This page describes the OpenChain standards and provides guidance on how to adopt them in companies with all sizes and sectors.

You can download the standards directly from OpenChain Github (free version). see below:

• ISO/IEC 5230 Open Source License Compliance Specification 2.1
• ISO/IEC 18974 Open Source Security Assurance Program 1.1

You can also download the standards directly from the ISO website (paid version).

• ISO/IEC 5230:2020Information technology — OpenChain Specification
• ISO/IEC 18974:2023Information technology — OpenChain security assurance specification

ISO/IEC 5230

OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. ISO/IEC 5230 helps organizations manage open source licensing requirements for past, current and future products or services.

ISO/IEC 5230 identifies:

• The key places to have license compliance processes
• How to assign roles and responsibilities
• And how to ensure sustainability of the processes

ISO/IEC 5230 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

ISO/IEC 18974

ISO/IEC 18974 is the International Standard for open source security assurance. ISO/IEC 18974 helps organizations check open source for known security vulnerability issues like CVEs, GitHub dependency alerts or package manager alerts.ISO/IEC 18974 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

ISO/IEC 18974 identifies:

• The key places to have security processes
• How to assign roles and responsibilities
• And how to ensure sustainability of the processes

Why organizations adopt ISO/IEC 5230

• Reduce open source legal and business risk (e.g. license violations)
• Build customer and supplier trust
• Standardize internal processes
• Improve software supply chain management
• Easier collaboration across companies

How to Adopt These Standards

You can choose between self-certification (see the checklist below), independent assessment or third-party certification for either standard. Our recommendation is to start with self-certification and a narrowly-scoped program. We provide free short, simple checklists or questionnaires to do this with “yes” or “no” questions. If you can answer yes to everything in the forms below it means you are self-certified. If you answer no to a few questions, it means you can focus resources on key areas of process improvement.

Self Certification Checklist:

• ISO/IEC5230:2020 Checklist
• ISO/IEC DIS 18974 Checklist

Third-Party Certification

Certification partner information: https://openchainproject.org/partners

How to Apply for OpenChain Conformance

If you would like to add your company to our list of conformant organisations, Please complete the online application form. 

Which companies have already adopted OpenChain Standards?

Till today, over 100+ companies have adopted OpenChain Standards, for more information, see here.

Q&A

If you have any questions, please contact support@openchainproject.org.

see our FQA page