220 lines
6.2 KiB
Markdown
220 lines
6.2 KiB
Markdown
# Compliance Attestation Form
|
|
|
|
**Document Version:** 1.0.0
|
|
**Last Updated:** 2026-01-25
|
|
|
|
This document describes the compliance attestation process for Stella Ops Community
|
|
Plugin Grant users. For a fillable template, see `templates/self-attestation-form.md`.
|
|
|
|
---
|
|
|
|
## 1. Purpose
|
|
|
|
The compliance attestation process allows organizations to demonstrate compliance
|
|
with the Stella Ops Community Plugin Grant without enabling telemetry or undergoing
|
|
formal audit. It provides a trust-based mechanism for license compliance verification.
|
|
|
|
---
|
|
|
|
## 2. Who Should Attest
|
|
|
|
Annual attestation is recommended for:
|
|
|
|
- Organizations using Stella Ops in production
|
|
- Deployments approaching free tier limits (2+ environments, 500+ scans/day)
|
|
- Organizations with data governance policies prohibiting telemetry
|
|
- MSPs managing customer deployments
|
|
|
|
Attestation is **not required** for:
|
|
- Non-production or evaluation use
|
|
- Single-environment deployments well within limits
|
|
- Organizations with active telemetry enabled
|
|
|
|
---
|
|
|
|
## 3. Attestation Components
|
|
|
|
### 3.1 Operator Information
|
|
|
|
| Field | Description | Example |
|
|
|-------|-------------|---------|
|
|
| Organization Name | Legal entity name | Acme Corporation |
|
|
| Contact Name | Primary compliance contact | Jane Smith |
|
|
| Contact Email | Email for compliance communications | compliance@acme.com |
|
|
| Installation ID | From admin dashboard (optional) | inst_abc123xyz |
|
|
| Attestation Date | Date form completed | 2026-01-25 |
|
|
|
|
### 3.2 Usage Declaration
|
|
|
|
Declare current usage levels:
|
|
|
|
**Environment Count:**
|
|
- [ ] 1 Environment
|
|
- [ ] 2 Environments
|
|
- [ ] 3 Environments (maximum free tier)
|
|
- [ ] More than 3 Environments (requires commercial license)
|
|
|
|
**Scan Volume (peak 24-hour period in past year):**
|
|
- [ ] Under 100 scans/day
|
|
- [ ] 100-499 scans/day
|
|
- [ ] 500-999 scans/day (maximum free tier)
|
|
- [ ] Over 999 scans/day (requires commercial license)
|
|
|
|
### 3.3 Distribution Declaration
|
|
|
|
If redistributing Stella Ops or Plugins:
|
|
|
|
- [ ] We do not redistribute Stella Ops or Plugins
|
|
- [ ] We redistribute with LICENSE and NOTICE files preserved
|
|
- [ ] We redistribute Plugins only (not core Stella Ops)
|
|
- [ ] We include this Addendum verbatim in all distributions
|
|
- [ ] We do not offer Stella Ops as a competing managed service
|
|
|
|
### 3.4 SaaS/MSP Declaration
|
|
|
|
Select the applicable scenario:
|
|
|
|
- [ ] **Internal Use Only:** Stella Ops is used only by our employees/contractors
|
|
- [ ] **MSP Single-Tenant:** We host isolated instances for customers (license details below)
|
|
- [ ] **Not Applicable:** We do not provide hosted services
|
|
|
|
If MSP Single-Tenant, specify:
|
|
- Number of customer instances: ___
|
|
- License type per instance:
|
|
- [ ] Each customer has own license
|
|
- [ ] Our commercial license covers all instances
|
|
- [ ] Mix (specify below)
|
|
|
|
---
|
|
|
|
## 4. Certification Statement
|
|
|
|
By submitting this attestation, the undersigned certifies that:
|
|
|
|
1. The information provided is accurate to the best of their knowledge
|
|
2. The organization's use of Stella Ops complies with BUSL-1.1 and the Community
|
|
Plugin Grant
|
|
3. They have authority to make this attestation on behalf of the organization
|
|
4. They understand that false attestation may result in license termination
|
|
|
|
---
|
|
|
|
## 5. Submission Process
|
|
|
|
### Step 1: Download Template
|
|
Copy the template from `docs/legal/templates/self-attestation-form.md`
|
|
|
|
### Step 2: Complete Form
|
|
Fill in all required fields. Use "N/A" for non-applicable sections.
