Introduction

Your invitation to create a local Chapter

Welcome to the IoT Security Foundation’s Chapter pages. Here, we invite you to help proliferate good IoT security practices and drive the cybersecurity agenda wherever you are in the world – by creating a chapter and local network of like-minded professionals, organisations and stakeholder groups.

We believe in keeping things simple

After reviewing many other international organisations’ approach to local chapters we can see things can get very complicated, very quickly. Our aim is clear; reduce the burden of bureaucracy, administration and costs and maximise the effort in helping to secure the IoT – creating economic and social value as an outcome.

Below you will see guidance on how to set up an IoTSF Chapter and what is expected to make sure it is aligned with our core mission of ‘make it safe to connect’ – simple rules, maximum autonomy yet clear alignment to the mission and values of the Foundation.

Simple steps:

  1. Review the notes below
  2. Gather your local associates
  3. Apply and get going

We look forward to working with you to make it safe to connect.

Chapter Purpose

The IoT Security Foundation (IoTSF or Foundation) has a mission to help secure the Internet of Things and ‘make it safe to connect’. We do this with a combination of activities such as producing best practice materials, frameworks, reference architectures, policy perspectives, industry reports, events, advocacy, special projects and outreach.

IoTSF believes that cyber security is a team sport which spans the globe, and we therefore encourage collaboration at all levels, in all aspects – from product developers to purchasers to government policy. 

IoTSF regional Chapters are a ‘grassroots’ activity and support our mission by:

  • Maximising the proliferation of high quality IoT cyber security good practice
  • Highlighting specific local issues and enabling solutions
  • Production of good practice materials: Extending contributions into working groups and creation of new working groups.
  • Translating best practice materials for wider consumption 
  • Extending the Foundation’s reach and promoting membership 
  • Exploring liaisons and collaborations with local institutions
  • Developing relationships with National governments.
  • Raising awareness of, and helping to align international policy, reducing risk of divergent standards and practice.

Note: Grassroots refers to the IoTSF membership, hence ‘grassroots activity’ means that member volunteers are leading their own regional agendas and activity based on their local priorities and interests – whilst maintaining alignment to the overall IoTSF mission.

Back to Top

Chapter Operation Overview

The IoT Security Foundation is a not-for-profit initiative of TechWorksHub Ltd. (a company limited by guarantee) which derives its activity funding through membership and supplementary income streams that can include sponsorship, donation and project work. 

The Foundation aims to keep membership costs as low as possible and to minimise administration and bureaucracy of Chapter operations. This is to ensure efficiency and that maximum effort can be applied to supporting the mission to ‘make it safe to connect’ by helping to secure the IoT. In this regard, the Foundation operates on the basis of continuous improvement and additions/developments will likely be necessary as the Chapter model matures and evolves.

Geographic Chapters are run with local IoTSF-member volunteers providing leadership and conforming to a set of rules/policies that provide consistency of operations and efficiency of operation.

Chapters are run within a localised region and are largely self-sufficient with support from the central Foundation administration. Chapters determine their own schedule of events and meetings, areas of specific interests etc., and manage their activity locally via the Chapter leadership team.

Chapters are financially independent of the Foundation and Chapter leaders are responsible for maintaining their own records as necessary.

Back to Top

How to start a Chapter

If you are interested in starting a new IoTSF Chapter, you should submit an application form to the Foundation – see side bar or click here to download the form. Your application will be acknowledged within 3 working days and you will receive a response no later than 15 working days.

Pre-requisites

Chapters can only be created by IoTSF members.

NOTE: Chapters will have Patrons (to differentiate from “IoTSF members”) and will be made up of IoTSF members, Supporters/Partners, Stakeholders, and Event Participants. By definition, IoTSF Chapter Patrons do not need to be members of IoTSF.

Each Chapter must nominate a Primary Point of Contact and a deputy for the Foundation administration liaison and provide phone numbers. Central contact points may be rotated/updated as determined by the leadership group.

There should be at least 4 founder members from 3 independent organisations that will provide the leadership and management of the Chapter. See also the section on Governance.

