Image Description

The Open Group Standards Process

5. Confidentiality

This section describes the procedures to be followed when handling confidential material within The Open Group and within member companies when working with The Open Group. Three sources of information are considered:

  • The Open Group
  • A member of The Open Group
  • A third party

The Open Group Membership Agreements include provisions which define the general obligations of The Open Group and members of The Open Group in respect of confidential information. Individual non-disclosure agreements may apply to third-party information.

These guidelines describe some of the practical steps to be taken to identify and protect confidential information, but they are always subject to the provisions of the relevant agreement.

5.1 Material from The Open Group

From time to time, confidential material may be originated by The Open Group for distribution to those people within member companies working on the business of The Open Group.

When originated, The Open Group Manager must:

  1. Clearly indicate on a cover sheet that the material is The Open Group Confidential, so that the recipient has the opportunity not to open the document.
    • The cover sheet must include sufficient information to allow the recipient to make that judgment.
    • The cover sheet must also state clearly whether the recipient is permitted to make copies of the document (within the overall provisions of the confidentiality obligations in the relevant Membership Agreement).
  2. If possible, ensure that each page of the document is clearly marked with the designation The Open Group Confidential.
  3. Distribute the material only by a secure means of delivery (see below).

In turn, the recipient must:

  1. Use the material only for the purpose for which it was originally intended.
  2. Restrict disclosure of the material to those of its staff working directly on The Open Group related activities.
  3. Apply at least as strict rules to prevent unauthorized disclosure as would be applied to the member's own confidential material.

5.2 Material from a Member

The procedures for handling confidential material from a member of The Open Group are similar to those described above, with the exception that the cover sheet should be inscribed xxx Confidential – for The Open Group use only and that each page should be inscribed xxx Confidential, where xxx is the name of the member.

When distributing such material, The Open Group must treat it in the same way as its own confidential material, and recipients must treat the material as if it were The Open Group Confidential.

5.3 Material from a Third Party

When The Open Group obtains confidential information from a third party, typically under the control of a non-disclosure agreement, the material should subsequently be treated as The Open Group Confidential with the following additional procedures:

  1. Whenever the material is distributed, it must include a cover sheet which states explicitly that the material is The Open Group Confidential, the name of the company who originated the material, and reference to any non-disclosure agreement that is in place and any special terms which may inhibit the freedom of members of The Open Group to receive the material.
  2. Recipients must treat the material as The Open Group Confidential on the basis of the cover sheet; it cannot always be guaranteed that every page will be marked as confidential.

5.4 Miscellaneous Provisions

5.4.1 Web Postings

Material posted in password-protected areas of The Open Group websites, including password-protected wikis and collaboration tool pages, whether posted by The Open Group or member companies, is always to be regarded as The Open Group Confidential, whether or not it is explicitly labeled as such.

5.4.2 Distribution of Materials

Confidential material must be distributed using secure methods of distribution.

The following methods are for the purposes of these procedures assumed to be secure:

  1. Normal mail service
  2. Courier services
  3. Fax to a localized fax machine
  4. Electronic mail using the Internet.
  5. The use of a website, providing that the authentication and authorization services in use are sufficient to reasonably restrict access to confidential materials to those entitled to gain access

The following methods are for the purposes of these procedures assumed to be insecure:

  1. Fax to a machine shared with people not entitled to receive the information being transmitted
  2. Any website without appropriate authentications and authorization services to reasonably restrict access

5.4.3 Verbal Presentations

Any material presented verbally either formally or informally is assumed to be non-confidential unless the presenter states in advance that the material is confidential and offers anyone who does not wish to receive the material the opportunity to leave the meeting for the duration of the presentation.

Last updated: October 2018