Compliance Templates

Self-Assessment Checklist

  • The Linux Foundation has compiled this extensive checklist of compliance practices found in industry-leading compliance programs. Companies can use this checklist as a confidential internal tool to assess their progress in implementing a rigorous compliance process and to help them prioritize their process improvement efforts. The Self-Assessment Checklist is constructed using at least two concepts from well-established models of process maturity such as the Software Engineering Institute’s Capability Maturity Model:
    • A distinction should be made between process goals and the practices implemented to achieve those goals. The compliance checklist explicitly recognizes valid alternative practices that may be used to achieve a particular goal.
    • Process adoption progresses from initial process definition through institutionalization to a state of controlled process management. The goal of a compliance process, as with any process, is to achieve consistent and expected business results from its use. A checklist of recommended practices should prompt companies to assess the extent to which they’ve institutionalized compliance actions and the degree to which those actions produce needed business results
  • Compliance practices included in the checklist will improve the effectiveness of compliance programs as well as deliver tangible benefit relative to the cost of those practices. A process failure modes effects analysis (FMEA) approach has been used to identify the ways a compliance process can fail and practices to prevent those process failures.
  • ​Author: The Linux Foundation

Generic FOSS Policy

  • Companies using FOSS often create a company-wide policy to ensure that all staff is informed of how to use FOSS (especially in products), to maximize the impact and benefit of using FOSS, and to ensure that any technical, legal or business risks resulting from that usage are properly mitigated. This document is a new free resource available from the Linux Foundation under the Open Compliance Program. It offers a generic FOSS Policy that companies can use as starting point in creating their own FOSS Policy. It provides a template policy that focuses on governing FOSS usage in externally distributed products that can be customized to the company’s specific needs.
  • ​Author: The Linux Foundation

A Template for Approval Request Form For The Use of Free and Open Source Software

  • ​This document is part of the free resources made available by The Linux Foundation Open Compliance Program. It offers a template for the Approval Request Form used by developers to request approval to use Free and Open Source Software (FOSS) in a commercial product. The company’s Open Source Review Board (OSRB) then reviews the submission and determines approval. In most cases, the submission, reviewal and approval of such requests is managed via an online submission system that is part of the company’s FOSS compliance management process.
  • Author: The Linux Foundation