Principal Aspects of Legal Compliance

By S. Cohn-Sfetcu and K. Hassin  |  Posted 2010-01-18 Print this article Print

Principal aspects of legal compliance

Assuring compliance to legal obligations implies the following three major aspects:

1. Definition of a corporate (or specific project) IP policy which must be met by all associated products and services.

2. The auditing of software to determine all implied legal obligations as per associated IP policy.

3. The necessary fixes, legal or development-intensive, such that all software components meet said IP policy.

The IP policy must be defined in accordance with both the business goals of the organization and its engineering processes. Therefore, it requires the involvement of business and engineering managers, as well as the proper legal counsel. The policy must be clear and enforceable. It should be captured for distribution and application within the development and quality assurance departments.

Auditing software for legal compliance is a process that is traditionally only begun just before major commercial or financial events. It's a complex process involving preparation, document review, management conferences, designer conferences, analysis, legal consulting and reporting. The process is time-consuming and expensive, as it consumes valuable engineering, management and legal resources. Even then, in most cases, the results have been inaccurate, as there are usually insufficient records on what is actually in the software. As these problems continue to emerge, automated tools for auditing the software composition and determining legal obligations have become an attractive option.

The "fixes" necessary to make the software legally compliant as per IP policy can be complex. Some software components may have to be replaced entirely due to IP infringement. This can be expensive, as new software components have to be found and the overall software needs to be retested. In other cases, it may be sufficient to formalize the assumptions of obligations as demanded by license or copyrights.

Sorin Cohn-Sfetcu is involved in Marketing at Protecode. Sorin brings over 30 years of entrepreneurial involvement in technology and business management in multinational (Nortel) and small companies, with a significant portfolio of market successes, innovative products and publications. Sorin holds several patents in Web services, wireless, and digital signal processing. Sorin has a Ph.D. from McMaster University, a Masters of Science degree from University of Calgary, and a Masters of Engineering degree from Polytechnic Institute of Bucharest. He can be reached at Hassin is responsible for product portfolio capabilities at Protecode. Kamal is a thought leader in the area of open-source licensing. Kamal is the author or co-author of a number of papers on Software Intellectual Property management. Kamal has a Bachelor of Engineering degree and a Masters degree in Technology Innovation Management from Carleton University. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel