The IoT Security Foundation (IoTSF or Foundation) has a mission to help secure the Internet of Things and ‘make it safe to connect’. We do this with a combination of activities such as producing best practice materials, frameworks, reference architectures, policy perspectives, industry reports, events, advocacy, special projects and outreach.
IoTSF believes that cyber security is a team sport which spans the globe, and we encourage collaboration at all levels, in all aspects – from product developers to purchasers to government policy.
IoTSF regional Chapters are a ‘grassroots activity’  and support our mission by:
- Extending the Foundation’s reach and promoting membership
- Physical networking and meetings.
- Highlighting specific local issues and enabling solutions.
- Maximising the proliferation of high quality IoT cyber security good practice
- Utilising the IoT Security Assurance Framework and Best Practice Guides (BPG’s)
- Extending contributions into working groups and creation of new working groups.
- Local translation of BPG’s.
- IoT Security Training.
- Raising awareness of, and helping to align international policy, reducing risk of divergent standards and practice
- Exploring liaisons and collaborations with regional institutions and standards bodies.
- Developing relationships with local and national government agencies.
Note:  Grassroots refers to the IoTSF membership, hence ‘grassroots activity’ means that member volunteers are leading their own regional agendas and activity based on their local priorities and interests – whilst maintaining alignment to the overall IoTSF mission.
Back to Top
Chapter Operation Overview
The IoT Security Foundation is a not-for-profit membership service of TechWorksHub Ltd. (a company limited by guarantee) which derives its funding through membership fees and other supplementary income streams.
The Foundation aims to keep membership costs as low as possible and minimise the bureaucracy of Chapter operations. This is to ensure that maximum effort can be applied to supporting the mission to ‘make it safe to connect’ and helping to secure the IoT.
Chapters are run with local IoTSF-member volunteers providing leadership and conforming to a set of rules/policies that are detailed here, providing consistency and efficiency of operation.
Chapters are run within a localised region and are self-sufficient with coordination and administrative support from Foundation staff. Chapters determine their own schedule of events and meetings, areas of specific interests etc., and manage their activity locally via the Chapter leadership team.
Chapters raise their own funding and are financially independent of the Foundation with Chapter leaders responsible for maintaining their own records as necessary.
The Foundation operates on the basis of continuous improvement and additions to these rules/policies are anticipated as the Chapter model matures.
Back to Top
How to start a Chapter
If you are interested in starting a new IoTSF Chapter, you should submit an application form to the Foundation – see side bar or click here to download the form. Your application will be acknowledged within 3 working days and you will receive a response no later than 15 working days.
- Chapters can only be created by IoTSF members.
- There should be at least 4 founder members from 3 independent organisations that will provide the leadership and management of the Chapter. There must be at least 2 corporate members represented in the leadership and management team. See also the section on Governance.
- Each Chapter must nominate a Primary Point of Contact and a deputy for the Foundation administration liaison and provide phone numbers. Central contact points may be rotated/updated as determined by the leadership group.
NOTE: Chapters will consist of IoTSF members and its Patrons (to differentiate from “IoTSF members”) which may include Chapter Supporters/Partners, Stakeholders of IoT security (e.g. Government representatives, other industry groups etc.), and Event Participants. By definition, IoTSF Chapter Patrons do not need to be members of IoTSF to participate in Chapter events, yet would need to become a member to take part in working groups etc.
Founders and Leaders
Each founder and/or leader member must provide:
- A personal statement as to why he/she would like to be a Chapter leader.
- A brief overview of their professional career and interests.
- Confirmation that the leader is a member of the Foundation either via their corporation or as a professional member.
- Confirmation that the leader has read and understands the guidelines, terms and conditions contained in this document.
- Leaders are expected to uphold the reputation of the IoT Security Foundation and follow an ethical code of conduct which includes:
- Abiding by the Foundation’s membership ‘appropriate business practices’ described on the membership application form.
