ZF receives ISO/IEC 5230 certification

The TIMETOACT GROUP provided ZF with comprehensive support throughout the entire certification process.

Read as PDF

ZF receives ISO/IEC 5230 certification for open source compliance in record time

The challenges in maintaining and managing open source compliance are manifold. In order to ensure the correct handling of open source, ZF Friedrichshafen AG decided to have the compliance of its open source software officially certified according to ISO/IEC 5230. TIMETOACT GROUP provided comprehensive support to ZF throughout the certification process. This included conducting a maturity analysis, addressing gaps identified by the TIMETOACT Software & Consulting team, and facilitating the audit and certification by ARS (Audit and Risk Solutions GmbH). ZF benefits from a minimisation of risk and the positive image of the certification in the industry.

ZF strives for ISO/IEC 5230 certification

Software development is becoming increasingly important for ZF Friedrichshafen AG, a technology group based at the Lake of Constance - and with it the topic of open source. But there are many obligations and requirements for the use of open source in order to ensure compliance. Following ZF‘s focus on establishing the OSPO (Open Source Programme Office) over the past two years, the second step was to achieve ISO/IEC 5230 certification. The main aim is to create trust in the supply chain and improve internal processes.

What is ISO/IEC 5230 certification?

ISO/IEC/IEC 5230 certification is an international standard of OpenChain for the most important requirements of a high-quality open source licence compliance program. These include licence compliance processes, roles and responsibilities and process sustainability.

„We already know TIMETOACT from numerous projects. After they had already supported us in setting up our OSPO, it was only logical that they would also accompany us through the certification process. The collaboration was just as we knew it: constructive and on an equal footing with fast and uncomplicated communication“

Sarah Moser OSPO Project Lead ZF

TIMETOACT supports and advises ZF in the preparation process

The certification comprises a three-stage process. OpenChain itself was always available as a professional contact partner and provided support during the certification process.

Step 1: Maturity level analysis

In 2023, the project began with a comprehensive maturity analysis. This initial phase aimed to assess the current status of open source compliance within ZF and to gain an overview of the readiness for ISO/IEC 5230 certification. To address this objective, TIMETOACT has devised a maturity model based on ISO/IEC 5230, leveraging it to assess adherence to standard requirements. The maturity level is tested through various audit techniques, such as interviews, process analyses, and document review.


In the maturity analysis, the TIMETOACT project team proactively identified potential enhancements to individual interview partners, facilitating their efficient and seamless implementation.

Step 2: Gap analysis and gap closing

The maturity analysis was followed by the gap analysis, in which TIMETOACT identified specific gaps and potential for improvement. It was particularly important for ZF to ensure that all aspects of open source management match with international standards in order to achieve the certification. The gap analysis revealed that some internal processes and guidelines needed to be further developed to fully fulfil the requirements of ISO/IEC 5230. These gaps were successfully closed by the TIMETOACT project team.

Final audit and certification by ARS as external auditor

The TIMETOACT GROUP, to which ARS (Audit and Risk Solutions GmbH) belongs, has undertaken an extensive certification procedure. ARS have assumed responsibility for conducting the audit and certification, as per compliance regulations which mandate the separation of certification and consulting functions across distinct entities.

Step 3: Audit and ISO/IEC certification

The audit procedures were conducted in accordance with internationally recognized standards by ARS and included both document review and interviews with relevant team members. ISO/IEC 5230 certification was achieved in April 2024 and represents a significant milestone for ZF in the area of open source compliance.

To ensure continuous compliance with the ISO/IEC 5230 standards, the audit is carried out comprehensively every three years. Between these audits, annual surveillance audits take place to ensure that ZF continuously fulfils the certification requirements. These regular reviews are critical to maintaining the compliance and quality of ZF‘s open source software practices.

