openchain-bounces@... <openchain-bounces@...> On Behalf Of
Tuesday, June 12, 2018 1:17 AMTo:
[OpenChain] Conformance: What does "organization" mean?
according to the Spec OpenChain conformance is declared for compliance programs of an organization. In our last call, we agreed that the term “organization” needs further clarification, as it is the reference point not only for the program, but also for the 85% of software staff that need to undergo training. We further agreed to use the July to clarify the term. The term “organization” was agreed after long discussions in the very beginning of the project, where it was also agreed that organization meant legal entity. As we are now considering to change this understanding, we wanted to make sure everyone was aware of the discussions we have had about this topic to date and the agreements that were reached (or not reached) at various points in time. So in preparation of our meeting in July and to kick off the discussion on the mailing list, Daniel summarized all of our meeting minutes again and we created an overview over the agreed meaning of organization and the relevant arguments and minutes.
Summary of discussions re. “organization”:
Date of call
(Agreed) meaning of “organization”
Minutes summary (if relevant)
Until July 10, 2017
Organization means legal entity.
August 7, 2017
Organization generally means legal entity,
unless legal entity does not work for the structure of the organization that is claiming conformance.
- Organization is not explicitly defined as a legal entity in the current OpenChain material.
- It was decided that for now we will define organization as legal entity, but companies with other structures can also self-certify by using Legal entity > StructureName.
- If they have any questions or need assistance they can contact the conformance work team volunteers.
September 5, 2017
Organization means legal entity.
- Discussion about what happens in case of acquisitions (re. 85% software staff)
- What needs to happen when a conformant company acquires another which is not conformant yet?
- What should happen with regards to the conformance during the integration phase of the acquired company? Integration takes time for the new part of the company to follow policies and processes.
October 16, 2017, October 24, 2017 January 15, 2018
- No agreement.
- Potential meanings:
- Legal entity.
- Section of the company, where staff is involved in software development of software.
- Section of the company, where a particular open source program applies.
- Business Group of a company.
- Release of software needs to be certified to be conformant.
- As long as it is clear whether compliance is for the full or part of the organization it seems perfectly acceptable.
- Allowing partial conformance is important.
- In the very beginning of the project and that the focus at that time was on conformance legal entity by legal entity.
- It may be useful if we could certify that a release was OpenChain conforming.
- We need to clarify whether conformance is by a program or a legal entity.
- From a legal perspective it is easier to define conformance by legal entity but in practice it may be easier by program.
- It may be useful to allow different stages of conformance (full organization, partial conformance) to encourage a pathway to full conformance.
- Our current understanding of the spec is that it applies to a program, and 85% of the staff related to a program need to meet the requirements of the spec (rather than the company as a whole).
- There is an expectation of a company being conformant. There may be a detrimental reliance issue. If it is not full entity conformance there will have to be a lot of clarification.
- Looking at standards like ISO it had organizations being partially conformant but in open source we need to have complete conformance.
November 6, 2017
- Agreement that organization does not need to be a whole legal entity.
- The reference point of the spec is “program”.
- It is not relevant, if a whole entity to be conforming.
February 5, 2018
- No agreement.
- Potential interpretations:
- Headcount of the people in an area.
In my opinion, the starting point of our discussion should be:
- The goal of OpenChain, which is to build trust. That requires that we have clarity about what the organization is that has the OpenChain conformant program.
- The recipient of the Supplied Software needs to be able to trust, meaning that the relevant question is, what the recipient would expect organization to mean (Would they expect it to mean legal entity or the combination of all those involved in creating the Supplied Software irrespective of which legal entity happens to employ them?).
On the more formal side, we should also consider, what the proper procedure is, as we are essentially changing an agreement that was reached by the OpenChain project at an earlier stage. We should also consider how the conformance and especially the logos should be presented on the website.
Looking forward to all your input.
Dr. Miriam Ballhausen
Rechtsanwältin / Senior Associate
Bird & Bird
Direct +49 (0)40 460 63 6269
Mob +49 (0)151 7212 3911
Tel +49 (0)40 460 63 6000
Fax +49 (0)40 460 63 6011
Bird & Bird LLP
Großer Grasbrook 9
BIRD & BIRD
Der Inhalt dieser Email ist vertraulich und unterliegt möglicherweise auch dem Anwaltsgeheimnis. Wenn Sie diese Email irrtümlich erhalten haben, löschen Sie sie bitte und benachrichtigen Sie bitte umgehend per Antwort-Email den Absender. Diese Email darf weder kopiert oder für andere Zwecke verwendet noch darf ihr Inhalt anderen Personen offengelegt werden.
Bird & Bird LLP ist als limited liability partnership unter OC340318 in England und Wales registriert. Registersitz: 12 New Fetter Lane, London EC4A 1JP.
Einzelheiten finden Sie unter www.twobirds.com
Bitte beachten Sie unsere Datenschutzhinweise (www.twobirds.com/LNPrivacy). Dort erfahren Sie welche Kategorien personenbezogener Daten wir erheben, wie wir diese Daten verarbeiten, an wen wir diese Daten im Rahmen unserer Leistungserbringung übermitteln und welche Rechte und weitere Möglichkeiten Sie in Bezug auf die Verarbeitung Ihrer Daten haben.
Nähere Angaben über Bird & Bird LLP und die mit der LLP verbundenen Anwälte (gemeinsam als “Bird & Bird“ bezeichnet) finden Sie unter www.twobirds.com/LN
Any e-mail sent from Bird & Bird may contain information which is confidential and/or privileged. Unless you are the intended recipient, you may not disclose, copy or use it; please notify the sender immediately and delete it and any copies from your systems. You should protect your system from viruses etc.; we accept no responsibility for damage that may be caused by them.