We are excited to announce that starting from April 2021, Keitaro is ISO/IEC 5230 certified. The International Standard for open source compliance ISO/IEC 5230 was published by the International Standards Organisation on December 14th, 2020 and formalises OpenChain as an international standard.
Our adoption of this standard marks a momentous point in our growth and progress as a company, demonstrating our commitment to achieving excellence throughout the supply chain.
“Keitaro is an important addition to the OpenChain conformance ecosystem,” says Shane Coughlan, OpenChain General Manager. “It is noteworthy that their self-certification marks our formal expansion into the arena of managed services. This is both a natural and important progression, not least given the dependence of so many entities on such providers.”
Becoming better for our customers
As a company and as a team, our goal is to always keep improving. Working toward this certification is just one of the many ways we aim to provide better services to all our customers.
Being ISO/IEC 5230:2020 certified, ensures that the solutions follow the OpenChain standard and that Keitaro`s practices and procedures are reliable and implemented by all the industry standards. Keitaro supports all supply chain participants to adopt OpenChain and ISO/IEC 5230 so that we can all work together to strengthen the supply chain trust.
When working with an OpenChain ISO/IEC 5230:2020 compliant supplier, businesses and organizations can be certain that they will not be exposed to any Open Source vulnerabilities and risks. By following this standard, Keitaro has an excellent set of practices, policies, and procedures in place to ensure that the purchased solution was designed to satisfy the license specifications, and that a documentation will be provided to ensure that both sides are in compliance. This significantly decreases uncertainty and streamlines the purchasing process.
“We have had a close working relationship with Keitaro for some time” says Martin Callinan from Source Code Control. “Keitaro are committed to high quality open source software development, so when the OpenChain specification became ISO/IEC 5230 it was logical that they adopt the standard. As an OpenChain service provider we provided training and guidance on their journey to conformance. As is their company culture they fully committed to the project. They fully deserve the recognition ISO 5230 brings and the assurance it will give their customers.”
What does the standard entail
Internal policies, processes, and staffing for license enforcement systems are governed by a set of specifications in the OpenChain Specification standard. These are just some of them:
- Strong documentation is one of our first priorities. Policies governing an organization’s use of open source software are recorded and available to all program participants.
- Participants have a clear understanding of their position in an open source license compliance program, as well as the skills to carry out their responsibilities effectively. In addition, all relevant stakeholders around the organization are informed about program participant roles and responsibilities.
- A standardized review process is implemented by the company to review and recognize the obligations imposed by various open source licenses.
About the Open Chain Specification
According to the Linux Foundation, the OpenChain Specification was developed with four primary goals:
- Promote and encourage the use of open source in constructing software solutions that are shared with others, with a strong focus on license compliance.
- Focus on providing the necessary and sufficient requirements of a high quality compliance program. Also, focus on meaningful pain points based on practical use cases
- Embrace the use of a variety of practices to meet a specific need. Avoid giving legal advice or explaining particular common practices.
- All are welcome to participate – inclusion is achieved by dialogue and consensus that adheres to these guiding principles. Start implementing best practices from existing programs to complement an open development strategy.