|
|
|
|
### Step 3: Internal Review
|
|
Have appropriate internal stakeholders review:
|
|
- Legal/Compliance team
|
|
- IT/Platform team (for technical accuracy)
|
|
- Management (for authorization)
|
|
|
|
### Step 4: Submit
|
|
Send completed form to: compliance@stella-ops.org
|
|
|
|
**Subject line:** `Compliance Attestation - [Organization Name] - [Year]`
|
|
|
|
### Step 5: Confirmation
|
|
- Acknowledgment within 10 business days
|
|
- Confirmation letter issued if attestation accepted
|
|
- Follow-up questions if clarification needed
|
|
|
|
---
|
|
|
|
## 6. Renewal
|
|
|
|
### 6.1 Annual Renewal
|
|
|
|
Attestation should be renewed annually:
|
|
- **Preferred:** Within 30 days of attestation anniversary
|
|
- **Grace period:** 60 days after anniversary
|
|
- **Reminder:** stella-ops.org will send reminder 30 days before due date
|
|
|
|
### 6.2 Material Changes
|
|
|
|
Submit updated attestation within 30 days if:
|
|
- Environment count increases
|
|
- Scan volume regularly exceeds 80% of limit
|
|
- Organization structure changes (merger, acquisition)
|
|
- Deployment model changes (internal to MSP)
|
|
|
|
---
|
|
|
|
## 7. Record Retention
|
|
|
|
### 7.1 Attestor Retention
|
|
|
|
Organizations should retain:
|
|
- Copy of submitted attestation
|
|
- Supporting documentation (usage reports, dashboard screenshots)
|
|
- Confirmation letter from stella-ops.org
|
|
|
|
**Recommended retention period:** 5 years
|
|
|
|
### 7.2 stella-ops.org Retention
|
|
|
|
stella-ops.org retains:
|
|
- Submitted attestations: 5 years
|
|
- Confirmation letters: Indefinitely
|
|
- Supporting communications: 3 years
|
|
|
|
---
|
|
|
|
## 8. Frequently Asked Questions
|
|
|
|
### Q: Is attestation mandatory?
|
|
|
|
**A:** No. Attestation is voluntary and recommended. It provides documented evidence
|
|
of compliance in case of future questions.
|
|
|
|
### Q: What if our usage changes after attesting?
|
|
|
|
**A:** Submit an updated attestation within 30 days of material changes. Good-faith
|
|
updates are appreciated and do not trigger penalties.
|
|
|
|
### Q: Can we attest for multiple installations?
|
|
|
|
**A:** Yes. Use one form per installation, or contact compliance@stella-ops.org for
|
|
a consolidated form for large deployments.
|
|
|
|
### Q: What happens if we can't attest to compliance?
|
|
|
|
**A:** Contact sales@stella-ops.org to discuss commercial licensing options. There's
|
|
no penalty for recognizing a need to upgrade.
|
|
|
|
### Q: Is the attestation legally binding?
|
|
|
|
**A:** The attestation is a representation of fact. Knowingly false attestation may
|
|
result in license termination. However, good-faith errors with prompt correction
|
|
are not penalized.
|
|
|
|
---
|
|
|
|
## 9. Contact
|
|
|
|
**Attestation submissions:**
|
|
compliance@stella-ops.org
|
|
|
|
**Questions about the process:**
|
|
legal@stella-ops.org
|
|
|
|
**Commercial licensing:**
|
|
sales@stella-ops.org
|
|
|
|
---
|
|
|
|
## See Also
|
|
|
|
- `templates/self-attestation-form.md` - Fillable template
|
|
- `ENFORCEMENT_TELEMETRY_POLICY.md` - Audit and telemetry details
|
|
- `LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md` - Full legal terms
|
|
|
|
---
|
|
|
|
*Document maintained by: Legal + Compliance Team*
|
|
*Last review: 2026-01-25*
|