Bylaws of FIRST.Org, Inc.

Also available as PDF (165Kb)

I. Corporation

The Forum of Incident Response and Security Teams, Inc. is established as a North Carolina nonprofit corporation by the Articles of Incorporation. FIRST also uses the name, “FIRST.Org.” The corporation is referred to in these Bylaws as “FIRST”.

II. Purposes

1. General

The purposes of FIRST are to enable incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams and to otherwise engage in all lawful activities consistent with these purposes.

2. Tax Exemption

FIRST is organized exclusively for charitable and educational purposes as defined in Internal Revenue Code Section 501(c)(3) and in the Association’s articles of incorporation. FIRST will comply at all times with the requirements applicable to tax exempt organizations including limitations on political activity and distribution of funds upon dissolution. These limitations are contained in the articles of incorporation.

III. Participation in FIRST

1. Types

There are two types of participants in FIRST:

2. Member

A Member is a Response Team that has been admitted to FIRST.

3. Response Team

A Response Team is an organization whose function is to assist an information technology community or other defined constituency in preventing and handling security-related incidents. An individual Response Team also takes active steps to raise its constituents' level of awareness of computer security issues and to improve the security of its constituents' information technology resources.

4. Admission of Members

Members must be nominated by two existing Members. If requested and approved by a two-thirds vote of all members of the Board of Directors, one existing Member may be sufficient. All nominations must be approved by a two-thirds vote of all members of the Board of Directors. New participants must pay the applicable membership fee upon Board of Directors approval for membership.

5. Liaison

A Liaison is an individual that has a legitimate interest in and value to FIRST.

6. Admission of Liaisons

Liaisons must be nominated by one existing Member.

7. Information

A proposed new FIRST Member or Liaison must provide the following information in support of its nomination:

8. Site Visit

Before a nomination for a new Member can be approved, at least one of the sponsors must have conducted a site visit. If requested by all sponsors and approved by a two-thirds vote of all members of the Board of Directors, the site visit may be omitted.

9. Voluntary Membership Termination

A participant may voluntarily resign from FIRST at any time. The membership fee is not refundable if a Member or Liaison resigns.

10. Suspension and Revocation of Membership

The Board of Directors will initiate membership revocation steps if any of the following conditions apply:

When a revocation process is begun, the participant's access to FIRST rights and facilities may be suspended. Suspension or revocation shall require a two-thirds vote of all members of the Board of Directors. The participant shall be provided an opportunity for rebuttal prior to revocation.

Lifting suspension and restoration of access to FIRST rights and facilities shall require a 2/3 vote of all members of the board of directors.

Participants who have their FIRST membership revoked or suspended for any reason are not entitled to a refund of their membership fee.

11. Fees

Membership fees will be set and reviewed annually by the Board of Directors. The membership fee structure, due dates and other associated requirements will be determined by the Board of Directors and will be reviewed/modified as necessary on an annual basis to reflect current membership and/or financial issues. The membership fee structure must be approved by a two-thirds majority of the Board of Directors. A Member's or Liaison's annual membership fee can be waived or modified by a two-thirds vote of the Board of Directors.

IV. Board of Directors and Officers

1. Composition of the Board and Powers

FIRST shall be governed by a Board of Directors composed of ten Directors. Subject to the provisions and limitations of the North Carolina Nonprofit Corporation Act and any other applicable laws, and any limitations of the Articles of Incorporation and of these Bylaws, the activities and affairs of the corporation shall be managed, and all corporate powers shall be exercised, by or under the direction of the Board.

2. Term

Directors shall serve two-year terms.

3. Nomination and Election

Individuals for five Board of Directors positions shall be elected at the annual General Meeting. A candidate must be nominated by petition of at least six (6) FIRST Members. A FIRST Member may vote for no more than the number of open positions. The five candidates receiving the most votes shall become members of the Board of Directors. Ties shall be broken by random selection.

4. Officers

The Board of Directors shall elect from its membership the Chair and the Chief Financial Officer of FIRST. Officers shall serve one-year terms. A person may not serve as Chair for more than two consecutive one-year terms.

5. Secretary

The Board of Directors may appoint a Secretary of FIRST who shall serve a term of one year. The Secretary is not an officer.

6. Removal of Officers

Officers may be removed, with or without cause, by the Board of Directors.

