Merge branch 'master' into piana-patch

Author: shanecoughlan

CONTRIBUTING.md

@@ -0,0 +1,36 @@
+# Contributing to OpenChain's Reference-Material Repository
+
+## Licenses for Contributions
+
+To align with our project charter:
+* Case studies should be licensed under CC-BY-SA, or a more permissive license;
+* Other contributions should be licensed under CC-0.
+
+## Types of Contribution
+
+This repository contains documentation. Typical contributions are:
+* Translations of existing documents from English to other languages.
+  * This includes *re*-translation of documents when updates happen to the original document.
+* Corrections and improvements to existing documents: fixing typos, spelling, grammar, phrasing.
+* Conversion of documents from other formats to Markdown.
+* Reviewing existing Pull Requests.
+* Submitting issues identifying problems with current content, or suggesting new content.
+* Working on existing issues.
+
+Other contributions are welcomed too, such as:
+* Guides and playbooks for adoption of the OpenChain ISO/IEC standard;
+* Case studies, indicating how an organization has achieved conformance, and the benefits gained thereby.
+
+Contributions are also welcomed through discussions:
+* Online discussions via Slack and mailing lists.
+* Zoom calls - the OpenChain project runs regular calls, plus other calls as necessary.
+
+## Submitting Bug Reports
+
+Issues with the documentation in this repository can be logged as issues in GitHub, 
+at https://github.com/OpenChain-Project/Reference-Material/issues.
+
+TODO: Advice/Practice for use of the labels for issues: bug, documentation, duplicate, enhancement, good first issue, help wanted, invalid, question, wontfix.
+
+TODO: Expectations about response times (right now, it doesn't look good....)
+

FAQ/1.0/en/faq.md

@@ -15,19 +15,8 @@ There is an online tool to convert Word documents to MarkDown, which is the firs
 Our Reference Library is here:
 <https://github.com/OpenChain-Project/Reference-Material>
 
-It contains a lot of documents so we will narrow down the documents we want help with. Let’s start with some Word documents.
-
-Here is our self-certification questionnaire: <https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification-Questionnaire/Official/2.1/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.docx>
-
-
-Here is a conformance checklist:
-<https://github.com/OpenChain-Project/Reference-Material/blob/master/Checklists/Official/Conformance-Checklist/2.0/en/Conformance-Compliance-Checklist.docx>
-
-Here is a document about using OpenChain in Mergers and Acquisitions:
-<https://github.com/OpenChain-Project/Reference-Material/blob/master/Guides/Official/OpenChain-in-Mergers-and-Acquisitions/2.0/en/Assessment-Of-OS-Practices-In-Merger-and-Acquisition.docx>
-
-Here is a document to help managers understand OpenChain:
-<https://github.com/OpenChain-Project/Reference-Material/blob/master/Guides/Official/OpenChain-For-Managers/2.0/en/OpenChain%20For%20Managers%20-%20Version%201.0.docx>
+It contains a lot of documents. If you are looking for suggestions on documents to convert first, please see:
+https://github.com/OpenChain-Project/Reference-Material/blob/master/markdown-conversion-targets.md
 
 If you convert one of these documents to MarkDown, please open a Pull Request to submit the updated document. If you need help with that, please ask our education work group at this mailing list:
 <https://lists.openchainproject.org/g/education/messages>
@@ -42,4 +31,4 @@ Then download background tools for MarkDown:
 
 You might want to try using `git` directly at home, so that you can `clone` the repo, `commit` changes to it, `branch` the repo to include your modification in a separate branch, `push` the branch with your changes and any subsequent commits you add. While it is largely unnecessary, by getting familiar with the tool you could later exploit all the power of it.
 
-That’s it! You are ready to help. We look forward to working together to make sure even more people can take advantage of our reference library as they work towards a more trusted, more efficient and more effective supply chain.
+That’s it! You are ready to help. We look forward to working together to make sure even more people can take advantage of our reference library as they work towards a more trusted, more efficient and more effective supply chain.

PlayBooks/Official/Version-1/Small-Company/en/OpenChain PlayBook - Small Company.docx

