




	Compliance Best Practices
	Step One
	Step Two
	Step Three


	See Other IP Ingredients on the Internet
	Form to publish IP Ingredients URL
	IP Compliance Blog

Compliance Best Practices

No "One Size Fits All"

Every organization differs in character --- such as the numbers of developers, the maturity of products and markets, and the organization's tolerance for risk. Open source governance strategies are not "one size fits all", but should be tailored to the organization. If an organization is a software vendor, they may distribute modified open source software. Their policies and processes must therefore address commingling of proprietary and open source code so that modifications are not impaired by virtue of the open source license terms.

By comparison, an organization that only uses open source internally need not be as concerned about modifications. Instead their priority may be to better manage open source cost, security or maintenance.

Not all organizations use open source in the same way or to the same degree. Because the consequences of distributing open source can be so significant, hardware and software vendors need to pay particular attention to the use of open source code in their products. A more rigorous open source compliance program makes sense for them.

Whatever the nature of the organization, open source governance starts with three basic steps.

	Create an internal advisory team and management objectives

	Consult specialists for current approaches to audits and governance

	Design and implement policies and processes that fit your organization