Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Policy for releasing Information [Information Release Policy.md]
- Loading branch information
1 parent
ce56d9a
commit c78f885
Showing
1 changed file
with
53 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
|
||
# Information Release Policy | ||
|
||
## Purpose | ||
|
||
The purpose of the Information Release Policy (The Policy) is to outline the | ||
principles adopted by OpenSSL in the release of information. OpenSSL is | ||
committed to transparency and open access to information and will publish as | ||
much information as possible while having due regard to our obligation to | ||
respect and maintain confidential, commercially valuable and personal | ||
information. This policy establishes that a decision to release information is | ||
at OpenSSL’s discretion. | ||
|
||
## Scope | ||
|
||
The Policy provides guidance as to how OpenSSL will determine whether to | ||
release information. This policy does not deal with information requests where | ||
OpenSSL is required by law to release that information, though it refers to the | ||
circumstances in which such disclosures might be made. | ||
|
||
## Principles | ||
|
||
Release of information will be considered where: | ||
* there are no adverse effects to OpenSSL or any third parties as a result of | ||
disclosing the information. | ||
* the release of the information will not concern any third parties; | ||
|
||
In any assessment of whether information will be released OpenSSL will consider: | ||
* who is requesting the information; | ||
* the purpose for which the information is being requested; | ||
* if releasing the information complies with legislation dealing with privacy, | ||
secrecy, consent, commercial in confidence and access to freedom of | ||
information. | ||
* whether the information is suitable and appropriate to be released: | ||
* fit for purpose. Fit for purpose refers to the closeness of correspondence | ||
between the characteristics of the information provided and its intended | ||
purpose. Poor fit means that the information is unlikely to meet the needs | ||
of those requesting the information. | ||
* is a suitable quality for use; | ||
* is accurate and complete; | ||
* is reliable or whether it is subject to further change (outside of regular | ||
reviews). | ||
* resource availability. Information release requests can involve a | ||
significant commitment of resources, and sometimes specialised/technical | ||
resources. | ||
* whether OpenSSL can ensure it is used only for the purpose for which it was | ||
released and that it will not be disclosed to other parties unless previously | ||
agreed to or provided for by law. | ||
|
||
Where OpenSSL may be required to release information based on legislative | ||
requirements, subpoenas or other legal discovery obligations. OpenSSL will | ||
comply with any requests in accordance with all its legal obligations and the | ||
principles of information release. |