ZF receives ISO/IEC 5230 certification

The TIMETOACT GROUP provided ZF with comprehensive support throughout the entire certification process.

Read as PDF

ZF receives ISO/IEC 5230 certification for open source compliance in record time

The challenges in maintaining and managing open source compliance are manifold. In order to ensure the correct handling of open source, ZF Friedrichshafen AG decided to have the compliance of its open source software officially certified according to ISO/IEC 5230. TIMETOACT GROUP provided comprehensive support to ZF throughout the certification process. This included conducting a maturity analysis, addressing gaps identified by the TIMETOACT Software & Consulting team, and facilitating the audit and certification by ARS (Audit and Risk Solutions GmbH). ZF benefits from a minimisation of risk and the positive image of the certification in the industry.

ZF strives for ISO/IEC 5230 certification

Software development is becoming increasingly important for ZF Friedrichshafen AG, a technology group based at the Lake of Constance - and with it the topic of open source. But there are many obligations and requirements for the use of open source in order to ensure compliance. Following ZF‘s focus on establishing the OSPO (Open Source Programme Office) over the past two years, the second step was to achieve ISO/IEC 5230 certification. The main aim is to create trust in the supply chain and improve internal processes.

What is ISO/IEC 5230 certification?

ISO/IEC/IEC 5230 certification is an international standard of OpenChain for the most important requirements of a high-quality open source licence compliance program. These include licence compliance processes, roles and responsibilities and process sustainability.

„We already know TIMETOACT from numerous projects. After they had already supported us in setting up our OSPO, it was only logical that they would also accompany us through the certification process. The collaboration was just as we knew it: constructive and on an equal footing with fast and uncomplicated communication“

Sarah Moser OSPO Project Lead ZF

TIMETOACT supports and advises ZF in the preparation process

The certification comprises a three-stage process. OpenChain itself was always available as a professional contact partner and provided support during the certification process.

Step 1: Maturity level analysis

In 2023, the project began with a comprehensive maturity analysis. This initial phase aimed to assess the current status of open source compliance within ZF and to gain an overview of the readiness for ISO/IEC 5230 certification. To address this objective, TIMETOACT has devised a maturity model based on ISO/IEC 5230, leveraging it to assess adherence to standard requirements. The maturity level is tested through various audit techniques, such as interviews, process analyses, and document review.


In the maturity analysis, the TIMETOACT project team proactively identified potential enhancements to individual interview partners, facilitating their efficient and seamless implementation.

Step 2: Gap analysis and gap closing

The maturity analysis was followed by the gap analysis, in which TIMETOACT identified specific gaps and potential for improvement. It was particularly important for ZF to ensure that all aspects of open source management match with international standards in order to achieve the certification. The gap analysis revealed that some internal processes and guidelines needed to be further developed to fully fulfil the requirements of ISO/IEC 5230. These gaps were successfully closed by the TIMETOACT project team.

Final audit and certification by ARS as external auditor

The TIMETOACT GROUP, to which ARS (Audit and Risk Solutions GmbH) belongs, has undertaken an extensive certification procedure. ARS have assumed responsibility for conducting the audit and certification, as per compliance regulations which mandate the separation of certification and consulting functions across distinct entities.

Step 3: Audit and ISO/IEC certification

The audit procedures were conducted in accordance with internationally recognized standards by ARS and included both document review and interviews with relevant team members. ISO/IEC 5230 certification was achieved in April 2024 and represents a significant milestone for ZF in the area of open source compliance.

To ensure continuous compliance with the ISO/IEC 5230 standards, the audit is carried out comprehensively every three years. Between these audits, annual surveillance audits take place to ensure that ZF continuously fulfils the certification requirements. These regular reviews are critical to maintaining the compliance and quality of ZF‘s open source software practices.

„As a certification instance, our focus is on ensuring that the ISO/IEC 5230 standards are applied correctly and comprehensively. In our role as auditors at ZF, we have seen an impressive commitment to compliance and quality. This certification is a clear sign of the seriousness with which ZF takes its responsibility in relation to open source software“

Franziska Köhler Improvement Specialist ARS

ISO/IEC 5230 certification brings transparency and compliance

Thanks to the partnership with TIMETOACT and with the support of ARS, ZF was able to achieve a high level of maturity in dealing with open source compliance and fulfil the ISO/IEC 5230 standard. In less than a year and a half, ZF with over 160,000 employees was able to achieve the certification. This not only strengthened their position in the market, but also increased internal efficiency and awareness of the importance of open source compliance.