- Behaving within the spirit of the Foundation: Being honest, faithful and diligent in discharging Chapter responsibilities, performing duties to a high standard, working with high moral principle and in accordance with the law.
- Safeguard privacy of Chapter Patrons.
- No spam.
- Vendor neutrality.
- Spend funds on legitimate Chapter activity only.
- Non-discriminatory – Diverse and Inclusive.
Supporters and Partner Organisations
We encourage Chapters to pursue an inclusive multi-stakeholder approach when forming and operating a Chapter.
When applying to start a new chapter, list information for any individuals, groups or organizations that will be supporting or partner with the proposed Chapter. Be sure to indicate the role that they will take (e.g. sponsor, event partner etc.) together with contact details as necessary.
Representatives of Chapters are encouraged to further participate in other, relevant, local events to act as ambassadors for IoTSF and champions for good IoT security.
Chapters are also encouraged to partner with other groups to co-plan and run events where IoT security is a major theme.
Whilst it is acceptable to host meetings virtually – IoTSF Chapters are intended to act locally through the organisation of meetings, events and other activities (such as working groups or training for example) in a defined geographic area.
There is no fixed area for a Chapter to cover however it is not anticipated to cover more than a radius of 50 miles / 80 Kilometres from the regions centre. Chapter leaders should ideally work or live in/close to the region covered by the Chapter. However, this is not a limiting requirement so long as the Chapter leader (a) commits to being attendant for the majority of the localised activities and (b) lives within the same country.
Should Chapter applicants believe it is in the best interest of the Foundation’s mission to cover a larger area, they may make their case as part of the application process. In the event that a larger area is authorised, it is done so on the explicit understanding that it may be necessary to revise the arrangement from time to time should further applications be seen to be justified and accepted within (or overlapping with) an existing region. In such a case, the Foundation will work with the existing Chapter to appropriately rename it and to reflect the new arrangement. For the avoidance of doubt, applicants are encouraged to work within existing regions in the first instance – for example by becoming part of the leadership team.
Chapters should be named to represent the immediate city, town or region covered by the Chapter. Only one Chapter per region is allowed to operate.
Example names could be IoTSF-Munich, IoTSF-Bangalore, IoTSF-NewYork, IoTSF-Stockholm, IoTSF-Tokyo etc.
Chapter locations can be checked via the IoTSF website.
Authorization (Approval process)
Once a Chapter application has been received, reviewed and checked (for authenticity, conflict and/or duplication) by Foundation staff, the founders will be notified that they are authorised to commence Chapter activities.
A Chapter will hold a probationary status during its first year of operation in which Chapter leaders commit to establish the Chapter and plan to make it sustainable thereafter. Chapter leaders will review the progress of activities with Foundation staff at the end of the first year to determine its status and further opportunity.
Goals for the first year of the Chapter’s operation
When starting a new Chapter, it is important to establish a number of goals to support the successful establishment of activity. Your first year stated goals should be included in your application form with the minimum requirements of [e.g. 2] Chapter leadership meetings and [e.g. 2] Chapter events, with a minimum of [e.g. 30] attendees per gathering accruing at least [e.g. 50] opt-in Patrons on the Chapter communication list by the end of the first year.
Applicants are encouraged thereafter to set sustainable annual activity and engagement goals to ensure the Chapter is vibrant and healthy.
Back to Top
Running a Chapter is a team effort, and the Foundation encourages sharing the effort to make sure there is enough provision to ensure the Chapter runs smoothly and does not rely on any single individual or present a single point of failure in operation.
Chapter leaders are responsible for making sure that the Chapter functions properly and that the schedule of meetings are planned, promoted and delivered to a professional standard.
Chapter leaders are the main contact points that are responsible for answering all questions locally relating to the Chapters operating activities within a reasonable timeframe.
Chapter leaders will have their contact details displayed on the Chapter homepage.
Chapter leaders are encouraged to hold regular steering meetings – for example 6 weeks before each event – and aim to reach a consensus on planned activities.
