Managing Open Source Compliance comprises several skill sets. Besides legal expertise also management and technical skills are required to succeed with this challenge. The following geenral role models provide you with an idea of how the responsibilities could be distributed for a sustainable process implementation, even in larger organisations. A more detailed information on the several role types trustSource provides can be found in the TrustSource roles article.
Developer
On the one hand there is the technical expertise required to make changes on source code. We typically see this with the Developer role. Following overview states the role characteristics:
To improve the skills of the developer in the domain of open source, we have provided a specific training as "Certified Open Source Expert Developer". Further information can be found here.
Project Manager
In addition to that we see a more management related responsibility, which we associated with the Project Manager role. The Project Manager shall take the responsibility for the delivery of a compliant solution. This role could be taken - depending on the individual organisational design and the available skill set - by a SCRUM Master, a product owner or a team lead. Following overview outlines the core characteristics of that role:
In self-driven, modern style DevOps teams it may be one of the senior developers or lead developer, who should take this role. Some capabilities like initiating an approval or setting project visibility are limited to this role. Therefore every team should have at least one member in this role.
Compliance Manager
Finally someone needs to overview the execution. This we have assigned to the role of the Compliance Manager. Based on the idea that nobody should sign himself free, the Compliance Manager role should be assigned to a central body or at least someone outside the team. In Scrum Teams the Product Owner might be a candidate, but even here sometimes commercial constraints may diverge from compliance goals. Thus a central agent or maybe even an external lawyer, only responsible to the law, will be a good choice.
You may also opt to request EACG, our mother company to take this role as an external support. This ensures conflict free compliance. Read here, why your organisation may be benefit from external Compliance managers. Compliance Managers in TrustSource receive approval requests, see the compliance reports and may grant or deny approvals.
We also provide training to learn how to cope with the role of the compliance manager. Get in touch with our Consulting Team.
For larger Organisations, we also suggest an
Open Source Board
As usual in a corporate context, guiding decisions of no or go should not lie in the hands of a single individual only. Especially decisions impacting speed of development, quality of products and risk management are influenced by more than a single department. Pressure from market (e.g. product owners), stakeholder from management side (e.g. legal) and delivery responsible (e.g. developers or project managers) need to agree on the most reasonable way forward. To resolve conflicts and find common positions, we recommend to instantiate a so called Open Source Board, with the following Characteristics:
In general the board should be equipped with one or three standing members - depending on the size and regional spread of the organization, the board itself might be Structured cascading - organizing and developing the open source compliance matter on a regular basis.
They then would add individual project members on a case base to resolve escalations or contribute to the policy, clarify procedures, etc.
PLEASE NOTE: This is a complex and highly difficult topic. The implementation requires experience in organizational design, the individual organization as well as the topic itself to provide an accepted and comprehensive design. The given samples above can only illustrate how the acting roles are understood in the TrustSource context. This model has already been implemented in some companies and they are fine with it. But this does not mean, it will work for every company. Feel free to contact our support or consulting for a first free discussion.
Comments
1 comment
Just an editorial note: There are two typos in the title: Role Con[c]epts in Open Source Co[m]pliance.
Please sign in to leave a comment.