Skip to content

Latest commit

 

History

History
128 lines (70 loc) · 9.62 KB

COC_POLICY.md

File metadata and controls

128 lines (70 loc) · 9.62 KB

This document defines the OpenJS Foundation's code of conduct policy.

If you want to report an incident, go to code-of-conduct.openjsf.org.


Code of Conduct Policy

The OpenJS Foundation (OpenJSF) delegates to the Cross Project Council (CPC), via its charter, the responsibility of choosing, maintaining, and enforcing a Code of Conduct (CoC) for all of its projects, collab spaces, and for any related activities.

Code of Conduct

The OpenJSF's code of conduct is located at code-of-conduct.openjsf.org. It is based on the Contributor Covenant.

A common code of conduct allows a common escalation and appeal process and allows better support of projects in their efforts to apply the code of conduct.

All OpenJSF projects, collab spaces, and any activities related to the OpenJSF are operating under this code of conduct unless otherwise stated. (For example, events organized in partnership with other organizations might be operating under a different code of conduct.)

Projects joining the foundation that already have a code of conduct will need to adopt the OpenJSF's CoC within three (3) months. Projects that don't already have a code of conduct operate under the OpenJSF's CoC as soon as they enter incubation.

Reporting incidents

Reporting incidents should be as simple and flexible as possible.

All information necessary to report an incident must be publicly documented directly alongside the code of conduct itself. This information must contain at least the following:

  1. A general email address at which incidents can be reported.
  2. The name and email address of each recipient of the general email address.

Reporters may choose to report an incident by using the general email address provided or by contacting any of its recipients individually, either by using their provided email, reaching out in person, or by any other reasonable means.

An acknowledgment of receipt should be promptly issued to incident reporters.

The name and contact details of the people responsible for managing the incident report should be provided to reporters as soon as possible (to uncover conflicts of interest upfront and allow for escalation).

Incidents requiring immediate action

Individuals responsible for managing incident reports are empowered to take immediate action in order to prevent further harm, for example by blocking someone from accessing virtual spaces managed by a project or the Foundation or by removing someone from an event.

These actions must be documented at the earliest convenient occasion for review by the Code of Conduct Team or the other people responsible for managing incident reports for the related project.

Incident Response

All incident reports will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.

Responsiveness

Every incident report, escalation request, or appeal will be promptly acknowledged upon receipt and a response provided in a timely manner. All parties involved should be kept informed and updated in a timely and efficient manner.

Transparency

The number and relevant details of the reported incidents, escalation requests, and appeals, along with the responses made and actions taken should be made available, at least on a yearly basis, in a redacted form, to the Cross Project Council for further dissemination.

Record keeping

A record of all communications related to an incident report, escalation request, or appeal must be kept.

Confidentiality

The identity of the harmed individual(s) and the reporter(s) of an incident report must be kept confidential.

The identity of the accused individual should be kept confidential. However, incidents requiring immediate action (e.g. to prevent further harm) and implementing the decision resulting from the incident management process might require sharing the identity of the accused individual beyond the people involved in the incident management process itself. Additionally, the obligation of confidentiality towards the accused individual ends if the accused individual chooses to disclose the information publicly. In all cases, however, care should be taken to limit information sharing to what is strictly necessary to address the issue at hand and avoid making that sharing retaliatory.

Conflict of Interest

Any person involved with the management of an incident report must immediately notify the CoC Team in writing and recuse themselves from the process if they have been involved in the incident itself or have any other conflict of interest with any of the involved parties (e.g. same employer).

Enforcement

Incident management processes

The Cross Project Council (CPC) defines, documents, and maintains all processes necessary for the management of incident reports and the enforcement of the code of conduct and this policy through the CoC Process for Incident Management.

The CPC works with the OpenJS Foundation staff to develop the infrastructure and processes necessary to comply with the requirements of this policy, notably when it comes to record-keeping, confidentiality, and transparency.

Code of Conduct Team (CoC Team)

The Cross Project Council (CPC) delegates enforcement of the code of conduct to the Code of Conduct Team (CoC Team) through the CoC Team Charter.

The structure of the CoC Team and how its members are elected are described in the CoC Team Charter.

The current composition of the CoC Team is available in the code of conduct itself along with means to contact by email the whole CoC Team and each of its members individually.

The CoC Team is responsible for applying the incident management processes.

The CoC Team is empowered to involve external people to resolve an issue provided these commit to abide by the code of conduct, the incident management processes, and by this policy.

Delegation to projects

Projects may opt-in to enforce the code of conduct themselves provided they meet the following requirements:

  1. Commit to uphold the code of conduct.
  2. Commit to uphold this policy.
  3. Provide a general email address where incidents can be reported and document it alongside the code of conduct.
  4. Define and publicly document a process by which the project selects people responsible for managing incident reports. For Impact and At Large projects, at least two people must be selected.
  5. List the people responsible for managing incident reports alongside the code of conduct as outlined in the Reporting incidents section.
  6. Publicly document their decision-making process for responding to incident reports.
  7. Document the foundation's escalation and appeal process alongside the code of conduct.
  8. Participate in good faith in the escalation and appeal processes.

Moderation

Each project is free to implement moderation processes appropriate for the size and scope of the project provided these processes abide by the code of conduct and by this policy.

Escalation

Reporters, harmed individuals, and accused individuals may escalate an issue to the CoC Team at any point in the process in case of a conflict of interest, if the report is not being handled appropriately (for example, if there are unacceptable delays, a lack of communication, confidentiality isn't respected, etc.), or in case of an emergency.

The CoC Team is empowered to manage escalation requests of incident reports managed by projects that have opted-in to enforce the code of conduct themselves.

If the CoC Team finds that the escalation request has merit, the CoC Team may decide to take over the management of the incident report or refer the issue to the Cross Project Council which may request changes to the existing management process.

Projects are expected to participate in good faith in the escalation process and to share all the information related to the incident report with the CoC Team. The CoC Team is expected to consider project and community needs during the escalation process and may involve the Cross Project Council if necessary and project leadership if appropriate.

Appeals

Harmed individuals and accused individuals have thirty (30) days after a response was provided to appeal to the CoC Team a decision made in response to an incident report. Decisions may only be appealed on the grounds that the documented process was not properly followed or that it did not meet the requirements of this policy. If the CoC Team finds that the appeal has merit, it may decide to override the decision that was previously made.

If the initial report was already managed by the CoC Team, a different set of CoC Team members should be chosen to manage the appeal process. The CoC Team may choose to involve external people if needed.

If the appeal follows an incident report managed by a project, the project is expected to participate in good faith in the appeal process and to share all the information related to the incident report with the CoC Team. The CoC Team is expected to consider project and community needs during the appeal and may involve the Cross Project Council if necessary and project leadership if appropriate.

Appeals do not delay or block the execution of decisions communicated in the response.