Checklist: establishing an open source compliance program

Strategy

Document your open source strategy covering the following areas, as relevant:

Strategic objectives: what benefits you intend to realize through using and engaging with open source, and how.
Compliance strategy: high-level strategy for ensuring open source compliance across enterprise, including the process for implementing that strategy.
Communications stategy: how to and who will respond to open source compliance inquiries from customers, the public, and open source projects.
Legal & risk strategy: how legal risk will be managed as part of the open source strategy and when legal review will be required.
M&A/corporate development: how open source compliance fits in to M&A and corporate development strategies.
Software procurement: how open source diligence will be managed for new software procurement (and audits of oustanding procurement).

Policy and process

Establish policies for open source engagement that cover:

People

Establish a core open source review team, typically consisting of participants from:

Establish a cross-functional open source policy team with representatives from every area affected by open source policies, including:

Establish reporting & approval chains for key open source-related issues:

Open source management toolchain

Put in place software tools to manage key open source management processes:

Training and Education

Institute training and documentation to increase awareness of and compliance with open source processes, including:

Communication

Publish materials communicating your open source strategy, policies, and related content as applicable, including:

Industry initiatives

Where appropriate, align policies and processes with, and participate in, industry open source compliance-related initiatives, such as:

Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.