Orcro Launches OpenChain Certification
Orcro Limited becomes the UK’s first accredited provider of ISO/IEC 5230:2020 compliance certifications.
ISO/IEC 5230:2020 was published by the International Standards Organisation on 14 December 2020 and formalises OpenChain as an international standard.
OpenChain is the world’s leading programme for open source software compliance. It’s a project of the Linux Foundation, and establishes a framework for licence compliance for Open Source software.
Modern software development increasingly involves using open source: it’s not unusual for a single application to contain thousands of different open source components. Each is subject to copyright, and each is subject to a licence. There are hundreds of different licences, each with differing requirements. Breach of any one licence can lead to breach of copyright claims, injunction and costs. OpenChain provides a framework to ensure that all the licences are respected, and that decisions relating to licence compliance are all recorded. Following similar practice in the pharmaceutical, food and manufacturing businesses, ISO/IEC 5230:2020 provides a framework for ensuing traceability, compliance and record keeping for those components, and a management structure to ensure that they happen.
Purchasers dealing with an OpenChain/ ISO/IEC 5230:2020 compliant supplier are reassured it has a robust set of practices, policies and procedures in place to ensure that the software purchased has been developed to meet the licence requirements, and that the supplier can provide the documentation needed to ensure both parties can comply. This drastically reduces friction and simplifies purchasing. It’s why companies like Scania are starting to insist that their software suppliers are ISO/IEC 5230:2020 compliant.
Suppliers maintaining ISO/IEC 5230:2020 compliance helps reduce risk of IP infringement. It sets companies apart from its competitors, and enables them to participate in sales to an increasing number of companies which are preferring or demanding ISO/IEC 5230:2020 compliance from their suppliers.
“We’ve been embedded in the development of OpenChain from an early stage, and it’s already delivered great results for our clients. The publication of ISO/IEC 5230:2020 opens a new chapter, and it’s certain that ISO/IEC 5230:2020 compliance will become an industry norm – the advantages are so clear for suppliers and customers alike”.
“The OpenChain Project has built with International Standard for open source license compliance with a single goal in mind: making sure that user companies from multiple industry segments can build and deploy quality open source compliance programs.
The provision of services like Third-Party Certification around the International Standard is a critical part of providing choice and support to these companies. I am delighted to welcome the new Orcro certification process to market. Andrew and his team have been a pivotal part of the OpenChain development process and are perfectly positioned to ensure user companies can obtain assistance in adhering to our ISO standard.”
Moorcrofts LLP (also an OpenChain partner) and its sister company Orcro have been advising clients on open source compliance issues for many years. Orcro couples its unique legal, industry and supply-chain expertise with a team of world-class consultants who understand the unique compliance challenges which face development projects in fields as diverse as web apps, iOS, Android, Docker containers, embedded systems and IoT.
Orcro can now provide an ISO/IEC 5230:2020 accreditation, providing suppliers with independently verified assurance that its development projects meet the OpenChain standard, and that its practices and procedures are robust, reliable and developed to industry standards. For more information visit orcro.co.uk or contact Andrew Katz on: firstname.lastname@example.org or (0) 203 7930343.