„As a certification instance, our focus is on ensuring that the ISO/IEC 5230 standards are applied correctly and comprehensively. In our role as auditors at ZF, we have seen an impressive commitment to compliance and quality. This certification is a clear sign of the seriousness with which ZF takes its responsibility in relation to open source software“

Franziska Köhler Improvement Specialist ARS

ISO/IEC 5230 certification brings transparency and compliance

Thanks to the partnership with TIMETOACT and with the support of ARS, ZF was able to achieve a high level of maturity in dealing with open source compliance and fulfil the ISO/IEC 5230 standard. In less than a year and a half, ZF with over 160,000 employees was able to achieve the certification. This not only strengthened their position in the market, but also increased internal efficiency and awareness of the importance of open source compliance.

ZF benefits from the following advantages with ISO/IEC 5230 certification:

High maturity level

ZF has not only fulfilled the basic requirements of ISO/IEC 5230 but has even gone beyond them. With 90% of the maturity indicator, ZF is above the target of 80%.

Expertise in the team

The ZF team is not only well trained, but also active in the implementation of compliance measures.

High compliance awareness

There is a strong understanding of the importance of compliance throughout the organisation, which is important for the long-term and responsible use of open source software.

Strong support for the OSPO

ZF demonstrates its commitment to open source software by establishing and supporting a dedicated office for open source program.

Mature processes and documentation

ZF has developed effective processes and clear documentation that can be considered best practice in the area of open source compliance.

„ISO/IEC 5230 certification is a milestone for any organisation that is serious about using open source software. We are excited to see how ZF, working with TIMETOACT and ARS, is not only meeting compliance requirements, but also setting best practices for the entire industry. This underscores the importance of the OpenChain standards as the foundation for reliable and transparent open source governance“

Shane Coughlan General Manager Open Chain Project

Manager Open Chain Project Added value through compliance with ISO/IEC 5230

ISO 5230 certification can offer various added values for a company:

Improved quality management

Adherence to ISO 5230 standards allows companies to standardize and optimize their processes, ultimately resulting in improved product or service quality.

International recognition

ISO certification is internationally recognized and can help improve the quality of the company.

Competitive advantage

Companies that are ISO 5230 certified can positively differentiate themselves from competitors as it shows that they are committed to maintaining high quality standards.

Increased efficiency

By implementing the requirements of ISO 5230, a company can increase its operational efficiency by eliminating redundant processes and streamlining operations.

Risk mitigation

ISO certification helps companies mitigate risks related to product quality and compliance, as it helps identify and reduce sources of error.

Cost savings

By improving processes and reducing errors, ISO 5230 certification can help reduce costs in the business, whether through reduced waste, lower rework, or improved resource utilization.

Customer trust

ISO certification signals to customers that the company is committed to the quality of its products or services, which can increase customer trust and can lead to long-term customer relationships.

ZF will continue to work with the experts from TIMETOACT Software & Consulting and ARS in the future. The ongoing closure of identified gaps and regular monitoring audits ensure that ZF‘s high compliance standards are maintained.

„Many thanks to OpenChain for their support and the great collaboration with ZF. It was a pleasure for us to work with companies that are so committed to excellence and quality - we were able to achieve our goal in such a short time“

Simon Pletschacher Team Lead SAM & ITAM TIMETOACT

About ZF Friedrichshafen AG

ZF is a globally operating technology company that supplies systems for the mobility of cars, commercial vehicles, and industrial technology. Within its comprehensive portfolio, ZF offers integrated solutions for established automotive manufacturers, mobility providers, and emerging companies in the transport and mobility sector.
A key focus in the further development of ZF systems is digital connectivity and automation on the path toward becoming a software- and cloud-based company. ZF enables vehicles to see, think, and act.
In 2024, ZF generated sales of €41.4 billion with approximately 161,600 employees worldwide. The company operates 161 production locations in 30 countries.