Founders and Leaders

Each founder and/or leader member must provide:

  • A personal statement as to why he/she would like to be a Chapter leader
  • A brief overview of their professional career and interests.
  • Confirmation that the leader is a member of the Foundation either via their corporation or as a professional member.
  • Confirmation that the leader has read and understands the guidelines, terms and conditions contained in this document.
  • Leaders are expected to uphold the reputation of the IoT Security Foundation and follow an ethical code of conduct which includes:
    • Abiding by the Foundation’s membership ‘appropriate business practices’ described on the membership application form.
    • Behaving within the spirit of the Foundation: Being honest, faithful and diligent in discharging Chapter responsibilities, performing duties to a high standard, working with high moral principle and in accordance with the law.
    • Safeguard privacy of Chapter Patrons 
    • No spam
    • Vendor neutrality
    • Spend funds on legitimate Chapter activity only
    • Non-discriminatory – Diverse and Inclusive

Supporters and Partner Organisations

We encourage Chapters to pursue an inclusive multi-stakeholder approach when forming and operating a Chapter. 

When applying to start a new chapter, list information for any individuals, groups or organizations that will be supporting or partner with the proposed Chapter. Be sure to indicate the role that they will take (e.g. sponsor, event partner etc.) together with contact details as necessary.

Representatives of Chapters are encouraged to further participate in other, relevant, local events to act as ambassadors for IoTSF and champions for good IoT security.

Chapters are also encouraged to partner with other groups to co-plan and run events where IoT security is a major theme.

Regional coverage

Whilst it is acceptable to host meetings virtually – IoTSF Chapters are intended to act locally through the organisation of meetings, events and other activities (such as working groups  or training for example) in a defined geographic area.

There is no fixed area for a Chapter to cover however it is not anticipated to cover more than a radius of 50 miles / 80 Kilometres from the regions centre. Chapter leaders should ideally work or live in/close to the region covered by the Chapter. However, this is not a limiting requirement so long as the Chapter leader (a) commits to being attendant for the majority of the localised activities and (b) lives within the same country.

Should Chapter applicants believe it is in the best interest of the Foundation’s mission to cover a larger area, they may make their case as part of the application process. In the event that a larger area is authorised, it is done so on the explicit understanding that it may be necessary to revise the arrangement from time to time should further applications be seen to be justified and accepted within (or overlapping with) an existing region. In such a case, the Foundation will work with the existing Chapter to appropriately rename it and to reflect the new arrangement. For the avoidance of doubt, applicants are encouraged to work within existing regions in the first instance – for example by becoming part of the leadership team. 

Naming

Chapters should be named to represent the immediate city, town or region covered by the Chapter. Only one Chapter per region is allowed to operate.

Example names could be IoTSF-Munich, IoTSF-Bangalore, IoTSF-NewYork, IoTSF-Stockholm, IoTSF-Tokyo etc.

Chapter locations can be checked via the IoTSF website [here].

Authorization (Approval process)

Once a Chapter application has been received, reviewed and checked (for authenticity, conflict and/or duplication) by Foundation staff, the founders will be notified that they are authorised to commence Chapter activities.

A Chapter will hold a probationary status during its first year of operation in which Chapter leaders commit to establish the Chapter and plan to make it sustainable thereafter. Chapter leaders will review the progress of activities with Foundation staff at the end of the first year to determine its status and further opportunity.

Goals for the first year of the Chapter’s operation

When starting a new Chapter, it is important to establish a number of goals to support the successful establishment of activity. Your first year stated goals should be included in your application form with the minimum requirements of [e.g. 2] Chapter leadership meetings and [e.g. 2] Chapter events, with a minimum of [e.g. 30] attendees per gathering accruing at least [e.g. 50] opt-in Patrons on the Chapter distribution list by the end of the first year.

Applicants are encouraged thereafter to set sustainable annual activity and engagement goals to ensure the Chapter is vibrant and healthy.

Back to Top

Governance

Leadership

Running a Chapter is a team effort, and the Foundation encourages sharing the effort to make sure there is enough provision to ensure the Chapter runs smoothly and does not rely on any single individual or present a single point of failure in operation. 

Chapter leaders are responsible for making sure that the Chapter functions properly and that the schedule of meetings are planned, promoted and delivered to a professional standard.

Chapter leaders are the main contact points that are responsible for answering all questions locally relating to the Chapters operating activities within a reasonable timeframe.

