<div dir="ltr"><div>Apologies for my $0.05c. </div><div><br></div>Although I have a history in the US, so you can inspect the 2.5 years I lived there, good luck getting a national background check in Australia. Only government agencies are allowed to request it and I don't get the results. And our privacy system lies between the EU and US in terms of approach.<div><br></div><div>Again, as a current non-board member, I think a by-law change to prevent felons joining the Board is a good idea, but it may be impractical to obtain a background check in many countries. If you are drafting new by laws, it should be flexible in approach to ensure folks aren't knocked out because national laws override OWASP's by laws. </div><div><br></div><div>Generally, if governments require a background check or clearance, they will ask for you to go through it for the purposes of the clearance. I wouldn't jump the gun unless specifically required. There is a push on right now to reduce the total number of folks with clearances to improve the quality of clearances and background checks, so we shouldn't be adding to the burden unless there is a specific issue the Board is trying to prevent. </div><div><br></div><div>Again, apologies for sticking my nose in. Carry on.</div><div><br></div><div>thanks</div><div>Andrew</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 23, 2014 at 9:14 AM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Fair point, Eoin. This issue is governed very differently from country-to-country. I consider this "operations" and think we should simply ask Paul his opinion and experience here and go from there.</div><div><br></div><div>Glad you brought this up, Fabio.<br><br>Aloha,<span class=""><br><div>--</div><div>Jim Manico</div><div>@Manicode</div><div><a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808) 652-3805</a></div></span></div><div><div class="h5"><div><br>On Sep 22, 2014, at 5:26 PM, Eoin Keary <<a href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div><div>We have an EU entity also.<br><br>Eoin Keary<div>Owasp Global Board</div><div><a href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353 87 977 2988</a></div><div><br></div></div><div><br>On 22 Sep 2014, at 21:40, Fabio Cerullo <<a href="mailto:fcerullo@owasp.org" target="_blank">fcerullo@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div>Eoin, the Foundation is based in the US so the background check should be originated there.<br></div><div><br></div><div>Jim, thanks for the support on this initiative... I also believe is reasonable to vet staff/Board.</div><div><br></div><div><div>Josh, regarding scope we could use the same as currently used for OWASP staff.</div></div><div><br></div><div>Paul, could you please provide an insight into how this is done for staff?</div><div><br></div><div>Thanks<br></div><div>Fabio</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 22, 2014 at 2:22 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    Good point, international rules are very wonky about this topic.<br>
    <br>
    But in general, when we can, background checks for board and staff
    seem reasonable.<span><font color="#888888"><br>
    <br>
    - Jim</font></span><div><div><br>
    <br>
    <div>On 9/22/14, 4:00 PM, Eoin Keary wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div>FYI,</div>
      <div><br>
      </div>
      <div>Background checking
        in Ireland is limited to protect privacy </div>
      <div><br>
      </div>
      <div><span style="font-family:'.HelveticaNeueUI';font-size:15px;line-height:19px;white-space:nowrap"><a href="http://www.dataprotection.ie/docs/Data-Protection-in-the-Workplace/1239.htm" target="_blank">http://www.dataprotection.ie/docs/Data-Protection-in-the-Workplace/1239.htm</a></span></div>
      <div><font face=".HelveticaNeueUI"><span style="font-size:15px;line-height:19px;white-space:nowrap"><br>
          </span></font></div>
      <div><font face=".HelveticaNeueUI"><span style="font-size:15px;line-height:19px;white-space:nowrap"><br>
          </span></font><br>
        <span>Eoin Keary</span>
        <div>Owasp Global Board</div>
        <div><a href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353 87 977 2988</a></div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 22 Sep 2014, at 18:11, Josh Sokol <<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <div dir="ltr">
            <div>I'm fine with this, but we would need to determine in
              advance what is deemed acceptable or unacceptable as it's
              not like a background check is a binary response
              (Good/Bad, Yes/No).<br>
              <br>
            </div>
            ~josh<br>
          </div>
          <div class="gmail_extra"><br>
            <div class="gmail_quote">On Mon, Sep 22, 2014 at 11:22 AM,
              Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
              wrote:<br>
              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                <div dir="auto">
                  <div>I'm thinking safely and protection of the org. We
                    do not want a felon running for the board, I think.