7. Responsibilities of the Chair

The Chair shall preside at meetings of the Board of Directors and General Meetings. The Chair and shall serve as Chief Executive Officer of FIRST and exercise and perform such other powers and duties as the Board may assign.

8. Responsibilities of the CFO

The CFO shall ensure that proper accounting procedures are maintained, that funds are deposited in approved banks or depositories, that operating budgets are prepared and monitored, and that financial audits are performed as appropriate. The CFO shall report on the financial operations of FIRST and shall perform other duties as assigned by the Chair. With Board of Directors approval, portions of the duties of the CFO may be delegated to contracted staff or other assistants.

9. Vacancies

A vacancy shall occur when a Director resigns or is removed. A Director may be removed by a two-thirds vote of the remaining Directors. The Chair shall nominate a person to complete the remaining term. The nominee must be approved by a two-thirds vote of the remaining Directors.

10. Advisory Board

The Board of Directors may establish an Advisory Board to seek strategic guidance and advice. The Board of Directors shall appoint the membership and chair of the advisory board and determine its operating procedures. Directors are not eligible to serve on the advisory board. Membership in the advisory board is otherwise open and does not require any prior involvement with FIRST.

11. Committees

The Board of Directors may establish standing and ad hoc committees and special interest groups. The Board of Directors shall appoint the membership and chair of such committees and determine their operating procedures. Special Interest Groups charters and chairs must be approved by the Board of Directors.

V. Meetings of the Board of Directors

1. Frequency and notice

The Board of Directors shall meet at least semi-annually. Meetings of the Board of Directors may be called by the Chair. Notice of meetings will be given at least ten days in advance. Attendance at the meeting shall constitute waiver of notice except where a Director attends the meeting with the express purpose of objecting to the transaction of any business because the meeting is not lawfully called or convened.

2. Quorum

A quorum shall comprise at least six (6) members. All matters shall be decided by a two-thirds vote except as described elsewhere in these Bylaws. Minutes of meetings shall be taken and distributed to all Members and Liaisons.

3. No proxy

Voting rights of a Director shall not be delegated to another nor exercised by proxy.

4. Action without a meeting

Action may be taken without a meeting if the action is consented to in writing by all members of the Board. Written consents may be transmitted by postal mail, electronic mail, or by other means of electronic transmission.

VI. FIRST Secretariat

A Secretariat shall be designated by the Board of Directors. The Secretariat shall keep minutes of all meetings of the Board and of FIRST and send out notices of meetings. The responsibilities of the Secretariat shall include coordinating FIRST meetings and workshops, maintaining FIRST Member profile information, keeping informed of individual FIRST Member and Liaison activities, and serving as an administrative distribution point for the FIRST. The Secretariat shall also provide general guidance to new Members, potential members, and Liaisons.

VII. General Meetings of the Members

1. General Meeting

FIRST shall hold a General Meeting annually. FIRST Members are expected to be represented. Each Response Team shall be represented by its FIRST Representative. The business of the annual General Meeting shall include the election of the Directors. Minutes of meetings shall be taken and distributed to all Members, Directors, and Liaisons.

2. Quorum and Voting

One-third of the number of members shall constitute a quorum. Each FIRST Representative shall have one vote. All matters, except as described elsewhere in these Bylaws, shall be decided by majority vote.

VIII. Special Meetings

1. Call by the Chair

The Chair may, upon formal approval of the Board of Directors, call a Special Meeting of FIRST, to address a specific topic. Additionally such a call for a Special Meeting shall necessarily be issued within seven (7) days should the Chair receive written application for such a meeting, including the specific topic to be addressed, from one quarter of the FIRST members.

2. Calling a Special Meeting

The call for a Special Meeting shall include the place, date, time and time zone, purpose, and agenda for the meeting; and the call shall be issued to the membership at least fourteen (14) days prior to the date set for the meeting.

3. Conduct of Special Meetings

Special Meetings may be conducted either in person or on-line. The technical procedure and time constraints for conducting on-line meetings shall be adopted by the Board of Directors and announced as part of the call for each Special Meeting, and shall include means for certifying attendance and the presence or absence of a quorum; how to authenticate agendas, motions, parliamentary rulings, and votes; how discussions will be conducted, how moderated, and how recorded; the amount of time allowed for each stage of making, discussing, and voting on motions; how each such stage will be synchronized; and how the minutes of such meetings will be recorded, kept appropriately confidential, and approved.

