If you read through the various parts of the Community, you will find posts where I have asked for things like:
I've been told that ISC2 has a policy not to release this information.
I've asked for a copy of the policy as it was adopted by the Board, to include the adoption date, and the staff has refused to provide me with that policy. Apparently, we are to take them at their word.
In the past, other members have asked for the Minutes of the Board meetings to be posted. To date they have not. According to past Board member Diana Contesti, during her term, the Board voted on a resolution and passed it, that required the posting of the minutes. Yet, they still remain unposted.
The By-Laws are posted at https://www.isc2.org/-/media/Files/2017-Amended-and-Restated-Bylaws.ashx, but I have not found a copy of the Articles of Organization of the Corporation.
There is a Policies and Procedures section of the ISC2 website, https://www.isc2.org/Policies-Procedures, but the policies referenced above are not posted.
My question is why the Board of Directors and the Staff of ISC2 are so insistent upon secrecy of the operations of the Corporation that they will not even release copies of the policies that are referred to when declining to provide other information? This just does not make any sense to me, and I feel the Membership deserves better.
Stephen M. Mencik
CISSP, ISSAP, ISSEP #10288
Note: Originally posted to Member Talk, but folks were having difficulty accessing it there.
Of course not. The Board and Staff believe in secrecy of its operations and cite policies that they will not reveal any of this information, and they also will not produce the policies that they cite. Without producing the policies, including the minutes of the Board meeting at which they were adopted, I have no reason to believe the policies actually exist.
In my years of experience with non-profit organizations, especially membership organizations, the challenge is lack of resources. As with every democratic structure, the balance between using members' resources vs. serving members is difficult if not impossible. Members want the maximum service for the least cost. I would suggest that lack of resources leading to ineffective services is the more likely cause of what is frustrating you.
I am more inclined to this that lack of resources - as is typical in membership associations - is the culprit. Also, as is common amongst Membership associations, the online management of the organization tends to...shall we say...lag behind what we would see from a well run for-profit corporation, despite the fact that this particular membership org is all about information technology I have seen fairly severe technology weaknesses. For example, when the new CPEs app was rolled out it was a disaster in my experience. It took about 6 months before it worked at all for me. However, i have seen it improve significantly. The latest version is functioning well.
So my theory of the case leans towards...ineffectiveness rather than secretiveness.
Nevertheless, I became curious about the legal and ethical aspects of the problem you pose. We are, after all, information security management experts - aren't we? 😉 We are focused on the regulatory environment - right? So I read the By-Laws and I read the Mass Chapter 180 under which (ISC)2 is incorporated. I find section 6c relevant:
I do not find anything specific to the publication of voting details, policies, etc. but I didn't spend much time looking.
I can't spend more time on this right now but I will check back to see if anyone else finds something relevant.
My perspective is more about helping (ISC)2 to be more effective rather than assuming nefarious behavior 🙂
Thank-you for your note.
I might agree with you, if not for the simple fact that I was told that revealing the number of people that voted was against policy. They have that number. They use a 3rd party to conduct the election. That is secrecy, not ineffectiveness.
So, maybe it really is the policy of the Board not to reveal that number for some reason. Why then can they not produce a copy of that policy along with the minutes of the Board meeting at which it was adopted? If they can cite the policy as a reason to not give me the information, they must have a copy of the policy. Why refuse to show me that policy? That is secrecy, not ineffectiveness.
My original intent was to simply find out how many members bothered to vote in the Board of Directors election earlier this year. If that number was as low as I suspect, then what could I do to help encourage more participation from the membership? If I am wrong, and a more significant number did care enough to vote, then maybe I have nothing to be concerned about. Instead, I have been stonewalled in my attempts to get that information. The ongoing email exchanges with the General Counsel of the organization have been extremely frustrating.
If the real reason for all of this is ineffectiveness, and I agree there has been plenty of that, then those people on the staff that are being paid to be effective, should be replaced.
Good analysis @dwinner , but, if this is the case, I have to wonder who in the organization prioritized e.g. this dopamine hack of a message board (and the cost of the resources that were expended), or the potential legal efforts to work around the cited Mass laws of incorporation, over simply publishing the (very reasonable) information requested.
I'm not sure nefarious is where my mind goes, more like a blatant effort to avoid accountability.
I did a search on the web and found this website:
This site contains the articles of incorporation.
Here is the one I started with:
Typed in International Information Systems, took me here
Clicked on International Information Systems security Certification and took me here:
Near bottom of page, clicked on View Fillings button
|Note: Additional information that is not available on this system is located in the Card File.|
|View filings for this business entity:|
|ALL FILINGS Annual Report Application For Revival Articles of Amendment Articles of Consolidation - Foreign and Domestic Articles of Consolidation - Domestic and Domestic Articles of Merger - Domestic and Domestic Articles of Merger - Foreign and Domestic Articles of Non-profit Conversion Articles of Organization Certificate of Appointment of Resident Agent Certificate of Change of Address of Resident Agent Certificate of Change of Directors or Officers Certificate of Change of Fiscal Year End Certificate of Change of Principal Office Certificate of Correction Certificate of Resignation of Resident Agent Certificate of Revocation of Appointment of Resident Agent Dissolution by Court Order or by the SOC Restated Articles of Organization Revocation by SOC|
|Comments or notes associated with this business entity:|
Which took me here:
Which if you cut and paste into a window, took me to the page that has all the filings for the organization that have been provided publicaly.
Hope this helps