TIMETOACT is part of

ZF receives ISO/IEC 5230 certification

The TIMETOACT GROUP provided ZF with comprehensive support throughout the entire certification process.

Read as PDF

ZF receives ISO/IEC 5230 certification for open source compliance in record time

The challenges in maintaining and managing open source compliance are manifold. In order to ensure the correct handling of open source, ZF Friedrichshafen AG decided to have the compliance of its open source software officially certified according to ISO/IEC 5230. TIMETOACT GROUP provided comprehensive support to ZF throughout the certification process. This included conducting a maturity analysis, addressing gaps identified by the TIMETOACT Software & Consulting team, and facilitating the audit and certification by ARS (Audit and Risk Solutions GmbH). ZF benefits from a minimisation of risk and the positive image of the certification in the industry.

ZF strives for ISO/IEC 5230 certification

Software development is becoming increasingly important for ZF Friedrichshafen AG, a technology group based at the Lake of Constance - and with it the topic of open source. But there are many obligations and requirements for the use of open source in order to ensure compliance. Following ZF‘s focus on establishing the OSPO (Open Source Programme Office) over the past two years, the second step was to achieve ISO/IEC 5230 certification. The main aim is to create trust in the supply chain and improve internal processes.

What is ISO/IEC 5230 certification?

ISO/IEC/IEC 5230 certification is an international standard of OpenChain for the most important requirements of a high-quality open source licence compliance program. These include licence compliance processes, roles and responsibilities and process sustainability.

„We already know TIMETOACT from numerous projects. After they had already supported us in setting up our OSPO, it was only logical that they would also accompany us through the certification process. The collaboration was just as we knew it: constructive and on an equal footing with fast and uncomplicated communication“

Sarah Moser OSPO Project Lead ZF

TIMETOACT supports and advises ZF in the preparation process

The certification comprises a three-stage process. OpenChain itself was always available as a professional contact partner and provided support during the certification process.

Step 1: Maturity level analysis

In 2023, the project began with a comprehensive maturity analysis. This initial phase aimed to assess the current status of open source compliance within ZF and to gain an overview of the readiness for ISO/IEC 5230 certification. To address this objective, TIMETOACT has devised a maturity model based on ISO/IEC 5230, leveraging it to assess adherence to standard requirements. The maturity level is tested through various audit techniques, such as interviews, process analyses, and document review.


In the maturity analysis, the TIMETOACT project team proactively identified potential enhancements to individual interview partners, facilitating their efficient and seamless implementation.

Step 2: Gap analysis and gap closing

The maturity analysis was followed by the gap analysis, in which TIMETOACT identified specific gaps and potential for improvement. It was particularly important for ZF to ensure that all aspects of open source management match with international standards in order to achieve the certification. The gap analysis revealed that some internal processes and guidelines needed to be further developed to fully fulfil the requirements of ISO/IEC 5230. These gaps were successfully closed by the TIMETOACT project team.

Final audit and certification by ARS as external auditor

The TIMETOACT GROUP, to which ARS (Audit and Risk Solutions GmbH) belongs, has undertaken an extensive certification procedure. ARS have assumed responsibility for conducting the audit and certification, as per compliance regulations which mandate the separation of certification and consulting functions across distinct entities.

Step 3: Audit and ISO/IEC certification

The audit procedures were conducted in accordance with internationally recognized standards by ARS and included both document review and interviews with relevant team members. ISO/IEC 5230 certification was achieved in April 2024 and represents a significant milestone for ZF in the area of open source compliance.

To ensure continuous compliance with the ISO/IEC 5230 standards, the audit is carried out comprehensively every three years. Between these audits, annual surveillance audits take place to ensure that ZF continuously fulfils the certification requirements. These regular reviews are critical to maintaining the compliance and quality of ZF‘s open source software practices.

