1. Background.
This Transparency Policy (“Policy”) states OpenStack’s policy towards disclosure of information to the public by members of the Board of Directors (“Board Members”) and the officers and other employees of OpenStack (“Employees”). The Policy provides guidance for Board Members and officers in meeting their fiduciary duties and Employees in meeting their legal obligations. This Policy supersedes any written agreement of the Employees for the information described below (but not including any third party information subject to a separate confidentiality obligation) unless the written agreement expressly stated in writing that it supersedes the Policy. The Board Members and Employees are permitted to share certain information and are obligated to keep other information confidential, as more particularly described in this Policy. This Policy has been adopted by the Board, and comments or questions should be directed to the Executive Director of the OpenStack Foundation (“Executive Director”).
2. General Policy Favoring Transparency.
2.1 OpenStack favors disclosure and transparency to promote sharing and collaboration within the OpenStack community. This Policy will implement that strategy to assist in growing the ecosystem around OpenStack’s software, strengthening the platform and protecting the OpenStack brand. For these reasons, OpenStack adopts the following approach to information disclosure to the public under this Policy:
(a) Board meetings (except executive sessions) are open to the public for dial-in participation. Meeting times and dial-in details are posted to OpenStack’s mailing list and at a governance wiki (“Governance Wiki”) accessible at http://wiki.openstack.org/Governance/Foundation. The Chairman and Vice Chairman of the Board will make best effort to publish the date, time and dial-in details at least one week prior to the meeting on the Governance Wiki and Foundation mailing list.
(b) In advance of Board meetings, agendas are also posted to the Governance Wiki.
(c) The Executive Director posts a summary of the Board meeting after the meeting to the OpenStack Foundation mailing list. The Executive Director will make best effort to post a summary to the mailing list within 72 hours of the meeting, after which point Board Members are able to comment or post their own summaries.
(d) After Board meetings, the final versions of the Board minutes, including records of the votes of Board Members are posted to the Governance Wiki. The Secretary and Chairman of the Board will make best effort to publish the official, approved minutes within a month of the meeting.
(e) The general Board mailing list will be made available to the public for read-only subscription, but the Board may maintain a separate mailing list or document store to discuss confidential topics as defined below.
(f) OpenStack Foundation Committees and working groups, such as the Training Working Group and the Election Committee, are subject to the same standards as the Board in terms of posting meeting dates, agendas and summaries, and communicating via a mailing list, unless topics are considered to be confidential information defined in section 3.1. Committees and Working Groups should make an effort to solicit community input and participation on policy issues by the use of mailing lists, in-person meetings, webinars and phone calls.
(g) The contents of final applications for Platinum Members and Gold Members shall be made available on the Governance Wiki no later than three days prior to the Board meeting during which they are being considered.
(h) The Chairman of the Board shall provide an annual summary of OpenStack’s performance, which will include a financial overview, a summary of major decisions, achievements and challenges of the prior year.
(i) Communication regarding Foundation governance will take place on the Foundation mailing list accessible at http://lists.openstack.org/cgi-bin/mailman/listinfo/foundation.
2.2 To put the community first, OpenStack Board Members and Employees will work to share or discuss community and governance information with the OpenStack community through established channels before releasing the information to the media. This does not include company-confidential information, such as advance notice of product announcements, investments, acquisitions or customer stories.
3. Confidential Information.
3.1 Notwithstanding a general policy favoring disclosure and transparency, certainsensitive information must remain confidential. “Confidential Information” means (a) information disclosed during the executive session of Board meetings including, without limitation, personnel matters, discussions around Gold Member applications and information collected, prepared or discussed relating to or in anticipation of litigation, (b) financial information (excluding financial information included in the annual summary provided by the Chairman of the Board) (c) disciplinary actions taken against Platinum Members, Gold Members or Individual Members and (d) information subject to other confidentiality obligations, whether arising under law, statute or contract. In addition, Confidential Information shall include certain “embargoed” information which is temporarily Confidential Information and which shall include (a) draft Board meeting minutes (but not to the extent included in the final Board meeting minutes posted to the Governance Wiki) or (b) information regarding strategic and marketing initiatives that might damage OpenStack’s competitive position if disclosed prior to authorization by theExecutive Director or the Board. At the time embargoed information is shared or discussed, the provider will set an explicit date or criteria as to when it can be made public.
3.2 Neither a Board Member nor an Employee (“TP Person”) may use, disseminate, or in any way disclose any Confidential Information except to the extent expressly permitted by the Board or Executive Director. A TP Person must treat all Confidential Information with the same degree of care as the TP Person accords to his or her own confidential or proprietary information, but in no case less than reasonable care. A TP Person may disclose Confidential Information only to such persons or entities as permitted by the Board or Executive Director, who need to know such Confidential Information and who have previously agreed or agree in writing to be bound by confidentiality terms and conditions protecting the Confidential Information substantially similar to those terms and conditions applicable to the TP Person under this Policy. A TP Person must immediately give notice to the Executive Director of any unauthorized use or disclosure of the Confidential Information. A TP Person must assistOpenStack in remedying any such unauthorized use or disclosure of the Confidential Information by the TP Person.
3.3 A TP Person’s obligations with respect to Confidential Information will not apply to any such portion that the TP Person can document either (a) was in the public domain at or subsequent to the time enters the public domain without action or inaction by such TP Person; (b) was rightfully in TP Person’s possession free of any obligation of confidence at or subsequent to the time such portion was communicated by OpenStack to TP Person; or (c) is made public by direction of the Board or Executive Director. A disclosure of any portion of Confidential Information, either (a) in response to a valid order by a court or other governmental body, or (b) otherwise required by law, shall not be considered to be a breach of the confidentiality obligations set forth herein or a waiver of confidentiality for other purposes; provided, however, that TP Person shall provide prompt prior written notice thereof to the Executive Director to enable OpenStack to seek a protective order or otherwise prevent such disclosure.
3.4 All Confidential Information remains the property of OpenStack, and no license or other rights to Confidential Information is granted or implied hereby.
4. Additional Obligations of Board Members.
4.1 The confidentiality obligations set forth above is a guide to a TP Person’s obligations to OpenStack, whether arising under law, statute or contract, including but not limited to, the fiduciary obligations of Board Members and officers. However, the fiduciary duty obligations of Board Members and officers are established by statute and supersede this Policy.
4.2 Board Members are seen as authoritative sources of information concerning OpenStack’s business. To ensure a consistent approach to public announcements, Board Members should generally defer to the Executive Director with respect to communications with the public.
4.3 The Executive Director, Chairman of the Board and Vice Chairman of the Board, if applicable, are the primary spokespeople when making official statements on behalf of the Foundation. Board Members should not make use of their OpenStack titles when promoting their own companies or products.
5. Process to File a Complaint
If a Community Member or Board member wishes to file a complaint against behavior that is not compliant with the Transparency Policy, he or she should contact the Executive Director ([email protected]) in the absence of an Ombudsman. The Executive Director will determine if quick, corrective action can be made, pulling in the Transparency Committee when needed, and whether the complaint should be brought in front of the full Board.