- Any person who wishes to report an incident can do so via via Incident intake Form
- Code of Conduct incident distributed to CoCC
- CoCC review the incident
- Gather additional information
- Vote if Incident violates Code of Conduct
- Vote on recommended action
- Document recommended course of action and voting in Incident Intake Form
- FinOps Foundation staff perform recommended action
The committee maintains a private mailing list for reporting incidents, asking confidential questions, and internal committee communication: conduct@finops.org
If you have any questions or concerns email conduct@finops.org for tracking purposes. This feedback helps guide the implementation of new policies and procedures.
FinOps Foundation staff Community moderation administrators in Slack, GitHub comments, the mailing list, community events, and elsewhere are extensions of the committee and are able to be first responders to incidents. They are explicitly empowered to immediately take any actions they deem necessary to protect the health and safety of the community and its participants; any such action shall be deemed temporary and interim in nature until it is reviewed by the committee. Staff members are required to notify the CoCC promptly of any incident and actions that have been taken. All such actions must be reviewed by the committee for appropriateness and consistency. Depending on the committee’s determination, the temporary interim action may be reversed, modified, or affirmed and made permanent by the CoCC.
The committee is the primary recipient of all conduct complaints regardless of where in the community they originate. The only exception is at FinOps Foundation events, where the Linux Foundation Event Code of Conduct process supersedes this. The Linux Foundation, rather than this committee, is responsible for enforcing the Linux Foundation Event Code of Conduct. That is primarily due to the high-impact nature of in-person violations and the need for more extensive staffing. This committee will be informed of violations involving FinOps Foundation community members, regardless of circumstances.
Additionally, the committee is responsible for drafting and executing on reporting, enforcement, and other policy matters related to the FinOps Code of Conduct. In most cases, policies are made public, however some materials will be confidential by nature of their content and application. As a general rule, the committee will provide transparency regarding its processes, but will treat the identities of reporters, witnesses, and victims and details of specific incidents as confidential information. Anonymized aggregated incident data may be provided to the community as the committee sees fit.
CoCC with less than 3 active members the Governing Board will automatically regain delegated control. (See Committee dissolution)
The committee strives to respond quickly to reports, as well as initiate whatever actions are appropriate based on severity, risk, urgency, and impact. In some cases, the F2 Staff will take immediate action such as (but not limited to) removing a GitHub comment, deleting a Slack message, or ejecting someone from a community meeting. The committee, however, will retroactively review any action taken in such instances to ensure the action was appropriate.
The committee meets monthly unless additional interstitial meetings are required to address incidents or other critical work. Meetings are not recorded, however confidential notes may be kept when necessary to provide continuity to future committee members. Wherever possible, documentation necessary for the internal operation of the committee will be stored in a private repository.
Meetings are considered at quorum when a simple majority of the members are present. Where there are 4 or fewer members available due vacant seats or recusal, quorum is 2.
Voting is considered at quorum when the majority of the Code of Conduct (5) votes agree. Voting can take place virtually and asynchronously.
The Code of Conduct committee will keep your report confidential. The CoCC may share report information with the Steering Committee if they believe doing so is appropriate. Information about past incidents is generally available to new committee members so they can ensure future incidents are handled in a manner that is consistent with prior precedent.
Any changes to the charter require explicit “Looks good to me” or approval from all committee members. Any changes merged without consensus will be reverted.
The Governing Board can request changes to the charter, which will be reviewed by the Code of Conduct Committee to approve.
When the FinOps Foundation CoC Committee handles incident response, only members of the FinOps Foundation CoC Committee without hard conflicts of interest (see our Conflict of Interest policy below) will have access to confidential information pertaining to the incident, including the identities of the reporters. The FinOps Foundation CoC Committee will not disclose the identities or confidential information provided by reporters or persons who were targeted or potentially harmed without their permission, except to a limited number of people on an as-needed basis for investigating and resolving the incident and protecting community members from harm. For example, the FinOps Foundation CoC Committee might need to disclose certain information about the incident to LF Events Staff in order to arrange for onsite support for a target of harassment, or to an external professional mediator or investigator who is engaged to assist with resolution of the incident. Confidential information about incidents will only be shared with individuals who are obligated to similarly maintain the confidentiality of such information.
In some cases, in order to perform a fair and thorough investigation of a reported incident, it may be necessary to question the accused person about the incident. Although the FinOps Foundation CoC Committee will not disclose to the accused person who reported the incident or what witnesses have provided information, if only one person or a very small number of people were involved in or witnessed the incident, the accused person may be able to guess their identities.
In rare situations, the FinOps Foundation CoC Committee may be required to disclose confidential information pertaining to an investigation in order to comply with applicable laws, a subpoena, or court order, or to defend against litigation.
