Bylaws of FIRST.Org, Inc.

A North Carolina Nonprofit Corporation.

I. Name

The name of the organization is FIRST.Org, Inc. ("FIRST").

II. Purposes

  1. The purposes of FIRST are to enable incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams and to otherwise engage in all lawful activities consistent with these purposes.
  2. FIRST is organized exclusively for charitable and educational purposes as defined in Internal Revenue Code Section 501(c)(3) and in the Association's articles of incorporation. FIRST will comply at all times with the requirements applicable to tax exempt organizations including limitations on political activity and distribution of funds upon dissolution. These limitations are contained in the articles of incorporation.

III. Participation in FIRST

  1. 1. There are two types of participants in FIRST: Members, and Liaisons.
  2. Member. A Member is a Response Team that has been admitted to FIRST.
  3. Response Team. A Response Team is an organization whose function is to assist an information technology community or other defined constituency in preventing and handling security-related incidents. An individual Response Team also takes active steps to raise its constituents' level of awareness of computer security issues and to improve the security of its constituents' information technology resources.
  4. Admission of Members. Members must be nominated by two existing Members. If requested and approved by a 2/3 vote of all members of the Board of Directors, one existing Member may be sufficient.
  5. Liaison. A Liaison is an individual that has a legitimate interest in and value to the FIRST.
  6. Admission of Liaisons. Liaisons must be nominated by one existing Member.
  7. All nominations must be approved by a 2/3 vote of all members of the Board of Directors. New participants must pay the applicable membership fee upon Board of Directors approval for membership.
  8. A proposed new FIRST Member or Liaison must provide the following information in support of its nomination:
    • The name or identification of the group, organization, or individual
    • Reasons for joining FIRST
    • Benefits to FIRST of nominee's participation
    • Name of FIRST Representative or Liaison point of contact
    • For Members, identification and description of the nominee's constituency
    • For Liaisons, the sponsoring Member
    • Completion of other appropriate information for the "participant profile" maintained for each Response team as described in the section "Participant Profile".
  9. Before a nomination for a new Member can be approved, at least one of the sponsors must have conducted a site visit. If requested by all sponsors and approved by a 2/3 vote of all members of the Board of Directors, the site visit may be omitted.
  10. The term of membership shall continue as long as the annual membership fee is paid, unless revoked or voluntarily terminated.
  11. Voluntary Membership Termination. A participant may voluntarily resign from FIRST at any time. The membership fee is not refundable if a Member or Liaison resigns.
  12. Suspension and Revocation of Membership. The Board of Directors will initiate membership revocation steps if any of the following conditions apply:
    • noncompliance with the FIRST Bylaws
    • lack of cooperation
    • failure to contribute to the purposes and goals of the FIRST
    • failure to pay the annual FIRST membership fee within the set time period
    • failure by a liaison to maintain an active FIRST Member Team sponsor.

    When a revocation process is begun the participant's access to FIRST rights and facilities may be suspended. Suspension or revocation shall require a 2/3 vote of all members of the Board of Directors. The participant shall be provided an opportunity for rebuttal prior to revocation.

    Lifting suspension and restoration of access to FIRST rights and facilities shall require a 2/3 vote of all members of the board of directors.

    Participants who have their FIRST membership revoked or suspended for any reason are not entitled to a refund of their membership fee.

  13. Membership fees will be set and reviewed annually by the Board of Directors. The membership fee structure, due dates and other associated requirements will be determined by the Board of Directors and will be reviewed/modified as necessary on an annual basis to reflect current membership and/or financial issues. The membership fee structure must be approved by a 2/3 majority of the Board of Directors. For the purpose of calculating the increase in revenue, the current and proposed fee structure rates shall be applied to the membership at the time of the Annual General Meeting. A Member's or Liaison's annual membership fee can be waived if a member or their parent organization provides a donation or sponsorship at or above the level of the currently applicable FIRST membership fee.

