[Owasp-board] [Governance] Conflict of Interest Policy - VOTE requested

Dave Wichers dave.wichers at owasp.org
Thu Nov 7 04:14:21 UTC 2013


I approve.

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sarah Baso
Sent: Tuesday, November 05, 2013 2:52 AM
To: OWASP Foundation Board List
Subject: Re: [Owasp-board] [Governance] Conflict of Interest Policy - VOTE
requested

 

Policy passes - Here are the votes I have for the record:

 

Yes - Michael, Seba, Jim, Tom, and Eoin.  

 

Dave, please let me know if you would like me to add a vote to the record.  

 

Sarah

 

On Sun, Nov 3, 2013 at 4:23 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

Board members -

 

So far I have a yes from Michael, Seba, and Jim. Can the three of you
re-acknowledge your vote since there were a few small modifications based on
Josh's recommendations?

 

Eoin/Dave/Tom - A vote from you is kindly requested.

 

Regards,

Sarah

 

 

On Sun, Nov 3, 2013 at 4:21 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

Josh -

Thank you for the thoughtful review and comments. 

 

1. I have revised and added the clarification 

"Each member of the board of directors and employees of the Foundation has a
duty of loyalty to the Foundation.  The duty of loyalty generally requires a
director or employee to prefer the interests of the Foundation over the
director's/employee's interest or the interests of others when making
decisions affecting the organization."

 

2. I think it is impractical to think all the possible violations and
possible ramifications for different situations and this will likely be on a
case by case basis. I have revised to include the most severe consequences
though.

 

If, after hearing the member's response and after making further
investigation as warranted by the circumstances, the governing board or
committee determines the member has failed to disclose an actual or possible
conflict of interest, it shall take appropriate disciplinary and corrective
action. The violation of this Conflicts of Interest policy is a serious
matter and may constitute "cause" for removal from the Board, termination of
employment, and/or  the termination of any contractual relationship the
Foundation may have with an Interested Person or other party.

 

3. I have added a statement about third party disclosure - the determination
of whether the disclosure exists, procedures for addressing a conflict, and
violation for failure to disclose should apply the same.

 

Board members, employees, community members, or other third parties are
encouraged to notify the board any any undisclosed financial interest or
other conflict of interest by a board member or employee including material
facts supporting the conflict. 

 

Regards, 

Sarah

 

 

On Thu, Oct 31, 2013 at 12:39 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

I've got a couple of comments on this policy:

1) "Each member of the board of directors and employees of the Foundation
has a duty of loyalty to the Foundation.  The duty of loyalty generally
requires a director or employee to prefer the interests of the Foundation
over the director's/employee's interest or the interests of others."

Is it reasonable to assume that a Director should prefer the interests of
the Foundation over any other interests?  Personally, I don't think so, and
it really shouldn't matter as far as this document goes.  The idea is to
expose and isolate these conflicts so that they do not affect our decisions,
not to tell people to whom their loyalties should lie.

2) "If, after hearing the member's response and after making further
investigation as warranted by the circumstances, the governing board or
committee determines the member has failed to disclose an actual or possible
conflict of interest, it shall take appropriate disciplinary and corrective
action."

What is an "appropriate disciplinary and corrective action"?  Removal from
the meeting?  From the Board?  Spankings?  I don't think that we should
leave this as vague as it currently is.

3) While the document does a good job of addressing self-disclosure of a
conflict of interest, I don't think I saw anywhere in it where it specifies
the process for a third-party disclosure.  If I think that Jim has a
conflict on a vote, but he has not disclosed it, what is the proper channel
for me to disclose that?  How is that handled?

Thanks!

~josh

 

On Thu, Oct 31, 2013 at 11:52 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

No it's in ref to the grants.


Eoin Keary

Owasp Global Board

+353 87 977 2988 <tel:%2B353%2087%20977%202988> 

 


On 31 Oct 2013, at 15:07, Sarah Baso <sarah.baso at owasp.org> wrote:

Eoin- is this in reference to the conflict of interest policy? If not can
you try to keep the discussion on the applicable thread?

 

Thanks

Sarah Baso


On Oct 31, 2013, at 2:13 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

Question:

If a project has funding but is terminated have we documented what happens
in such edge cases?

If a project has surplus funding what happens also?



Eoin Keary

Owasp Global Board

+353 87 977 2988 <tel:%2B353%2087%20977%202988> 

 


On 30 Oct 2013, at 23:20, Sarah Baso <sarah.baso at owasp.org> wrote:

Thank you for your comments and questions Bev - the disclosure should be
covered by the questionnaire at the end of the document and this is to set a
minimum bar of what is required by Board and Staff. 

 

Sarah

 

On Wed, Oct 30, 2013 at 4:05 PM, Bev Corwin <bev.corwin at owasp.org> wrote:

Dear Sarah,

 

Thank you. This is very thoughtful, and a well prepared policy document. My
questions are in the context of how to define and determine appropriate
differences in the understanding and relationships of "disclosure" vs
"transparency" vs "privacy" vs "confidentiality" requirements within an open
culture such as OWASP? This document specifically mentions "disclosure"
however, it does not make mention of transparency, privacy, confidentiality,
or explain what "open" specifically means within the larger context of the
OWASP organizational culture. What is appropriate disclosure exactly? What
is transparency? Is transparency enough? And how does an "open" culture
address them in their policies?  Would it be incorrect to assume that they
would be similar to more traditional or non "open" non profit organizational
cultures? Thank you in advance for your thoughtfulness and consideration.

 

Respectfully submitted,

Bev

 

 

On Wed, Oct 30, 2013 at 6:09 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

Board members -

 

I have updated the conflict of interest policy draft, which will apply to
staff and board members, to reflect comments made in the document and on the
governance list.
https://docs.google.com/a/owasp.org/document/d/1IlyfFrlQg0dznJD2MnyAd2njUETV
UCiMFuUYxOI8mmQ/edit#
<https://docs.google.com/a/owasp.org/document/d/1IlyfFrlQg0dznJD2MnyAd2njUET
VUCiMFuUYxOI8mmQ/edit> 

 

Thanks to everyone who reviewed and commented.

 

I am requesting a vote to approve this policy so we can move forward with
implementation. 

 

Regards,
Sarah Baso

 

-- 

Executive Director

OWASP Foundation

 

sarah.baso at owasp.org
+1.312.869.2779 <tel:%2B1.312.869.2779> 





 

_______________________________________________
Governance mailing list
Governance at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/governance

 





 

-- 

Executive Director

OWASP Foundation

 

sarah.baso at owasp.org
+1.312.869.2779 <tel:%2B1.312.869.2779> 





_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

 





 

-- 

Executive Director

OWASP Foundation

 

sarah.baso at owasp.org
+1.312.869.2779 <tel:%2B1.312.869.2779> 









 

-- 

Executive Director

OWASP Foundation

 

sarah.baso at owasp.org
+1.312.869.2779 <tel:%2B1.312.869.2779> 









 

-- 

Executive Director

OWASP Foundation

 

sarah.baso at owasp.org
+1.312.869.2779





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131106/7f4d05a7/attachment-0001.html>


More information about the Owasp-board mailing list