More details needed on access policy for the GitHub repos containing a runbook?

[mglendrange]

The legal section of the runbook template states that “This document contains information that is proprietary to Equinor ASA. Neither the document nor the information contained therein should be disclosed or reproduced in whole or in part, without express written consent of Equinor ASA.”

I interpret this to mean that the runbook should not be in a public repo. Yet, the authoring guidelines says:
“No sensitive or confidential information shall be entered in the runbook itself (although referenced SOPs, with appropriate access control, can contain this type of information). This limitation applies to passwords etc. that should be held in a secured key vault.”

Given that these authoring guidelines are followed, I would assume that it would be OK to put the runbook in a public repo. I therefore feel like the legal section and the authoring guidelines are a bit contrary to each other. In order to make it developer friendly to update and use, we would like to have the runbooks be part of the repos that contains the code itself, where some of them are public. I am not able to conclude on what the access policy for the GitHub repo containing the runbook can be though. Maybe the runbook template needs a bit of refinement here? Think it would be nice if the authoring guidelines had a line saying explicit whether it is ok or not to have it in a public repo or not.

[mahewitt]

Hard to make a general rule, as a decision whether to include in a public repository is dependent upon the sensitivity of the contents, however I updated the template with some clarifications.