Software supply chain management

OpenChain is the world’s first software supply chain standard to take into account modern software development: the assembly of complex software using a wide range of free and open source software components. Orcro Compliance has partnered with the Linux Foundation to become the only organisation in the UK authorised to promote its OpenChain compliance programme.




Leading companies like Intel, Qualcomm, ARM, LG and Siemens have embraced OpenChain. OpenChain brings established governance principles to the software supply chain. It adopts best-practice from other compliance areas and maps them to software procurement, giving businesses a clear path to minimising infringement risk in procuring, developing and deploying software, with particular emphasis on use and re-use of free and open source software (“FOSS”) components.

Crucially, for smaller organisations, the compliance programme does not have to be complex, but simply mirrors or adapts existing best practice.

The OpenChain project is backed by the Linux Foundation. It is the only software compliance project designed with the following factors in mind:

  • It adopts the familiar structure of established standards (such as ISO 27001
  • It’s flexible and versatile and scales with size and type of business
  • It’s backed by organisations from Global 100 companies through to startups
  • It’s developed with input from developers, legal, compliance, management and procurement
  • It  manages the legal and associated reputational risks of software licence non-compliance, providing comfort to customers, and easing engagement with suppliers.

Self-certification provides an inexpensive and rapid path to compliance, but for additional security, Orcro, as one of the five worldwide pilot partners appointed by the Linux Foundation, can guide organisations through the process, culminating in an external certification of compliance, as a step beyond self-certification.

Orcro can provide a unique combination of legal, process and technical skills.

Led by Andrew Katz, who has a background as both a software developer and one of the country’s leading Free and Open Source Software lawyers, Orcro can guide you smoothly towards the world’s only recognised compliance programme for managing intellectual property risk in the software supply chain.

For our briefing note, click here.