ISO/IEC 20243-1:2018 is a set of guidelines, requirements and recommendations to help assure the integrity of hardware and software products and protect them from the risk of malicious threats and counterfeiting.
Although issued by the International Organization for Standardization (ISO), the standard was originally created by the Open Group as the "Open Trusted Technology Provider Standard" (O-TTPS) and is still sometimes known by that name.
ISO 20243 dictates best practices for security throughout every phase of a product’s lifecycle: design, sourcing, build, fulfillment, distribution, sustainment and disposal. A product that has achieved O-TTPS certification has demonstrated strict compliance with all of ISO 20243's security guidelines.
Reports and other documentation
IBM’s software products—all standardized and shared multi-tenant IBM cloud offerings, as well as IBM Systems Hardware Products—are all certified under The Open Group O-TTPS Certification Program Self-Assessed tier for O-TTPS and ISO/IEC 20243:2018. This demonstrates that IBM’s product lifecycle has implemented control requirements across three families: (1) product development; (2) secure engineering; and (3) supply chain security. IBM ISO 20243 certificates are published and generally available.