OpenChain 3rd Party Certification with PwC

ORGANIZATION:

• As PwC Germany, we support our clients with approximately 12,000 experts in 21 locations with high-quality, industry-specific services in the areas of auditing, tax and management consulting. More than 276,000 employees in 157 countries belong to the PwC network worldwide.
• Our purpose is to build trust in society and solve important problems.

CHALLENGE:

• The organisation which receives software has a large supply chain with software providers of all sizes and at all maturity levels regarding Open Source Software (OSS) Management. In order to ensure those products which contain software received from other companies are OSS-compliant, the software deliveries need to be reviewed for OSS compliance. This requires a tremendous effort and causes time delays.
• The organisation providing the software is questioned not only by one customer regarding their OSS compliance management but by many, which causes internal efforts and also delays in contract signings.

SOLUTION:

• PwC performed an OSS OpenChain supplier audit and reported compliance via an internationally recognized PwC audit report, which can be shared with interested customers.
• PwC’s assessment tool provides transparency and efficiency throughout the audit – particularly when multiple assessments are performed, such as all tier 1 suppliers of a software receiving organisation.

BENEFIT:

• PwC provides TRUST in the OSS compliance of suppliers. The software receiving organisation can reduce its internal resources regarding scanning and reviewing any received software and speed up approval processes.
• The software supplier can showcase its OSS compliance to multiple clients through an internationally recognized, trustworthy PwC report. Besides fulfilling the requirements of their client, they now have a competitive advantage regarding RFPs, allowing faster contracting with their clients, and reducing the amount of time required for individual compliance discussions with clients.

“At PwC, our purpose is to build trust in society and solve important problems.”

ORGANIZATION
At PwC, our purpose is to build trust in society and solve important problems. Together with our clients, we find individual answers to even the most complex questions of our time. From strategy through execution, we accompany our clients into the digital age and support them in successfully exploiting growth potential in the digital world. When it comes to digitalisation and usage of Open Source Software, PwC provides a wide range of professional OSS management and compliance services, from OSS footprint analysis in organisations, building up OSS compliance management systems, to supporting and performing OSS scanning services, OSS assessments for mergers and acquisitions, and OpenChain 3rd Party assessments.

CHALLENGES
Our client has increasing numbers of products and services containing software delivered by external software developers and software providers. To be compliant with Open Source Software licenses and its obligations a sophisticated and robust process is established to scan and review incoming software code. With an increasing number of incoming software and additionally with a higher frequency of updates and releases the internal efforts for the compliance review and approval process was rising significantly.

On the other end there are software suppliers which are facing various Open Source Software compliance requirements from multiple clients – including the challenge to prove their OSS compliance to several stakeholders. Going through several individual assessments requires not only enough resources but also might pressurize suppliers to disclose internal process documentation, personal data, and even business insights.

“Professional PwC OSS tooling for transparent, lean, efficient and effective OSS assessment PwC provides trust, which allows you to reduce the depth and breadth of review and compliance processes for incoming software, therefore reducing costs, efforts and time delay for organisations sourcing software development from external suppliers Internationally recognized, independent and trustworthy report on suppliers’ OSS compliance, making multiple individual assessments obsolete, hence reducing costs and providing a competitive advantage in tender processes”

SOLUTION
PwC provides an Open Source Software compliance assessment, based on the latest OpenChain specification resulting in an internationally recognized PwC audit report, a certification that verifies OSS compliance.

Thanks to enhanced PwC tool-support, the execution of the whole engagement is lean and transparent to all stakeholders, regardless of the number of stakeholders involved, their location or the number of assessments to be performed. At any stage of the assessment the assessed organisation and the commissioning company could gain insights into the status, open items, and any potential issues.

During our initial kick-off meeting we clarified the scope and approach of the assessment and gained an initial and general understanding of the Open Source Software management and compliance processes. Subsequently we setup the PwC OSS assessment tool and started reviewing and analysing the OSS compliance verification materials as soon as provided. Questions and clarifications were processed through our tool; where sensible and required we performed direct interviews regarding the compliance artefacts.

BENEFIT

• Professional PwC OSS tooling for transparent, lean, efficient and effective OSS assessment
• PwC provides trust, which allows you to reduce the depth and breadth of review and compliance processes for incoming software, therefore reducing costs, efforts and time delay for organisations sourcing software development from external suppliers
• Internationally recognized, independent and trustworthy report on suppliers’ OSS compliance, making multiple individual assessments obsolete, hence reducing costs and providing a competitive advantage in tender processes

FURTHER INFORMATION
Marcel Scholze, PwC Germany,
Head of Open Source Software Management Services
Phone: +49 69 9585-1746
Email: marcel.scholze@pwc.com
www.pwc.de/en/opensource

LINUX IS A REGISTERED TRADEMARK OF LINUS TORVALDS
PwC in this document refers to PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft Germany, a member firm of the PwC network, each of which is a separate legal entity. Further details under www.pwc.com/structure.