(ISC)² Governance

(ISC)² is a United States 501(c)(6) nonprofit professional corporation. It was established to develop a program and common body of knowledge for the certification of cybersecurity professionals. (ISC)² programs have since expanded to support its members’ professional development and advocating for the continued growth, ethical best practices, and health of the profession. Under the authority, direction and guidance of (ISC)² Board of Directors, association operations are managed by the (ISC)² CEO and senior leadership team.

• Articles of Organization Articles of Organization

  (ISC)² – the International Information System Security Certification Consortium, Inc. – exists to strengthen the influence, diversity, and vitality of the cybersecurity profession through advocacy, expertise, and workforce empowerment that accelerates cyber safety and security in an interconnected world.

  (ISC)² is a not-for-profit corporation operating under the provisions of Section 501(c)(6) of the United States Internal Revenue Code. Global in scope, (ISC)² is incorporated in the Commonwealth of Massachusetts under the authority of Massachusetts General Laws c.180 and the Articles of Organization of the Corporation.

  Read the (ISC)² Articles of Organization.

• Bylaws Bylaws

  The (ISC)² Bylaws set forth the rules concerning the operation of our association and actions of our members. It guides how our Board of Directors and staff manage our nonprofit corporation. The (ISC)² Amended and Restated Bylaws establish fundamental principles about key governance policies, members’ rights and Board operations.

  Read the (ISC)² Bylaws.

• Board of Directors Board of Directors

  Elected by (ISC)² members, the Board of Directors is comprised of (ISC)²-certified cybersecurity professionals and leaders from around the world with expertise securing and managing risk for academic institutions, government agencies and businesses of all sizes across all sectors. Our all-volunteer Board of (ISC)² members provides governance and oversight for the organization, establishes requirements for and grants certifications to qualifying candidates, and enforces adherence to the (ISC)² Code of Ethics.

  The (ISC)² Board of Directors volunteers its time working on strategy, setting goals and objectives, overseeing programs and activities, and actively managing risks. The Board depends on the faithful and responsible participation of each of its members.

  Learn more about the Board of Directors.

  It is the responsibility of the Board to ensure the following:

  • Association policy and strategy are set, documented and clearly understood by both the Board and management
  • Management is performing to a level that enables them to deliver on their objectives
  • Assets of the corporation are being used wisely and strategic initiatives are adequately resourced
  • Conduct risk oversight ensuring appropriate and thorough risk management practices are in place

  Specific to (ISC)² Board of Directors they also:

  • Issue certifications to qualified candidates who have met all the necessary credential requirements
  • Review and approve proposed new credentials or changes to existing credentials
  • Act as evangelists and advocates for the organization and the (ISC)² mission
  • Adhere to the (ISC)² Code of Ethics and all other (ISC)² policies

  Terms of Service
  Dedicating hundreds of hours to advance our association and the cybersecurity profession, (ISC)² Board members are not compensated for their service. Each Board member is elected to a three-year term.

  Board Officers are elected annually by the Board to serve a one-year term as an officer. Board officers and their responsibilities include:

  Board Chair
  The Chair of the Board ensures the effective action of the Board in governing and supporting (ISC)². The Chair is an officer of the corporation and is elected by Board members. Among other functions, the Chair:

  • Leads the board and is responsible for its effectiveness
  • Chairs Board meetings
  • Chairs Annual Meeting
  • Appoints members to Board-designated standing and ad hoc committees
  • Supervises the CEO on behalf of the board and members
  • Performs all lawful functions of a board chair

  Board Vice Chair
  During short- or long-term absences of the Board Chair, the Vice Chair acts as the Chair in ensuring the effective action of the Board in governing and supporting (ISC)². The Vice Chair is elected by the Board members. The Vice Chair:

  • Assists the Chair as necessary to ensure board operations
  • Acts as Chair in the absence of the Chair
  • Chairs the Business Practices Committee
  • Executes other duties as assigned by the Chair

