Morning Claudio

Sorry but on point one you are incorrect.  The membership does own the organization and not one individual.  From (ISC)2 history website:

“The Consortium” was formed among several professional organizations to create a global information security certification process for professionals and to address the need for standardized curriculum for the burgeoning profession. A series of strategy and planning meetings were held at Idaho State University and in Salt Lake City starting in November.

The initial groups that joined together to form (ISC)² included: the Canadian Information Processing Society, the Computer Security Institute, the Data Processing Management Association (two special interest groups), Idaho State University, the Information Systems Security Association, and the International Federation for Information Processing.

(ISC)² is incorporated in the Commonwealth of Massachusetts under the authority of
Massachusetts General Laws c.180 and the Articles of Organization of the Corporation
(“Charter”) 

Point 2, yes I was on the board for a while and along with others moved the organization down a path.  Some good, some maybe not so good......as to transparency, whilst I was on the board we did pass a motion that the minutes of board meetings would be posted for the membership.  However, as my last year on the board was 2015, I cannot say why that has not been done but it would be on my agenda to determine what or why it is not being done.

As to your last point, ANY member is free to ask for and receive copies of the Articles of Organization as well as reviewing the Massachusetts General Laws c: 180.  A request to Graham Jackson should be all you need to do.  Additionally as (ISC)2 is a 501c6, it must post its 990s to the IRS along with financials.  The 990s can be located on GUIDESTAR.ORG.  These documents show where the money is and what is being done with it.  This document also details what folks get paid.

The Board are intended to be the voice of the membership and have one employee (the CEO).  As this is the case, the Board should be listening to the members and maybe spending some of the cash that is being put away.

So to answer the last question, you as part of the membership own a piece of the organization.

Best

d

@claudiocilli Claudio, there's a couple of corrections that are worth pointing out, although you're absolutely correct on some points

1. My understanding is that Members absolutely own the association. The articles of association are public and can be found at  https://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSearchViewPDF.aspx

Members do have a huge influence in the governance/administration - it's the members who vote and elect the Directors in the BoD elections every year, and it's the responsibility of those Directors to represent all members best interests.

In the same way as we elect our various governments, it's incumbent on members to vote for Directors who's policy they support. It's also incumbent on members to influence change through their vote when they feel Directors haven't been performing.

The CEO is hired by, and reports direcly to, the Board. The Board are responsible for all governance and oversight of the organisation.  

My understanding is that many large corporations with assets in excess of $100m retain a lawyer / general council.  I don't think (ISC)2 is unusual in that regard. 

2 - Diana, Dan Houser, Jill Slay, David Melnick, Wim Remes and myself have all been Board members in the past.  We've also been volunteers in other areas (some of us for over 30 years).  I introduced a change when I was Chair of the Bylaws Committee in 2014 that members could not serve more than 6 years as a Director in any 10.  My understanding is that Diana has not been a board member since 2015 (she may correct me) but she has every right (as do all members) to petition for a place on the Board now so that she can influence much needed change.

There are normally 13 Board members. Each director only has one vote. They can't make any change they want on their own, but they can influence change through dialogue and debate.

I fully agree with your further point "Association needs a complete revision. All members are upset, but they need to stay in because it's the only possibility to maintain their certifications."

In relation to what they do with our money, I'd refer you to the auditors report at the end of https://www.isc2.org/-/media/ISC2/About/Leadership/Annual-Reports/ISC2-Annual_Report-2021.ashx? and the 2020 I990 filing at https://pdf.guidestar.org/PDF_Images/2020/043/064/2020-043064434-202111329349304676-9O.pdf?

We greatly appreciate your support 

I have the Articles of Incorporation downloaded from the Massachusetts website. Visit https://sites.google.com/view/smm-petition/isc2-articles-of-incorporation to view them.

Thanks for the reply.

Among the other (I expressed only my thoughts ), one thing is absolutely true: (ISC)2 lacks, or has never had, transparency.

The discussion in this community is the proof.

I understand some past Board Members tried to follow the right path, but the situation is the one under our eyes, and it's the same since when the Association has been created:

- members are passive. The perception is that to be involved in the (ISC)2 governance is almost impossible. Maybe this is not true, but this is what they think

- (ISC)2 does nothing to members but to ask money, a lot of money, to have their certification(s) alive

How long do you expect this situation can continue? Many other valid certifications are on the rise, and IS security professionals are seriously considering leaving CISSP, etc. to embrace those. There's a need to change and the first step is to involve members, not only organizing workshops aimed to write exam questions.

But (ISC)2 governance thinks different...

---

@claudiocilli wrote:

 

Among the other (I expressed only my thoughts ), one thing is absolutely true: (ISC)2 lacks, or has never had, transparency.

 

The discussion in this community is the proof.

 

Exactly this. Note that for all the different posts on this issue in the various threads in the Community, there has not been even one response to any of them from any Board Member, or Staff Member. Their response is to stay stonily silent, and this will blow over, and everyone will go away. The only way this is going to change is if the IRS investigates and removes not-for-profit status. Given the lack of resources of the IRS, it is doubtful that would ever happen.

---

@TrickyDicky wrote:

Adding my name to upcoming BoD petition process so that members will have some choice when it comes to the voting 

 

Please visit https://sites.google.com/view/RN-petition-isc2-board

---

"Our huge cache of monies should be ploughed back into re-engaging with the membership" - or maybe into reducing the AMF? This isn't a case of "we have to pull in lots of money from members, now let's try to work out what to do with it"/

It's the same in Italy. The Agency lack of resources and they prefer using them in fighting the real criminals. After all, how can't we approve this approach?

A possible solution - again, it's only a personal proposal - would be to start a massive (and COORDINATED) campaign trying to bring these things to attention of members and opening their eyes. The petition process is frustrating and, even some of you were successful, you need to be voted and - moreover - what can you do alone once in the Board?

If we (and this time I add myself in) build an influencer group of knowledgeable professionals, I don't think the (ISC)2 could continue to ignore the membership basis once they start questioning them.

I know it's hard, but I did in other situation and at the end I succeeded