Bylaws of FIRST

Also available as PDF (253Kb)

I. Corporation

The Forum of Incident Response and Security Teams, Inc. is established as a North Carolina Nonprofit Corporation (the “Corporation”) by the Articles of Incorporation. The Corporation also refers to itself as “FIRST” or “FIRST.Org.”, but those are simply shorthand designations, and not the official corporate name. The Corporation is also referred to in these Bylaws as “FIRST”.

II. Purposes

1. General

The purposes of FIRST are to enable incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams, and to otherwise engage in all lawful activities consistent with these purposes.

2. Tax Exemption

FIRST is organized exclusively for charitable and educational purposes as defined in Internal Revenue Code Section 501(c)(3) and in the Corporation’s Articles of Incorporation. FIRST will comply at all times with the requirements applicable to tax exempt organizations including limitations on political activity and distribution of funds upon dissolution. These limitations are contained in the Articles of Incorporation.

III. Participation in FIRST

1. Types

There are two types of participants in FIRST:

2. Member

A Member is a Response Team that has been admitted to FIRST.

3. Response Team

A Response Team is an organization whose function is to assist an information technology community or other defined constituency in preventing and handling security-related incidents. An individual Response Team also takes active steps to raise its constituents' levels of awareness of computer security issues and to improve the security of its constituents' information technology resources.

4. Admission of Members

Members must be nominated by two existing Members (“Sponsors”). If requested and approved by a two-thirds vote of all members of the Board of Directors, one existing Member may be sufficient. All nominations must be approved by a two-thirds vote of all members of the Board of Directors. New Participants must pay the applicable membership fee upon Board of Director’s approval for membership.

5. Liaison

A Liaison is an individual that has a legitimate interest in and value to FIRST.

6. Admission of Liaisons

Liaisons must be nominated by one existing Member. All nominations must be approved by a two-thirds vote of all members of the Board of Directors. New Participants must pay the applicable membership fee upon Board of Director’s approval for membership.

7. Information

A proposed new FIRST Member or Liaison must provide the following information in support of its nomination:

8. Site Visit

Before a nomination for a new Member can be approved, at least one of the Sponsors must have conducted a site visit. If requested by all Sponsors and approved by a two-thirds vote of all members of the Board of Directors, the site visit may be omitted.

9. Voluntary Membership Termination

A Participant may voluntarily resign from FIRST at any time. The membership fee is not refundable if a Member or Liaison resigns.

10. Suspension and Revocation of Membership

The Board of Directors will initiate membership revocation steps if any of the following conditions apply:

When a revocation process is begun, the Participant's access to FIRST rights and facilities may be suspended. Suspension or revocation shall require a two-thirds vote of all members of the Board of Directors. The Participant shall be provided an opportunity for rebuttal prior to revocation.

Lifting suspension and restoration of access to FIRST rights and facilities shall require a two-thirds vote of all members of the Board of Directors.

Participants who have their FIRST membership revoked or suspended for any reason are not entitled to a refund of their membership fee.

11. Fees

Membership fees will be set and reviewed annually by the Board of Directors. The membership fee structure, due dates and other associated requirements will be determined by the Board of Directors, and will be reviewed/modified as necessary on an annual basis to reflect current membership and/or financial issues. The membership fee structure must be approved by a two-thirds vote of the Board of Directors. A Member's or Liaison's annual membership fee can be waived or modified by a two-thirds vote of the Board of Directors.

IV. Board of Directors and Officers

1. Composition of the Board and Powers

FIRST shall be governed by a Board of Directors composed of ten (10) Directors. Subject to the provisions and limitations of the North Carolina Nonprofit Corporation Act and any other applicable laws, and any limitations of the Articles of Incorporation and these Bylaws, the activities and affairs of the Corporation shall be managed, and all corporate powers shall be exercised by or under the direction of the Board. The Board of Directors shall supervise the Executive Director in the implementation of Board policy and decisions.

2. Term

Directors shall serve two-year terms.

3. Nomination and Election

Individuals for five Board of Directors positions shall be elected via an online election process ahead of the Annual General Meeting. The schedule of the election process shall be communicated at least sixty (60) days prior to the Annual General Meeting. A candidate must be nominated by petition of at least six (6) FIRST Representatives. A FIRST Representative may vote for no more than five (5) positions. The five (5) candidates receiving the most votes shall become members of the Board of Directors. Ties shall be broken by random selection.

In conducting elections pursuant to this section of the Bylaws, FIRST is authorized to use any combination of electronic and paper voting options that the Board of Directors shall approve in advance as reasonable and appropriate. Such notice may also be supplemented by other written or electronic forms of notice that are approved in advance by FIRST’s Board of Directors.

