Also available as PDF (165Kb)
The Forum of Incident Response and Security Teams, Inc. is established as a North Carolina nonprofit corporation by the Articles of Incorporation. FIRST also uses the name, “FIRST.Org.” The corporation is referred to in these Bylaws as “FIRST”.
The purposes of FIRST are to enable incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams and to otherwise engage in all lawful activities consistent with these purposes.
FIRST is organized exclusively for charitable and educational purposes as defined in Internal Revenue Code Section 501(c)(3) and in the Association’s articles of incorporation. FIRST will comply at all times with the requirements applicable to tax exempt organizations including limitations on political activity and distribution of funds upon dissolution. These limitations are contained in the articles of incorporation.
There are two types of participants in FIRST:
A Member is a Response Team that has been admitted to FIRST.
A Response Team is an organization whose function is to assist an information technology community or other defined constituency in preventing and handling security-related incidents. An individual Response Team also takes active steps to raise its constituents' level of awareness of computer security issues and to improve the security of its constituents' information technology resources.
Members must be nominated by two existing Members. If requested and approved by a two-thirds vote of all members of the Board of Directors, one existing Member may be sufficient. All nominations must be approved by a two-thirds vote of all members of the Board of Directors. New participants must pay the applicable membership fee upon Board of Directors approval for membership.
A Liaison is an individual that has a legitimate interest in and value to FIRST.
Liaisons must be nominated by one existing Member.
A proposed new FIRST Member or Liaison must provide the following information in support of its nomination:
Before a nomination for a new Member can be approved, at least one of the sponsors must have conducted a site visit. If requested by all sponsors and approved by a two-thirds vote of all members of the Board of Directors, the site visit may be omitted.
A participant may voluntarily resign from FIRST at any time. The membership fee is not refundable if a Member or Liaison resigns.
The Board of Directors will initiate membership revocation steps if any of the following conditions apply:
When a revocation process is begun, the participant's access to FIRST rights and facilities may be suspended. Suspension or revocation shall require a two-thirds vote of all members of the Board of Directors. The participant shall be provided an opportunity for rebuttal prior to revocation.
Lifting suspension and restoration of access to FIRST rights and facilities shall require a 2/3 vote of all members of the board of directors.
Participants who have their FIRST membership revoked or suspended for any reason are not entitled to a refund of their membership fee.
Membership fees will be set and reviewed annually by the Board of Directors. The membership fee structure, due dates and other associated requirements will be determined by the Board of Directors and will be reviewed/modified as necessary on an annual basis to reflect current membership and/or financial issues. The membership fee structure must be approved by a two-thirds majority of the Board of Directors. A Member's or Liaison's annual membership fee can be waived or modified by a two-thirds vote of the Board of Directors.
FIRST shall be governed by a Board of Directors composed of ten Directors. Subject to the provisions and limitations of the North Carolina Nonprofit Corporation Act and any other applicable laws, and any limitations of the Articles of Incorporation and of these Bylaws, the activities and affairs of the corporation shall be managed, and all corporate powers shall be exercised, by or under the direction of the Board.
Directors shall serve two-year terms.
Individuals for five Board of Directors positions shall be elected at the annual General Meeting. A candidate must be nominated by petition of at least six (6) FIRST Members. A FIRST Member may vote for no more than the number of open positions. The five candidates receiving the most votes shall become members of the Board of Directors. Ties shall be broken by random selection.
The Board of Directors shall elect from its membership the Chair and the Chief Financial Officer of FIRST. Officers shall serve one-year terms. A person may not serve as Chair for more than two consecutive one-year terms.
The Board of Directors may appoint a Secretary of FIRST who shall serve a term of one year. The Secretary is not an officer.
Officers may be removed, with or without cause, by the Board of Directors.
The Chair shall preside at meetings of the Board of Directors and General Meetings. The Chair and shall serve as Chief Executive Officer of FIRST and exercise and perform such other powers and duties as the Board may assign.
The CFO shall ensure that proper accounting procedures are maintained, that funds are deposited in approved banks or depositories, that operating budgets are prepared and monitored, and that financial audits are performed as appropriate. The CFO shall report on the financial operations of FIRST and shall perform other duties as assigned by the Chair. With Board of Directors approval, portions of the duties of the CFO may be delegated to contracted staff or other assistants.
A vacancy shall occur when a Director resigns or is removed. A Director may be removed by a two-thirds vote of the remaining Directors. The Chair shall nominate a person to complete the remaining term. The nominee must be approved by a two-thirds vote of the remaining Directors.
The Board of Directors may establish an Advisory Board to seek strategic guidance and advice. The Board of Directors shall appoint the membership and chair of the advisory board and determine its operating procedures. Directors are not eligible to serve on the advisory board. Membership in the advisory board is otherwise open and does not require any prior involvement with FIRST.
The Board of Directors may establish standing and ad hoc committees and special interest groups. The Board of Directors shall appoint the membership and chair of such committees and determine their operating procedures. Special Interest Groups charters and chairs must be approved by the Board of Directors.
The Board of Directors shall meet at least semi-annually. Meetings of the Board of Directors may be called by the Chair. Notice of meetings will be given at least ten days in advance. Attendance at the meeting shall constitute waiver of notice except where a Director attends the meeting with the express purpose of objecting to the transaction of any business because the meeting is not lawfully called or convened.
A quorum shall comprise at least six (6) members. All matters shall be decided by a two-thirds vote except as described elsewhere in these Bylaws. Minutes of meetings shall be taken and distributed to all Members and Liaisons.
Voting rights of a Director shall not be delegated to another nor exercised by proxy.
Action may be taken without a meeting if the action is consented to in writing by all members of the Board. Written consents may be transmitted by postal mail, electronic mail, or by other means of electronic transmission.
