Service Portfolio Analysis

In the service portfolio analysis, a list of services usually offered by the OSPO is described and clustered in five different categories. Organizations can use the template provided to identify currently offered services and plan to-be services according to their customers’ profile and internal expertise. Initially, a limited number of services can be available at the organization’s level. We provide a downloadable template and a FigJam file as a collaboration tool to speed up the process of planning the OSPO offer.

Management

IP management strategy services

Defining legal IP strategy and policies

Defining legal IP strategy and policies

The goal is to support the definition of an IP management
strategy for the 3Os involving different functions/departments
in organisations.

  • - Support the definition of a strategy for reuse,
    contribution and valorisation of the open IP aligned with the
    business implementation by identifying the value created and
    identifying the KPIs relevant to measure it.
  • - Design an open source policy.
  • - Encourage and support management in the definition of a
    collaborative development strategy on identified open projects
    and definition of teams and budget dedicated to the
    contributions.
  • - Submit suggestions and ideas on adaptation to the business
    model based on the evolution of the relevant projects in 3Os
  • - Support in the strategic evaluation and identification of
    relevant projects and creation of processes to evaluate and
    make decisions based on the valorisation strategy, license and
    risk analysis.
Due diligence for open IP

Due diligence for open IP

Due diligence for the use of 3Os based on the collection and
analysis of the licensing models applicable to the organisation's
products/processes/services.

  • - Raise awareness on the importance of policy creation for
    open IP. Organisations using 3Os could, for example, adopt
    policies and solutions to automate and track certain decisions
    on inbound licensing in the technical functions/research
    departments. Research institutes could define policies for the
    evaluation of potential impact of open IP on the specific field
    of research and highlight the potential for valorisation both in
    social and economic terms.
  • - General compliance monitoring to be implemented as part of
    the risk management and mitigation strategy in order to manage
    3Os inbound and outbound licence management.
  • - Due diligence process should be implemented for the 3Os IP
    in parallel to the due diligence process on traditional IP. This
    process should have a strong role in verifying the licence
    compatibility of the different open projects that could
    contribute to the new IP creation and in its licensing strategy
    in relation to the organisation mission.
  • - Business models compatible and sustainable with the 3Os
    should be identified when considering contributing and using
    open IP for software, hardware and data in order to enable the
    innovative IP to reach the market and generate value. This
    aspect is surely relevant for companies using or contributing to
    the 3Os but should also be the basis for new companies coming
    from research such as new startups.

The Free and Open Source Software Analysis (FOSSA) Compliance
tool is useful to identify and manage open source licenses and
compliance obligations within a software project. This tool
provides automated scanning of software dependencies to ensure
that they comply with licensing requirements and policies.

Metrics and Reporting

Metrics and Reporting

OSPO provides tracking and reporting methodologies on open
source usage, contributions, and compliance metrics to measure
the impact of open source programs and inform decision-making.

Examples of services may include:

  1. Collecting and analyzing data on open source projects
    within the organization
  2. Generating reports on key performance indicators (KPIs)
    related to open source activities
  3. Creating dashboards and visualizations to track the
    progress of open source initiatives
  4. Conducting surveys and feedback sessions to gather insights
    from internal and external stakeholders
  5. Developing metrics frameworks to measure the impact and
    effectiveness of open source programs
  6. Providing guidance on setting goals and targets for open
    source projects
  7. Offering training and workshops on how to use metrics and
    reporting tools effectively.
OSPO Governance

OSPO Governance

OSPO is involved in creating and enforcing policies and
procedures related to open source usage, contribution, and
compliance within the organization.

The governance framework established by an OSPO helps ensure
that open source projects are managed effectively, risks are
mitigated, and legal compliance is maintained. This can include
guidelines for code contributions, licensing requirements,
intellectual property management, and community engagement.

FOSSA provides template to create licensing policy according to
the type of code distribution.

Technology

Engineering and product development support services

Bill of materials (BoM) for open software/hardware/data

Bill of materials (BoM) for open software/hardware/data

The good governance of open IP starts with the collection of
information of which are the actual IP assets in the
organisation.

The BOM provides a detailed overview of the components,
dependencies, licenses, and resources associated with the open
software project. It helps in ensuring compliance with licensing
terms, managing dependencies, addressing security
vulnerabilities, and facilitating collaboration among developers
and contributors.

FOSSA provides guides and tools for the correct use of SBOM.

Coordination with communities

Coordination with communities

Community contribution is strategic for the creation of new
projects. It is important that OSPOs could support knowledge
generators in understanding community processes and adapting
their approach. Moreover, OSPOs could contribute in supporting
awareness raising about the new projects and therefore in
soliciting participation in development activities.

One-on-one advising sessions for guidance on licensing

One-on-one advising sessions for guidance on licensing

Collaboration on 3Os often starts from single knowledge
generators that are interested in collaboration on specific
projects. It is important to support these persons not only in
understanding and evaluating the licenses, but also in preparing
feasibility studies for management bodies.

Software disclosure procedures

Software disclosure procedures

Software disclosure is a relevant step in valorisation of research
results. This step should enable the knowledge generator to
provide indications on the possible future impact on the field
of research, on the societal value of the result, and on the
possible opportunities for funding, visibility and investment
that could be leveraged by adopting the 3Os licensing models for
the IP assets.

Mapping of relevant 3Os projects

Mapping of relevant 3Os projects

OSPOs could map and monitor projects that could be relevant to
the organisation’s mission with the aim of identifying the most
promising ones. This could prepare the organisation to plan
strategically and contribute effectively to them.

