| title | displaytext | layout | tab | order | tags |
|---|---|---|---|---|---|
Induction |
Board Induction Resources |
true |
5 |
board |
- OWASP Bylaws{:target='_blank'}
- OWASP Restated Certificate of Incorporation 2024{:target='_blank'}
- OWASP Europe Bylaws - Dutch OWASP Europe Bylaws - English{:target='_blank'}
- OWASP Policies{:target='_blank'}
- Board Mailing List{:target='_blank'}
- Board Feedback Address - OWASP Members only{:target='_blank'}
- Action Tracker{:target='_blank'}
- Elections{:target='_blank'}
- Vision, Values, and Mission. OWASP has a new mission for the first time in 20 years. A strong and clear mission statement provides a lens for the Foundation to prioritize, do less of, or not do at all.
- Strategic direction. Each Board should set their goals, priorities, and strategic direction in a special general meeting early in the year
- Fiduciary duty. Directors are accountable for Board decisions and Foundation actions
- Financial oversight. The budget is set between September and November each year. It must be approved in the first general meeting of the year to permit spending on programs above the Executive Director's signing authority. If you want to get something done that will cost funds or bring money to the Foundation, it needs to be in each upcoming budget, or it won't happen.
- Fundraising. Every non-profit needs to fundraise. The Board should focus on fundraising by promoting OWASP and introducing new corporate members, sponsors, and donations to the Foundation.
The Board can make motions on any topic as long as they do not attempt to bind future Boards or if a motion contravenes our mission, bylaws, or policies. No Board may bind a future Board. Binding future Boards doesn't work because every Board can change the mission, bylaws, and policies and alter, reverse, or annul any past motion. The Board may wish to undertake policy or culture reform or transformation. If so, they should consult transparently and widely with key stakeholders and the wider community.
If you are passionate about OWASP, being a Director of a non-profit is a fantastic experience, but it can also be exhausting. If you have limited time, being a Director may not be for you. Board officers have more duties than General Members At Large. General Members at Large (i.e., those that aren't the Chair, Vice-Chair, Secretary, or Treasurer) are strongly encouraged to be a Board champion for a mission goal, such as Projects, Chapters, Members, Events, Outreach, or fundraising.
If you want to run for election, you must have 12 months of continuous membership in good standing and nominate yourself when the call for candidates comes out. Prospective Directors can find more details in the elections page, including results.
The OWASP Foundation will obtain or confirm every Director's current contact details. They will ensure everyone has received the Board induction books and BoardSource either electronically or physically.
The current induction resources and books are:
- OWASP Bylaws and OWASP Policies{:target='_blank'}
- OWASP Restated Certificate of Incorporation 2024{:target='_blank'}
- Nonprofit Kit For Dummies 6th Edition{:target='_blank'}
- Robert's Rules of Order, Newly Revised 12th Edition{:target='_blank'} or the Concise version{:target='_blank'}.
- Board Source online training{:target='_blank'}. The OWASP Foundation will provide a registration link to all Board members, and they should complete the training certificate found by clicking "My Account" at the top, "Training" on the left side, and then "Certificate of Nonprofit Board Education Series." It will take approximately an hour. Please provide the certificate to the Operations Manager before signing the Commitment agreement.
Every Director should have read OWASP's bylaws and policies to not take actions or make motions that contravene them. These are not perfect. Directors may raise enhancements or improvements that the Board can address.
The Nonprofit Kit has sections relevant to the staff and more relevant sections to the Board. Directors should read the entire book. As a Board member, please read and understand Chapter 3: Prioritizing Your Board of Directors, Chapters 7-10, Chapter 12 Budgets, Chapter 13 Marketing and Branding, Part 3: Raising funds successfully.
RONR is used in special and general Board meetings to manage the agenda and conduct business. You do not need to read the entire thing, but read sections 44-45 for voting, 46 for elections, 47 for officers, 49 - 52 for Boards, 56-57 for bylaws. Many other sections are relevant, but RONR is more used to establish an agenda and understand and follow a process during meetings to avoid any perceptions or actuality of improper motions. The Executive Director has the full version for reference during meetings, so Directors may choose to buy and use the Concise version. If there is conflict in meaning or understanding, the Executive Director or Secretary will consult the full version in meetings.
