ISC2 Governance

ISC2 is a United States 501(c)(6) nonprofit professional corporation. It was established to develop a program and common body of knowledge for the certification of cybersecurity professionals. ISC2 programs have since expanded to support its members’ professional development and advocating for the continued growth, ethical best practices, and health of the profession. Under the authority, direction and guidance of ISC2 Board of Directors, association operations are managed by the ISC2 CEO and senior leadership team.

ISC2 – the International Information System Security Certification Consortium, Inc. – exists to strengthen the influence, diversity, and vitality of the cybersecurity profession through advocacy, expertise, and workforce empowerment that accelerates cyber safety and security in an interconnected world.

ISC2 is a not-for-profit corporation operating under the provisions of Section 501(c)(6) of the United States Internal Revenue Code. Global in scope, ISC2 is incorporated in the Commonwealth of Massachusetts under the authority of Massachusetts General Laws c.180 and the Articles of Organization of the Corporation.

Read the ISC2 Articles of Organization.

The ISC2 Bylaws set forth the rules concerning the operation of our association and actions of our members. It guides how our Board of Directors and staff manage our nonprofit corporation. The ISC2 Amended and Restated Bylaws establish fundamental principles about key governance policies, members’ rights and Board operations.

Read the ISC2 Bylaws.

Elected by ISC2 members, the Board of Directors is comprised of ISC2-certified cybersecurity professionals and leaders from around the world with expertise securing and managing risk for academic institutions, government agencies and businesses of all sizes across all sectors. Our all-volunteer Board of ISC2 members provides governance and oversight for the organization, establishes requirements for and grants certifications to qualifying candidates, and enforces adherence to the ISC2 Code of Ethics.

The ISC2 Board of Directors volunteers its time working on strategy, setting goals and objectives, overseeing programs and activities, and actively managing risks. The Board depends on the faithful and responsible participation of each of its members.

Learn more about the Board of Directors.

It is the responsibility of the Board to ensure the following:

  • Association policy and strategy are set, documented and clearly understood by both the Board and management
  • Management is performing to a level that enables them to deliver on their objectives
  • Assets of the corporation are being used wisely and strategic initiatives are adequately resourced
  • Conduct risk oversight ensuring appropriate and thorough risk management practices are in place

Specific to the ISC2 Board of Directors they also:

  • Issue certifications to qualified candidates who have met all the necessary credential requirements
  • Review and approve proposed new credentials or changes to existing credentials
  • Act as evangelists and advocates for the organization and the ISC2 mission
  • Adhere to the ISC2 Code of Ethics and all other ISC2 policies

Terms of Service
Dedicating hundreds of hours to advance our association and the cybersecurity profession, ISC2 Board members are not compensated for their service. Each Board member is elected to a three-year term.

Board Officers are elected annually by the Board to serve a one-year term as an officer. Board officers and their responsibilities include:

Board Chair
The Chair of the Board ensures the effective action of the Board in governing and supporting ISC2. The Chair is an officer of the corporation and is elected by Board members. Among other functions, the Chair:

  • Leads the board and is responsible for its effectiveness
  • Chairs Board meetings
  • Chairs Annual Meeting
  • Appoints members to Board-designated standing and ad hoc committees
  • Supervises the CEO on behalf of the board and members
  • Performs all lawful functions of a board chair

Board Vice Chair
During short- or long-term absences of the Board Chair, the Vice Chair acts as the Chair in ensuring the effective action of the Board in governing and supporting ISC2. The Vice Chair is elected by the Board members. The Vice Chair:

  • Assists the Chair as necessary to ensure board operations
  • Acts as Chair in the absence of the Chair
  • Chairs the Business Practices Committee
  • Executes other duties as assigned by the Chair

Board Secretary
The Board Secretary works with the Corporate Secretary to ensure a proper record of board actions is maintained. This includes taking of minutes at all meetings, and the distribution of minutes and agendas to Board members. The Secretary is elected by the Board Members. The Secretary:

  • Assures creation of minutes of meetings
  • Executes other duties as assigned by the Chair

Board Treasurer 
The Board Treasurer manages the Board’s review of, and action related to, the Board’s financial responsibilities and may work closely with the organization’s Chief Financial Officer. The Treasurer is elected by the Board Members. The Treasurer:

  • Chairs the Audit Committee of the Board
  • Executes other duties as assigned by the Chair

To provide the required governance of and support for the organization, the ISC2 Board of Directors must include individuals with the appropriate skills and expertise to deliver on our strategic priorities. The unique skills and expertise required on the board may change over time. Generally, the nominations committee seeks directors who maintain the following characteristics:

  • Be a member in good standing with ISC2
  • Have an established record of leadership in the field of information systems security
  • Possess the needed skills diversity based on expertise and professional background
  • Have experience in managing or directing strategic programs across an enterprise
  • Have earned the respect and trust of peers in the subject of information security
  • Have an established record of advancing the field of information security
  • Have not been a salaried employee of ISC2 or its affiliates
  • Possess the ability to listen, analyze, think clearly and creatively, and work well with people both individually and in a group
  • Have the willingness to prepare for and attend four or more in-person board meetings, weekly teleconferences and committee meetings, ask questions, take responsibility and follow through on a given assignment, and read and understand financial statements
  • Create opportunities for ISC2
  • Have a commitment from his or her employer to support the time off from work required to support this commitment
  • Have a willingness to cultivate and recruit future Board members and other volunteers
  • Possess honesty, sensitivity to and tolerance of differing views, and a desire to serve as a member of a team
  • Be friendly, responsive, and patient in dealings with fellow Board members
  • Adhere to the ISC2 Code of Ethics
  • Promote the agreed collective Board opinion above their own personal views
  • Advocate for the organization. Work for change or acceptance where organizational views do not mirror those of the Board member.
  • Refrain from bringing the organization into disrepute through personal actions or words.
  • Qualify for eligibility based on the current ISC2 Bylaws

The detailed work of the board is performed in committees. Board members and at-large members volunteer to serve on Board-designated committees and task forces to strengthen our association. Committee chairs are appointed by the ISC2 Board Chair and report to and serve at the pleasure of the Board. Three committees are required under our Bylaws, and the Board establishes other committees to ensure it meets its fiduciary obligations.

Standing Board Committees

Ad Hoc Board Committees

Volunteer to share your expertise and give back to the association as a member-at-large committee member, task force contributor and more.

The ISC2 Board of Directors adheres to a set of policies to guide in the governance of the association.

Purpose
The purpose of this policy is to describe how ISC2 members may request access to certain corporate records. 

Members have inspection rights to the following documents:

  • Articles of organization,
  • Bylaws,
  • Minutes of member meetings and
  • Stock and transfer records (not applicable to ISC2)

There is also a right for the general public to view the last three years of IRS (Internal Revenue Service) Form 990s. No statutory right exists for members to view other records including director meeting minutes, corporate records and policies.

However, members may have a limited right to certain records. This right is not absolute, and only applies to members who are acting in good faith and for the purposes of advancing the corporation’s interest and protecting their rights. This right also applies to specific rights given to members within the company's organizational documents.

Under the current ISC2 bylaws, members have a right to:

  • Vote for directors,
  • Add agenda items to the Annual Meeting or a Special Meeting,
  • Approve mergers,
  • Dispose of substantially all the assets, and
  • Amend the bylaws and articles of organization.

Therefore, to the extent any records may relate to those duties, members may have a right to such records if such a request is for a proper purpose.

Policies
The following policies are already available to members:

Other policies and corporate records must be requested.

Process to Request Policies or Corporate Records:

  1. All requests for ISC2 policies or corporate documents should be sent to legal@isc2.org.
    1. All requests should be clear enough to enable ISC2 employees to conduct a meaningful search.
  2. ISC2 employees may ask questions about the substance and purpose of the request to respond fully and in a timely manner.
  3. ISC2 will review the records requested and determine if they are among those mentioned in this policy, or records that ISC2 is legally required to make available. If the records are not among those mentioned in this policy, or records that ISC2 is legally required to make available, ISC2 will determine if the purpose is proper for the request to be granted.
    1. A proper purpose is defined as someone acting for an honest purpose, not adverse to the interest of the corporation.
    2. The right cannot be exercised for mere curiosity, or for merely speculative purposes, or vexatiously.
  4. If the purpose is proper, as defined herein, ISC2 will determine if any information needs to be redacted, or if the information should be viewed in person and not delivered electronically. ISC2 also may require any requestor to execute an NDA (Non-Disclosure Agreement) should it determine it is needed. ISC2 will then proceed to Step 6.
  5. If the purpose is not proper, ISC2 will respond to the individual letting them know the request is denied.
  6. Once the appropriate redactions are made, ISC2 may deliver the records in the format agreed.

At all times, ISC2 is under no obligation to reveal information that may be covered under attorney-client confidentiality or other work product, materials collected for purposes of litigation.

The Board of Directors also oversees The Center for Cyber Safety and Education (The Center). The Center is a 501(c)(3) charitable foundation of ISC2 and is committed to making the cyber world a safer place for everyone. The Center breaks down barriers in access to the cyber profession and provides opportunities for individuals, groups and organizations with the most need.

The Center is the charitable foundation of ISC2, and its Board of Trustees are appointed by the ISC2 Board of Directors.

Learn more at www.iamcybersafe.org.  

To ensure membership is informed of developments, strategy and the financial health of ISC2, the Board and management provide:

Quarterly Chair-CEO Inside ISC2 Webinars – Open to all members, associates and candidates, this webinar series shares the latest association updates and an open FAQ with attendees.

Annual Members Meeting – Each year, the Board calls an Annual Members Meeting open to all members to report on the year’s activities. Members are notified at least 60 days in advance.

Annual Report – Each spring, ISC2 publishes an Annual Report to share the association’s results from the previous year, as well as provide audited financial statements outlining the organization’s financial health.

Notice of Important Association Events – Members are notified by email ahead of important annual and special events, including Board elections, annual and special meetings, policy updates, new certifications and more. Update your communication preferences to stay informed.

All association policies and procedures encompassing membership, exams, privacy and communications, non-discrimination, intellectual property usage and more can be found here.