  Board Secretary
  The Board Secretary works with the Corporate Secretary to ensure a proper record of board actions is maintained. This includes taking of minutes at all meetings, and the distribution of minutes and agendas to Board members. The Secretary is elected by the Board Members. The Secretary:

  • Assures creation of minutes of meetings
  • Executes other duties as assigned by the Chair

  Board Treasurer 
  The Board Treasurer manages the Board’s review of, and action related to, the Board’s financial responsibilities and may work closely with the organization’s Chief Financial Officer. The Treasurer is elected by the Board Members. The Treasurer:

  • Chairs the Audit Committee of the Board
  • Executes other duties as assigned by the Chair
• Board of Directors Member Qualifications Board of Directors Member Qualifications

  To provide the required governance of and support for the organization, the (ISC)² Board of Directors must include individuals with the appropriate skills and expertise to deliver on our strategic priorities. The unique skills and expertise required on the board may change over time. Generally, the nominations committee seeks directors who maintain the following characteristics:

  • Be a member in good standing with (ISC)²
  • Have an established record of leadership in the field of information systems security
  • Possess the needed skills diversity based on expertise and professional background
  • Have experience in managing or directing strategic programs across an enterprise
  • Have earned the respect and trust of peers in the subject of information security
  • Have an established record of advancing the field of information security
  • Have not been a salaried employee of (ISC)² or its affiliates
  • Possess the ability to listen, analyze, think clearly and creatively, and work well with people both individually and in a group
  • Have the willingness to prepare for and attend four or more in-person board meetings, weekly teleconferences and committee meetings, ask questions, take responsibility and follow through on a given assignment, and read and understand financial statements
  • Create opportunities for (ISC)²
  • Have a commitment from his or her employer to support the time off from work required to support this commitment
  • Have a willingness to cultivate and recruit future Board members and other volunteers
  • Possess honesty, sensitivity to and tolerance of differing views, and a desire to serve as a member of a team
  • Be friendly, responsive, and patient in dealings with fellow Board members
  • Adhere to the (ISC)² Code of Ethics
  • Promote the agreed collective Board opinion above their own personal views
  • Advocate for the organization. Work for change or acceptance where organizational views do not mirror those of the Board member.
  • Refrain from bringing the organization into disrepute through personal actions or words.
  • Qualify for eligibility based on the current (ISC)² Bylaws
• Board Committees Board Committees

  The detailed work of the board is performed in committees. Board members and at-large members volunteer to serve on Board-designated committees and task forces to strengthen our association. Committee chairs are appointed by the (ISC)² Board Chair and report to and serve at the pleasure of the Board. Three committees are required under our Bylaws, and the Board establishes other committees to ensure it meets its fiduciary obligations.

  Standing Board Committees

  • Audit Committee
  • Business Practices Committee
  • Professional Conduct (Ethics) Committee

  Ad Hoc Board Committees

  • Bylaws Committee
  • Nominations Committee
  • Risk Committee
  • Compensation and CEO Succession Committee
  • Center for Cyber Safety and Education Trustee Board

  Volunteer to share your expertise and give back to the association as a member-at-large committee member, task force contributor and more.

• Board of Directors Policies Board of Directors Policies

  The (ISC)² Board of Directors adheres to a set of policies to guide in the governance of the association.

  • Board of Directors Communication Policy
  • Code of Ethics Policy
  • Conflict of Interest Policy
• Member Corporate Records Request Policy Member Corporate Records Request Policy

  Member Corporate Records Request Policy

  Purpose
  The purpose of this policy is to describe how (ISC)² members may request access to certain corporate records. 

  Members have inspection rights to the following documents:

  • Articles of organization,
  • Bylaws,
  • Minutes of member meetings and
  • Stock and transfer records (not applicable to (ISC)²)

  There is also a right for the general public to view the last three years of IRS (Internal Revenue Service) Form 990s. No statutory right exists for members to view other records including director meeting minutes, corporate records and policies.