Security

Security-related services

Cyber security of the 3Os

Cyber security of the 3Os

Security, quality and vulnerability monitoring of inbound IP is a
relevant issue for the security of products, particularly
software. OSPOs could monitor and submit requests for updates
of the 3Os projects based on software bills of materials,
tracking updates and major issues arising in the inbound IP, and
taking prompt action when security issues are highlighted.

Security Concerns

Security Concerns

The OSPO can work closely with the security team to identify and
address security vulnerabilities in open source software used
within the organization. This may involve monitoring security
advisories, conducting security assessments, and implementing
security best practices.

Vulnerability Disclosures

Vulnerability Disclosures

The OSPO can establish processes for coordinating the disclosure
of security vulnerabilities in open source projects. This
includes working with upstream projects to report
vulnerabilities, coordinating with security researchers, and
ensuring timely patches and updates are applied to mitigate
risks.

FOSSA Security helps in identifying and fixing security
vulnerabilities in open source components used within a project.
This tool provides continuous monitoring and alerts for security
vulnerabilities, helping organizations to proactively address
potential risks.

Secure Coding Practices

Secure Coding Practices

The OSPO can promote secure coding practices by providing
training and resources to developers on writing secure code,
following security guidelines, and using secure development
tools. This can help prevent security vulnerabilities from being
introduced into software during the development process.

Environment

Communication and social engagement services

Communication and 3Os project collaboration

Communication and 3Os project collaboration

As previously said, projects released with 3Os licences that do
not benefit from community contributions and support are going
to reach only a fraction of their potential value for the overall
ecosystem and the organisation. This aspect has implications on
the overall quality of the project from maintenance, new
developments and security.

OSPOs could play an important role of facilitating communication
and collaboration by participating in sectorial events, community
meetings and creating communication strategies on social media
or events planning.

Community engagement

Community engagement

OSPOs could attract developers, other organisations or
individual experts by organising events and community meetings
in order to present 3Os projects, discuss future development
strategies and increase the level of engagement with the
community.

Liaising with external stakeholders and creating partnership

Liaising with external stakeholders and creating partnerships

Successful 3Os projects may be willing to establish partnerships
or consortia. OSPOs could support organisations in mapping and
identifying these partnerships and represent the organisation in
matching them with partner organisations.

Promoting industry engagement

Promoting industry engagement

Companies and relevant stakeholders that could support 3Os
projects may be incentivised to join the initiative in order to
reach different markets or sectors for the project. Activities
related to open innovation best practices - such as innovation
challenges or hackathons on 3Os for example - could be organised
or facilitated by OSPOs in order to engage the private sector in
different projects and start to get to know the communities.

Skills

Human resources services

Awareness and training on the 3Os

Awareness and training on the 3Os

Training is a crucial point of the participation of organisations
in 3Os projects. Organisations need to have a common view of the
basic concepts behind the 3Os across organisations.

Basics of legal compliance in 3Os

Basics of legal compliance in 3Os

Companies need to build capacity on best practices in 3Os
licensing. Training on the topic, similarly to traditional IP
management, should establish common ground for organisations and,
in particular, for innovative companies. Building knowledge
about the compliant use of 3Os, inbound and outbound licensing,
reuse of software, licence compatibility, and valorisation
strategies is an essential part of the training portfolio.

Definition of contribution teams

Definition of contribution teams

Because of different pace and business logic among companies and
communities, it may be difficult to establish a collaborative
environment if the division between company development
functions and employees that work on the 3Os is not clear in
terms of roles, budget, time management and ownership over
contributions. In this sense, OSPO could support the
identification of best practices to be implemented in the
organisation and suggest strategies to the management.

Open Hardware

Services related to open hardware projects

Open Hardware Projects

Open Hardware Projects

OSPO can link to or host Fab Labs to serve as hubs for open
hardware projects, where individuals can collaborate on
designing and prototyping open hardware products. The open and
collaborative nature of Fab Labs aligns well with the principles
of open hardware, allowing for the sharing of designs and
knowledge among community members.

Manufacturing Services

Manufacturing Services

OSPO can create link with companies that offer manufacturing
services for open hardware products. They may specialize in
small-batch production, on-demand manufacturing, or provide
guidance on mass production.

Consulting and Design Services for Open Hardware

Consulting and Design Services for Open Hardware

OSPO can provide consulting and design services for open
hardware projects. They can help with product design,
prototyping, and manufacturing.

Open Data

Services related to open data management and strategy

Data Management Training

Data Management Training

OSPO can offer training programs and resources to help employees
understand best practices for managing and publishing open data.
This includes data cleaning, formatting, documentation, and
metadata creation to ensure that data sets are well-organized
and easily discoverable.

Data Publishing Platforms

Data Publishing Platforms

OSPO can help setting up data publishing platforms or portals
where organizations can host and share their open data sets with
the public. This includes creating user-friendly interfaces,
search functionalities, and APIs to facilitate data discovery
and access.

Data Quality Assurance

Data Quality Assurance

OSPO can help implementing data quality assurance processes,
such as data validation, verification, and monitoring, to ensure
that open data sets are accurate, up-to-date, and reliable for
use in various applications and analyses.

Data Privacy and Security Compliance

Data Privacy and Security Compliance

OSPO helps ensuring that open data initiatives comply with data
privacy regulations and security standards. This includes
implementing data anonymization techniques, access controls, and
encryption measures to protect sensitive information while
promoting data openness.

Data Licensing Guidance

Data Licensing Guidance

OSPO can provide guidance on data licensing options, such as
Creative Commons licenses or open data licenses, to enable
organizations to share data in a way that encourages reuse and
collaboration while protecting intellectual property rights.