„As a certification instance, our focus is on ensuring that the ISO/IEC 5230 standards are applied correctly and comprehensively. In our role as auditors at ZF, we have seen an impressive commitment to compliance and quality. This certification is a clear sign of the seriousness with which ZF takes its responsibility in relation to open source software“

Franziska Köhler Improvement Specialist ARS

ISO/IEC 5230 certification brings transparency and compliance

Thanks to the partnership with TIMETOACT and with the support of ARS, ZF was able to achieve a high level of maturity in dealing with open source compliance and fulfil the ISO/IEC 5230 standard. In less than a year and a half, ZF with over 160,000 employees was able to achieve the certification. This not only strengthened their position in the market, but also increased internal efficiency and awareness of the importance of open source compliance.

ZF benefits from the following advantages with ISO/IEC 5230 certification:

High maturity level

ZF has not only fulfilled the basic requirements of ISO/IEC 5230 but has even gone beyond them. With 90% of the maturity indicator, ZF is above the target of 80%.

Expertise in the team

The ZF team is not only well trained, but also active in the implementation of compliance measures.

High compliance awareness

There is a strong understanding of the importance of compliance throughout the organisation, which is important for the long-term and responsible use of open source software.

Strong support for the OSPO

ZF demonstrates its commitment to open source software by establishing and supporting a dedicated office for open source program.

Mature processes and documentation

ZF has developed effective processes and clear documentation that can be considered best practice in the area of open source compliance.

„ISO/IEC 5230 certification is a milestone for any organisation that is serious about using open source software. We are excited to see how ZF, working with TIMETOACT and ARS, is not only meeting compliance requirements, but also setting best practices for the entire industry. This underscores the importance of the OpenChain standards as the foundation for reliable and transparent open source governance“

Shane Coughlan General Manager Open Chain Project

Manager Open Chain Project Added value through compliance with ISO/IEC 5230

ISO 5230 certification can offer various added values for a company:

Improved quality management

Adherence to ISO 5230 standards allows companies to standardize and optimize their processes, ultimately resulting in improved product or service quality.

International recognition

ISO certification is internationally recognized and can help improve the quality of the company.

Competitive advantage

Companies that are ISO 5230 certified can positively differentiate themselves from competitors as it shows that they are committed to maintaining high quality standards.

Increased efficiency

By implementing the requirements of ISO 5230, a company can increase its operational efficiency by eliminating redundant processes and streamlining operations.

Risk mitigation

ISO certification helps companies mitigate risks related to product quality and compliance, as it helps identify and reduce sources of error.

Cost savings

By improving processes and reducing errors, ISO 5230 certification can help reduce costs in the business, whether through reduced waste, lower rework, or improved resource utilization.

Customer trust

ISO certification signals to customers that the company is committed to the quality of its products or services, which can increase customer trust and can lead to long-term customer relationships.

ZF will continue to work with the experts from TIMETOACT Software & Consulting and ARS in the future. The ongoing closure of identified gaps and regular monitoring audits ensure that ZF‘s high compliance standards are maintained.

„Many thanks to OpenChain for their support and the great collaboration with ZF. It was a pleasure for us to work with companies that are so committed to excellence and quality - we were able to achieve our goal in such a short time“

Simon Pletschacher Team Lead SAM & ITAM TIMETOACT

About ZF Friedrichshafen AG

ZF is a globally operating technology company that supplies systems for the mobility of cars, commercial vehicles, and industrial technology. Within its comprehensive portfolio, ZF offers integrated solutions for established automotive manufacturers, mobility providers, and emerging companies in the transport and mobility sector.
A key focus in the further development of ZF systems is digital connectivity and automation on the path toward becoming a software- and cloud-based company. ZF enables vehicles to see, think, and act.
In 2024, ZF generated sales of €41.4 billion with approximately 161,600 employees worldwide. The company operates 161 production locations in 30 countries.

For more information, please visit www.zf.com

News 2/9/23

TIMETOACT GROUP offers ISO/IEC 5230 certifications

IT company deepens partnership with OpenChain and expands open-source software offering.
Kompetenz 4/5/23

TIMETOACT provides support for ISO/IEC 19770-1 certification

As Certification Patron, we support you with ISO/IEC 19770-1 certification so that you can benefit from the advantages of certification. We develop and optimize your ITAM system according to the "Plan-Do-Act-Check" process model for an effective and efficient license management.
Referenz 8/24/23

Less risk and cost for HDI with ISO/IEC 19770-1

HDI AG was the first end-user organization worldwide to be certified according to ISO/IEC 19770-1 in February 2023. TIMETOACT GROUP accompanied HDI with ITAM maturity analyses, identification and implementation of optimization measures as well as in obtaining the certification.
Logo Open Source
Technologie Übersicht

Open Source Technologies

Open source means open to the public. In the context of IT, this means that the source code can be publicly seen, used and changed by anyone. Therefore, open source products are usually free of charge.