IV. Board of Directors and Officers

  1. FIRST shall be governed by a Board of Directors. Subject to the provisions and limitations of the North Carolina Nonprofit Corporation Act and any other applicable laws, and any limitations of the Articles of Incorporation and of these Bylaws, the activities and affairs of the corporation shall be managed, and all corporate powers shall be exercised, by or under the direction of the Board.
  2. The Board of Directors shall comprise ten individuals serving two-year terms.
  3. Nomination and Election
    Individuals for one-half (5) of the Board of Directors positions shall be elected at each annual General Meeting. A candidate must be nominated by petition of at least six (6) FIRST Members. A FIRST Member may vote for no more than the number of open positions. The five candidates receiving the most votes shall become members of the Board of Directors. Ties shall be broken by random selection.
  4. Officers. The Board of Directors shall elect from its membership the Chair and the Chief Financial Officer of FIRST. Each officer shall serve a term of one year. A person may not serve as Chair for more than two consecutive one-year terms.
  5. Secretary. The Board of Directors may appoint a Secretary of FIRST who shall serve a term of one year. The Secretary shall keep, or cause to be kept, minutes of all meetings of the Board and of FIRST and send out notices of meetings.
  6. Officers may be removed, with or without cause, by the Board of Directors.
  7. Responsibilities of the Chair. The Chair shall preside at meetings of the Board of Directors and General Meetings. The Chair and shall serve as Chief Executive Officer of FIRST and exercise and perform such other powers and duties as the Board may assign.
  8. Responsibilities of the CFO. The CFO shall ensure that proper accounting procedures are maintained, that funds are deposited in approved banks or depositories, that operating budgets are prepared and monitored, and that financial audits are performed as appropriate. The CFO shall report on the financial operations of FIRST and shall perform other duties as assigned by the Chair. With Board of Directors approval, portions of the duties of the CFO may be delegated to contracted staff or other assistants.
  9. Vacancies. A vacancy shall occur when a Director resigns or is removed. A Director may be removed by a unanimous vote of the remaining Directors. The Chair shall nominate a person to complete the remaining term. The nominee must be approved by a 2/3 vote of the remaining Directors.
  10. Advisory Board. The Board of Directors may establish an Advisory Board to seek strategic guidance and advice. The Board of Directors shall appoint the membership and chair of the advisory board and determine its operating procedures. Directors are not eligible to serve on the advisory board. Membership in the advisory board is otherwise open and does not require any prior involvement with FIRST.
  11. Committees. The Board of Directors may establish standing and ad hoc committees and special interest groups. The Board of Directors shall appoint the membership and chair of such committees and special interest groups and determine their operating procedures.

V. Meetings of the Board of Directors

  1. The Board of Directors shall meet at least semi-annually. Meetings of the Board of Directors may be called by the Chair. Notice of meetings will be given at least ten days in advance. Attendance at the meeting shall constitute waiver of notice except where a Director attends the meeting with the express purpose of objecting to the transaction of any business because the meeting is not lawfully called or convened.
  2. A quorum shall comprise at least six (6) members. All matters shall be decided by a two-thirds (2/3) vote except as described elsewhere in these Bylaws. Minutes of meetings shall be taken and distributed to all Members and Liaisons.
  3. Voting rights of a Director shall not be delegated to another nor exercised by proxy.
  4. Action may be taken without a meeting if the action is consented to in writing by all members of the Board. Written consents may be transmitted by postal mail, electronic mail, or by other means of electronic transmission.

VI. FIRST Secretariat

A Secretariat shall be designated by the Board of Directors. The responsibilities of the Secretariat shall include coordinating FIRST meetings and workshops, maintaining FIRST Member profile information, keeping informed of individual FIRST Member and Liaison activities, and serving as an administrative distribution point for the FIRST. The Secretariat shall also provide general guidance to new Members, potential members, and Liaisons.

VII. General Meetings of the Members

  1. FIRST shall hold a General Meeting annually. FIRST Members are expected to be represented. Each Response Team shall be represented by its FIRST Representative. The business of the annual General Meeting shall include the election of the Directors and may include any other matter affecting FIRST. Minutes of meetings shall be taken and distributed to all Members, Directors, and Liaisons.
  2. Each FIRST Representative shall have one vote. A quorum shall be a number of FIRST Representatives equaling one-half the number of FIRST Members plus one (1). All matters except as described elsewhere in these Bylaws shall be decided by a majority vote of the quorum.

VIII. Special Meetings

  1. The Chair may, upon formal approval of the Board of Directors, call a Special Meeting of FIRST, to address a specific topic. Additionally such a call for a Special Meeting shall necessarily be issued within seven (7) days should the Chair receive written application for such a meeting, including the specific topic to be addressed, from one quarter of the FIRST members.
  2. Any business (including amendments to the Bylaws) which would be in order at a General Meeting may be considered at a Special Meeting.
  3. Calling a Special Meeting. The call for a Special Meeting shall include the venue, date, time and time-zone, purpose, and agenda for the meeting; and the call shall be issued via normal channels to the FIRST membership at least fourteen (14) days prior to the date set for the meeting.
  4. Conduct of Special Meetings. Special Meetings may be conducted either face-to-face, as in the Annual General Meeting, or on-line, via a FIRST mailing list or similar mechanism. The technical procedure and time constraints for conducting on-line meetings shall be adopted by the Board of Directors and announced as part of the call for each Special Meeting, and shall include means for certifying attendance, and the presence or absence of a "quorum"; how to authenticate agendas, motions, parliamentary rulings, and votes; how discussions will be conducted, how moderated, and how recorded; the amount of time allowed for each stage of making, discussing, and voting on motions; how each such stage will be synchronized; and how the minutes of such meetings will be recorded, kept appropriately confidential, and approved.
  5. Voting at Special Meetings. Voting at Special Meetings follows the same rules as apply to General Meetings.
  6. Proxies. If a FIRST Representative is unable to attend any general or special meeting, the Representative may assign a proxy to someone else who is attending. That person does not need to be a FIRST member. Persons holding a proxy should be aware of the voting rules and should seek guidance of the Representative on the issues that he or she will vote on. A proxy holder shall have the same rights as the Representative whom they represent with the exception that they cannot assign the proxy they hold to another person. The Board of Directors shall designate the manner and form for proxies and shall establish a submission deadline as is necessary for proper validation of proxies prior to meetings. Questions concerning the validity of proxies shall be resolved by the Board of Directors in such a manner that they deem to be fair and appropriate.