An independent consulting or professional services firm with appropriate experience may be retained by FIRST to assist with the voting process, to independently tally the votes, and to record the results of the election. The winners of the election shall thereafter be announced to the Members at the Annual General Meeting.

4. Officers

The Officers of the Corporation shall be:

The Board of Directors shall elect these Officers from its membership, and they shall each serve one-year terms, except the CEO and Executive Director, who shall hold office for so long as that individual is employed by the Corporation as its Executive Director. A person may not serve as Chair for more than two consecutive one-year terms. The same person may hold more than one office where not inconsistent with the law applicable thereto. The Board of Directors shall also have the power to separate the roles of Officers (from two titles and responsibilities as noted in these Bylaws to one), and to create such other offices, as they may from time to time deem expedient, and to appoint one or more Assistant Secretaries, and one or more Assistant Treasurers.

5. Removal of Officers and Directors

Officers may be removed, with or without cause, by the Board of Directors. A Director may be removed by a two-thirds vote of the remaining Directors.

6. Responsibilities of the Chair and President

The Chair shall preside at meetings of the Board of Directors and General Meetings. The Chair shall exercise and perform such other powers and duties as the Board may assign. They shall have authority to execute in the name of the Corporation all deeds, bonds, mortgages, contracts and other documents authorized by the Board of Directors.

As President, this Officer shall perform such duties as may be prescribed by the Board of Directors. They shall have authority to execute in the name of the Corporation all deeds, bonds, mortgages, contracts and other documents authorized by the Board of Directors. They shall have the general powers and duties usually vested in the office of President of a corporation.

7. Responsibilities of the CEO and Executive Director

The CEO shall perform such duties as may be prescribed by the Board of Directors. They shall have general supervision of the other Officers and the FIRST Secretariat, and shall have authority to execute in the name of the Corporation all deeds, bonds, mortgages, contracts and other documents authorized by the Board of Directors. They shall have the general powers and duties usually vested in the office of Chief Executive Officer of a corporation.

As Executive Director, this Officer shall be charged with overseeing, supervising and administering the day-to-day management of FIRST, including the oversight of other agents, employees and contractors (including the FIRST Secretariat), resource development, and representing the Corporation publicly. The Executive Director, as well as any other Officer(s) authorized by the Board of Directors, may sign any deeds, bonds, mortgages, or other instruments and enter into agreements necessary to carry out the missions and programs of FIRST, except where these Bylaws or policies adopted by the Board require the signature of some other Officer(s) of FIRST or otherwise impose additional conditions or restrictions. The Executive Director shall perform all other duties customary to that office and such other duties as may from time to time be assigned to them by the Board of Directors. The CEO and Executive Director is an Officer, but not a member of the Board of Directors. The CEO reports to the Chair.

8. Responsibilities of the CFO and Treasurer

The CFO shall ensure that proper accounting procedures are maintained, that funds are deposited in approved banks or depositories, that operating budgets are prepared and monitored, and that financial audits are performed as appropriate. The CFO shall report on the financial operations of FIRST and shall perform other duties as assigned by the Chair. With Board of Directors approval, portions of the duties of the CFO may be delegated to contracted staff or other assistants.

As Treasurer, this Officer shall, subject to the direction of the Board of Directors, have custody of the corporate funds and securities, and shall keep full and accurate accounts of receipts and disbursements in books belonging to the Corporation. They shall deposit all moneys in the name of and to the credit of the Corporation, in such depositories as may be designated by the Board of Directors, and, in general, they shall perform the duties usually incident to the office of Treasurer of a corporation, and such other duties as may be prescribed by the Board of Directors or the Chair.

9. Responsibilities of the Secretary

The Board of Directors may appoint a Secretary who shall serve a term of one year. The Secretary may designate the FIRST Secretariat, as referred to hereinbelow, to attend all meetings of the Board of Directors and all meetings of the Members and record the minutes of all proceedings in a book to be kept for that purpose; to perform like duties for any committees of the Board of Directors when required; and to give, or cause to be given, notice of all meetings of the Members and the Board of Directors. The Secretary shall have custody of the seal of the Corporation and shall impress the seal on all authorized documents requiring a seal. In general, they shall perform the duties usually incident to the office of Secretary of a corporation, and such further duties as shall from time to time be prescribed by the Board of Directors or the Chair. At any meeting of the Members or Board of Directors at which the Secretary or the FIRST Secretariat is not present, an Acting Secretary of the meeting may be appointed by the Chair of the meeting.

10.Responsibilities of the Assistant Secretary

The Assistant Secretary or Assistant Secretaries shall perform such duties as shall be assigned to them in writing by the Board of Directors or the Secretary.

