openchain:proposed-draft
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
openchain:proposed-draft [2015/02/03 15:55] jlovejoy [Outline of Compliance Reference Model] |
openchain:proposed-draft [2015/02/03 16:00] jlovejoy [Outline of Compliance Reference Model] |
||
|---|---|---|---|
| Line 75: | Line 75: | ||
| * How to adhere to FOSS approval process | * How to adhere to FOSS approval process | ||
| * C1.2.3 Delivery method\\ | * C1.2.3 Delivery method\\ | ||
| - | * In-person, online //should we dictate what format the training delivery method should be? Is this to mean it can be in either in-person or online - or needs to be in both formats?// | + | * In-person, online //(JL: should we dictate what format the training delivery method should be? Is this to mean it can be in either in-person or online - or needs to be in both formats?)// |
| - | * C1.2.4 Compliance and attendance //compliance with the training? might not want to use the word "compliance" here as it is more associated with license compliance?// | + | * C1.2.4 Compliance and attendance //(JL: compliance with the training? might not want to use the word "compliance" here as it is more associated with license compliance?)// |
| * Recordkeeping | * Recordkeeping | ||
| * Reoccurring training | * Reoccurring training | ||
| Line 83: | Line 83: | ||
| - SP2.2 Compliance management activity is resourced | - SP2.2 Compliance management activity is resourced | ||
| * SP2.2.1 Processes, procedures, templates, forms, etc. are developed | * SP2.2.1 Processes, procedures, templates, forms, etc. are developed | ||
| - | * SP2.2.2 Compliance tool needs are identified //do we want to specifically say "tools"?// | + | * SP2.2.2 Compliance tool needs are identified //(JL: do we want to specifically say "tools"? Are tools always required, e.g. small companies who still want to use these guidelines?)// |
| * SP2.2.3 Compliance tools are evaluated, developed or acquired, and deployed | * SP2.2.3 Compliance tools are evaluated, developed or acquired, and deployed | ||
| - | - SP2.3 Licensing expertise is available //recommend putting this as first SP here// | + | - SP2.3 Licensing expertise is available //(JL: recommend putting this as first SP here)// |
| - **G3: FOSS content (packages/license) is known** //consider making this G2?// | - **G3: FOSS content (packages/license) is known** //consider making this G2?// | ||
| - SP3.1 Code audits/scans are conducted | - SP3.1 Code audits/scans are conducted | ||
| - | - SP3.2 Supplier compliance is managed //define who a supplier is; what if the company in question is situated to not really have suppliers, do they still have to comply with these goals?// | + | - SP3.2 Supplier compliance is managed //(JL: define who a supplier is; what if the company in question is situated to not really have suppliers, do they still have to comply with these goals?)// |
| * SP3.2.1 Supplier compliance practices are assessed | * SP3.2.1 Supplier compliance practices are assessed | ||
| * SP3.2.2 Supplier FOSS disclosures are made and reviewed | * SP3.2.2 Supplier FOSS disclosures are made and reviewed | ||
| * SP3.2.3 Supplier FOSS obligations are satisfied | * SP3.2.3 Supplier FOSS obligations are satisfied | ||
| - | - SP3.3 FOSS records are maintained //move up in list here// | + | - SP3.3 FOSS records are maintained //(JL: move up in list here)// |
| - **G4: FOSS content is reviewed and approved** | - **G4: FOSS content is reviewed and approved** | ||
| - | Supporting practices:\\ | + | - SP4.1 OSRB exists and is staffed appropriately |
| - | SP4.1 OSRB exists and is staffed appropriately\\ | + | - SP4.2 Planned FOSS use is reviewed in context |
| - | SP4.2 Planned FOSS use is reviewed in context | + | - SP4.3 License obligations are identified, understood, and documented |
| - | SP4.3 License obligations are identified, understood, and documented\\ | + | - SP4.4 Issues are resolved and approval decisions are followed |
| - | SP4.4 Issues are resolved and approval decisions are followed\\ | + | - **G5: FOSS obligations are satisfied** |
| - | + | - SP5.1 Documentation obligations are met | |
| - | G5: FOSS obligations are satisfied\\ | + | - SP5.2 Source code obligations are met |
| - | Supporting practices:\\ | + | - SP5.3 Community interface exists |
| - | SP5.1 Documentation obligations are met\\ | + | * SP5.3.1 Email and postal addresses work |
| - | SP5.2 Source code obligations are met\\ | + | * SP5.3.2 Web portal works |
| - | SP5.3 Community interface exists\\ | + | * SP5.3.3 Community requests and inquiries are satisfied |
| - | -SP5.3.1 Email and postal addresses work\\ | + | - **G6: Community <del>contributions are encouraged</del> engagement is understood** |
| - | -SP5.3.2 Web portal works\\ | + | - <del>SP6.1: Individual contributions are reviewed and approved</del> |
| - | -SP5.3.3 Community requests and inquiries are satisfied\\ | + | - <del>SP6.2: Company contributions are reviewed and approved</del> |
| - | + | - __SP6.1: Community participation is reviewed and approved.__ | |
| - | G6: Community <del>contributions are encouraged</del> engagement is understood\\ | + | |
| - | Supporting Practices:\\ | + | |
| - | <del>SP6.1: Individual contributions are reviewed and approved</del>\\ | + | |
| - | <del>SP6.2: Company contributions are reviewed and approved</del>\\ | + | |
| - | __SP6.1: Community participation is reviewed and approved.__ | + | |
| {{:openchain:g1.jpg|}} | {{:openchain:g1.jpg|}} | ||
openchain/proposed-draft.txt · Last modified: 2016/08/11 12:12 by AliceSmith
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
