Self-Assessment Compliance Checklist

The Linux Foundation has developed an extensive checklist of compliance best practices in addition to elements that must be available in an open source compliance program to ensure its success. Companies are invited to use this checklist as an internal self-administered exercise to evaluate their compliance in comparison to top tier best compliance practices. The Self-Assessment Checklist is constructed using at least two concepts from well-established models of process maturity such as the Software Engineering Institute’s Capability Maturity Model:

• Process adoption progresses from initial process definition through institutionalization to a state of controlled process management. The goal of a compliance process, as with any process, is to achieve consistent and expected business results from its use. A checklist of recommended practices should prompt companies to assess the extent to which they’ve institutionalized compliance actions and the degree to which those actions produce needed business results.
• A distinction should be made between process goals and the practices implemented to achieve those goals. The compliance checklist explicitly recognizes valid alternative practices that may be used to achieve a particular goal. Compliance practices included in the checklist will reduce the risk of compliance failure as well as deliver tangible benefit relative to the cost of those practices. A process failure modes effects analysis (FMEA) approach has been used to identify the ways a compliance process can fail and practices to prevent those failures.

The Open Compliance Program’s goal is to help organizations plan improvements to their compliance process. The Program can facilitate organizational discussions to assess compliance process maturity and can recommend practices for implementation. All discussions with companies about their compliance practices will protect confidential information.

To download the Self-Assessment Checklist complete the form below.