For more information, please visit www.zf.com

News 2/9/23

TIMETOACT GROUP offers ISO/IEC 5230 certifications

IT company deepens partnership with OpenChain and expands open-source software offering.
News 4/20/23

HDI AG receives ITAM certification ISO 19770-1

With the help of TIMETOACT GROUP, HDI AG is the first consumer company worldwide to receive ITAM certification according to ISO 19770-1.
Kompetenz 4/5/23

TIMETOACT provides support for ISO/IEC 19770-1 certification

As Certification Patron, we support you with ISO/IEC 19770-1 certification so that you can benefit from the advantages of certification. We develop and optimize your ITAM system according to the "Plan-Do-Act-Check" process model for an effective and efficient license management.
News 3/28/22

TIMETOACT becomes OpenChain Partner

TIMETOACT becomes an official partner of OpenChain, a project of the Linux Foundation: With this partnership, the IT company qualifies to advise companies on the implementation of open source license management programs and to support customers adopting OpenChain ISO/IEC 5230.

Referenz 8/24/23

Less risk and cost for HDI with ISO/IEC 19770-1

HDI AG was the first end-user organization worldwide to be certified according to ISO/IEC 19770-1 in February 2023. TIMETOACT GROUP accompanied HDI with ITAM maturity analyses, identification and implementation of optimization measures as well as in obtaining the certification.
News 9/10/21

TIMETOACT is ISO 9001:2015 certified

TIMETOACT Software & Consulting GmbH successfully introduced a quality management system in 2016 and has since been certified according to ISO 9001:2015.
News 4/22/25

Why an Atlassian Solution Partner with ISO 27001

As an Atlassian Solution Partner with ISO 27001:2022, we secure your data with a structured ISMS. Find out how we minimize risks and ensure your information security.
Process Integration & Automation
Service

Process Integration & Automation

Digitizing and improving business processes and reacting to changes in an agile way – these are the challenges that more and more companies need to face.

Security, Identity & Access Management
Service

Security, Identity & Access Management

Time and again we hear about hacker attacks on companies that target sensitive company data. Therefore, security and access control of data must never be neglected.

Managed Services & Managed Support
Service

Managed Services & Managed Support

Our Managed Service Team of specialists will relieve your IT department. We ensure that you can work more efficiently, reliably and quickly
Digital Workplace & Employee Experience
Service

Digital Workplace & Employee Experience

The Digital Workplace gained in importance, especially in recent months, becoming indispensable for many companies. The Microsoft Office 365 platform provides an ideal basis for this development.

Unternehmen

ARS Computer und Consulting GmbH

ARS is one of the leading companies in Software Engineering. For them, Cognitive Solutions and Artificial Intelligence are the future.
News 5/7/21

Equistone acquires majority stake in TIMETOACT GROUP

TIMETOACT GROUP's already successful buy-&-build strategy will be boosted with both know-how and capital
Unternehmen

novacapta

Based on Microsoft SharePoint, Office 365, Azure, BizTalk and PowerBI novaCapta realizes intranets, collaboration portals, business intelligence solutions, individual applications and more.

Google Logo
Technologie 6/29/20

Google

Google is more than Google Search and Google Ads! We advise you on Google Analytics, Google Cloud Platform, G Suite, Google Cloud IoT and more!

Logo RedHat
Technologie 7/2/20

RedHat

We are RedHat Advanced Partner. With RedHat as the market leader in Open Source IT solutions, we support our customers in actively designing and implementing their cloud journey.
Unternehmen

Directions to TIMETOACT GROUP in Cologne

Whether you travel by car, train or plane, we will show you the best way to get to the Mediaparkt in Cologne.
Headerbild zur AI Factory for Insurance
Service 7/5/21

AI Factory for Insurance

The AI Factory for Insurance is an innovative organisational model combined with a flexible, modular IT architecture. It is an innovation and implementation factory to systematically develop, train and deploy AI models in digital business processes.
Unternehmen 9/16/20

synaigy

synaigy – the Digital Agency for your strategic project in digital customer dialogue offers suitable solutions in all relevant areas of Digital Customer Engagement.
Headerbild zur offenen und sicheren IT bei Versicherungen
Service

Open and secure IT

Just a few years ago, insurers were reluctant to move into the cloud or platform world. Concerns about security and governance often prevailed. The paradigm has changed.

Bleiben Sie mit dem TIMETOACT GROUP Newsletter auf dem Laufenden!