cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mencik
Contributor III

Why does ISC2 insist on secrecy of its operations?

All,

If you read through the various parts of the Community, you will find posts where I have asked for things like:

  • How many votes did each candidate receive in the most recent Board election?
  • How many people voted in the most recent Board election?

I've been told that ISC2 has a policy not to release this information.

 

I've asked for a copy of the policy as it was adopted by the Board, to include the adoption date, and the staff has refused to provide me with that policy. Apparently, we are to take them at their word.

In the past, other members have asked for the Minutes of the Board meetings to be posted. To date they have not. According to past Board member Diana Contesti, during her term, the Board voted on a resolution and passed it, that required the posting of the minutes. Yet, they still remain unposted.

The By-Laws are posted at https://www.isc2.org/-/media/Files/2017-Amended-and-Restated-Bylaws.ashx, but I have not found a copy of the Articles of Organization of the Corporation.

There is a Policies and Procedures section of the ISC2 website, https://www.isc2.org/Policies-Procedures, but the policies referenced above are not posted. 

My question is why the Board of Directors and the Staff of ISC2 are so insistent upon secrecy of the operations of the Corporation that they will not even release copies of the policies that are referred to when declining to provide other information? This just does not make any sense to me, and I feel the Membership deserves better. 

Stephen M. Mencik
CISSP, ISSAP, ISSEP #10288

Note: Originally posted to Member Talk, but folks were having difficulty accessing it there.

30 Replies
ericgeater
Community Champion

Has the difficulty been addressed?

-----------
A claim is as good as its veracity.
mencik
Contributor III

Of course not. The Board and Staff believe in secrecy of its operations and cite policies that they will not reveal any of this information, and they also will not produce the policies that they cite. Without producing the policies, including the minutes of the Board meeting at which they were adopted, I have no reason to believe the policies actually exist.

dwinner
Newcomer II

In my years of experience with non-profit organizations, especially membership organizations, the challenge is lack of resources. As with every democratic structure, the balance between using members' resources vs. serving members is difficult if not impossible. Members want the maximum service for the least cost. I would suggest that lack of resources leading to ineffective services is the more likely cause of what is frustrating you.

 

I am more inclined to this that lack of resources - as is typical in membership associations - is the culprit. Also, as is common amongst Membership associations, the online management of the organization tends to...shall we say...lag behind what we would see from a well run for-profit corporation, despite the fact that this particular membership org is all about information technology I have seen fairly severe technology weaknesses. For example, when the new CPEs app was rolled out it was a disaster in my experience. It took about 6 months before it worked at all for me. However, i have seen it improve significantly. The latest version is functioning well.

 

So my theory of the case leans towards...ineffectiveness rather than secretiveness.

 

Nevertheless, I became curious about the legal and ethical aspects of the problem you pose. We are, after all, information security management experts - aren't we?  😉 We are focused on the regulatory environment - right? So I read the By-Laws and I read the Mass Chapter 180 under which (ISC)2 is incorporated. I find  section 6c relevant: 

 

https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXXII/Chapter180/Section6C

 

I do not find anything specific to the publication of voting details, policies, etc. but I didn't spend much time looking.

 

I can't spend more time on this right now but I will check back to see if anyone else finds something relevant.

 

My perspective is more about helping (ISC)2 to be more effective rather than assuming nefarious behavior 🙂

mencik
Contributor III

Thank-you for your note.

I might agree with you, if not for the simple fact that I was told that revealing the number of people that voted was against policy. They have that number. They use a 3rd party to conduct the election. That is secrecy, not ineffectiveness.

So, maybe it really is the policy of the Board not to reveal that number for some reason. Why then can they not produce a copy of that policy along with the minutes of the Board meeting at which it was adopted? If they can cite the policy as a reason to not give me the information, they must have a copy of the policy. Why refuse to show me that policy? That is secrecy, not ineffectiveness.

My original intent was to simply find out how many members bothered to vote in the Board of Directors election earlier this year. If that number was as low as I suspect, then what could I do to help encourage more participation from the membership? If I am wrong, and a more significant number did care enough to vote, then maybe I have nothing to be concerned about. Instead, I have been stonewalled in my attempts to get that information. The ongoing email exchanges with the General Counsel of the organization have been extremely frustrating. 

If the real reason for all of this is ineffectiveness, and I agree there has been plenty of that, then those people on the staff that are being paid to be effective, should be replaced.

dwinner
Newcomer II

I am convinced and agree with your assessment.
Dain
Contributor I

Good analysis @dwinner , but, if this is the case, I have to wonder who in the organization prioritized e.g. this dopamine hack of a message board (and the cost of the resources that were expended), or the potential legal efforts to work around the cited Mass laws of incorporation, over simply publishing the (very reasonable) information requested.

 

I'm not sure nefarious is where my mind goes, more like a blatant effort to avoid accountability.

dcontesti
Community Champion

All,

 

I did a search on the web and found this website:

 

http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSearchFormList.aspx?sysvalue=udpRRwFe838Z76AxHjag...

 

This site contains the articles of incorporation.

 

d

 

mencik
Contributor III

Link is no good.

Update: I found the document, downloaded it, and posted here:
http://mencik.com/ISC2_docs/ISC2_Articles_of_Incorporation.aspx

 

dcontesti
Community Champion

Here is the one I started with:

 

http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSearch.aspx

 

Typed in International Information Systems, took me here

 

http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSearchResults.aspx

 

Clicked on International Information Systems security Certification and took me here:

 

http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSummary.aspx?sysvalue=K7pdiSecJ666RYn7wTaQ2jCTnLU...

 

Near bottom of page, clicked on View Fillings button 

 

Note: Additional information that is not available on this system is located in the Card File.
View filings for this business entity:
 ALL FILINGS Annual Report Application For Revival Articles of Amendment Articles of Consolidation - Foreign and Domestic Articles of Consolidation - Domestic and Domestic Articles of Merger - Domestic and Domestic Articles of Merger - Foreign and Domestic Articles of Non-profit Conversion Articles of Organization Certificate of Appointment of Resident Agent Certificate of Change of Address of Resident Agent Certificate of Change of Directors or Officers Certificate of Change of Fiscal Year End Certificate of Change of Principal Office Certificate of Correction Certificate of Resignation of Resident Agent Certificate of Revocation of Appointment of Resident Agent Dissolution by Court Order or by the SOC Restated Articles of Organization Revocation by SOC 
Comments or notes associated with this business entity:

 

Which took me here:

 

http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSearchFormList.aspx?sysvalue=udpRRwFe838Z76AxHjag...

 

Which if you cut and paste into a window, took me to the page that has all the filings for the organization that have been provided publicaly.

 

Hope this helps

 

d