Checklist: establishing an open source compliance program

Strategy

Document your open source strategy covering the following areas, as relevant:

Strategic objectives: what benefits you intend to realize through using and engaging with open source, and how.

Compliance strategy: high-level strategy for ensuring open source compliance across enterprise, including the process for implementing that strategy.

Communications stategy: how to and who will respond to open source compliance inquiries from customers, the public, and open source projects.

Legal & risk strategy: how legal risk will be managed as part of the open source strategy and when legal review will be required.

M&A/corporate development: how open source compliance fits in to M&A and corporate development strategies.

Software procurement: how open source diligence will be managed for new software procurement (and audits of oustanding procurement).

Establish policies for open source engagement that cover:

Establish a core open source review team, typically consisting of participants from:

Establish a cross-functional open source policy team with representatives from every area affected by open source policies, including:

Establish reporting & approval chains for key open source-related issues:

Put in place software tools to manage key open source management processes:

Institute training and documentation to increase awareness of and compliance with open source processes, including:

Publish materials communicating your open source strategy, policies, and related content as applicable, including:

Where appropriate, align policies and processes with, and participate in, industry open source compliance-related initiatives, such as: