Skip to main content

Self-Assessment Checklist: A Measuring Stick for Open Compliance Efforts

By 2010-11-018月 22nd, 2017Blog

If you’re serious about improving your company’s business practices, you probably want answers to some simple questions: “What’s important?” “What should I focus on and where do I start?” “What are best-in-class companies doing that I ought to be doing, too, and what can I learn from them?”

That’s what the free Self-Assessment Checklist from The Linux Foundation’s Open Compliance Program is all about.   We’ve compiled an extensive list of open source compliance practices found in industry-leading compliance programs.  And to be clear, compliance is essential if companies are to gain the maximum benefit from use of free and open source software while respecting license obligations. 

Copies of the Self-Assessment Checklist can be downloaded, starting today, at Self-Assessment Compliance Checklist | The Linux Foundation.

Companies can use the Self-Assessment Checklist confidentially to assess progress in implementing a rigorous open source compliance process. The checklist can help you prioritize process improvement efforts on the areas of greatest payoff.  You can also use the checklist during supplier selection to assess a supplier’s compliance practices and gauge the likely reliability of its open source disclosures.

Over 100 practices are identified in the checklist, focusing on what needs to be done.  The Linux Foundation’s newly-introduced open compliance training complements the checklist, emphasizing how to implement those practices with the greatest effectiveness.  Training options are described at Compliance Training and include half-day, one-day, and two-day courses. 

We called this checklist a “Self-Assessment” because companies can use it internally without exposing their internal compliance practices to outsiders. Using the checklist calls for a frank appraisal of a compliance program’s strengths and weaknesses. Of course, some companies may want an objective outside expert to facilitate these discussions confidentially.  If so, the Linux Foundation can come in to facilitate and add improvement recommendations, too.

We expect that the checklist will evolve over time, as feedback on its use comes in.  Suggestions for improvement will be appreciated.  Please send comments to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
. Feedback provided to the Linux Foundation will not be attributed to the provider to encourage you to share your thoughts on compliance and on the uses you are making of the checklist.

The Self-Assessment Checklist represents a key element of The Linux Foundation’s Open Compliance Program announced on August 10, 2010. The program also includes free tools to help with compliance due diligence, free education material, comprehensive professional training, an online compliance community (FOSSBazaar) to exchange compliance best practices, the  SPDXTM (Software Package Data eXchange) standard for specifying an open source bill of materials, and a compliance rapid response directory to help companies and open source developers connect on compliance matters.

So, are you ready to take the next step forward with your compliance efforts?

Read more at Phil Koltun’s Feed
The Linux Foundation
Follow Us