There are optional but still recommended books for NonProfit Financial Oversight, Nonprofit Marketing, Nonprofit Stragegy, Nonprofit Board Fundraising, and more.
Directors can either submit an expense claim per the Expenses policy or ask the Foundation to send the books to them.
- If you are not a financial member, Directors must become a financial member by the time they join the Board on January 1. The best way to avoid any issues with good standing due to lapsed membership is to become a Lifetime member. However, Directors are recommended but not required to take out sufficient sequential one or two-year memberships to cover their entire term or enable automatic renewal in the Member Portal. Per the bylaws, Directors - and not the Foundation - are responsible for maintaining their good standing throughout their term. Directors wishing to use automatic or manual renewal must renew on time or check that renewal took place.
- New Board members must complete their induction reading and Board Source training before signing the Directors Commitment Agreement to fully understand the role of the Board and their fiduciary duty to the OWASP Foundation.
- Directors who do not sign the Director's Commitment Agreement are not covered by OWASP's Director's and Officers (D&O) insurance and may not sit or vote on the Board to prevent indemnity issues.
- Each year, the Foundation must obtain an updated Conflict of Interest questionnaire from each Board member. Directors can update this form at any time during their term. If a Director has a conflict of interest, they must declare this interest to their fellow Board members, and recuse themselves from discussion and voting. Bylaws have precedence over policy or signed agreements if there's any confusion.
If a Director fails to meet the qualifications set out in the bylaws, the Foundation will inform the pro tem Chair, incoming Chair, or incoming Board as a whole. The Board may decide to vote to declare the position unfilled through disqualification and then fill the Director's seat per the bylaw's vacancy process.
Directors who can hit the ground running from the first meeting onwards are a true asset to any organization. To get off to a great start:
- New Directors should come to any remaining Board meetings to familiarize themselves with Board meetings and meet their future fellow Board members.
- The Executive Director will meet with all Board members to listen to your platform, goals, agenda, and ideas to make OWASP better and achieve our mission. The new Board should meet in a Special Board meeting to decide who the board officers will be before the first general public meeting.
- The new Board should schedule one or two Special Board meetings in January of each year to set goals and strategies and communicate this to the community and Foundation. The Executive Director or Operations Manager will work with the Board to establish a public board meeting calendar. You will need to set aside two hours on the fourth Tuesday of each month and sufficient time to read the agenda and any pre-reading materials to prepare for the meeting. If you have any questions about the agenda or materials, don't hesitate to contact the Executive Director.
Please ensure that you have an up-to-date passport, all necessary vaccination requirements to travel, and put time aside in your calendar to travel and attend all in-person AppSec Global events. There will be a public Board meeting at some point during the conference. AppSec Global events are a chance to meet with OWASP Members, Corporate Members, Event Sponsors, and participants and listen to their feedback and concerns. Please make the time to attend all of the conferences. The OWASP Foundation pays for board travel and hotels.
From the end of the previous term until the first public Board meeting following January 1 of each year, the following process will take place:
- Prior officers, if still on the Board, retain their position and signing authority until a new election of officers takes place.
- Officers who are no longer in office as of January 1 lose their position and signing authority, and their position will remain vacant until the new Board elects officers. Ex-Board members are not covered by Directors and Officers liability insurance, and so they cannot act as officers or Directors.
- Historically, the Board has permitted the previous Chair to open the first Board meeting to elect a new Chair and once elected, then hand over the meeting to the new Chair, even if the previous Chair is no longer on the Board of Directors. Alternatively, the incoming Board may choose to have the meeting called to order by the continuing Vice Chair or the Executive Director depending on circumstances. The incoming Board may decide to change this process.
To avoid a situation where the Foundation cannot pay its larger bills, if all officers, or if all of (Chair, Vice Chair and Treasurer) are no longer in office, the Executive Director (or Acting Executive Director) will call a Special Board meeting to elect officers as soon as practically possible after January 1. This meeting must be publicized for seven days, so it may be published in the prior year. The Executive Director (or Acting Executive Director) will chair the meeting until the Chair is elected, call the meeting to order and ask for nominations for Chair. The Executive Director (or Acting Executive Director) will ask for a motion to close nominations and then ask for a vote. After the new Chair has been elected, the meeting will be handed over to the new Chair. All remaining officer positions will be nominated for and voted upon in the same manner.