Each Chapter is encouraged to display their plans for the year on their homepage. As a minimum, the next event in the schedule must be displayed.
For the health of the Chapter, leaders that wish to stand down are encouraged to identify a replacement and plan for succession. Where this is not possible, or is unavoidable due to sudden/unexpected events, leaders should notify the Foundation administration team at their earliest opportunity so staff may assist the successful transfer of leadership with minimal interruption to the Chapter’s activities.
Chapters raise their own funding locally and are financially independent of the Foundation.
For the avoidance of doubt, funding/income generated through Chapter activities may only be used for legitimate operating expenses such as venues, refreshments, IT costs etc.
Chapter leaders are expected to manage and maintain their own financial records. These should be transparent and made available to the leaders and/or the Foundation upon request.
NOTE: As the Chapter model matures and the numbers grow, we anticipate a Financial Handbook will be issued with further guidance.
Chapters operate as independent local branches of the Foundation and are not legal entities in their own right. They operate to high professional standards, consistent with the IoTSF constitution as part of the membership agreement.
Whilst it is envisaged that Chapters will operate without the need for a local legal entity, it may be deemed necessary by the Chapter’s leadership and appropriate to create one (with leaders acting as directors). In this scenario, leaders should liaise with Foundation staff for further guidance.
Chapter leaders are not authorised to sign documents on behalf of the Foundation whether they are legal contracts or other forms which may confer a form of commitment. If such a need emerges, Chapter leaders should contact the Foundation administration staff for advice.
Disagreement or Disputes
Chapters are encouraged to gain a consensus on matters where views differ and handle disputes locally, with leaders acting professionally and without bias or prejudice. There may be situations where this is not possible, in such situations use the guidance below to escalate your concerns:
Address your concerns directly to the Chapter leader listed on the homepage.
- If your concerns cannot be resolved through the Chapter leader, contact the IoTSF administration team and inform them of your issues.
- If you are still not satisfied with the outcome you may express your concerns to the IoTSF Managing Director or an Executive Steering Board (ESB) member.
- The Managing Director / ESB member will endeavour to resolve issues professionally, fairly and equitably.
- At this stage, a resolution will be deemed to be final.
Through these steps we trust that any/all concerns can be resolved.
Back to Top
Regular communications and up-to-date information are essential for the successful operation and health of the Chapter. To assist Chapter leaders, the Foundation provide the following basic support mechanisms to ensure each Chapter has a common/consistent basis to communicate.
The Chapter homepage on the Foundation website is the ‘go to’ place to get an update on all Chapter activities, where existing and interested parties can find out more about what’s on.
The minimum requirement for the Chapter homepage is:
- Information about the Chapter leaders and contact information.
- Link to sign-up to the Chapter communication list.
- Upcoming and past events.
Chapters will be issued with a branding kit for marketing purposes which includes a bespoke Chapter logo and usage guidelines.
Each Chapter leader will require a bespoke email account so that they may separate the Chapter activity from their personal/work accounts.
This email account may expire when a leader stands down from official duties.
The platform that IoTSF currently uses for each Chapter community public communications (communications list) is MeetUp. This provides a simple and easy way to update the Chapter community on upcoming events and news-worthy items. The Chapter MeetUp will be setup for each Chapter and Chapter leaders will administer, operate, moderate and maintain the platform.
The MeetUp platform should be used with the following guidance:
- Communications which constitute ‘spam’ should be avoided and are frowned upon by the Foundation. Spam can take many forms and there may be a fine line between what is useful (welcome/acceptable) to the many, and what is not.
- In general, only communications which are directly relevant to the successful working of Chapter, or are deemed important updates (at the discretion of the leadership-by-consensus) are acceptable.
- Sales promotions or advertising out-of-region or out-of-scope should be avoided.
Back to Top
A primary function of Chapters is to proliferate awareness and guidance of IoT security. This opens up many possibilities and the Foundation encourages Chapters to be innovative in the way they achieve this objective.