11.Responsibilities of the Assistant Treasurer

The Assistant Treasurer or Assistant Treasurer shall perform such duties as shall be assigned to them in writing by the Board of Directors or the Treasurer.

12. Other Officers

The Board of Directors shall also have the right from time to time to create such other offices and elect or appoint such officers to fill the same as in their judgment the interests of the Corporation shall require.

13. Vacancies

A vacancy shall occur when a Director resigns or is removed. The Chair shall nominate a person to complete the remaining term. The nominee must be approved by a two-thirds vote of the remaining Directors.

14. Advisory Board

The Board of Directors may establish an Advisory Board to seek strategic guidance and advice. The Board of Directors shall appoint the membership and chair of the Advisory Board and determine its operating procedures. Directors are not eligible to serve on the Advisory Board. Membership in the Advisory Board is otherwise open and does not require any prior involvement with FIRST.

15. Committees

The Board of Directors may establish standing and ad hoc committees and Special Interest Groups (“SIGS”). The Board of Directors shall appoint the membership and chair of such committees and determine their operating procedures. Special Interest Groups charters and chairs must be approved by the Board of Directors.

V. Meetings of the Board of Directors

1. Frequency and notice

The Board of Directors shall meet at least semi-annually. Meetings of the Board of Directors may be called by the Chair. Notice of meetings shall be given at least ten days in advance. Attendance at the meeting shall constitute waiver of notice except where a Director attends the meeting with the express purpose of objecting to the transaction of any business because the meeting is not lawfully called or convened.

2. Quorum

A quorum shall comprise at least six (6) members of the Board. All matters shall be decided by a two-thirds vote, except as described elsewhere in these Bylaws. Minutes of meetings shall be taken and distributed to all Members and Liaisons.

3. No proxy

Voting rights of a Director shall not be delegated to another nor exercised by proxy.

4. Action without a meeting

Action may be taken without a meeting if the action is consented to in writing by all members of the Board. Written consents may be transmitted by postal mail, electronic mail, or by other means of electronic transmission.

VI. FIRST Secretariat

A Secretariat shall be designated by the Board of Directors. The Secretariat shall keep minutes of all meetings of the Board and of FIRST General or Special Member Meetings, and send out notices of meetings. The responsibilities of the Secretariat shall include coordinating FIRST meetings and workshops, maintaining FIRST Member profile information, and serving as an administrative distribution point for FIRST. The Secretariat shall also provide general guidance to new Members, potential Members, and Liaisons. The Secretariat shall be supervised by the CEO and Executive Director.

VII. General Meetings of the Members

1. General Meeting

FIRST shall hold a General Meeting annually (the “Annual General Meeting”). FIRST Members are expected to be represented. Each Response Team shall be represented by its FIRST Representative. Minutes of meetings shall be taken and distributed to all Members, Directors, and Liaisons.

2. Quorum and Voting

Ten (10) percent of the number of Members shall constitute a quorum. Each FIRST Representative shall have one vote. All matters, except as described elsewhere in these Bylaws, shall be decided by a majority vote.

VIII. Special Meetings

1. Call by the Chair

The Chair may, upon formal approval of the Board of Directors, call a Special Meeting of FIRST to address a specific topic. Additionally such a call for a Special Meeting shall necessarily be issued within seven (7) days should the Chair receive written application for such a meeting, including the specific topic to be addressed, from one quarter of the FIRST Members.

2. Calling a Special Meeting

The call for a Special Meeting shall include the place, date, time and time zone, purpose, and agenda for the meeting; and the call shall be issued to the membership at least fourteen (14) days prior to the date set for the meeting.

3. Conduct of Special Meetings

Special Meetings may be conducted either in person or on-line. The technical procedure and time constraints for conducting on-line meetings shall be adopted by the Board of Directors and announced as part of the call for each Special Meeting, and shall include means for certifying attendance and the quorum of ten (10) percent of the number of Members; how to authenticate agendas, motions, parliamentary rulings, and votes; how discussions will be conducted, how moderated, and how recorded; the amount of time allowed for each stage of making, discussing, and voting on motions; how each such stage will be synchronized; and how the minutes of such meetings will be recorded, kept appropriately confidential, and approved.

4. Proxies

If a FIRST Representative is unable to attend any General or Special meeting, the Representative may assign a proxy to someone else who is attending. That person does not need to be a FIRST member. Persons holding a proxy should be aware of the voting rules and should seek guidance of the Representative on the issues that he or she will vote on. A proxy holder shall have the same rights as the Representative whom they represent with the exception that they cannot assign the proxy they hold to another person. The Board of Directors shall designate the manner and form for proxies and shall establish a submission deadline as is necessary for proper validation of proxies prior to meetings. Questions concerning the validity of proxies shall be resolved by the Board of Directors in such a manner that they deem to be fair and appropriate.

