G2: Assign Responsibility for Achieving Compliance
2.1 Identify FOSS Liaison Function ("FOSS Liaison").
- Assign individual(s) responsible for receiving external FOSS inquiries;
- FOSS Liaison must make commercially reasonable efforts to respond to FOSS compliance inquiries as appropriate; and
- Publicly identify a means by which one can contact the FOSS Liaison.
Verification Artifact(s):
☐ 2.1.1 FOSS Liaison function is publicly identified (e.g., via a published contact email address, or the Linux Foundation’s Open Compliance Directory).
☐ 2.1.2 An internal documented procedure exists that assigns responsibility for receiving FOSS compliance inquiries.
Rationale:
Ensure there is a reasonable way for third parties to contact the organization with regard to FOSS compliance inquiries and that this responsibility has been effectively assigned.
2.2 Identify Internal FOSS Compliance Role(s).
- Assign individual(s) responsible for managing internal FOSS compliance. The FOSS Compliance role and the FOSS Liaison can be the same individual.
- FOSS compliance management activity is sufficiently resourced:
- Time to perform the role has been allocated; and
- Commercially reasonable budget has been allocated.
- Assign responsibilities to develop and maintain FOSS compliance policy and processes;**
- Legal expertise pertaining to FOSS compliance is accessible to the FOSS Compliance role (e.g., could be internal or external); and
- A process exists for the resolution of FOSS compliance issues.
Verification Artifact(s):
☐ 2.2.1 Name of persons, group or function in FOSS Compliance role(s) internally identified.
☐ 2.2.2 Identify source of legal expertise available to FOSS Compliance role(s) which could be internal or external.
☐ 2.2.3 A documented procedure exists that assigns internal responsibilities for FOSS compliance.
☐ 2.2.4 A documented procedure exists for handling the review and remediation of non-compliant cases.
Rationale: Ensure certain FOSS responsibilities have been effectively assigned.