A Secretariat shall be designated by the Board of Directors. The Secretariat shall keep minutes of all meetings of the Board and of FIRST and send out notices of meetings. The responsibilities of the Secretariat shall include coordinating FIRST meetings and workshops, maintaining FIRST Member profile information, keeping informed of individual FIRST Member and Liaison activities, and serving as an administrative distribution point for the FIRST. The Secretariat shall also provide general guidance to new Members, potential members, and Liaisons.
FIRST shall hold a General Meeting annually. FIRST Members are expected to be represented. Each Response Team shall be represented by its FIRST Representative. The business of the annual General Meeting shall include the election of the Directors. Minutes of meetings shall be taken and distributed to all Members, Directors, and Liaisons.
One-third of the number of members shall constitute a quorum. Each FIRST Representative shall have one vote. All matters, except as described elsewhere in these Bylaws, shall be decided by majority vote.
The Chair may, upon formal approval of the Board of Directors, call a Special Meeting of FIRST, to address a specific topic. Additionally such a call for a Special Meeting shall necessarily be issued within seven (7) days should the Chair receive written application for such a meeting, including the specific topic to be addressed, from one quarter of the FIRST members.
The call for a Special Meeting shall include the place, date, time and time zone, purpose, and agenda for the meeting; and the call shall be issued to the membership at least fourteen (14) days prior to the date set for the meeting.
Special Meetings may be conducted either in person or on-line. The technical procedure and time constraints for conducting on-line meetings shall be adopted by the Board of Directors and announced as part of the call for each Special Meeting, and shall include means for certifying attendance and the presence or absence of a quorum; how to authenticate agendas, motions, parliamentary rulings, and votes; how discussions will be conducted, how moderated, and how recorded; the amount of time allowed for each stage of making, discussing, and voting on motions; how each such stage will be synchronized; and how the minutes of such meetings will be recorded, kept appropriately confidential, and approved.
If a FIRST Representative is unable to attend any general or special meeting, the Representative may assign a proxy to someone else who is attending. That person does not need to be a FIRST member. Persons holding a proxy should be aware of the voting rules and should seek guidance of the Representative on the issues that he or she will vote on. A proxy holder shall have the same rights as the Representative whom they represent with the exception that they cannot assign the proxy they hold to another person. The Board of Directors shall designate the manner and form for proxies and shall establish a submission deadline as is necessary for proper validation of proxies prior to meetings. Questions concerning the validity of proxies shall be resolved by the Board of Directors in such a manner that they deem to be fair and appropriate.
Each Member and Liaison must comply with the Bylaws, meet certain operational requirements, and fulfill certain responsibilities to the other participants.
Each participant must provide and maintain a profile of itself describing the constituency, technical expertise and other information as determined by the Board of Directors.
Each participant must provide the operational and communications support capabilities as determined by the Board of Directors.
Each Member must designate a FIRST Representative and alternate. All official correspondence will be addressed as designated by the FIRST Representative. The FIRST Representative may delegate this authority and must notify the Secretariat in writing of the delegation.
Each FIRST Liaison must have a Member team as a sponsor on a continuing basis. Liaisons must notify the Board of Directors of any changes in their sponsorship in a timely manner.
All FIRST information and communications shall be provided security protection appropriate to the nature and sensitivity of the information involved.
All FIRST participants must adhere to the dissemination constraints specified by the originating source. Only the originator may relax any dissemination constraints. Information that has no specific dissemination instructions may not be disseminated further.
Each FIRST participant should have an established procedure for interaction with the press in accordance with the FIRST participant's constituency requirements. Where possible and appropriate, notices and other information should be distributed to the FIRST in advance of public release. In all situations, an individual Response Team is responsible to its constituents first and may work with the press if necessary to reach its constituency. Individual participants may not speak for other FIRST participants nor the FIRST as a whole. The Board of Directors may authorize the Secretariat or a FIRST participant to speak for FIRST.
All business of FIRST shall be conducted in English.
The corporation shall keep:
Every Director shall have the right at any reasonable time to inspect all books, records and documents of every kind and the physical properties of the corporation and the records of each of its subsidiary corporations. This inspection by a Director may be made in person or by an agent or attorney, and the right of inspection includes the right to copy and make extracts of documents.
Not later than one hundred twenty (120) days after the close of the fiscal year of the corporation, the Board shall cause an annual report to be sent to all Members. Such report shall contain the following information in reasonable detail:
Amendments to these Bylaws must be approved by a two-thirds vote of the Members. To be considered at an Annual General Meeting or Special Meeting, any amendment of the Bylaws must be included in the notice of the meeting. These Bylaws shall be reviewed on an annual basis by the Board of Directors and appropriate changes proposed to the FIRST membership.
Notice may be communicated in person, by telephone, facsimile, electronic mail or other form of wire or wireless communication; or by mail or private carrier, and such notice deemed to have been given under these Bylaws may be waived by the person entitled to it.
The Chair and the CFO are authorized to sign contracts, documents, checks, or other orders for payment on behalf of FIRST, or shall delegate such authority to staff members as approved by the Board of Directors.
The fiscal year of FIRST shall be established by the Board of Directors.
The rules contained in the most recent edition of Robert's Rules of Order Newly Revised shall be used as a guide for procedure at General Meetings and meetings of the Board of Directors to which they are applicable and in which they are not inconsistent with these bylaws and any special rules of order that FIRST or the Board of Directors may adopt.
FIRST shall indemnify its directors, officers, employees and agents, and former directors, officers, employees and agents, against liability for their acts and omissions to the fullest extent permitted by law. FIRST may purchase insurance for such indemnification.
FIRST shall maintain protection against infidelity on the part of all Officers and employees who handle FIRST funds by such bond or surety and indemnity as the Board deems necessary and proper.
Adopted June 2016