Training Your Team on Open Source Compliance

What makes an organization truly open source? There are many opinions regarding this matter, but one telling factor would be a conscious and continuous effort to maintain open source compliance. That means constantly educating your team as well as those outside the organization on your compliance policies and encouraging a culture of compliance.

Open source compliance is much more than just about keeping things open, it’s understanding the policies that govern the use of open source software, the facts of open source licensing and the legal risks of incorporating open source software. To achieve this in an organizational level, training is essential.

Compliance Training

Compliance training can be done either formally or informally, so long as the goal is achieved. But what is the goal of compliance training? According to The Linux Foundation’s guide to open source compliance, it is “to raise awareness of open source policies and strategies and to build a common understanding around the issues and facts of open source licensing.” It is also vital in ensuring that the company or organization avoid business and legal risks that come with incorporating open source software.

In formal settings, compliance training is mandatory to all those working with open source software. These trainings would be led by formal instructors and most likely culminate in exams.

Informal trainings on the other hand, can be done in a number of ways:

• Brown bag seminars – These are seminars or casual meetings held during lunchtime by an employee or member of the organization well-versed in compliance policies, or by an invited speaker. These types of seminars not only aim to educate members but also encourage discussions about the group’s compliance program, policies and processes.
• New employee orientation – Compliance training can also be part of new employee orientation, wherein a Compliance Officer presents the company’s compliance policies and processes to new employees. This ensures that right from the start, employees are already well aware of what they should and shouldn’t be doing, who to talk to, etc. regarding open source.
• Online portal – Though not a form of training in itself, an online portal or website can be a great compliance training tool. It can be used in two ways: inwards, to host compliance policies, guidelines, documents, training, etc. within the company or organization; and outwards, as a public platform for the world. It can serve as a venue to post source code of open source packages and other disclosures, fulfilling license obligations.

With the openness of some organizations and projects being contentious, it’s important to continue to rally for genuine openness, and that includes promoting and practicing open source compliance. Through open source compliance training the policies that form the backbone of open source will continue to prevail and keep the entire open source movement strong.