The Interim FinOps Foundation may, in its discretion, disclose the identity of the accused person to FinOps Foundation staff, FinOps Foundation community leaders, CNCF community members, or the general public if the Interim FinOps Foundation determines that such disclosure is necessary to protect the community or its members from harm.
Hard Conflicts: A CoC Committee member has a hard conflict of interest if any of the following are true:
- They are the accused person, or a person alleged to be directly harmed or targeted by the alleged wrongdoing;
- They have a close personal relationship (e.g., close friend, spouse, or family member) with the accused person or with a person alleged to be directly targeted or harmed by alleged wrongdoing;
- They have a close professional relationship (e.g., direct supervisory relationship at same employer) with the accused person or with a person alleged to be directly harmed or targeted by the alleged wrongdoing;
- They have another personal interest in the outcome of the incident that is likely to undermine their impartiality.
- Multiple soft conflicts exist.
Soft Conflicts: A CoC Committee member has a soft conflict of interest if any of the following are true:
- They work at the same company as the accused person, but do not have a close personal or professional relationship (e.g., they work for separate business units or divisions and do not interact on a regular basis);
- Other circumstances exist which are likely to give the appearance of a conflict of interest, even if such circumstances are not actually likely to undermine their impartiality, such as participating in public discussion about a potential violation or concern regarding the accused person’s behavior in their personal capacity rather than in their official capacity as representative of the CoC Committee.
- Merely witnessing a potential Code of Conduct violation does not constitute a conflict of interest.
When a CoC Committee member has a potential soft or hard conflict of interest with respect to a reported incident, they have an obligation to promptly disclose the nature of their potential conflict of interest to the rest of the CoC Committee (unless such potential conflict of interest is already known to the other members of the CoC Committee).
Statements of conflict and confirmation of stated conflicts must be done prior to the initiation of an investigation and recorded in the notes of the first meeting convened to discuss the incident.
A committee member may verbally disclose a conflict statement to the committee first, and then follow up in writing with the statement of conflict. They may also directly provide the statement of conflict in writing.
Statements of conflict must include the kind of conflict (hard or soft) and the specific area of conflict. The committee is then required to confirm the conflict by majority, for the existence of a soft conflict, the confirmation must also outline what that member can and can not do as part of the investigation.
A CoC Committee member with a hard conflict of interest will not be allowed to attend meetings or otherwise participate in discussions or decision-making of the CoC Committee related to the incident; their participation shall be limited to allowing the remaining CoC Committee members to interview them as a witness and providing information requested by the CoC Committee. Additionally, a CoC Committee Member with a hard conflict of interest will not be provided with any confidential information pertaining to the incident (e.g., identities of reporters or contents of confidential reports).
A CoC Committee member with a soft conflict of interest will not have the right to vote, but may be allowed to participate in discussion regarding the incident. The remaining CoC Committee members will decide what information to provide such conflicted members and the extent to which such conflicted members may be present at meetings, participate in discussions, and otherwise assist in resolution of the incident. Any such decisions regarding participation or recusal of a CoC Committee member with a soft conflict of interest will be recorded in the committee’s meeting minutes or other records.
In the event that one or more of the seats on the committee is unoccupied, for any reason, a replacement member may be appointed by the Governing Board as soon as reasonable. That person will serve out the remainder of the term of the person they are replacing.
If the CoCC has less than 3 active members or the existing CoCC members request that the Governing Board appoint additional members, the Governing Board may appoint additional qualified individuals to serve on the CoCC.
A committee member may be removed from the committee by a unanimous decision of the other committee members. The member should be given the opportunity to resign before they are removed. Removal should only be considered for the following reasons:
- The member has been found to have committed a code of conduct violation.
- The member is convicted of a felony.
- The member has been completely out of contact for more than 30 consecutive calendar days without having made prior arrangements.
- The member has explicitly, publicly violated the privacy of individuals involved by disclosure of personally-identifiable information (accidental disclosure via inference is not a valid reason for removal, though may be cause for a code of conduct violation report.) or otherwise failed to comply with the policies, procedures, and requirements of this committee.
- The member is no longer able to perform the duties of the position due to extreme circumstances such as refugee displacement or diminution of mental capacity.
If a committee member chooses not to continue in their role, for whatever reason, they must notify the committee as well as the steering committee in writing. As a courtesy, such notifications should be given at least 30 calendar days in advance of their departure.
This document includes content based on the Mozilla “How to Report Violations of the Community Participation Guidelines” document , which is based in part on the PyCon Code of Conduct Revision 2f4d980 . Both of these resources are licensed under the Creative Commons Attribution 3.0 Unported License .This document is licensed under the Creative Commons Attribution 4.0 International License.