Re: The business of OpenChain certifications


Asai, Yoshinaho
 

Hi all,

I'm sorry for being late to join this topics. I'm Asai from TUEV SUED Japan in charge of Functional Safety and OSS certificate.
Because we are just started the job transfer process from former colleagues.
It may takes a couple of months to announce that we are ready now again.

From year of 2021 on we(TUEV SUED Japan, FS Team) will be responsible for the certificate acc. to ISO 5230 globally.
We have more than 20 years experiences for Functional Safety Business in any category.
So that we can adapt ISO 5203 without any difficulties because of our experience. Functional Safety Business includes lots of assessment
Like software development(V-V model so on), System management audit and analysis of software development process.

Once we are ready of course we will announce again officially. And also we are interesting to start working with clients who are interesting to have the 3rd party certificate in advance to other company. We can work together under reasonable conditions in that case.
As I said we already issued more than 500 certificates as professional way acc. to ISO policy as notified body and certification body. (We are accredited by Governmental organization(EU/Germany, Dakks/ZLS).)
We are confident to sale our mark as professional level in the global market for sure. The only thing I want to know is how much company are willing to have it. For us ISO 26262 certificate business were somehow no good results in automotive market. If OC certificate are well required in the market, of course we will do our best to show the certificate holder/comply with ISO 5230 as professional level in a single level judgement as certification body.

Best regards,

淺井 由尚 (Yoshinaho Asai)
Functional Safety Team, TUEV SUED Japan

-----Original Message-----
From: main@... <main@...> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: Monday, February 22, 2021 5:06 PM
To: main@...
Subject: Re: [openchain] The business of OpenChain certifications

"Attention! External Mail. Be careful with Links/Attachments!"

Hi Dirk

Self-certification is not an interim step. It is and always will be at the core of the project. In over five years in market it has proven to be an effective and efficient method of promoting better compliance. We have yet to have a reported case of misrepresentation in this space. Naturally, if such a case occurred in the future, we would address. We have several measures to do so, including but not limited to our trademarks.

Regarding TUV SÜD specifically, the certification business has moved to Japan. Asai San in that office is in charge, and I am happy to make an introduction as useful. The Japan and Korea offices are currently talking with clients.

More broadly, as Marcel pointed out, there are reputable certifiers and auditors in play. We expect to build and announce further relationships in this space throughout 2021. The key measure for effective engagement beyond their individual reputation is their participation in the OpenChain Partner Program. This ensures their application has been vetted by our governing board.

Even more broadly, with ISO 5230 gaining traction in procurement, we expect to see an uptick in both independent assessment (similar to ISO 26262, and already provided by law firms and services providers in our eco-system), alongside full third party certification by organizations like PwC and TUV SÜD.

Regards

Shane

On Feb 21, 2021, at 19:51, Dirk Riehle <dirk@...> wrote:

Hi all,

I assume that the short-term business value of having an OpenChain certification (as a company) is that you can promise your customers lower open source compliance costs. Longer-term I assume the OpenChain (or a comparable one) certification to be a must-have.

Which begs the question where we are on the business of certifications in general. I assume that the self-certification was only an intermediate step and that there should be full blown certifications like the one by TUEV Sued.

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
openchainproject.org%2Fresources%2Fcase-study-3rd-party-cert&amp;data=
04%7C01%7CYoshinaho.Asai%40tuvsud.com%7Ca13b275a43cc42dc84d008d8d708a7
50%7Ca110956708154e1f88afe23555482aaa%7C0%7C0%7C637495779460465458%7CU
nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
WwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=UhEjcyFsX3GSZ%2FKEPDjxivEqgczvLvd79
HUfJrzaYJQ%3D&amp;reserved=0

When I last looked into how certifications work (ten years ago), there had to be three separate entities to turn this into a viable business:

1. Curriculum designers (those who determine the content) 2. Trainers
/ consultants who get customers in shape 3. The certification agency
and its mark (e.g. TUEV or UL or ...)

I believe this working group is 1. for any OpenChain derived certification marks. Trainers / consultants 2. are plenty, including yours truly.

The missing part seem to be the certification agencies (and their assessors). The people who drove forward the TUEV certification mark have left; not sure much is going on there. Any other agencies?

I'd be curious how the certification agencies establish believable marks. I assume that there will never by a generic (LF) OpenChain certification mark, only TUEV or UL marks. For this, the certification agencies need to set up their assessment program.

I can't find it, but I thought there was an ISO standard on how to set-up certification agencies (i.e. how to get certified as an agency that can issue high-quality marks). Does this apply or can anyone (Joe's Waffle House) create a mark as long as they have the marketing dollars to make customers believe the mark means something?

Cheers, Dirk

--
Confused about open source?
Get clarity through
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbaya
ve.com%2Ftraining&amp;data=04%7C01%7CYoshinaho.Asai%40tuvsud.com%7Ca13
b275a43cc42dc84d008d8d708a750%7Ca110956708154e1f88afe23555482aaa%7C0%7
C0%7C637495779460475451%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC
JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LyjlVDiV
SIC83EQkHppR6kB%2B1xBeLnyp3Y03a%2BjQSCs%3D&amp;reserved=0
--
Website:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirk
riehle.com%2F&amp;data=04%7C01%7CYoshinaho.Asai%40tuvsud.com%7Ca13b275
a43cc42dc84d008d8d708a750%7Ca110956708154e1f88afe23555482aaa%7C0%7C0%7
C637495779460475451%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIj
oiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=fNmifCpSmLbG
dIDeoEQBwBYyXI3rtQMANTOxPQS4IgU%3D&amp;reserved=0 - Twitter:
@dirkriehle Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550





Join main@lists.openchainproject.org to automatically receive all group messages.