Free Linux Foundation Publication – “Self-Assessment Checklist” by The Linux Foundation
The Linux Foundation has compiled this extensive checklist of compliance practices found in industry-leading compliance programs. Companies can use this checklist as a confidential internal tool to assess their progress in implementing a rigorous compliance process and to help them prioritize their process improvement efforts. The Self-Assessment Checklist is constructed using at least two concepts from well-established models of process maturity such as the Software Engineering Institute’s Capability Maturity Model:
- Process adoption progresses from initial process definition through institutionalization to a state of controlled process management. The goal of a compliance process, as with any process, is to achieve consistent and expected business results from its use. A checklist of recommended practices should prompt companies to assess the extent to which they’ve institutionalized compliance actions and the degree to which those actions produce needed business results
- A distinction should be made between process goals and the practices implemented to achieve those goals. The compliance checklist explicitly recognizes valid alternative practices that may be used to achieve a particular goal.
Compliance practices included in the checklist will improve the effectiveness of compliance programs as well as deliver tangible benefit relative to the cost of those practices. A process failure modes effects analysis (FMEA) approach has been used to identify the ways a compliance process can fail and practices to prevent those process failures.
About the Linux Foundation Compliance Program
The Linux Foundation’s Open Compliance Program is the industry’s only neutral, comprehensive software compliance initiative. By marshaling the resources of its members and leaders in the compliance community, the Linux Foundation brings together the individuals, companies and legal entities needed to expand the use of open source software while decreasing legal costs and FUD. The Open Compliance Program offers comprehensive training and informational materials, open source tools, a best practices checklist, a rapid alert directory of company’s compliance officers and a standard to help companies uniformly tag and report software used in their products. The Open Compliance Program is led by experts in the compliance industry and backed by such organizations as the Adobe, AMD, ARM Limited, Cisco Systems, Google, HP, IBM, Intel, Motorola, NEC, Novell, Samsung, Software Freedom Law Center, Sony Electronics and many more. More information can be found at http://www.linuxfoundation.org/programs/legal/compliance.
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 12/17/2020
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 12/17/2020
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 12/08/2020