fix tests. new product advisories enhancements
This commit is contained in:
master
219
docs/legal/COMPLIANCE_ATTESTATION_FORM.md
Normal file
219
docs/legal/COMPLIANCE_ATTESTATION_FORM.md
Normal file
@@ -0,0 +1,219 @@
|
||||
# Compliance Attestation Form
|
||||
|
||||
**Document Version:** 1.0.0
|
||||
**Last Updated:** 2026-01-25
|
||||
|
||||
This document describes the compliance attestation process for Stella Ops Community
|
||||
Plugin Grant users. For a fillable template, see `templates/self-attestation-form.md`.
|
||||
|
||||
---
|
||||
|
||||
## 1. Purpose
|
||||
|
||||
The compliance attestation process allows organizations to demonstrate compliance
|
||||
with the Stella Ops Community Plugin Grant without enabling telemetry or undergoing
|
||||
formal audit. It provides a trust-based mechanism for license compliance verification.
|
||||
|
||||
---
|
||||
|
||||
## 2. Who Should Attest
|
||||
|
||||
Annual attestation is recommended for:
|
||||
|
||||
- Organizations using Stella Ops in production
|
||||
- Deployments approaching free tier limits (2+ environments, 500+ scans/day)
|
||||
- Organizations with data governance policies prohibiting telemetry
|
||||
- MSPs managing customer deployments
|
||||
|
||||
Attestation is **not required** for:
|
||||
- Non-production or evaluation use
|
||||
- Single-environment deployments well within limits
|
||||
- Organizations with active telemetry enabled
|
||||
|
||||
---
|
||||
|
||||
## 3. Attestation Components
|
||||
|
||||
### 3.1 Operator Information
|
||||
|
||||
| Field | Description | Example |
|
||||
|-------|-------------|---------|
|
||||
| Organization Name | Legal entity name | Acme Corporation |
|
||||
| Contact Name | Primary compliance contact | Jane Smith |
|
||||
| Contact Email | Email for compliance communications | compliance@acme.com |
|
||||
| Installation ID | From admin dashboard (optional) | inst_abc123xyz |
|
||||
| Attestation Date | Date form completed | 2026-01-25 |
|
||||
|
||||
### 3.2 Usage Declaration
|
||||
|
||||
Declare current usage levels:
|
||||
|
||||
**Environment Count:**
|
||||
- [ ] 1 Environment
|
||||
- [ ] 2 Environments
|
||||
- [ ] 3 Environments (maximum free tier)
|
||||
- [ ] More than 3 Environments (requires commercial license)
|
||||
|
||||
**Scan Volume (peak 24-hour period in past year):**
|
||||
- [ ] Under 100 scans/day
|
||||
- [ ] 100-499 scans/day
|
||||
- [ ] 500-999 scans/day (maximum free tier)
|
||||
- [ ] Over 999 scans/day (requires commercial license)
|
||||
|
||||
### 3.3 Distribution Declaration
|
||||
|
||||
If redistributing Stella Ops or Plugins:
|
||||
|
||||
- [ ] We do not redistribute Stella Ops or Plugins
|
||||
- [ ] We redistribute with LICENSE and NOTICE files preserved
|
||||
- [ ] We redistribute Plugins only (not core Stella Ops)
|
||||
- [ ] We include this Addendum verbatim in all distributions
|
||||
- [ ] We do not offer Stella Ops as a competing managed service
|
||||
|
||||
### 3.4 SaaS/MSP Declaration
|
||||
|
||||
Select the applicable scenario:
|
||||
|
||||
- [ ] **Internal Use Only:** Stella Ops is used only by our employees/contractors
|
||||
- [ ] **MSP Single-Tenant:** We host isolated instances for customers (license details below)
|
||||
- [ ] **Not Applicable:** We do not provide hosted services
|
||||
|
||||
If MSP Single-Tenant, specify:
|
||||
- Number of customer instances: ___
|
||||
- License type per instance:
|
||||
- [ ] Each customer has own license
|
||||
- [ ] Our commercial license covers all instances
|
||||
- [ ] Mix (specify below)
|
||||
|
||||
---
|
||||
|
||||
## 4. Certification Statement
|
||||
|
||||
By submitting this attestation, the undersigned certifies that:
|
||||
|
||||
1. The information provided is accurate to the best of their knowledge
|
||||
2. The organization's use of Stella Ops complies with BUSL-1.1 and the Community
|
||||
Plugin Grant
|
||||
3. They have authority to make this attestation on behalf of the organization
|
||||
4. They understand that false attestation may result in license termination
|
||||
|
||||
---
|
||||
|
||||
## 5. Submission Process
|
||||
|
||||
### Step 1: Download Template
|
||||
Copy the template from `docs/legal/templates/self-attestation-form.md`
|
||||
|
||||
### Step 2: Complete Form
|
||||
Fill in all required fields. Use "N/A" for non-applicable sections.
