Create openchain-standards-model-provisions.0.1.md

shanecoughlan · shanecoughlan · commit 32ab2bd10d79 · 2023-05-26T00:05:50.000+09:00
Added first iteration of the model provisions document for discussion.
diff --git a/Adoption-Preparation/Model-Provisions/openchain-standards-model-provisions.0.1.md b/Adoption-Preparation/Model-Provisions/openchain-standards-model-provisions.0.1.md
@@ -0,0 +1,80 @@
+# Overview
+
+This is a document to explore model provisions for OpenChain ISO/IEC 5230 or ISO/IEC DIS 18974 in procurement contracts and similar material. It is based on the public domain Risk Grid version 12 hosted in the OpenChain Reference Library on GitHub:
+https://github.com/OpenChain-Project/Reference-Material/blob/master/General-Compliance-Support-Material/Risk-Grid/risk-grid-12.md
+
+The goal of this document is to ensure people can understand options. We will not be prescriptive and these model provisions will remain part of the OpenChain reference material. They will not be included in the OpenChain standards themselves.
+
+# Structure:
+
+Each issue is formatted as follows:
+
+- Issue	
+- Commentary	
+- Who is best placed to bear risk?	
+- Best mechanism to tackle risk	
+- Sample Wording	
+- Supplier's Arguments	
+- Customer's Arguments	
+
+# Overarching Topics
+
+## Issue - Inclusion of OpenChain ISO/IEC 5230
+
+### Commentary	
+
+None listed.
+
+### Who is best placed to bear risk?	
+
+Supplier.
+
+### Best mechanism to tackle risk	
+
+None listed.
+
+### Sample Wording	
+
+The Supplier warrants that the Software originates from an OpenChain ISO/IEC 5230:2000 Conformant Program [under the control of the Supplier / under the control of a provider to the Supplier]. 
+
+The Supplier [further] warrants that[, so far as it is aware,] the Software complies the Program Guidelines provided by OpenChain ISO/IEC 5230:2000 at the time of delivery. 
+
+[The Supplier does not warrant that use, modification or further distribution by the Customer of the Software constitutes a continuation of adherence to OpenChain ISO/IEC 5230:2000 Program Guidelines].
+
+### Supplier's Arguments	
+
+The Supplier may argue that the inclusion of these requirements or the extent of the requirements included introduce a cost-burden that need to be offset.
+
+### Customer's Arguments	
+
+The Customer is receiving a potential liability regarding third-party intellectual property along with the Software deliverable from the Supplier. As such, it is reasonable to request that the Supplier adheres to international standards related to the licensing of this third-party intellectual property.
+
+## Issue - Inclusion of OpenChain ISO/IEC DIS 18974
+
+### Commentary	
+
+None listed.
+
+### Who is best placed to bear risk?	
+
+Supplier.
+
+### Best mechanism to tackle risk	
+
+None listed.
+
+### Sample Wording	
+
+The Supplier warrants that the Software originates from an OpenChain ISO/IEC DIS 18974 Conformant Program [under the control of the Supplier / under the control of a provider to the Supplier]. 
+
+The Supplier [further] warrants that[, so far as it is aware,] the Software complies the Program Guidelines provided by OpenChain ISO/IEC DIS 18974 at the time of delivery. 
+
+[The Supplier does not warrant that use, modification or further distribution by the Customer of the Software constitutes a continuation of adherence to OpenChain ISO/IEC DIS 18974 Program Guidelines].
+
+### Supplier's Arguments	
+
+The Supplier may argue that the inclusion of these requirements or the extent of the requirements included introduce a cost-burden that need to be offset.
+
+### Customer's Arguments	
+
+The Customer is receiving a potential liability regarding security along with the Software deliverable from the Supplier. As such, it is reasonable to request that the Supplier adheres to international standards related to the managing of security assurance related to the Software.