IX. Participant Requirements and Responsibilities

  1. Each Member and Liaison is expected to adhere to the provisions of this Framework, meet certain operational requirements, and fulfill certain responsibilities to the other participants.
  2. Participant Profile. Each participant must provide and maintain a profile of itself describing the constituency, technical expertise and other information as determined by the Board of Directors.
  3. Communications Support. Each participant must provide the operational and communications support capabilities as determined by the Board of Directors.
  4. First Representative. Each Member must designate a FIRST Representative and alternate. All official correspondence will be addressed as designated by the FIRST Representative. The FIRST Representative may delegate this authority and must notify the Secretariat in writing of the delegation.
  5. Liaison Sponsorship. Each FIRST Liaison must have a Member team as a sponsor on a continuing basis. Liaisons must notify the Board of Directors of any changes in their sponsorship in a timely manner.

X. Operational Activities and Policies

  1. First Communications. All FIRST information and communications shall be provided security protection appropriate to the nature and sensitivity of the information involved.
  2. Handling and Dissemination of Information. All FIRST participants must adhere to the dissemination constraints specified by the originating source. Only the originator may relax any dissemination constraints. Information that has no specific dissemination instructions may not be disseminated further.
  3. Nondisclosure Agreements. If a FIRST participant obtains information subject to a nondisclosure agreement, no rights to that information may be assumed by other participants.
  4. Public Release of Information. Each FIRST participant should have an established procedure for interaction with the press in accordance with the FIRST participant's constituency requirements. Where possible and appropriate, notices and other information should be distributed to the FIRST in advance of public release. In all situations, an individual Response Team is responsible to its constituents first and may work with the press if necessary to reach its constituency. Individual participants may not speak for other FIRST participants nor the FIRST as a whole. The Board of Directors may authorize the Secretariat or a FIRST participant to speak for FIRST.
  5. Language. All business of FIRST shall be conducted in English.

XI. Records and Reports

  1. Corporate Records. The corporation shall keep:
    1. accurate books and records of account;
    2. minutes of the actions taken by the Board of Directors and Members; and
    3. a roster of the Members with their names and addresses.
  2. Inspection by Directors. Every Director shall have the absolute right at any reasonable time to inspect all books, records and documents of every kind and the physical properties of the corporation and the records of each of its subsidiary corporations. This inspection by a Director may be made in person or by an agent or attorney, and the right of inspection includes the right to copy and make extracts of documents.
  3. Annual Report. Not later than one hundred twenty (120) days after the close of the fiscal year of the corporation, the Board shall cause an annual report to be sent to all Members. Such report shall contain the following information in reasonable detail:
    1. The assets and liabilities, including the trust funds, of the corporation as of the end of the fiscal year.
    2. The principal changes in assets and liabilities, including trust funds, during the fiscal year.
    3. The revenue or receipts of the corporation, both unrestricted and restricted to particular purposes, for the fiscal year.
    4. The expenses or disbursements of the corporation, for both general and restricted purposes, during the fiscal year.

XII. Amendments

Amendments to these Bylaws must be approved by a 2/3 vote of the Members present at a General Meeting or Special Meeting, provided a quorum is present. The proposed amendment must be on the agenda at either the Annual General Meeting or any Special Meeting to be considered for acceptance. These Bylaws shall be reviewed on an annual basis by the Board of Directors and appropriate changes proposed to the FIRST membership.

XIII. General Provisions

  1. Notice. Notice may be communicated in person, by telephone, facsimile, electronic mail or other form of wire or wireless communication; or by mail or private carrier, and such notice deemed to have been given under these Bylaws may be waived by the person entitled to it.
  2. Signing authority. The Chair and the CFO are authorized to sign contracts, documents, checks, or other orders for payment on behalf of FIRST, or shall delegate such authority to staff members as approved by the Board of Directors.
  3. Fiscal Year. The fiscal year of FIRST shall be established by the Board of Directors.
  4. Rules of Order. The rules contained in the most recent edition of Robert's Rules of Order Newly Revised shall be used as a guide for procedure at General Meetings and meetings of the Board of Directors to which they are applicable and in which they are not inconsistent with these bylaws and any special rules of order that FIRST or the Board of Directors may adopt.
  5. Indemnification. FIRST shall indemnify its directors, officers, employees and agents, and former directors, officers, employees and agents, against liability for their acts and omissions to the fullest extent authorized by Part 5 of Article 8 of the North Carolina Nonprofit Corporation Act, the provisions of which Part 5 are hereby incorporated herein by reference. Such incorporation by reference shall be deemed to include future amendments to Part 5, and these bylaws shall be deemed to be amended from time to time to the extent permitted by law to conform to such amendments. FIRST may purchase insurance for such indemnification.

Bylaws of FIRST.Org, Inc. (PDF file, 93Kb)