The OpenChain Security Assurance Specification 1.1 has been building momentum as a sister specification to ISO/IEC 5230:2020, the International Standard for open source license compliance. With an identical approach to high level process management, the OpenChain Security Assurance Specification is designed to help companies adopt the key requirements of a quality open source security assurance program.
Self-certification is available in English, German and Simplified Chinese. In addition, the following companies have announced services to support adoption of this specification. Three of these organizations are OpenChain Project official third-party certifiers, and all of these companies provide onboarding, adoption and review services across the global supply chain.
CAICT (Mainland China)
CAICT is an official OpenChain Project partner and one of our third-party certifiers with a regional service offering.
- CAICT OpenChain Security Assurance Specification services in Simplified Chinese:
https://mp.weixin.qq.com/s/IdmxXc6uwV9ll1Xqo2KyZw
Bureau Veritas (Taiwan, Worldwide)
Bureau Veritas is an official OpenChain Project partner and one of our third-party certifiers with a global service offering.
- Bureau Veritas OpenChain Security Assurance Specification services in English:
https://ee.bureauveritas.com.tw/BVInternet/Product/46;mainIDX=20?lang=en - Bureau Veritas OpenChain Security Assurance Specification services in Traditional Chinese:
https://ee.bureauveritas.com.tw/BVInternet/Product/46;mainIDX=20?lang=tw
PwC (Germany, Worldwide)
PwC is an official OpenChain Project partner and one of our solution providers and third-party certifiers with a global service offering.
- PwC OpenChain Security Assurance Specification services in English:
https://www.pwc.de/en/opensource
(Under ‘Consulting & Implementation’ and ‘Audit & Certification’)
Orcro (UK, Worldwide)
Orcro is an official OpenChain Project partner and one of our solution providers and third-party certifiers with a global service offering.
- Orcro OpenChain Security Assurance Specification services in English:
https://orcro.co.uk/services/openchain-security-assurance/
Source Code Control (UK, Worldwide)
Source Code Control is an official OpenChain Project partner and one of our solution providers with a global service offering.
- Source Code Control OpenChain Security Assurance Specification services in English:
https://sourcecodecontrol.co/security-assurance/
OSS Consultants (USA, Worldwide)
OSS Consultants is an official OpenChain Project partner and one of our solution providers with a global service offering.
- OSS Consultants OpenChain Security Assurance Specification services in English:
https://ossconsultants.com/open-chain-conformance/