  However, members may have a limited right to certain records. This right is not absolute, and only applies to members who are acting in good faith and for the purposes of advancing the corporation’s interest and protecting their rights. This right also applies to specific rights given to members within the company's organizational documents.

  Under the current (ISC)² bylaws, members have a right to:

  • Vote for directors,
  • Add agenda items to the Annual Meeting or a Special Meeting,
  • Approve mergers,
  • Dispose of substantially all the assets, and
  • Amend the bylaws and articles of organization.

  Therefore, to the extent any records may relate to those duties, members may have a right to such records if such a request is for a proper purpose.

  Policies
  The following policies are already available to members:

  • Member Policies  
  • General Corporate Policies  
  • Board of Directors Policies

  Other policies and corporate records must be requested.

   

  Process to Request Policies or Corporate Records:

  1. All requests for (ISC)² policies or corporate documents should be sent to legal@isc2.org.
  1. All requests should be clear enough to enable (ISC)² employees to conduct a meaningful search.
  2. (ISC)² employees may ask questions about the substance and purpose of the request to respond fully and in a timely manner.
  3. (ISC)² will review the records requested and determine if they are among those mentioned in this policy, or records that (ISC)² is legally required to make available. If the records are not among those mentioned in this policy, or records that (ISC)² is legally required to make available, (ISC)² will determine if the purpose is proper for the request to be granted.
  1. A proper purpose is defined as someone acting for an honest purpose, not adverse to the interest of the corporation.
  2. The right cannot be exercised for mere curiosity, or for merely speculative purposes, or vexatiously.
  4. If the purpose is proper, as defined herein, (ISC)² will determine if any information needs to be redacted, or if the information should be viewed in person and not delivered electronically. (ISC)² also may require any requestor to execute an NDA (Non-Disclosure Agreement) should it determine it is needed. (ISC)² will then proceed to Step 6.
  5. If the purpose is not proper, (ISC)² will respond to the individual letting them know the request is denied.
  6. Once the appropriate redactions are made, (ISC)² may deliver the records in the format agreed.

  At all times, (ISC)² is under no obligation to reveal information that may be covered under attorney-client confidentiality or other work product, materials collected for purposes of litigation.

• The Center for Cyber Safety and Education The Center for Cyber Safety and Education

  The Board of Directors also oversees The Center for Cyber Safety and Education (Center). The Center is a 501(c)(3) charitable foundation of (ISC)² and is committed to making the cyber world a safer place for everyone. The Center breaks down barriers in access to the cyber profession and provides opportunities for individuals, groups and organizations with the most need.

  The Center is the charitable foundation of (ISC)², and its Board of Trustees are appointed by the (ISC)² Board of Directors.

  Learn more at www.iamcybersafe.org.  

• Reporting and Transparency Reporting and Transparency

  To ensure membership is informed of developments, strategy and the financial health of (ISC)², the Board and management provide:

  Quarterly Chair-CEO Inside (ISC)² Webinars – Open to all members, associates and candidates, this webinar series shares the latest association updates and an open FAQ with attendees.

  Annual Members Meeting – Each year, the Board calls an Annual Members Meeting open to all members to report on the year’s activities. Members are notified at least 60 days in advance.

  Annual Report – Each spring, (ISC)² publishes an Annual Report to share the association’s results from the previous year, as well as provide audited financial statements outlining the organization’s financial health.

  Notice of Important Association Events – Members are notified by email ahead of important annual and special events, including Board elections, annual and special meetings, policy updates, new certifications and more. Update your communication preferences to stay informed.

  Member Notice Page – Members can access important news and developments on the Member Notice page.

• Policies Policies

  All association policies and procedures encompassing membership, exams, privacy and communications, non-discrimination, intellectual property usage and more can be found here.

Contact the Board

Please direct all official inquiries, requests and comments to (ISC)² Board of Directors via the following form. Your message will be sent to the (ISC)² Board of Directors and our Board support team. Thank you for your patience as your submission is reviewed. Our all-volunteer Board will address your inquiry and may request that (ISC)² management or staff respond on its behalf.