Principal Aspects of Legal Compliance
Principal aspects of legal compliance
Assuring compliance to legal obligations implies the following three major aspects:
1. Definition of a corporate (or specific project) IP policy which must be met by all associated products and services.
2. The auditing of software to determine all implied legal obligations as per associated IP policy.
3. The necessary fixes, legal or development-intensive, such that all software components meet said IP policy.
The IP policy must be defined in accordance with both the business goals of the organization and its engineering processes. Therefore, it requires the involvement of business and engineering managers, as well as the proper legal counsel. The policy must be clear and enforceable. It should be captured for distribution and application within the development and quality assurance departments.
Auditing software for legal compliance is a process that is traditionally only begun just before major commercial or financial events. It's a complex process involving preparation, document review, management conferences, designer conferences, analysis, legal consulting and reporting. The process is time-consuming and expensive, as it consumes valuable engineering, management and legal resources. Even then, in most cases, the results have been inaccurate, as there are usually insufficient records on what is actually in the software. As these problems continue to emerge, automated tools for auditing the software composition and determining legal obligations have become an attractive option.
The "fixes" necessary to make the software legally compliant as per IP policy can be complex. Some software components may have to be replaced entirely due to IP infringement. This can be expensive, as new software components have to be found and the overall software needs to be retested. In other cases, it may be sufficient to formalize the assumptions of obligations as demanded by license or copyrights.