@@ -0,0 +1,111 @@
+![](./media/image1.png "OpenChain logo")
+
+# OpenChain ISO/IEC 5230 Self-Certification Checklist
+## The Simple Way To Check Conformance
+
+Revision 1\
+2022-10-05
+
+# Introduction
+
+OpenChain ISO/IEC 5230:2020 is the International Standard for open source license compliance. It is simple, effective and suitable for companies of all sizes in all markets. This standard is openly developed by a vibrant user community and freely available to all. It is supported by extensive reference material and official service provider partners.
+
+You can adopt OpenChain ISO/IEC 5230:2020 by self-certification in your own time or working with a service provider for independent assessment or third-party certification. Our recommended path is self-certification and we provide this questionnaire to support this with a series of "yes" or "no" questions.
+
+We have a lot of resources to support you if you need assistance. You can join our mailing lists, our webinars, our group calls and our regional work groups to discuss challenges with your peers and in your native language. You can get started here:
+
+[[https://www.openchainproject.org/community]{.underline}](https://www.openchainproject.org/community)
+
+Finally, if you want direct support from the project you can email
+[[[email protected]]{.underline}](mailto:[email protected])
+with questions. We provide support for free. The OpenChain Project is funded by our Platinum Members and is designed to help support the global supply chain transition to more effective and efficient open source license compliance.
+
+# The Self-Certification Checklist
+
+## Section 1: Program foundation
+
+- [ ] We have a policy governing the open source license compliance of Supplied Software.
+
+- [ ] We have a documented procedure to communicate the existence of the open source policy to all Software Staff.
+
+- [ ] We have identified the roles and responsibilities that affect the performance and effectiveness of the Program.
+
+- [ ] We have identified and documented the competencies required for each role.
+
+- [ ] We have documented the assessed competence for each Program participant.
+
+- [ ] We have documented the awareness of our Program participants on the following topics:
+
+- - [ ] The open source policy and where to find it;
+
+- - [ ] Relevant open source objectives;
+
+- - [ ] Contributions expected to ensure the effectiveness of the Program;
+
+- - [ ] The implications of failing to follow the Program requirements.
+
+- [ ] We have a process for determining the scope of our Program.
+
+- [ ] We have a written statement clearly defining the scope and limits of the Program.
+
+- [ ] We have a documented procedure to review and document open source license obligations, restrictions and rights.
+
+## Section 2: Relevant tasks defined and supported
+
+- [ ] We assigned individual(s) responsibility for receiving external open source compliance inquiries.
+
+- [ ] The external open source compliance contact is publicly identified (e.g. via an email address or the Linux Foundation Open Compliance Directory).
+
+- [ ] We have a documented procedure for receiving and responding to open source compliance inquiries.
+
+- [ ] We have documented the persons, group or function supporting the Program role(s) identified.
+
+- [ ] We have ensured identified Program roles been properly staffed and adequately funded.
+
+- [ ] Legal expertise to address internal and external open source compliance has been identified.
+
+- [ ] We have a documented procedure assigning internal responsibilities for open source compliance.
+
+- [ ] We have a documented procedure for handling review and remediation of non-compliant cases.
+
+## Section 3: Open source content review and approval
+
+- [ ] We have a documented procedure for identifying, tracking and archiving information about the open source components in a Supplied Software release.
+
+- [ ] We have open source component records for the Supplied Software which demonstrate the documented procedure was properly followed.
+
+- [ ] We have a documented procedure that covers these common open source license use cases for open source components in the Supplied Software:
+
+- - [ ] Distribution in binary form;
+
+- - [ ] Distribution in source form;
+
+- - [ ] Integration with other open source that may trigger additional obligations;
+
+- - [ ] Containing modified open source;
+
+- - [ ] Containing open source or other software under incompatible licenses for interaction with other components in the Supplied Software;
+
+- - [ ] Containing open source with attribution requirements.
+
+## Section 4: Compliance artifact creation and delivery
+
+- [ ] We have a documented procedure describing the process for ensuring the Compliance Artifacts are distributed with Supplied Software as required by the Identified Licenses.
+
+- [ ] We have a documented procedure for archiving copies of Compliance Artifacts for the Supplied Software.
+
+- [ ] We archive the Compliance Artifacts at least as long as the Supplied Software is offered and as required by the Identified Licenses.
+
+## Section 5: Understanding open source community engagements
+
+- [ ] We have a policy for contribution to open source projects on behalf of the organization.
+
+- [ ] We have a documented procedure governing open source contributions.
+
+- [ ] We have a documented procedure for making all Software Staff aware of the open source contribution policy.
+
+## Section 6: Adherence to the specification requirements
+
+- [ ] We have documentation confirming that your Program meets all the requirements of this specification.
+
+- [ ] We have documentation confirming that your Program conformance was reviewed within the last 18 months.

