6.1 In order for an organization to be OpenChain certified, it must affirm that it has a FOSS management program that meets the criteria described in this OpenChain Specification version 1.1.
Verification Artifact(s):
☐ 6.1.1 The organization affirms that a FOSS management program exists that meets all the requirements of this OpenChain Specification version 1.1.
Rationale:
To ensure that if an organization declares that it has a program that is OpenChain Conforming, that such program has met all the requirements of this specification. The mere meeting of a subset of these requirements would not be considered sufficient to warrant a program be OpenChain certified.
6.1 Conformance with this version of the specification will last 18 months from the date conformance validation was achieved. Conformance validation requirements can be found on the OpenChain project’s website.
Verification Artifact(s):
☐ 6.2.1 The organization affirms that a FOSS management program exists that meets all the requirements of this OpenChain Specification version 1.1 within the past 18 months of achieving conformance validation.
Rationale:
It is important for the organization to remains current with the specification if they want to assert program conformance overtime. This requirement ensures that the program’s supporting processes and controls do not erode if they want to continue to assert conformance with the specification overtime.