcro can now provide an ISO/IEC 5230:2020 accreditation, providing suppliers with independently verified assurance that its development projects meet the OpenChain standard, and that its practices and procedures are robust, reliable and developed to industry standards. For more information visit orcro.co.uk or contact Andrew Katz on: firstname.lastname@example.org or (0) 203 7930343.
About Orcro Limited
Orcro Ltd works hand-in-hand with Moorcrofts LLP’s team of specialist technology lawyers to provide project management and compliance expertise ensuring all clients receive a full end-to-end service. This means Moorcrofts and Orcro together not only provide the legal advice but also the implementation services necessary to deliver complete compliance within a firm. The Orcro compliance team draw on skills in implementation, training, documentation, systems and assessment, either in-house, or by partnering with best-in-breed third party companies. Orcro compliance services include: OpenChain Compliance, Code Scanning and Compliance Review and DevOps Integration. For additional information, visit: www.orcro.co.uk
About Moorcrofts LLP
Moorcrofts is a boutique legal practice, focusing on corporate and contract law, tech law, employment (including employee incentivisation) and commercial property. Moorcrofts is intensely targeted to provide real expertise and in-depth experience in our chosen fields. Its clients include household names among its international clientele ranging from entrepreneurs to US stock-market listed companies. Moorcrofts is based in the Thames Valley giving its clients easy access, whether they are based in London, Oxford, Maidenhead or Reading, and the firm is only 25 minutes from London Heathrow Airport.
Moorcrofts specialises in niche areas of tech law, such as free and open source software and software supply chain compliance. Moorcrofts has partnered with the Linux Foundation to become one of the first five pilot partners worldwide (and the first organisation in the UK) authorised to promote its OpenChain compliance programme.
About the OpenChain Project
The OpenChain Project helps to identify and share the core components of a high quality open source compliance program. OpenChain builds trust in Open Source by making things simpler, more efficient and more consistent. It is the industry-standard for managing Open Source compliance across the supply chain.