Certification of Free and Open-Source Software Management Systems
Free and Open-Source Software (FOSS) allows anyone to run a program for free and for any purpose they wish. It also allows the user to access the source code, modify it and redistribute either the original or the altered version.
FOSS is increasingly being used in business operations because it enables new software developments to be implemented at a faster pace and a lower cost than writing it in-house. FOSS gives businesses access to the latest software, which they can then use to enhance their own offerings.
While FOSS is free to use, this does not mean that users have no obligations. When the original developer makes their FOSS products available, they may choose to use a FOSS licence, which defines what can or cannot be done with the source code. For example, they may stipulate that anyone who modifies the software must make their modifications available for anyone else to use.
Companies using FOSS are subject to a variety of licence agreements. To maintain compliance and avoid liabilities, these licences must be managed in a structured manner. This requires policies and procedures, the identification of roles responsible for its management, as well as effective skills management and a training strategy.
FOSS licence compliance is an essential element of regulatory, legal and corporate compliance. Proof of FOSS compliance is increasingly a requirement for software vendors during the contract tender process. Failure to comply can also be very damaging for a business's reputation in the open source community.
FOSS compliance verification is therefore a critical factor for the sale of products that integrate FOSS, and for companies seeking to establish partnership-based collaboration. To prevent infringements of licensing agreements, businesses must establish a suitable process for guaranteeing and verifying compliance.
TÜV SÜD's compliance certification is the first of its kind. It is designed to support your corporate compliance with FOSS licences. Thanks to our extensive compliance and software experience, combined with profound regulatory and supply chain management expertise, we are uniquely positioned to conduct a standardised assessment of your FOSS systems and processes.
TÜV SÜD's experts actively participate in international standardisation committees for software, gaining valuable insights on the latest regulatory developments. Our experts’ commitment to instilling compliant operations across industries means that the TÜV SÜD certification mark has become a globally renowned symbol for safety, security and trust.
TÜV SÜD’s FOSS Licence Compliance certification scheme simplifies compliance verification through the creation of a standardised process. Based on the ISO/IEC 5230:2020 Information technology — OpenChain Specification, this standardised process enables a business to review its underlying processes and fully document compliance with licensing agreements, it enables a business to review its underlying processes and fully document compliance with licencing agreements.
TÜV SÜD’s FOSS audit and certification is delivered through a three-step process:
If you use Free and Open-Source Software in your products and services, our third-party verification of compliance with FOSS licences creates trust with partners and customers alike. Contact TÜV SÜD today to learn more about our FOSS compliance services or to organise a FOSS audit.
Benefits of a certified FOSS licence compliance system include:
Prevent infringements of licensing agreements
Enhance the cyber resilience of industrial components and systems
Secure your knowledge and information with a systematic approach