IX. Participant Requirements and Responsibilities

1. Responsibilities

Each Member and Liaison (referred to as “Participants”) must comply with the Bylaws, meet certain operational requirements, and fulfill certain responsibilities to the other Participants.

2. Participant Profile

Each Participant must provide and maintain a profile of itself describing the constituency, technical expertise and other information as determined by the Board of Directors.

3. Communications Support

Each Participant must provide the operational and communications support capabilities as determined by the Board of Directors.

4. FIRST Representative

Each Member must designate a FIRST Representative and alternate. All official correspondence will be addressed as designated by the FIRST Representative. The FIRST Representative may delegate this authority and must notify the Secretariat in writing of the delegation.

X. Operational Activities and Policies

1. FIRST Communications

All FIRST information and communications shall be provided security protection appropriate to the nature and sensitivity of the information involved.

2. Handling and Dissemination of Information

All FIRST Participants must adhere to the dissemination constraints specified by the originating source. Only the originator may relax any dissemination constraints. Information that has no specific dissemination instructions may not be disseminated further.

3. Public Release of Information

Each FIRST Participant should have an established procedure for interaction with the press in accordance with the FIRST Participant's constituency requirements. Where possible and appropriate, notices and other information should be distributed to FIRST in advance of public release. In all situations, an individual Response Team is responsible to its constituents first, and may work with the press if necessary to reach its constituency. Individual participants may not speak for other FIRST Participants nor FIRST as a whole. The Board of Directors may authorize the Secretariat or a FIRST Participant to speak for FIRST.

4. Language

All business of FIRST shall be conducted in English.

XI. Records and Reports

1. Corporate Records

The Corporation shall keep:

2. Inspection by Directors

Every Director shall have the right at any reasonable time to inspect all books, records and documents of every kind and the physical properties of the Corporation and the records of each of its subsidiary corporations. This inspection by a Director may be made in person or by an agent or attorney, and the right of inspection includes the right to copy and make extracts of documents.

3. Financial Report

Not later than thirty (30) days after the Corporation has filed its tax return for the immediately preceding fiscal year, the Board shall cause a financial report to be sent to all Members. Such report shall contain the following information in reasonable detail:

XII. Amendments

Amendments to these Bylaws must be approved by a two-thirds vote of the Members present or voting at an Annual General Meeting or Special Meeting, provided a quorum is present, as referred to in Section VII General Meetings of the Members, 2. Quorum and Voting, referred to hereinabove. To be considered at an Annual General Meeting or Special Meeting, any amendment of the Bylaws must be included in the notice of the meeting. These Bylaws shall be reviewed on an annual basis by the Board of Directors and appropriate changes proposed to the Members.

XIII. General Provisions

1. Notice

Notice may be communicated in person, by telephone, facsimile, electronic mail or other form of wire or wireless communication; or by mail or private carrier, and such notice deemed to have been given under these Bylaws may be waived by the person entitled to it.

2. Signing authority

The Chair, the CEO, the Executive Director, the President, the CFO, and the Treasurer are authorized to sign contracts, documents, checks, or other orders for payment on behalf of FIRST, or shall delegate such authority to staff members as approved by the Board of Directors.

3. Fiscal Year

The fiscal year of FIRST shall be established by the Board of Directors.

4. Rules of Order

The rules contained in the most recent edition of Robert's Rules of Order Newly Revised shall be used as a guide for procedure at General Meetings and meetings of the Board of Directors to which they are applicable and in which they are not inconsistent with these Bylaws and any special rules of order that FIRST or the Board of Directors may adopt.

5. Indemnification

FIRST shall indemnify its Directors, Officers, employees and agents, and former Directors, Officers, employees and agents, (the “Indemnitee(s)”), against liability for their acts and omissions to the fullest extent permitted by law. FIRST may purchase insurance for such indemnification. FIRST shall pay the expenses (including attorneys' fees) incurred by any of such Indemnitees in defending any civil, criminal, administrative or investigative action, suit or proceeding in advance of its final disposition, upon receipt of an undertaking by or on behalf of such Indemnitee to repay all amounts advanced if it shall ultimately be determined that the Indemnitee is not entitled to be indemnified.

6. Bond

FIRST shall maintain protection against indemnity on the part of all Officers and employees who handle FIRST funds by such bond or surety and indemnity as the Board deems necessary and proper.

Adopted June 2021