This document (updated as of 9/25/23) contains requirements, examples, instructions, and text for the Notice of Copyright, Availability of Subject matter and Disclaimer required for EPRI software and source code.
EPRI Copyright Notice (105 KB)
The standard expected content for the EPRI Footer of Subscriber Websites (SWS) can be found here.
Export Control
Review the Export Control Policies, Guidelines, and Forms (URL Internal to EPRI only) on the Inside EPRI website for more information.
For export control assistance, contact York Huang in the EPRI Legal Department.
Enterprise Systems
Certain EPRI software require integration with key systems in the members' Information Technology (IT) inventory. These software are called enterprise systems (e.g., Microsoft Office, SAP, Maximo, OSIsoft's PI, etc.).
Integration with members' enterprise systems is critical because these systems contain data the EPRI software must use.
Requirements for software integration with Members' Enterprise Systems:
-
Plans for Software Integration: Plans should be included in the earliest phases of the project and specify the enterprise systems from which data are required and/or in which EPRI software results are used
-
Software Integration Standards: Preference should be given to the use of software integration standards (i.e., Common Information Model (CIM)) that reduce life cycle costs
-
Software Modules Creation, Use and Reuse: Consideration should be given to the use of existing software capability either in EPRI or commercial products. Member input in the requirements process should be obtained to identify opportunities for use of existing member IT inventory capabilities.
Internationalization
Internationalization is the design and development of a product, application, or document content that enables localization for target audiences that vary in region or language.
Software users may select (via regional settings) the country of their choosing and the application selects the proper units of measure, currencies, date formats, and number formats. For example, in Windows, the user is able to set the operating system's Regional settings (formatting and location) to the country that they are in or prefer. Therefore, the EPRI software needs to be able to handle the changes.
The software manual should provide an explanation for International Units options.
Where numbers are used with scientific units, the ability to use both US English and Metric (or International System of Units (SI)) units is required by EPRI.
Operating Systems
Supported Operating Systems
Effective March 1, 2019, the Microsoft operating systems supported by EPRI-developed software are:
- Windows 10 (Required)
Effective November, 2022, the Linux operating systems supported by EPRI-developed software are:
- Open SUSE
Note: If the deliverable requires a different Linux distribution, contact SQA to discuss support.
Supported Web Browsers
For web application deliverables, the following browsers are supported by SQA:
- Microsoft Edge (Current Release)
- Firefox (Current Release)
- Chrome (Current Release)
- Safari (Current Release)
Please see the Web & Mobile Application Branding & User Experience Guide Version 4.1
Supported SQL servers for Desktop software
If desktop software requires SQL server support, EPRI only supports Microsft SQL server
Supported Office Versions
SQA will test your application for Microsoft Office 365 compatibility. Please contact SQA to discuss testing and support for previous Office version (e.g. Office 2016, etc.)
Cryptography & Encryption
If software encryption (e.g., keys (i.e., hardware, software, database, etc.), data transfer, etc.) is used or required in your software, the EPRI Project Manager must complete the Cryptography and Encryption Functions Checklist and Definitions (51 KB) and submit it to York Huang ("cc" the EPRI Software Quality Manager).
For software encryption assistance, contact York Huang in the EPRI Legal Department.
Software Security Policy
As a minimum, the following requirements must be met:
- No viruses, backdoors, or trojan horses
- No passwords viewable in plain text nor kept in an open-access file (or database in plain text)
- Utilizes authentication and access control as appropriate
- Offers the ability to use Windows Authentication as well as proprietary authentication when both are available (i.e., using Windows Authentication and MS SQL Authentication)
- Tested for Open Web Application Security Project (OWASP) "Top Ten Project" Security Vulnerabilities (i.e., SQL Injection, Cross-Site Scripting, Username Enumeration, etc.)
- Security issues and security plan covered and described in the Software Requirements Document (SRD)
- Follow project-specific secure coding guidelines or a programming language-agnostic coding standard such as 12 Factor (https://12factor.net/)
Third Party and Open Source Software
All software development must comply with relevant requirements in the software licensing terms, applicable sourcing agreement, EPRI's Third Party and Open Source Software Policy, and as communicated by the EPRI Project Manager. Review the IT Information Security - Software Policy (URL Internal to EPRI only) for more information.
All third-party software used to develop or included in the distribution of an EPRI deliverable (both open source and non-open source) must be properly licensed to EPRI or the software developer, as applicable.
Any open source software incorporated into a deliverable should have a "Permissive" license. EPRI does not permit third-party software obtained under a "Reciprocal" license to be used in development or distributed within any deliverable.
Software developers must communicate regularly with the EPRI Project Manager about any third-party software used in development or distribution to ensure that restrictions in the license agreement are compatible with EPRI's use of the third party product. EPRI encourages software developers to provide third party license terms to EPRI for review as early as possible in the development process to avoid schedule delays. EPRI Project Managers are also encouraged to review all third party software licenses with EPRI Legal to make sure requirements are understood and approvals are obtained early in the project, so as to avoid delays when releasing the product.
For questions, EPRI Contractors should work through their EPRI Project Manager. EPRI Project Managers should contact EPRI Legal or SQA for assistance in determining requirements for third party and open source software.