ZF benefits from the following advantages with ISO/IEC 5230 certification:

High maturity level

ZF has not only fulfilled the basic requirements of ISO/IEC 5230 but has even gone beyond them. With 90% of the maturity indicator, ZF is above the target of 80%.

Expertise in the team

The ZF team is not only well trained, but also active in the implementation of compliance measures.

High compliance awareness

There is a strong understanding of the importance of compliance throughout the organisation, which is important for the long-term and responsible use of open source software.

Strong support for the OSPO

ZF demonstrates its commitment to open source software by establishing and supporting a dedicated office for open source program.

Mature processes and documentation

ZF has developed effective processes and clear documentation that can be considered best practice in the area of open source compliance.

„ISO/IEC 5230 certification is a milestone for any organisation that is serious about using open source software. We are excited to see how ZF, working with TIMETOACT and ARS, is not only meeting compliance requirements, but also setting best practices for the entire industry. This underscores the importance of the OpenChain standards as the foundation for reliable and transparent open source governance“

Shane Coughlan General Manager Open Chain Project

Manager Open Chain Project Added value through compliance with ISO/IEC 5230

ISO 5230 certification can offer various added values for a company:

Improved quality management

Adherence to ISO 5230 standards allows companies to standardize and optimize their processes, ultimately resulting in improved product or service quality.

International recognition

ISO certification is internationally recognized and can help improve the quality of the company.

Competitive advantage

Companies that are ISO 5230 certified can positively differentiate themselves from competitors as it shows that they are committed to maintaining high quality standards.

Increased efficiency

By implementing the requirements of ISO 5230, a company can increase its operational efficiency by eliminating redundant processes and streamlining operations.

Risk mitigation

ISO certification helps companies mitigate risks related to product quality and compliance, as it helps identify and reduce sources of error.

Cost savings

By improving processes and reducing errors, ISO 5230 certification can help reduce costs in the business, whether through reduced waste, lower rework, or improved resource utilization.

Customer trust

ISO certification signals to customers that the company is committed to the quality of its products or services, which can increase customer trust and can lead to long-term customer relationships.

ZF will continue to work with the experts from TIMETOACT Software & Consulting and ARS in the future. The ongoing closure of identified gaps and regular monitoring audits ensure that ZF‘s high compliance standards are maintained.

„Many thanks to OpenChain for their support and the great collaboration with ZF. It was a pleasure for us to work with companies that are so committed to excellence and quality - we were able to achieve our goal in such a short time“

Simon Pletschacher Team Lead SAM & ITAM TIMETOACT

About ZF Friedrichshafen AG

ZF is a globally operating technology company that supplies systems for the mobility of cars, commercial vehicles, and industrial technology. Within its comprehensive portfolio, ZF offers integrated solutions for established automotive manufacturers, mobility providers, and emerging companies in the transport and mobility sector.
A key focus in the further development of ZF systems is digital connectivity and automation on the path toward becoming a software- and cloud-based company. ZF enables vehicles to see, think, and act.
In 2024, ZF generated sales of €41.4 billion with approximately 161,600 employees worldwide. The company operates 161 production locations in 30 countries.

For more information, please visit www.zf.com

News 2/9/23

TIMETOACT GROUP offers ISO/IEC 5230 certifications

IT company deepens partnership with OpenChain and expands open-source software offering.
News 4/20/23

HDI AG receives ITAM certification ISO 19770-1

With the help of TIMETOACT GROUP, HDI AG is the first consumer company worldwide to receive ITAM certification according to ISO 19770-1.
Kompetenz 4/5/23

TIMETOACT provides support for ISO/IEC 19770-1 certification

As Certification Patron, we support you with ISO/IEC 19770-1 certification so that you can benefit from the advantages of certification. We develop and optimize your ITAM system according to the "Plan-Do-Act-Check" process model for an effective and efficient license management.
Logo Open Source
Technologie Übersicht

Open Source Technologies

Open source means open to the public. In the context of IT, this means that the source code can be publicly seen, used and changed by anyone. Therefore, open source products are usually free

News 3/28/22

TIMETOACT becomes OpenChain Partner

TIMETOACT becomes an official partner of OpenChain, a project of the Linux Foundation: With this partnership, the IT company qualifies to advise companies on the implementation of open source license management programs and to support customers adopting OpenChain ISO/IEC 5230.

