cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mencik
Contributor III

Why does ISC2 insist on secrecy of its operations?

All,

If you read through the various parts of the Community, you will find posts where I have asked for things like:

  • How many votes did each candidate receive in the most recent Board election?
  • How many people voted in the most recent Board election?

I've been told that ISC2 has a policy not to release this information.

 

I've asked for a copy of the policy as it was adopted by the Board, to include the adoption date, and the staff has refused to provide me with that policy. Apparently, we are to take them at their word.

In the past, other members have asked for the Minutes of the Board meetings to be posted. To date they have not. According to past Board member Diana Contesti, during her term, the Board voted on a resolution and passed it, that required the posting of the minutes. Yet, they still remain unposted.

The By-Laws are posted at https://www.isc2.org/-/media/Files/2017-Amended-and-Restated-Bylaws.ashx, but I have not found a copy of the Articles of Organization of the Corporation.

There is a Policies and Procedures section of the ISC2 website, https://www.isc2.org/Policies-Procedures, but the policies referenced above are not posted. 

My question is why the Board of Directors and the Staff of ISC2 are so insistent upon secrecy of the operations of the Corporation that they will not even release copies of the policies that are referred to when declining to provide other information? This just does not make any sense to me, and I feel the Membership deserves better. 

Stephen M. Mencik
CISSP, ISSAP, ISSEP #10288

Note: Originally posted to Member Talk, but folks were having difficulty accessing it there.

30 Replies
Joe_Duffy
Newcomer II

All,

 

Lets also be upfront that with the annual fee's paid to the organization:

 

# of active members some with multiple certificates x $125 [or more] = a significant amount of money.  

 

It seems to me that we are not receiving products and services that would be expected for this level of revenue.  

 

Respectfully,

 

- Joe Duffy

CISSP - 319540

 

 

dcontesti
Community Champion

@Joe_Duffy wrote:

 

All,

 

Lets also be upfront that with the annual fee's paid to the organization:

 

# of active members some with multiple certificates x $125 [or more] = a significant amount of money.  

 

It seems to me that we are not receiving products and services that would be expected for this level of revenue.  

 

Respectfully,

________________________________________________

 

Not to be negative but I know that it would help both management and the board, greatly if we could articulate what products and services we expect for any price.

 

Moons ago, the organization adopted a membership focused strategy and we are seeing that come to realization with the lowering of membership fees (I used to pay $330 (roughly) a year for my certs, I now pay $125 (hmmm that's about $200 a year USD (so $275 CDN) savings for me), they created PDI which provides free training to members, the journal, etc.

 

So if there is specific training that you believe that is needed feed that back to your local chapter, Members support and/or a board member.

 

If for instance, you would like to see the journal published more frequently, tell them.

 

I agree with Steve Mencik in that there should be more transparency between the board (they are the folks that we elected to oversee the running of the organization) and the membership.  However, I believe we need to fully articulate what we are missing in terms of goods and services from the organization.

 

I for one would love to see a Security Best Practices Guide (similar to COBIT or GAAP).

 

Okay everyone can now throw stones at my head.

 

d

 

 

 

 

CISO-Italiano
Newcomer III

"Something is rotten in the state of Denmark" Shakespeare, Hamlet. Act I, Scene 4.

 

I dissociate myself from what I have just posted. Also I do not guarantee the relevance of the comment to this thread.

 

This is my policy, for today.

mencik
Contributor III

Before this thread gets out of hand, I want to clear something up before anyone puts words in my mouth.

I do not suspect, nor have I ever accused, anyone on the Board of Directors or the Officers and Staff of ISC2 of financial malfeasance. For those that might be concerned about that, I urge you to start by reading the Annual Reports, all of which contain audited financial statements for the organization. These reports are posted on the website, though not where you might expect to find them. You can find them here. 

As far as information on what ISC2 is doing, the Annual Reports also provide a lot of really useful material on that as well.

So, then what is my gripe? 

For years, members have asked the Board of Directors to post the minutes of their meetings for viewing. If they were ever posted anywhere, I don't know about it, and as far as I know, they are not posted  anywhere now. 

