Openchain audit and certification

OpenChain (ISO/IEC 5230:2020) Certification

Orcro Limited is the UK’s first accredited provider of ISO/IEC 5230:2020 compliance certifications.

ISO/IEC 5230:2020 was published by the International Standards Organisation on 14 December 2020 and formalises OpenChain as an international standard.

OpenChain is the world’s leading programme for open source software compliance. It’s a project of the Linux Foundation, and establishes a framework for licence compliance for Open Source software.

Modern software development increasingly involves using open source: it’s not unusual for a single application to contain thousands of different open source components. Each is subject to copyright, and each is subject to a licence. There are hundreds of different licences, each with differing requirements. Breach of any one licence can lead to breach of copyright claims, injunction and costs. OpenChain provides a framework to ensure that all the licences are respected, and that decisions relating to licence compliance are all recorded. Following similar practice in the pharmaceutical, food and manufacturing businesses, ISO[] provides a framework for ensuing traceability, compliance and record keeping for those components, and a management structure to ensure that they happen.

For purchasers

When you are dealing with an OpenChain ISO/IEC 5230:2020 compliant supplier you know that your supplier has a robust set of practices, policies and procedures to ensure that the software you are purchasing has been developed to meet the licence requirements, and that your supplier can provide the documentation you need to ensure both they and you can comply. This drastically reduces friction and simplifies purchasing. It’s why companies like Scania are starting to insist that their software suppliers are ISO/IEC 5230:2020 compliant.

For suppliers

Maintaining ISO/IEC 5230:2020 compliance not only helps you to reduce your own risk of IP infringement, it sets you apart from your competitors, and enables you to participate in sales to the increasing number of companies which are preferring or demanding ISO/IEC 5230:2020 compliance from their suppliers.

OpenChain is backed by companies such as Microsoft, Toyota, Google, ARM, BMW, Cisco, Oppo, Siemens, Western Digital and Sony.

Orcro and its sister law firm Moorcrofts LLP (also an OpenChain partner) have been advising clients on open source compliance issues for many years. We couple our unique legal, industry and supply-chain expertise with a team of world-class consultants who understand the unique compliance challenges which face development projects in fields as diverse as web apps, iOS, Android, Docker containers, embedded systems and IoT.

We can now provide an ISO/IEC 5230:2020 accreditation, providing suppliers with independently verified assurance that your development projects meet the OpenChain standard, and that your practices and procedures are robust, reliable and developed to industry standards.




For details about the process and what OpenChain verification and certification means, view our OpenChain brochure.

For more information, please contact Andrew Katz on