As a starting point, Chapters should promote the awareness and use of the freely available materials produced by the Foundation through events and communications.
Chapters are encouraged to consider producing translations when necessary/appropriate. These materials can be offered back to the Foundation for additional free download from its website with acknowledgements to the individuals making contributions. Note that translations should be pure and not introduce any new requirements or items in the process to ensure consistency. Should new requirements be identified, additions/proposals should be fed into the applicable Working Group for consideration to add to the master documents.
Chapters may also consider proposing the formation of new Working Groups or Project Groups across the IoTSF main membership based on local interests and in-line with regular IoTSF member activities/benefits.
Chapters are expected to provide appropriate/relevant updates to the Foundations regular newsletter.
Chapters are encouraged to contribute blog posts to the Foundations website. When new chapters are formed, a blog post is encouraged to introduce and help promote the chapter and its leadership.
Chapters are expected to help promote the Foundations annual conference and new publications as they become available or are updated.
Members of the leadership team will likely be security evangelists, natural networkers and constantly interested to reach out to like-minded individuals and companies – and even those that need to be made aware. As such the Foundation encourages the leadership team to be active in making contact with stakeholders in your region including local industry, government, related special interest groups, academia and educational institutions, students – anyone who can benefit from learning about IoT cybersecurity or who can contribute to the Chapters activity.
We also encourage reaching out to local media to help promote the Chapter and the importance IoT cybersecurity for commerce, industry, consumers and citizens.
As part of this activity, Chapter leaders should encourage contacts to join the Chapter member communication list.
Public events are encouraged yet individual meetings are at the discretion of the Chapter leadership – they can be restricted to members, invite only or open to the public.
The central IoTSF marketing team uses a number of channels for communication and promotional activities including twitter, LinkedIn and Facebook.
Chapters are encouraged to use social media. No specific guidance is currently provided, and Chapter leaders may determine the best channels for their region and community.
Organising meetings / events
More details will be added here with the help of members once Chapters are in operation – the headers provide a framework only at this stage.
Advice for organising a meeting
- Things to consider before, during, and after your event
- Getting good speakers
- Suitable venue, time and date
In order to grow and operate your Chapter it is likely you will need to gain funding or support in-kind from associated companies or local businesses. There are several ways in which to raise money or gain support for local Chapters to cover operating expenditure.
Events and/or meetings can be sponsored by local companies to cover the costs of venues and/or refreshments (as appropriate). It is common practice that local companies may give access to office space or meeting rooms to host events without the need for monetary exchange. Additionally, local businesses are often amenable to directly covering the costs of refreshments etc., in exchange for the opportunity to be listed as an event sponsor and/or say a few words about their business as part of the activity.
Sponsorship benefits and packages are determined locally and may cover a single event, multiple events or simply as a Chapter supporter for a year (for example).
Chapter leaders and event organisers have a duty of care to other members and patrons.
Whilst there are few physical risks or liabilities in running a Chapter, leaders are expected to consider the health and safety of their patrons in all matters surrounding the operation of the Chapter both digitally and physically – for example, when running a physical meeting ensure the venue has suitable fire precautions/evacuation procedures and that the space is free of hazards in terms of slips, trips and falls etc.
Back to Top
It is important to the mission of the Foundation and the health of Chapter operations that Chapters operate at, or above a minimum level of activity.
A Chapter will be deemed inactive if no activity has taken place for 12 months, there is no publicly planned activity in the forthcoming 6 months and/or the Chapter leadership is unresponsive/no longer active.
Chapter leaders are encouraged to make contact with the Foundation staff if they need help or would like to reasonably extend the period for being listed as inactive.
Restarting a Chapter
An inactive Chapter may be listed as inactive on the Foundation website and open for new applications of leadership.
Closing a Chapter
In certain situations when, by mutual agreement between the Chapter leadership and the Foundation, the Chapter is determined to be closed. In this situation the Chapter will be de-listed from the Foundation website and fresh applications will be possible.
Back to Top