Source Code Control logo

ISO 5230 OpenChain Project

transform your open source software licence compliance

The OpenChain Project is a Linux Foundation initiative with the objective of building trust in Open Source Software by making Open Source License compliance:

  • Simple
  • Consistent
  • Predictable
  • Understandable
  • Efficient

 

The core of the OpenChain is the OpenChain Specification supported by a training curriculum, on which we built our Training Program.

Conformance allows organisations to display and promote their adherence to these requirements, helping to ensure that potential suppliers and customers understand and can trust their approach to Open Source Software compliance.

OpenChain image
Image of people being lectured in a training session

What is the OpenChain Specification?

The OpenChain Specification defines a set of requirements every quality compliance program must satisfy. 

In December 2020, the OpenChain Specification was ratified and published as an ISO standard, ISO 5230 OpenChain Standard.

There is an OpenChain training curriculum which provides the ISO 5230 OpenChain Standard educational foundation for how to manage open source software supply chains. Source Code Control have created a bespoke training program based on this curriculum.

Contact Us to learn about our Training Curriculum

ISO 5230 OpenChain Conformance

ISO 5230 has five process areas that need to be implemented to achieve conformance.

  • Implement an Open Source Policy or Guide
  • Train relevant people of the policy
  • Delegate responsibility for Open Source compliance
  • Create an Open Source review board
  • Identify 3rd party Open Source Software used and their attributes
  • Implement Software Composition Analysis (SCA)
  • If sharing source code, ensure this is done correctly
  • Ensure that license and copyright attributions are implemented correctly
  • Community contributing to your project
  • Your developers contributing to Open Source projects

ISO 5230 OpenChain Conformance Journey with Source Code Control

Step 1

Pre-Assessment

Self-Assessment,
Independent Assessment

Step 2

Education

OpenChain Curriculum,
Company-wide,
Self Manage

Step 3

Policy/Guide

Strategy,
Stakeholders,
Scope,
How to apply,
Communication

Step 4

Software Composition Analysis

Identify Open Source components,
Create license notices,
Automation

Step 5

Business as usual

Self Management,
Support from service providers,
Independent review

Our Interactive Assessment Tool

Project Plan templates

Introduction to ISO 5230 OpenChain Standard

ISO/IEC 5230 – Open Source Policy Tool Overview

Customer Case Study

We have helped organisations of all sizes achieve conformance. See how our customer Interneuron CIC achieved ISO 5230 OpenChain conformance

Click Here