Chapter leaders will have their contact details displayed on the Chapter homepage.

Chapter leaders are encouraged to hold regular steering meetings – for example 6 weeks before each event – and aim to reach a consensus on planned activities.

Each Chapter is encouraged to display their plans for the year on their homepage. As a minimum, the next event in the schedule must be displayed.

For the health of the Chapter, leaders that wish to stand down are encouraged to identify a replacement and plan for succession. Where this is not possible, or is unavoidable due to sudden/unexpected events, leaders should notify the Foundation administration team at their earliest opportunity so staff may assist the successful transfer of leadership with minimal interruption to the Chapter’s activities.

Chapter Finances

Chapters finances are independent of the Foundation and Chapter leaders are expected to maintain their own records.

For guidance and the avoidance of doubt, income generated through Chapter activities may only be used for legitimate operating expenses such as venues, refreshments, IT costs etc.

As a principle, Chapter finances should be transparent and records made available to the leaders and/or the Foundation when requested.

[NOTE: As the number Chapters grow, and the model matures, it is expected a Financial Handbook will be created]

Chapters operate as independent local branches of the Foundation and are not legal entities in their own right. They operate to high professional standards, consistent with the IoTSF constitution as part of the membership agreement.

Whilst it is envisaged that Chapters will operate without the need for a local legal entity, it may be deemed necessary by the Chapters leaders and appropriate to create one (with leaders acting as directors). In this scenario, leaders should liaise with Foundation staff for further guidance.

Signing Documents

Chapter leaders are not authorised to sign documents on behalf of the Foundation whether they are legal contracts or other forms which may confer a form of commitment. If such a need emerges, Chapter leaders should contact the Foundation administration staff for advice.

Disagreement or Disputes

Chapters are encouraged to gain a consensus on matters where views differ and handle disputes locally, with leaders acting professionally and without bias or prejudice. There may be situations where this is not possible, in such situations use the guidance below to escalate your concerns:

Address your concerns directly to the Chapter leader listed on the homepage.

    1. If your concerns cannot be resolved through the Chapter leader, contact the IoTSF administration team and inform them of your issues.
    2. If you are still not satisfied with the outcome you may express your concerns to the IoTSF Managing Director or an Executive Steering Board (ESB) member.
    3. The Managing Director / ESB member will endeavour to resolve issues professionally, fairly and equitably.
    4. At this stage, a resolution will be deemed to be final.

Through these steps we trust that any/all concerns can be resolved.

Back to Top

Communications

Regular communications and up-to-date information are essential for the successful operation and health of the Chapter. To assist Chapter leaders, the Foundation provide the following basic support mechanisms to ensure each Chapter has a common/consistent basis to communicate.

Website Homepage

The Chapter homepage on the Foundation website is the ‘go to’ place to get an update on all Chapter activities, where existing and interested parties can find out more about what’s on.

The minimum requirement for the Chapter homepage is:

    • Information about the Chapter leaders and contact information.
    • Link to sign-up to the Chapter mailing list.
    • Upcoming and past events.

Chapter Branding

Chapters will be issued with a branding kit for marketing purposes which includes a bespoke Chapter logo and usage guidelines.

Chapter Contacts

Leaders Contact Email

Each Chapter leader will require a bespoke email account so that they may separate the Chapter activity from their personal/work accounts.

This email account may expire when a leader stands down from official duties.

Chapter Community Mailing List

Mailing lists provide a simple and easy way to update the Chapter community on upcoming events and news-worthy items. A Chapter mailing list will be setup for each Chapter and Chapter leaders will administer, operate, moderate and maintain the list locally.

Mailing lists should be used with the following guidance:

    • Emails which constitute ‘spam’ should be avoided and are frowned upon by the Foundation. Spam can take many forms and there may be a fine line between what is useful (welcome/acceptable) to the many, and what is not.
    • In general, only communications which are directly relevant to the successful working of Chapter, or are deemed important updates (at the discretion of the leadership-by-consensus) are acceptable.
    • Sales promotions or advertising out-of-region or out-of-scope should be avoided.

Back to Top

Chapter Activity

A primary function of Chapters is to proliferate awareness and guidance of IoT security. This opens up many possibilities and the Foundation encourages Chapters to be innovative in the way they achieve this objective.

