Identify the roles and the corresponding responsibilities
In order to establish a company’s open source governance, it is necessary to appoint a person in charge of it. It may be called an open source program manager, an open source compliance officer, etc., and this person in charge is responsible for the overall open source compliance of the company.
A person with the following competencies is suitable for this role.
- Understanding and development experience in the open source ecosystem
- Broad understanding of the company’s business
- Passion and communication skills to spread the effective use of open source to members of the company
An open source program manager should be guaranteed to be able to perform the role as full-time as possible.
Global ICT companies are working hard to hire such excellent open source program managers, and you can check various job postings at the following site. : https://github.com/todogroup/job-descriptions
To establish open source governance, you need to define the needs of each role and determine what responsibilities should be assigned. For small businesses, it is possible for an open source program manager to perform all the roles alone. Depending on the size of the enterprise, an infrastructure person who operates open source tools may be required, and the role of a legal person may be required to provide professional legal advice.
In general, the following roles are required to establish a corporate open source governance system.
- Legal
- Infrastructure
- Development culture
- Security
If you do the above, you can prepare the following evidence required by ISO/IEC 5230.
ISO/IEC 5230
- 3.1.2.1 : A documented list of roles with corresponding responsibilities for the different participants in the program.
Self Certify
- 1.c : A documented list of roles with corresponding responsibilities for the different participants in the program.
Define competencies
Once you have defined each role and its responsibilities, you need to figure out what competencies the person performing that role should have. This is because, through this, it is necessary to evaluate whether the person in charge of each role has the capability to perform the role, and if there is not enough, the company must provide the necessary training to him.
If you do this, you can prepare the following evidence required by ISO/IEC 5230.
ISO/IEC 5230
- 3.1.2.2 A document that identifies the competencies for each role.
Self Certify
- 1.d : Have you identified and documented the competencies required for each role?
Identify person or group
The open source program manager, in consultation with the relevant department, designates and documents the person in charge for each role. Of course, for this, it will be necessary to report the goals and directions for establishing an open source compliance system to the top decision makers such as the CEO to receive the necessary support.
Open source-related person and group in charge do not necessarily have to participate in open source work full-time. You can organize a virtual group in the form of an OSRB (Open Source Review Board) and perform the necessary roles.
SK Telecom has formed the OSRB to create open source policies and processes, and prepare countermeasures when issues arise.
If you do this, you can prepare the following evidence required by ISO/IEC 5230.
ISO/IEC 5230
- 3.2.2.1 Document with name of persons, group or function in program role(s) identified.
Self Certify
- 2.d : Have you documented the persons, group or function supporting the Program role(s) identified?
The table below is a sample representative that specifies the roles of open source-related organizations and people in charge, and the required competencies. You can refer to this and form an open source organization and document it.
This can also be found on this page. : appendix-1-list-of-persons-in-charge
If you organize in this way, you will now meet the following three requirements among the requirements of ISO/IEC 5230.