PlayBooks/Official/Version-1/Small-Company/en/OpenChain PlayBook - Small Company.odt

@@ -0,0 +1,130 @@
+![](./media/image1.png "OpenChain logo")
+
+# Self-Certification Questionnaire
+## The Simple Way To Check OpenChain ISO/IEC 5230:2020 Conformance
+
+Revision 1\
+2021-11-26
+
+# Introduction
+
+OpenChain ISO/IEC 5230:2020 is the International Standard for open source license compliance. It is simple, effective and suitable for companies of all sizes in all markets. This standard is openly developed by a vibrant user community and freely available to all. It is supported by extensive reference material and official service provider partners.
+
+You can adopt OpenChain ISO/IEC 5230:2020 by self-certification in your own time or working with a service provider for independent assessment or third-party certification. Our recommended path is self-certification and we provide this questionnaire to support this with a series of "yes" or "no" questions.
+
+We have a lot of resources to support you if you need assistance. You can join our mailing lists, our webinars, our group calls and our regional work groups to discuss challenges with your peers and in your native language. You can get started here:
+
+[[https://www.openchainproject.org/community]{.underline}](https://www.openchainproject.org/community)
+
+As part of our online support you can also self-certify using our web app for free here:\
+[[https://certification.openchainproject.org/]{.underline}](https://certification.openchainproject.org/)
+
+We have a video discussing online self-certification here:\
+[[https://www.youtube.com/watch?v=lVM4RH8RRl0]{.underline}](https://www.youtube.com/watch?v=lVM4RH8RRl0)
+
+Online self-certification is the same as this questionnaire. It is just another option.
+
+Finally, if you want direct support from the project you can email
+[[[email protected]]{.underline}](mailto:[email protected])
+with questions. We provide support for free. The OpenChain Project is funded by our Platinum Members and is designed to help support the global supply chain transition to more effective and efficient open source license compliance.
+
+**Our Platinum Members**
+
+![](./media/image2.png "List of Platinum Members")
+
+# The Self-Certification Questionnaire
+
+## Section 1: Program foundation
+
+-   Do you have a documented policy governing the open source license compliance of the Supplied Software?
+
+-   Do you have a documented procedure to communicate the existence of the open source policy to all Software Staff
+
+-   Have you identified the roles and responsibilities that affect the performance and effectiveness of the Program?
+
+-   Have you identified and documented the competencies required for each role?
+
+-   Have you documented the assessed competence for each Program
+    participant?
+
+- Have you documented the awareness of your Program participants on the following topics?
+
+  -   The open source policy and where to find it;
+
+  -   Relevant open source objectives;
+
+  -   Contributions expected to ensure the effectiveness of the Program;
+
+  -   The implications of failing to follow the Program requirements.
+
+-   Do you have a process for determining the scope of your Program?
+
+-   Do you have a written statement clearly defining the scope and limits of the Program?
+
+-   Do you have a documented procedure to review and document open source license obligations, restrictions and rights?
+
+## Section 2: Relevant tasks defined and supported
+
+-   Have you assigned individual(s) responsibility for receiving
+    external open source compliance inquiries?
+
+-   Is the external open source compliance contact publicly identified (e.g. via an email address or the Linux Foundation Open Compliance Directory)?
+
+-   Do you have a documented procedure for receiving and responding to open source compliance inquiries?
+
+-   Have you documented the persons, group or function supporting the Program role(s) identified?
+
+-   Have the identified Program roles been properly staffed and
+    adequately funded?
+
+-   Has legal expertise to address internal and external open source compliance been identified?
+
+-   Do you have a documented procedure assigning internal
+    responsibilities for open source compliance?
+
+-   Do you have a documented procedure for handling review and
+    remediation of non-compliant cases?
+
+## Section 3: Open source content review and approval
+
+-   Do you have a documented procedure for identifying, tracking and archiving information about the open source components in a Supplied Software release?
+
+-   Do you have open source component records for the Supplied Software which demonstrate the documented procedure was properly followed?
+
+-   Do you have a documented procedure that covers these common open source license use cases for open source components in the Supplied Software?
+
+    -   Distribution in binary form;
+
+    -   Distribution in source form;
+
+    -   Integration with other open source that may trigger additional obligations;
+
+    -   Containing modified open source;
+
+    -   Containing open source or other software under incompatible licenses for interaction with other components in the Supplied Software;
+
+    -   Containing open source with attribution requirements.
+
+## Section 4: Compliance artifact creation and delivery
+
+-   Do you have a documented procedure describing the process for ensuring the Compliance Artifacts are distributed with Supplied Software as required by the Identified Licenses?
+
+-   Do you have a documented procedure for archiving copies of
+    Compliance Artifacts for the Supplied Software?
+
+-   Are the Compliance Artifacts archived at least as long as the Supplied Software is offered and as required by the Identified Licenses?
+
+## Section 5: Understanding open source community engagements
+
+-   Do you have a policy for contribution to open source projects on behalf of the organization?
+
+-   Do you have a documented procedure governing open source
+    contributions?
+
+-   Do you have a documented procedure for making all Software Staff aware of the open source contribution policy?
+
+## Section 6: Adherence to the specification requirements
+
+-   Do you have documentation confirming that your Program meets all the requirements of this specification?
+
+-   Do you have documentation confirming that your Program conformance was reviewed within the last 18 months?