▶ Platform Demo Services Why norxs About News Contact Client Login
News · Compliance

What We Build,
On the Record.

Milestones, standards, and the conformance behind our work — so OEMs, Tier 1 suppliers, and industrial clients can verify, not just trust.

Our Conformance

OpenChain ISO/IEC 5230

Open Source License Compliance

A documented, verifiable program for identifying and satisfying the license obligations attached to the open source we use and ship.

Self-certified · 2026

OpenChain ISO/IEC 18974

Open Source Security Assurance

A structured process for tracking known vulnerabilities in open source components and responding to them — supply-chain security, not an afterthought.

Self-certified · 2026
Standards We Engineer To
ISO 26262 IEC 61508 ISO/SAE 21434 UN R155 / R156 ASPICE ISO 21448 (SOTIF) NIST CSF
Security Disclosure
Announcements

norxs Technology Achieves OpenChain ISO/IEC 5230 and ISO/IEC 18974 Conformance

norxs has self-certified its open source program against two international standards published through the OpenChain Project: ISO/IEC 5230:2020 for open source license compliance, and ISO/IEC 18974:2023 for open source security assurance.

For a firm whose work centers on functional safety and cybersecurity, the decision follows directly from how we already operate. The software we deliver into EV powertrains, power distribution systems, and industrial controls almost always includes open source components. The standards our clients build to — ISO 26262, ISO/SAE 21434, UN R155 — increasingly expect a clear account of where that software comes from, under what license terms it can be used, and how its security is managed over its lifetime. A documented, auditable open source program is how we give them that account.

ISO/IEC 5230 addresses license compliance: clearly assigned responsibilities, staff training, and a verifiable process for identifying and satisfying the obligations attached to the open source we use and ship.

ISO/IEC 18974 addresses security assurance: a structured process for identifying known vulnerabilities in open source components and responding to them, rather than treating supply chain security as an afterthought.

For our clients, the security side carries as much weight as the legal one. Automotive cybersecurity requirements under ISO/SAE 21434 and UN R155 expect suppliers to manage cyber risk across the entire software supply chain. Conformance to ISO/IEC 18974 is direct evidence that we do.

"Our clients trust us with the parts of a vehicle or a plant that aren't allowed to fail. That standard can't stop at the hardware — it applies to every line of software we ship, including the open source we build on. These two standards let us show, against an external benchmark, that both the licensing and the security of that code are managed deliberately, not assumed."

— Founder, norxs Technology LLC

Together, this conformance places norxs alongside organizations that have adopted recognized international standards for open source supply chain management, including companies such as Toyota and Volvo Cars. It also sits with the NIST Cybersecurity Framework as part of how we build and secure software for safety-critical systems.