|
||||
|
||||
### Step 3: Internal Review
|
||||
Have appropriate internal stakeholders review:
|
||||
- Legal/Compliance team
|
||||
- IT/Platform team (for technical accuracy)
|
||||
- Management (for authorization)
|
||||
|
||||
### Step 4: Submit
|
||||
Send completed form to: compliance@stella-ops.org
|
||||
|
||||
**Subject line:** `Compliance Attestation - [Organization Name] - [Year]`
|
||||
|
||||
### Step 5: Confirmation
|
||||
- Acknowledgment within 10 business days
|
||||
- Confirmation letter issued if attestation accepted
|
||||
- Follow-up questions if clarification needed
|
||||
|
||||
---
|
||||
|
||||
## 6. Renewal
|
||||
|
||||
### 6.1 Annual Renewal
|
||||
|
||||
Attestation should be renewed annually:
|
||||
- **Preferred:** Within 30 days of attestation anniversary
|
||||
- **Grace period:** 60 days after anniversary
|
||||
- **Reminder:** stella-ops.org will send reminder 30 days before due date
|
||||
|
||||
### 6.2 Material Changes
|
||||
|
||||
Submit updated attestation within 30 days if:
|
||||
- Environment count increases
|
||||
- Scan volume regularly exceeds 80% of limit
|
||||
- Organization structure changes (merger, acquisition)
|
||||
- Deployment model changes (internal to MSP)
|
||||
|
||||
---
|
||||
|
||||
## 7. Record Retention
|
||||
|
||||
### 7.1 Attestor Retention
|
||||
|
||||
Organizations should retain:
|
||||
- Copy of submitted attestation
|
||||
- Supporting documentation (usage reports, dashboard screenshots)
|
||||
- Confirmation letter from stella-ops.org
|
||||
|
||||
**Recommended retention period:** 5 years
|
||||
|
||||
### 7.2 stella-ops.org Retention
|
||||
|
||||
stella-ops.org retains:
|
||||
- Submitted attestations: 5 years
|
||||
- Confirmation letters: Indefinitely
|
||||
- Supporting communications: 3 years
|
||||
|
||||
---
|
||||
|
||||
## 8. Frequently Asked Questions
|
||||
|
||||
### Q: Is attestation mandatory?
|
||||
|
||||
**A:** No. Attestation is voluntary and recommended. It provides documented evidence
|
||||
of compliance in case of future questions.
|
||||
|
||||
### Q: What if our usage changes after attesting?
|
||||
|
||||
**A:** Submit an updated attestation within 30 days of material changes. Good-faith
|
||||
updates are appreciated and do not trigger penalties.
|
||||
|
||||
### Q: Can we attest for multiple installations?
|
||||
|
||||
**A:** Yes. Use one form per installation, or contact compliance@stella-ops.org for
|
||||
a consolidated form for large deployments.
|
||||
|
||||
### Q: What happens if we can't attest to compliance?
|
||||
|
||||
**A:** Contact sales@stella-ops.org to discuss commercial licensing options. There's
|
||||
no penalty for recognizing a need to upgrade.
|
||||
|
||||
### Q: Is the attestation legally binding?
|
||||
|
||||
**A:** The attestation is a representation of fact. Knowingly false attestation may
|
||||
result in license termination. However, good-faith errors with prompt correction
|
||||
are not penalized.
|
||||
|
||||
---
|
||||
|
||||
## 9. Contact
|
||||
|
||||
**Attestation submissions:**
|
||||
compliance@stella-ops.org
|
||||
|
||||
**Questions about the process:**
|
||||
legal@stella-ops.org
|
||||
|
||||
**Commercial licensing:**
|
||||
sales@stella-ops.org
|
||||
|
||||
---
|
||||
|
||||
## See Also
|
||||
|
||||
- `templates/self-attestation-form.md` - Fillable template
|
||||
- `ENFORCEMENT_TELEMETRY_POLICY.md` - Audit and telemetry details
|
||||
- `LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md` - Full legal terms
|
||||
|
||||
---
|
||||
|
||||
*Document maintained by: Legal + Compliance Team*
|
||||
*Last review: 2026-01-25*
|
||||
Reference in New Issue
Block a user