The Open Group Standards Process
Copyright © 1996-2012 The Open Group

5. Confidentiality

Summary

This section describes the procedures to be followed when handling confidential material within The Open Group and within member companies when working with The Open Group. Three sources of information are considered:

The Open Group
An Open Group member
A third party

All Open Group Membership Agreements include provisions which define the general obligations of The Open Group and members of The Open Group in respect of confidential information. Individual non-disclosure agreements may apply to third-party information.

These guidelines describe some of the practical steps to be taken to identify and protect confidential information, but they are always subject to the provisions of the relevant agreement.

5.1 Material from The Open Group
5.2 Material from a Member
5.3 Material from a Third Party
5.4 Miscellaneous Provisions

Human Actors

5.1 Material from The Open Group

From time to time, confidential material may be originated by The Open Group for distribution to those people within member companies working on Open Group business.

When originated, The Open Group Manager must:

Clearly indicate on a cover sheet that the material is Open Group Confidential, so that the recipient has the opportunity not to open the document.

The cover sheet must include sufficient information to allow the recipient to make that judgment.
The cover sheet must also state clearly whether the recipient is permitted to make copies of the document (within the overall provisions of the confidentiality obligations in the relevant Membership Agreement).

If possible, ensure that each page of the document is clearly marked with the designation Open Group Confidential.
Distribute the material only by a secure means of delivery (see below).

In turn, the recipient must:

Use the material only for the purpose for which it was originally intended.
Restrict disclosure of the material to those of its staff working directly on Open Group-related activities.
Apply at least as strict rules to prevent unauthorized disclosure as would be applied to the member's own confidential material.

5.2 Material from a Member

The procedures for handling confidential material from a member of The Open Group are similar to those described above, with the exception that the cover sheet should be inscribed xxx Confidential – for The Open Group use only and that each page should be inscribed xxx Confidential, where xxx is the name of the member.

When distributing such material, The Open Group must treat it in the same way as its own confidential material, and recipients must treat the material as if it were Open Group Confidential.

5.3 Material from a Third Party

When The Open Group obtains confidential information from a third party, typically under the control of a non-disclosure agreement, the material should subsequently be treated as Open Group Confidential with the following additional procedures:

Whenever the material is distributed, it must include a cover sheet which states explicitly that the material is Open Group Confidential, the name of the company who originated the material, and reference to any non-disclosure agreement that is in place and any special terms which may inhibit the freedom of Open Group members to receive the material.
Recipients must treat the material as Open Group Confidential on the basis of the cover sheet. It cannot always be guaranteed that every page will be marked as confidential.

5.4 Miscellaneous Provisions

5.4.1 Web Postings

Material posted in password-protected areas of The Open Group web sites, including password-protected wikis and Plato pages, whether posted by The Open Group or member companies, is always to be regarded as Open Group Confidential, whether or not it is explicitly labeled as such.

5.4.2 Distribution of Materials

Confidential material must be distributed using secure methods of distribution.

The following methods are for the purposes of these procedures assumed to be secure:

Normal mail service
Courier services
Fax to a localized fax machine
Electronic mail using public packet switched networks (such as the Internet) which do not store the complete message at any intermediate site which is not under the control of The Open Group or its members
The use of a web site, providing that the authentication and authorization services in use are sufficient to reasonably restrict access to confidential materials to those entitled to gain access

The following methods are for the purposes of these procedures assumed to be insecure:

Fax to a machine shared with people not entitled to receive the information being transmitted
Electronic mail services which operate using a store-and-forward mechanism, where the complete message is stored in non-encrypted form at any intermediate site(s) which is/are not wholly under the control of The Open Group or its members
Any web site without appropriate authentications and authorization services to reasonably restrict access

5.4.3 Verbal Presentations

Any material presented verbally either formally or informally is assumed to be non-confidential unless the presenter states in advance that the material is confidential and offers anyone who does not wish to receive the material the opportunity to leave the meeting for the duration of the presentation.

Last updated: May 2012