4. Proxies

If a FIRST Representative is unable to attend any general or special meeting, the Representative may assign a proxy to someone else who is attending. That person does not need to be a FIRST member. Persons holding a proxy should be aware of the voting rules and should seek guidance of the Representative on the issues that he or she will vote on. A proxy holder shall have the same rights as the Representative whom they represent with the exception that they cannot assign the proxy they hold to another person. The Board of Directors shall designate the manner and form for proxies and shall establish a submission deadline as is necessary for proper validation of proxies prior to meetings. Questions concerning the validity of proxies shall be resolved by the Board of Directors in such a manner that they deem to be fair and appropriate.

IX. Participant Requirements and Responsibilities

1. Responsibilities

Each Member and Liaison must comply with the Bylaws, meet certain operational requirements, and fulfill certain responsibilities to the other participants.

2. Participant Profile

Each participant must provide and maintain a profile of itself describing the constituency, technical expertise and other information as determined by the Board of Directors.

3. Communications Support

Each participant must provide the operational and communications support capabilities as determined by the Board of Directors.

4. FIRST Representative

Each Member must designate a FIRST Representative and alternate. All official correspondence will be addressed as designated by the FIRST Representative. The FIRST Representative may delegate this authority and must notify the Secretariat in writing of the delegation.

5. Liaison Sponsorship

Each FIRST Liaison must have a Member team as a sponsor on a continuing basis. Liaisons must notify the Board of Directors of any changes in their sponsorship in a timely manner.

X. Operational Activities and Policies

1. FIRST Communications

All FIRST information and communications shall be provided security protection appropriate to the nature and sensitivity of the information involved.

2. Handling and Dissemination of Information

All FIRST participants must adhere to the dissemination constraints specified by the originating source. Only the originator may relax any dissemination constraints. Information that has no specific dissemination instructions may not be disseminated further.

3. Public Release of Information

Each FIRST participant should have an established procedure for interaction with the press in accordance with the FIRST participant's constituency requirements. Where possible and appropriate, notices and other information should be distributed to the FIRST in advance of public release. In all situations, an individual Response Team is responsible to its constituents first and may work with the press if necessary to reach its constituency. Individual participants may not speak for other FIRST participants nor the FIRST as a whole. The Board of Directors may authorize the Secretariat or a FIRST participant to speak for FIRST.

4. Language

All business of FIRST shall be conducted in English.

XI. Records and Reports

1. Corporate Records

The corporation shall keep:

2. Inspection by Directors

Every Director shall have the right at any reasonable time to inspect all books, records and documents of every kind and the physical properties of the corporation and the records of each of its subsidiary corporations. This inspection by a Director may be made in person or by an agent or attorney, and the right of inspection includes the right to copy and make extracts of documents.

3. Annual Report

Not later than one hundred twenty (120) days after the close of the fiscal year of the corporation, the Board shall cause an annual report to be sent to all Members. Such report shall contain the following information in reasonable detail:

XII. Amendments

Amendments to these Bylaws must be approved by a two-thirds vote of the Members. To be considered at an Annual General Meeting or Special Meeting, any amendment of the Bylaws must be included in the notice of the meeting. These Bylaws shall be reviewed on an annual basis by the Board of Directors and appropriate changes proposed to the FIRST membership.

XIII. General Provisions

1. Notice

Notice may be communicated in person, by telephone, facsimile, electronic mail or other form of wire or wireless communication; or by mail or private carrier, and such notice deemed to have been given under these Bylaws may be waived by the person entitled to it.

2. Signing authority

The Chair and the CFO are authorized to sign contracts, documents, checks, or other orders for payment on behalf of FIRST, or shall delegate such authority to staff members as approved by the Board of Directors.

3. Fiscal Year

The fiscal year of FIRST shall be established by the Board of Directors.

4. Rules of Order

The rules contained in the most recent edition of Robert's Rules of Order Newly Revised shall be used as a guide for procedure at General Meetings and meetings of the Board of Directors to which they are applicable and in which they are not inconsistent with these bylaws and any special rules of order that FIRST or the Board of Directors may adopt.

5. Indemnification

FIRST shall indemnify its directors, officers, employees and agents, and former directors, officers, employees and agents, against liability for their acts and omissions to the fullest extent permitted by law. FIRST may purchase insurance for such indemnification.

6. Bond

FIRST shall maintain protection against infidelity on the part of all Officers and employees who handle FIRST funds by such bond or surety and indemnity as the Board deems necessary and proper.

Adopted June 2016