As chair of the (ISC)² Bylaws committee, I want to provide clarification about the role of the (ISC)² Board of Directors. There seems to be ongoing confusion by some members about the role of the board, and I’d like to clear up the confusion.
There are two documents that govern the responsibilities and activities of the organization: the Articles of Association and the Bylaws. The Bylaws clearly state:
The Board of Directors shall have the powers and duties of a board of directors pursuant to the laws of the Commonwealth of Massachusetts, and shall be responsible for the policy and governance of the Corporation. The Board shall hire, direct, and oversee the Executive Director.
The board is responsible for governance. They ensure that (ISC)² management is performing to a level that allows them to deliver on their objectives. They ensure that the assets of the corporation are being wisely used, and they ensure that initiatives that are pursuant to the strategy are adequately resourced.
Let me dispel some myths about the (ISC)² Board:
Myth: Some directors have been in place for almost 20 years.
Fact: I believe that I am the longest serving member on the current board. I am coming to the end of my second term, where I will be precluded (by the Bylaws) from sitting on the board for at least four years. In addition to my two terms, I served for nine months in 2007 and for just over a year in 2009 (short appointments made to fill out the term of directors who had resigned). The average length of time served in office by each member of the current board is three years. By next year, that figure will have reduced to two years.
Myth: The Board selects its own candidates.
Fact: In 2015, almost 50 candidates were considered by the Nominating Committee, who recommended a slate of nine potential candidates for four positions. Candidates for the board are also recommended to the Nominating Committee by members of all six (ISC)² Advisory Councils. In addition, any member with the requisite number of valid signatures is entitled to independently petition for a place on the ballot (Wim Remes, Dave Lewis and Diana-Lynn Contesti have been successful in getting elected through this process within the past five years).
Myth: The members never see the board.
Fact: During my spell on the board, I’ve attended events in North America, Asia, Australia, and Europe and interacted with hundreds if not thousands of (ISC)² members. Board members attended over 200 (ISC)² and general security events, on five continents, representing (ISC)², during 2015. Over 60 of these events were attended by more than 100 infosec professionals.
Myth: To influence changes to (ISC)² activity, members need to directly interact with the board.
Fact: There are six (ISC)² Advisory Councils (regional and industry focused) that provide strategic input and feedback to management on behalf of the membership. The best way for members to “be heard” is through their local chapter to raise the issue with the (ISC)² regional office. The regional offices all report through the COO, who will address the issue, if appropriate, or escalate to the CEO, if needed.
Myth: Meetings aren’t accessible to members.
Fact: The organisation holds a meeting that is open to all members at least once a year. This regularly happens in conjunction with the first board meeting of the year, and normally occurs in Florida, USA. Notice of the meeting is announced to the membership at least 60 days in advance of the meeting. In addition, there was an open meeting of the membership in 2015 to vote on changes to the Bylaws.
When there are misconceptions and inaccuracies about the activities of the organization, time is wasted dispelling myths and untruths, and it takes away from the overall mission of (ISC)². The board works with management to ensure that policy and strategy are set, documented, and clearly understood by both board and management. This process then allows (ISC)² management to deliver on objectives that are linked to organizational goals. While the board has no role in influencing operational activities, (ISC)² Board of Directors are obliged to discharge their duties in good faith and with due care, in the best interests of the corporation, without conflict of interest, and acting on reliable information. The (ISC)² board and management team working together serve to support and provide members and constituents with credentials, resources, and leadership.
Richard Nealon, CISSP-ISSMP, SSCP, CISM CISA
Chair, Bylaws Committee
(ISC)² Board of Directors