REMINDER: Legal Work Group Meeting Today (25th May) at 09:00 PDT / 16:00 UTC / 18:00 CEST / 00:00 CST / 01:00 KST + JST
I have created the first spin of the Model Provisions document based on the Risk Grid to get the conversation started:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Adoption-Preparation/Model-Provisions/openchain-standards-model-provisions.0.1.md
This is *not* intended to be a workable solution. It is intended to help us brainstorm on the call.
The call starts at 09:00 PDT / 16:00 UTC / 18:00 CEST on the 25th of May. In Asia 00:00 CST / 01:00 KST + JST, 26th May.
Join here:
https://zoom.us/j/96098580398
Provisions included below for reference.
# Overview
This is a document to explore model provisions for OpenChain ISO/IEC 5230 or ISO/IEC DIS 18974 in procurement contracts and similar material. It is based on the public domain Risk Grid version 12 hosted in the OpenChain Reference Library on GitHub:
https://github.com/OpenChain-Project/Reference-Material/blob/master/General-Compliance-Support-Material/Risk-Grid/risk-grid-12.md
The goal of this document is to ensure people can understand options. We will not be prescriptive and these model provisions will remain part of the OpenChain reference material. They will not be included in the OpenChain standards themselves.
# Structure:
Each issue is formatted as follows:
- Issue
- Commentary
- Who is best placed to bear risk?
- Best mechanism to tackle risk
- Sample Wording
- Supplier's Arguments
- Customer's Arguments
# Overarching Topics
## Issue - Inclusion of OpenChain ISO/IEC 5230
### Commentary
None listed.
### Who is best placed to bear risk?
Supplier.
### Best mechanism to tackle risk
None listed.
### Sample Wording
The Supplier warrants that the Software originates from an OpenChain ISO/IEC 5230:2000 Conformant Program [under the control of the Supplier / under the control of a provider to the Supplier].
The Supplier [further] warrants that[, so far as it is aware,] the Software complies the Program Guidelines provided by OpenChain ISO/IEC 5230:2000 at the time of delivery.
[The Supplier does not warrant that use, modification or further distribution by the Customer of the Software constitutes a continuation of adherence to OpenChain ISO/IEC 5230:2000 Program Guidelines].
### Supplier's Arguments
The Supplier may argue that the inclusion of these requirements or the extent of the requirements included introduce a cost-burden that need to be offset.
### Customer's Arguments
The Customer is receiving a potential liability regarding third-party intellectual property along with the Software deliverable from the Supplier. As such, it is reasonable to request that the Supplier adheres to international standards related to the licensing of this third-party intellectual property.
## Issue - Inclusion of OpenChain ISO/IEC DIS 18974
### Commentary
None listed.
### Who is best placed to bear risk?
Supplier.
### Best mechanism to tackle risk
None listed.
### Sample Wording
The Supplier warrants that the Software originates from an OpenChain ISO/IEC DIS 18974 Conformant Program [under the control of the Supplier / under the control of a provider to the Supplier].
The Supplier [further] warrants that[, so far as it is aware,] the Software complies the Program Guidelines provided by OpenChain ISO/IEC DIS 18974 at the time of delivery.
[The Supplier does not warrant that use, modification or further distribution by the Customer of the Software constitutes a continuation of adherence to OpenChain ISO/IEC DIS 18974 Program Guidelines].
### Supplier's Arguments
The Supplier may argue that the inclusion of these requirements or the extent of the requirements included introduce a cost-burden that need to be offset.
### Customer's Arguments
The Customer is receiving a potential liability regarding security along with the Software deliverable from the Supplier. As such, it is reasonable to request that the Supplier adheres to international standards related to the managing of security assurance related to the Software.
https://github.com/OpenChain-Project/Reference-Material/blob/master/Adoption-Preparation/Model-Provisions/openchain-standards-model-provisions.0.1.md
This is *not* intended to be a workable solution. It is intended to help us brainstorm on the call.
The call starts at 09:00 PDT / 16:00 UTC / 18:00 CEST on the 25th of May. In Asia 00:00 CST / 01:00 KST + JST, 26th May.
Join here:
https://zoom.us/j/96098580398
Provisions included below for reference.
# Overview
This is a document to explore model provisions for OpenChain ISO/IEC 5230 or ISO/IEC DIS 18974 in procurement contracts and similar material. It is based on the public domain Risk Grid version 12 hosted in the OpenChain Reference Library on GitHub:
https://github.com/OpenChain-Project/Reference-Material/blob/master/General-Compliance-Support-Material/Risk-Grid/risk-grid-12.md
The goal of this document is to ensure people can understand options. We will not be prescriptive and these model provisions will remain part of the OpenChain reference material. They will not be included in the OpenChain standards themselves.
# Structure:
Each issue is formatted as follows:
- Issue
- Commentary
- Who is best placed to bear risk?
- Best mechanism to tackle risk
- Sample Wording
- Supplier's Arguments
- Customer's Arguments
# Overarching Topics
## Issue - Inclusion of OpenChain ISO/IEC 5230
### Commentary
None listed.
### Who is best placed to bear risk?
Supplier.
### Best mechanism to tackle risk
None listed.
### Sample Wording
The Supplier warrants that the Software originates from an OpenChain ISO/IEC 5230:2000 Conformant Program [under the control of the Supplier / under the control of a provider to the Supplier].
The Supplier [further] warrants that[, so far as it is aware,] the Software complies the Program Guidelines provided by OpenChain ISO/IEC 5230:2000 at the time of delivery.
[The Supplier does not warrant that use, modification or further distribution by the Customer of the Software constitutes a continuation of adherence to OpenChain ISO/IEC 5230:2000 Program Guidelines].
### Supplier's Arguments
The Supplier may argue that the inclusion of these requirements or the extent of the requirements included introduce a cost-burden that need to be offset.
### Customer's Arguments
The Customer is receiving a potential liability regarding third-party intellectual property along with the Software deliverable from the Supplier. As such, it is reasonable to request that the Supplier adheres to international standards related to the licensing of this third-party intellectual property.
## Issue - Inclusion of OpenChain ISO/IEC DIS 18974
### Commentary
None listed.
### Who is best placed to bear risk?
Supplier.
### Best mechanism to tackle risk
None listed.
### Sample Wording
The Supplier warrants that the Software originates from an OpenChain ISO/IEC DIS 18974 Conformant Program [under the control of the Supplier / under the control of a provider to the Supplier].
The Supplier [further] warrants that[, so far as it is aware,] the Software complies the Program Guidelines provided by OpenChain ISO/IEC DIS 18974 at the time of delivery.
[The Supplier does not warrant that use, modification or further distribution by the Customer of the Software constitutes a continuation of adherence to OpenChain ISO/IEC DIS 18974 Program Guidelines].
### Supplier's Arguments
The Supplier may argue that the inclusion of these requirements or the extent of the requirements included introduce a cost-burden that need to be offset.
### Customer's Arguments
The Customer is receiving a potential liability regarding security along with the Software deliverable from the Supplier. As such, it is reasonable to request that the Supplier adheres to international standards related to the managing of security assurance related to the Software.