                    I'm still reading about this and it looks fairly
                    standard to background check those with legal duty
                    in the organization, which includes potential staff
                    hires and board....</div>
                  <span>
                    <div><br>
                      <div>--</div>
                      <div>Jim Manico</div>
                      <div>@Manicode</div>
                      <div><a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808)
                          652-3805</a></div>
                    </div>
                  </span>
                  <div>
                    <div>
                      <div><br>
                        On Sep 22, 2014, at 11:54 AM, Eoin Keary <<a href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>>
                        wrote:<br>
                        <br>
                      </div>
                      <blockquote type="cite">
                        <div>
                          <div>Fabio, to quote you:</div>
                          <div><br>
                          </div>
                          <div><span>"</span><span style="background-color:rgba(255,255,255,0)">As
                              we are gradually becoming more involved
                              with government bodies in the US and
                              abroad,.."</span></div>
                          <div><span style="background-color:rgba(255,255,255,0)"><br>
                            </span></div>
                          <div><span style="background-color:rgba(255,255,255,0)">Level
                              of commitment? By getting a background
                              check?</span></div>
                          <div><span style="background-color:rgba(255,255,255,0)"><br>
                            </span></div>
                          <div><span>Whatever suits the majority, I feel
                              it is a waste of time, has this been
                              requested yet?</span></div>
                          <div><span><br>
                            </span></div>
                          <div><span style="background-color:rgba(255,255,255,0)"><br>
                            </span></div>
                          <div><span style="background-color:rgba(255,255,255,0)"><br>
                            </span></div>
                          <div><br>
                            Eoin Keary
                            <div>Owasp Global Board</div>
                            <div><a href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353
                                87 977 2988</a></div>
                            <div><br>
                            </div>
                          </div>
                          <div><br>
                            On 22 Sep 2014, at 15:27, Fabio Cerullo <<a href="mailto:fcerullo@owasp.org" target="_blank">fcerullo@owasp.org</a>>
                            wrote:<br>
                            <br>
                          </div>
                          <blockquote type="cite">
                            <div>
                              <div dir="ltr">Eoin,
                                <div><br>
                                </div>
                                <div>This goes beyond the government
                                  bodies and shows a level of commitment
                                  from the Global Board elected
                                  representatives. It actually aligns
                                  quite nicely with what has been agreed
                                  about HR training for Board members in
                                  our last Board meeting.</div>
                                <div><br>
                                </div>
                                <div>I'm looking forward to your
                                  feedback.</div>
                                <div><br>
                                </div>
                                <div>Thanks</div>
                                <div>Fabio</div>
                              </div>
                              <div class="gmail_extra"><br>
                                <div class="gmail_quote">On Mon, Sep 22,
                                  2014 at 8:02 AM, Eoin Keary <span dir="ltr"><<a href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span>
                                  wrote:<br>
                                  <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                    <div dir="auto">
                                      <div>I think the government in
                                        question would request a
                                        background check if necessary.<span><font color="#888888"><br>
                                            <br>
                                            Eoin Keary
                                            <div>Owasp Global Board</div>
                                            <div><a href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353 87
                                                977 2988</a></div>
                                            <div><br>
                                            </div>
                                          </font></span></div>
                                      <div>
                                        <div>
                                          <div><br>
                                            On 22 Sep 2014, at 10:25,
                                            Fabio Cerullo <<a href="mailto:fcerullo@owasp.org" target="_blank">fcerullo@owasp.org</a>>
                                            wrote:<br>
                                            <br>
                                          </div>
                                          <blockquote type="cite">
                                            <div>
                                              <div dir="ltr">Guys,
                                                <div><br>
                                                </div>
                                                <div>As we are gradually
                                                  becoming more involved
                                                  with government bodies
                                                  in the US and abroad,
                                                  I think is important
                                                  to run a background
                                                  check for new and
                                                  current Global Board
                                                  members going
                                                  forward. </div>
                                                <div><br>
                                                </div>
                                                <div>Here is some
                                                  background info on the
                                                  subject:</div>
                                                <div><br>
                                                </div>
                                                <b>Background Checks,
                                                  Screening and Your
                                                  Nonprofit</b>
                                                <div><a href="http://www.nonprofitrisk.org/library/articles/backgroundchecks.shtml" target="_blank">http://www.nonprofitrisk.org/library/articles/backgroundchecks.shtml</a><br>
                                                </div>
                                                <div><b><br>
                                                  </b></div>
                                                <div><b>Screening and
                                                    Background Checking</b>
                                                  <div><a href="https://www.nonprofitrisk.org/advice/faqs/screening2.shtml" target="_blank">https://www.nonprofitrisk.org/advice/faqs/screening2.shtml</a><br>
                                                  </div>
                                                  <div><br>
                                                  </div>
                                                  <div>Please let me
                                                    know your thoughts.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>Thanks<br>
                                                    Fabio</div>
                                                  <div><br>
                                                  </div>
                                                  <div><br>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </blockquote>
                                        </div>
                                      </div>
                                      <span>
                                        <blockquote type="cite">
                                          <div><span>_______________________________________________</span><br>
                                            <span>Owasp-board mailing
                                              list</span><br>
                                            <span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                                            <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                                          </div>
                                        </blockquote>
                                      </span></div>
                                  </blockquote>
                                </div>
                                <br>
                              </div>
                            </div>
                          </blockquote>
                        </div>
                      </blockquote>
                      <blockquote type="cite">
                        <div><span>_______________________________________________</span><br>
                          <span>Owasp-board mailing list</span><br>
                          <span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                          <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                        </div>
                      </blockquote>
                    </div>
                  </div>
                </div>
                <br>
                _______________________________________________<br>
                Owasp-board mailing list<br>
                <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
                <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                <br>
              </blockquote>
            </div>
            <br>
          </div>
        </div>
      </blockquote>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div>
</div></blockquote></div></blockquote></div></div></div>
<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div>