Code of Conduct Incident Reporting and Response Process
Overview of the Code of Conduct workflow for OASIS staff when receiving and responding to an incident report.
Incident reporting and response process
This document outlines the workflow for OASIS staff when receiving and responding to an incident report falling under the Code of Conduct. As each report is unique, the process is described at a high level.
Incident Reports
What is an incident report?
An incident report or complaint is a description of an event, interaction, or public statement submitted to OASIS staff, which the reporter feels violates the Code of Conduct.
Who can submit a report?
OASIS accepts reports from anyone who interacts in an OASIS activity (OP, TC, etc.) with the project community, contributor or otherwise. This includes, but is not limited to, the following:
- Contributors and maintainers
- Members of the community Slack instance
- Attendees and vendors at community events
Reports can be written or spoken and may be brought to any OASIS staff. OASIS must have a report to take action. At times, we may encourage community members to contact us if an incident is ongoing and we have not been contacted.
Where do private incident reports happen?
Incident reports may be made directly to any OASIS staff or sent to code-of-conduct@oasis-open.org.
How is the privacy of a report protected?
All incident-related discussions happen in private spaces between incident reporters and OASIS staff. Staff maintain the confidentiality of incidents to the extent permitted by law.
Where incidents relate to unintentionally or non-consensually publicly-visible content or messages, we may, or may request others to, delete that content to help preserve the privacy of involved parties.
Why does this process exist?
The reporting process exists to provide the community with mechanisms to keep people safe, and to ensure that poor behavior, regardless of who the initiator is, is not accepted.
OASIS staff have the authority and responsibility to address harms as needed and appropriate to restore community safety after any incident(s).
Incident report workflow
Initial triage
OASIS staff will respond to all reports in a timely manner, usually within a few days.
When an incident report is received, it is reviewed for severity. The initial member(s) review the report and determine severity and urgency. If necessary, we may alert other members and call for an urgent meeting, but in most cases, we discuss asynchronously and develop a response plan.
Recusal
Before beginning an investigation on an incident, staff members can recuse themselves from addressing the incident if they feel a relationship with someone involved may hinder their impartiality or create a perception of impropriety with respect to individuals involved in the reported incident.
Building a plan
The staff will privately discuss the incident report and may or may not decide that we need more information prior to determining whether to take any action.
We consider the following at this stage:
- Do we need clarification from the reporter beyond the initial report?
- Do we need clarification from other individuals who may have been involved in, or witnesses to, the incident?
- Is there a public record of the incident which we can review, such as a chat log or video recording?
- Are there any privacy or safety considerations that we must take into account? For example, if we reach out to an individual named in the report, could this jeopardize the safety of the reporter or other individuals?
Reaching out to involved parties
It is our intention to put as little emotional labor on those who have been harmed as possible, and to protect the safety (both physical and emotional) of all community members. We labor to be supportive and non-judgmental and to make the reporting process as safe and low anxiety as possible.
In all instances these clarifying discussions are confidential.
Clarifying discussions typically take the form of email, Slack DM, or Zoom meeting 1:1 between a staff member selected during our triaging of an incident report and the individual from whom clarification is sought. Staff may seek to include an observer/scribe agreed by both parties.
Incident response workflow
Deciding on a Course of Action
We do not act recklessly, and in deciding on a course of action, we work as a team to include diverse perspectives, support the immediate safety needs of our community members, and support the long-term health of this community.
Our decisions on a course of action are informed by the following goals:
- Continuously working towards a community that is a safe and professional space in which individuals from any background can do their best work, authentically and free from harassment
- Preferring non-punitive punishments when possible
- Prioritizing the safety of individuals to support the overall health of the community
- Prioritizing education and coaching for those involved, when possible
- Prioritizing the protection of contributing members of a project over external parties. This does not mean that we protect people with a higher number of commits or more seniority in the project, however.
In general, the committee strives for unanimous consensus before taking an action.
For example, we may choose to do nothing, to issue a private warning, to offer coaching, to recommend organizational changes, or to ban someone from a community platform.
Taking Actions and Communicating our Recommendations
When we have decided on a course of action, we do the following:
- We clearly communicate our decision to those who need to hear it, without violating the confidentiality of those who requested it during an investigative process (if one was undertaken).
- If and only if it is needed, we may engage with OASIS leadership or outside counsel if necessary.
In rare cases, we might find it necessary to issue a public statement, either jointly or separately.