Referenz 8/24/23

Less risk and cost for HDI with ISO/IEC 19770-1

HDI AG was the first end-user organization worldwide to be certified according to ISO/IEC 19770-1 in February 2023. TIMETOACT GROUP accompanied HDI with ITAM maturity analyses, identification and implementation of optimization measures as well as in obtaining the certification.
Technologie

Pimcore als Open Source Software Platform

Pimcore is a free-to-use open source software platform and is already used effectively in many corporate fields. With Pimcore, your classic day-to-day business problems with portals and websites are easily solved as we tailor the platform to your specific business requirements.
News 9/10/21

TIMETOACT is ISO 9001:2015 certified

TIMETOACT Software & Consulting GmbH successfully introduced a quality management system in 2016 and has since been certified according to ISO 9001:2015.
News 12/11/24

JOIN(+) becomes part of TIMETOACT GROUP

Cologne/Villingen-Schwenningen, 11 December 2024 – TIMETOACT GROUP, a leading provider of IT services for the upper mid-sized-market companies, corporations and public institutions, is acquiring JOIN(+), an experienced consulting company in the field of Big Data & AI. The two managing directors of JOIN(+) will continue to manage the company after the transaction and will be responsible for its integration into TIMETOACT GROUP.
Headerbild zu Managed Services bei Versicherungen
Branche

Managed service for insurers

With Managed Service, we provide holistic support for your IT applications ► Lower costs ✓ Flexible capacities ✓ Arrange a personal exchange now.
Headbilder zu innovativem Schadenmanagement für Versicherungen
Branche

Effective claims management for insurers

From claims creation to settlement, digital processes help in claims management ► More efficiency ✓ Positive customer experience ✓ Contact us now.
Headerbild zur automatischen Handschrifterkennung bei Versicherern
Branche

Automatic handwriting recognition for insurers

With automatic handwriting recognition, handwritten texts are automatically understood ► Fewer errors ✓ More efficiency ✓ Contact now.
Headerbild zu Digitale Transformation bei Versicherern
Leistung

Mastering digital transformation in insurance

Digital transformation is the transformation of the corporate world through new technologies and the Internet ► Learn how insurers can master this.
News

TIMETOACT GROUP acquires Atlassian Partner catworkx

The acquisition is in line with the expansion of the consulting portfolio of TIMETOACT GROUP to become the leading Atlassian partner in the German-speaking region. The partnership between the two groups, which has already existed for some time, will now be merged and expanded under the umbrella of the TIMETOACT GROUP.
Standort

Location in Ravensburg

Find PKS Software GmbH in Ravensburg: Georgstraße 15; 88214 Ravensburg; Tel.: +49 751 56140 0; Mail: info@pks.de
News 3/23/23

TIMETOACT GROUP becomes patron of ITAM Forum

As part of the cooperation, TIMETOACT GROUP now also offers companies comprehensive consulting services for IT Asset Management certification ISO/IEC 19770-1

News 7/6/23

TIMETOACT GROUP acquires STAGIL

With acquiring STAGIL, TIMETOACT GROUP consolidate its position as one of the leading Atlassian partners globally.
Kompetenz 7/18/23

Digital Strategy & IT Strategy

Support your business goals in the best possible way ►Digital strategy & IT strategy ✅ We will be happy to advise you.
Kompetenz

Business Innovation & Digital Transformation

The Pressure to increase efficiency and reduce costs is increasing ► Are you familiar with this? Exploit the potential of digitalization

Kompetenz

New Work & Agile Organization

When it comes to New Work and Agile Organization, we are not interested in achieving utopias, but in real, sustainable change that advances your business just as much as your employees.

Bleiben Sie mit dem TIMETOACT GROUP Newsletter auf dem Laufenden!