As a starting point, Chapters should promote the awareness and use of the freely available materials produced by the Foundation through events and communications.

Chapters are encouraged to consider producing translations when necessary/appropriate. These materials can be offered back to the Foundation for additional free download from its website with acknowledgements to the individuals making contributions. Note that translations should be pure and not introduce any new requirements or items in the process to ensure consistency. Should new requirements be identified, additions/proposals should be fed into the applicable Working Group for consideration to add to the master documents.

Chapters may also consider proposing the formation of new Working Groups or Project Groups across the IoTSF main membership based on local interests and in-line with regular IoTSF member activities/benefits.

Chapters are expected to provide appropriate/relevant updates to the Foundations regular newsletter.

Chapters are encouraged to contribute blog posts to the Foundations website. When new chapters are formed, a blog post is encouraged to introduce and help promote the chapter and its leadership.

Chapters are expected to help promote the Foundations annual conference and new publications as they become available or are updated.

Networking, Outreach and Promoting the Chapter

Members of the leadership team will likely be security evangelists, natural networkers and constantly interested to reach out to like-minded individuals and companies – and even those that need to be made aware. As such the Foundation encourages the leadership team to be active in making contact with stakeholders in your region including local industry, government, related special interest groups, academia and educational institutions, students – anyone who can benefit from learning about IoT cybersecurity or who can contribute to the Chapters activity.

We also encourage reaching out to local media to help promote the Chapter and the importance IoT cybersecurity for commerce, industry, consumers and citizens.

As part of this activity, Chapter leaders should encourage contacts to join the Chapter member email list.

Public events are encouraged yet individual meetings are at the discretion of the Chapter leadership – they can be restricted to members, invite only or open to the public.

Social media

The central IoTSF marketing team uses a number of channels for communication and promotional activities including twitter, LinkedIn and Facebook. 

Chapters are encouraged to use social media. No specific guidance is currently provided, and Chapter leaders may determine the best channels for their region and community. 

Organising meetings / events

More details will be added here with the help of members once Chapters are in operation – the headers provide a framework only at this stage.

Advice for organising a meeting

  • Things to consider before, during, and after your event
  • Getting good speakers
  • Suitable venue, time and date
  • Catering
  • Sponsors
  • Promotion

Local Support

In order to grow and operate your Chapter it is likely you will need to gain funding or support in-kind from associated companies or local businesses. There are several ways in which to raise money or gain support for local Chapters to cover operating expenditure.

Sponsorship

Events and/or meetings can be sponsored by local companies to cover the costs of venues and/or refreshments (as appropriate). It is common practice that local companies may give access to office space or meeting rooms to host events without the need for monetary exchange. Additionally, local businesses are often amenable to directly covering the costs of refreshments etc., in exchange for the opportunity to be listed as an event sponsor and/or say a few words about their business as part of the activity.

Sponsorship benefits and packages are determined locally and may cover a single event, multiple events or simply as a Chapter supporter for a year (for example).

Risk Management

Chapter leaders and event organisers have a duty of care to other members and patrons.

Whilst there are few physical risks or liabilities in running a Chapter, leaders are expected to consider the health and safety of their patrons in all matters surrounding the operation of the Chapter both digitally and physically – for example, when running a physical meeting ensure the venue has suitable fire precautions/evacuation procedures and that the space is free of hazards in terms of slips, trips and falls etc.

Back to Top

Inactive Chapters

It is important to the mission of the Foundation and the health of Chapter operations that Chapters operate at, or above a minimum level of activity.

A Chapter will be deemed inactive if no activity has taken place for 12 months, there is no publicly planned activity in the forthcoming 6 months and/or the Chapter leadership is unresponsive/no longer active.

Extension Period

Chapter leaders are encouraged to make contact with the Foundation staff if they need help or would like to reasonably extend the period for being listed as inactive.

Restarting a Chapter 

An inactive Chapter may be listed as inactive on the Foundation website and open for new applications of leadership.

Closing a Chapter

In certain situations when, by mutual agreement between the Chapter leadership and the Foundation, the Chapter is determined to be closed. In this situation the Chapter will be de-listed from the Foundation website and fresh applications will be possible.

Back to Top