Board members have higher requirements for independence to avoid any perceptions or actuality of conflict of interest. Directors must use their OWASP.org email address for all official business, not their personal or commercial email addresses.
The public considers Directors speak for OWASP unless otherwise noted or disclaimed. Directors should provide a disclaimer if they are representing personal views.
Build - not destroy by avoiding disputes In general, the community loves hearing from the Board. However, Directors can make fundamental changes, so care is necessary when acting as a Director. Directors should discuss, mediate, and listen to the community, rather than stir up or participate in any disputes or try to get their way in the court of public opinion. If you are passionate about a topic, bring the community along with you and privately work to obtain the necessary support on the Board to make the change you want to see.
The OWASP Foundation is there to enable and execute OWASP's mission, the Board's strategy, policies, and goals. The Board has delegated operations to the OWASP Foundation. The Board should not get involved in day-to-day operations or approve policies that require volunteers, members, Committees, or the Board itself to be on a critical operational path of any program or business as usual process.
The Board is welcome to communicate to the Foundation through the Global Board list, and email or meet with the Executive Director. The Board should not ordinarily communicate directly with OWASP staff to avoid the perception or actuality of many managers.
The staff is encouraged to raise any concerns with the Board if they feel an issue that the Executive Director is not addressing. The staff will directly communicate with the Board to complete or work on a Board action from time to time. Please respond to staff requests or concerns in a timely fashion.
The Board should track public actions arising from Board meetings, or tasks delegated to the Foundation through the Public Board Actions Kanban
The Board has delegated some of its powers to various committees. The Committees are governed by the Committees policy, advise the Board, and have some decision-making power relating to their charter.
Annually, Committees provide a budget submission and objectives to the Foundation for inclusion in the overall general budget. The Committee can spend approved budgeted money but is not authorized to direct the allocation of funds or spend funds for unbudgeted purposes.
Each Committee has its charter published on the main website. The Board can make motions in areas covered by a Committee charter. For good governance, the Board should consult with the relevant Committee and stakeholders before passing any motion, consider their advice, and build sufficient support within the community and Board for the motion to pass.
The Board should be the primary source and driver of the agenda, motions, and discussions. Please submit all motions to the Executive Director no later than one week before a general public meeting. The agenda can be published publicly with seven days' notice as required by the bylaws.
All motions require a Board sponsor, so if a community member or staff member wants to introduce a motion, it is through a Director's sponsorship. Directors sponsoring a motion should prepare for a discussion on the motion, be familiar with all pre-reading material, and answer any questions about the motion. The sponsoring Director does not need to support the motion and is free to vote against it. Most motions require four "yay" votes. Changes to policy and bylaws require a two-thirds affirmative vote (generally at least five "yay" votes). If a Director wants a motion to pass, they should build consensus with the Board well before the meeting.
The agenda will be finalized in a Board officers prep call seven days before the general Board meeting, which is not a special or general meeting. This prevents Board officers from conducting hidden votes.
The Executive Director will finalize all pre-reading material, staff, and financial reports by the close of business on the Friday before the Board meeting.
Well-informed Boards have efficient and highly productive Board calls. Unprepared Board members violate their fiduciary duty to OWASP, create unnecessary delays during the meeting, and likely misunderstand the motions, devastating consequences.
Directors must read all pre-reading material, review (and potentially correct) the previous minutes for accuracy, staff reports, motions, and discussions. Directors should set aside an hour or two per month for meeting preparation. Directors can ask to have the minutes corrected, question the sponsors of motions, or ask the Foundation about staff reports through the Executive Director.
The Board meeting will generally be online five minutes before the meeting and start promptly. Any Director who is not present after the first ten minutes is considered absent. Missing more than 25% of the meetings in the year is grounds for a vote of confidence and potential removal. An earlier Board made a convention that all Board members must have their video camera enabled for virtual calls. If you need to have your video off, please ask the other Board members before doing so.