News 3/28/22

TIMETOACT becomes OpenChain Partner

TIMETOACT becomes an official partner of OpenChain, a project of the Linux Foundation: With this partnership, the IT company qualifies to advise companies on the implementation of open source license management programs and to support customers adopting OpenChain ISO/IEC 5230.

Referenz 5/11/23

N-ERGIE bypasses costly IBM audits with IASP program

The management of IBM licenses poses challenges for companies. By participating in the IASP program, N-ERGIE Aktiengesellschaft avoids time-consuming IBM license audits.
Technologie

Pimcore als Open Source Software Platform

Pimcore is a free-to-use open source software platform and is already used effectively in many corporate fields. With Pimcore, your classic day-to-day business problems with portals and websites are easily solved as we tailor the platform to your specific business requirements.
Referenz 6/9/23

Heras: Microsoft cost savings despite price increase

in order to save costs for Microsoft Azure and Microsoft 365, Heras chose the TIMETOACT cost optimization approach for Microsoft.

Referenz 6/15/23

Semper uses TIMETOACT Vacation Manager as SaaS

Maximum convenience in vacation management: educational institution benefits from user-friendliness of M365-compatible TIMETOACT solution.

Referenz

Central service monitoring at Vodafone

For over 15 years, TIMETOACT has maintained an IT partnership with Vodafone that is second to none.

Referenz

Reference story Media Broadcast: Always on Reception

Together with TIMETOACT, Media Broadcast is digitizing its processes to provide unprecedented transparency and reliability of services.
Referenz

Central Capacity Management for Sunrise

Know what's coming: TIMETOACT simplifies and centralizes Sunrise's network capacity management.
Referenz

Custom licensing

MARKANT Handels und Service GmbH (MARKANT) is fully exploiting the potential of its IBM software licenses with this year's license renewal. Instead of relying on IBM's traditional Passport Advantage model as in the past, MARKANT is using a licensing concept specially adapted to the company for the first time.
Referenz 11/23/22

Interactive stock map for Schweizerischen Bundesbahnen

TIMETOACT develops an interactive monitoring map to visualize the central alarm management and service monitoring for the Swiss Federal Railways, in short: SBB.

Kompetenz

Broadband cable monitoring at Kabel Deutschland

Agile to the goal: TIMETOACT launches a monitoring tool for Vodafone Kabel Deutschland: for more profitability. For more clarity. For satisfied customers.
Referenz 10/29/21

Standardized data management creates basis for reporting

TIMETOACT implements a higher-level data model in a data warehouse for TRUMPF Photonic Components and provides the necessary data integration connection with Talend. With this standardized data management, TRUMPF will receive reports based on reliable data in the future and can also transfer the model to other departments.
Referenz

Electronic archiving system at EDEKA Südwest

After the independent merchants, we took care of self-operated grocery stores: In the meantime, TIMETOACT GROUP has digitized business records for 1,200 stores of EDEKA Südwest.

Referenz 4/22/21

Flexibility in the data evaluation of a theme park

With the support of TIMETOACT, an theme park in Germany has been using TM1 for many years in different areas of the company to carry out reporting, analysis and planning processes easily and flexibly.
Referenz 3/29/21

vdek introduces new Data Warehouse solution

The TIMETOACT GROUP supports the Verband der Ersatzkassen e. V. in the switch from a system environment to the latest IBM technology.
Referenz 6/1/21

Continuous license support pays off

If IBM software is used, the compliance-conforming use of the IBM License Metric Tool (ILMT) plays a decisive role. TIMETOACT ensures compliance with IBM regulations for a city administration in North Rhine-Westphalia and continuously monitors the correct licensing.