Personal tools
You are here: Home Open Source Compliance Self assessment Checklist
nrcfoss logo aukbc cdac iit mumbai iit madras ow2 iosn flosscc
Digital India

Self assessment Checklist

This checklist is to be used as a confidential internal tool to assess their progress in implementing a rigorous compliance process and to help them prioritize their process improvement efforts.


This is made for use by teams responsible for defining, implementing, and improving open source compliance programs within their organizations which will help them to evaluate open source applications and help them to make decisions while adopting and developing applications using open source software.This helpls them to make or use robust open source tool at less cost (development , maintenance etc..) and a reliable bug free software.


The self-assessment checklist presents a set of recommended practices distilled from the experiences of corporations committed to encouraging open source use while fully complying with OSS license obligations. Not every organization will see a need to implement every practice and some will find alternative practices or implementation approaches that achieve the goals of a compliance program.

Guidelines to Use the Checklist

The Self-Assessment Checklist can be used to stimulate discussion about the rigor and effectiveness of a compliance program and to focus attention on areas of greatest need for improvement. A facilitated discussion of checklist questions may be fruitful in achieving a consensus view of capability and gaining perspective on improvement possibilities.

The checklist may also be used by organizations, especially during the supplier selection process, to assess a supplier’s compliance process and gauge the likely reliability of its open source disclosures.

No scoring scheme has been provided in this initial version of the checklist. Organizations may wish to consider the following approaches to appraising individual compliance practices:

• Yes / No / Not Applicable

• Frequently Performed / Occasionally Performed / Rarely Performed

• Strong / Satisfactory / Weak / Not Done

• Fully Satisfied / Partly Satisfied / Not Satisfied

• Green (Good) / Yellow (Marginal) / Red (Unacceptable)


Feedback and Future Revisions

Sugesstions and feedback are welcomed.Please send the feedback to ______________

Additional Readings and Resources


The Linux Foundation has also published a number of white papers on compliance, available at, including

• “Free and Open Source Software Compliance: The Basics You Must Know”

• “Establishing Free and Open Source Software Compliance Programs: Challenges and


• “Free and Open Source Software Compliance: Who Does What”

• “Managing FOSS Compliance in the Enterprise”

• “FOSS Compliance: A Glimpse into Operational Best Known Practices”



FMEA Failure Mode Effects Analysis

IT Information Technology

OSRB Open Source Review Board

OSS Open Source Software


Illustration of Practices in Open Source Compliance Program: 

Open Source Compliance



Read More about these in detail in the following:

Core Compliance Building Blocks           Supporting elements

1.Discovery                                        1.Policy
2.Review and Approval                      2.Adequate Compliance Staffing
3.Obligation Satisfaction                    3.Adaptation of Business Processes
4.Community Contributions               4.Training  

                                                          5.Compliance Process Management
                                                          6.OSS Inventory / Recordkeeping
                                                          7.Automation / Tool Support
                                                          9.Process Adherence Audits


Document Actions