3. Team

Identify the roles and the corresponding responsibilities

In order to establish a company’s open source governance, it is necessary to appoint a person in charge of it. It may be called an open source program manager, an open source compliance officer, etc., and this person in charge is responsible for the overall open source compliance of the company.

A person with the following competencies is suitable for this role.

  • Understanding and development experience in the open source ecosystem
  • Broad understanding of the company’s business
  • Passion and communication skills to spread the effective use of open source to members of the company

An open source program manager should be guaranteed to be able to perform the role as full-time as possible.

Global ICT companies are working hard to hire such excellent open source program managers, and you can check various job postings at the following site. : https://github.com/todogroup/job-descriptions

To establish open source governance, you need to define the needs of each role and determine what responsibilities should be assigned. For small businesses, it is possible for an open source program manager to perform all the roles alone. Depending on the size of the enterprise, an infrastructure person who operates open source tools may be required, and the role of a legal person may be required to provide professional legal advice.

In general, the following roles are required to establish a corporate open source governance system.

  • Legal
  • Infrastructure
  • Development culture
  • Security

Individuals and teams involved in ensuring open source compliance : https://www.linuxfoundation.org/wp-content/uploads/OpenSourceComplianceHandbook_2018_2ndEdition_DigitalEdition.pdf

If you do the above, you can prepare the following evidence required by ISO/IEC 5230.

Define competencies

Once you have defined each role and its responsibilities, you need to figure out what competencies the person performing that role should have. This is because, through this, it is necessary to evaluate whether the person in charge of each role has the capability to perform the role, and if there is not enough, the company must provide the necessary training to him.

If you do this, you can prepare the following evidence required by ISO/IEC 5230.

Identify person or group

The open source program manager, in consultation with the relevant department, designates and documents the person in charge for each role. Of course, for this, it will be necessary to report the goals and directions for establishing an open source compliance system to the top decision makers such as the CEO to receive the necessary support.

Open source-related person and group in charge do not necessarily have to participate in open source work full-time. You can organize a virtual group in the form of an OSRB (Open Source Review Board) and perform the necessary roles.

SK Telecom has formed the OSRB to create open source policies and processes, and prepare countermeasures when issues arise.

https://sktelecom.github.io/about/osrb/

If you do this, you can prepare the following evidence required by ISO/IEC 5230.

The table below is a sample representative that specifies the roles of open source-related organizations and people in charge, and the required competencies. You can refer to this and form an open source organization and document it.

This can also be found on this page. : appendix-1-list-of-persons-in-charge

If you organize in this way, you will now meet the following three requirements among the requirements of ISO/IEC 5230.

Last modified December 10, 2021: process for english (d8a92c4dd)