What specifically set me off to start this and other threads, is secrecy around voting totals for the Board of Directors Elections, and secrecy about official policies of the ISC2. I asked for the vote totals received by each candidate in the most recent election. I was told that was against policy to release that information. I asked for the total number of members voting vs. the total number of people eligible to vote. Again, I was told that it was against policy to release that information.

I then asked to see the policy or policies that stated the voting information could not be released, and who authorized that policy and when. My request for those policy documents was ignored.

I personally cannot think of any good reason to hiding the voting information. However, if a policy really has been adopted not to publish that data, I'm okay with that. Just show me the policy, when it was adopted, and by whom. There are procedures in the ISC2 By-Laws for either getting an item aded to the agenda at an annual meeting or for calling a special meeting of the membership. Proposals to change policy that the members don't like can be entertained at that time. The issue is that if we don't know what the policies actually say because they have never been released, it becomes difficult to create a proposal to amend such a policy.

Anyway, my complaints have to do with the release of what I think ought to be available to the members as a matter of course. It does not concern anything with the financials, or the coduct of the Board, Officers and Staff with regard to financials. Please do not imply that's what I was trying to say.

Thanks,

Steve Mencik

mencik
Contributor III

I made a post clarifying my intent of this thread this morning. It already had received at least 1 kudo. That post has now been removed. Why?

I composed a similar note last night, and thought I posted it, but it was not there this morning. Was that also removed? If so, why?

UPDATE: Post has been restored. Moderators took care of restoring. Not sure why removed.

Joe_Duffy
Newcomer II

 

 

Yes I agree that we as membership should clearly ask for what we expect as products and services from the organizations we belong to.    Its a good point to consider and @dcontesti statement should challenge us to be good stewards of this.

 

 

I also want to agree with @mencik and apologize that I do not suspect or accuse anyone of financial misconduct.  

 

I was trying to make the point that with the fees we pay to the organization there should not be a resource issue in its being transparent to it members with any and all information about the organization 

 

Respectfully,

 

- Joe Duffy

gidyn
Contributor III

Some of the discontent over financial transparency may be quelled if, along with the annual report, someone could give a simple and approximate breakdown of how the $125 AMF is used. The information may all be in the report, but most members aren't accountants, and can't necessarily decipher it.

CISO-Italiano
Newcomer III

Financials?? 

"Frankly, my dear, I don't give a damn" - Rhett Butler (Gone with the Wind, 1939).

 

It's all about voting and the information around that.

 

"When will people learn: Democracy doesn't work!" - Homer Simpson after Preposition 24 passes by overwhelming support in "Much Apu About Nothing".

 

and in any case:

“Being at a loss to resolve these questions, I am resolved to leave them without any resolution.”
Fyodor Dostoyevsky, The Brothers Karamazov

 

 

dcontesti
Community Champion

@mencik @Jill_slay @DavidMelnick @ @LoriRossONeil @Wintermute-1 @scleung 

 

To those board members who have participated in the forum, would one or all of you read Stephen's request to have the minutes of board meetings published in a members only directory.

 

Stephen is in the process of attempting to have the issue brought to the board meeting but there is growing concern on the transparency .

 

Hoping that one or all of you will pick this up and discuss at the next board meeting.

 

Regards

 

d

 

mencik
Contributor III

I attempted to get 500 letters to force this onto the annual meeting agenda, but there was not sufficient time to do so. If the Board will bring this issue up and either allow this info to be disseminated or at the very least explain why it needs to be kept secret, then I'll stop. If the Board is not willing to do so, then I'll just set out on getting 500 letters to force a special meeting of the members. There is no time limit for me to collect those. I'd hate to see the organization waste the money to hold a special meeting though.

In summary, I'd like to see the following posted to the member restricted website:

  • Board meeting minutes
  • All policies officially adopted
  • Organization By-Laws (already posted) and Articles of Incorporation (available from Massachusetts)
  • Other information pertinent to members, such as the vote totals received by each candidate in the Board elections, and the percentage of eligible members that actually voted.

I don't think any of these requests are unreasonable, and various people have asked for all of these before. The lack of transparency into these matters has been an issue for as long as I have been certified, which is more than 20 years now.

 

Steve Mencik
CISSP, ISSAP, ISSEP #10288