The Organizational Security Community (orgsec community, orgsec.community) is formed by a diverse group of practitioners, with different backgrounds and approaches, working across the world to support their communities. The community is committed to providing a safe and welcoming environment for addressing and discussing issues related to the holistic and digital security of the communities in which we work. In particular, we aim to banish any shame or stigma surrounding digital security mistakes or hacking, so we encourage all those involved to approach interactions with open, listening and supportive attitudes, and to engage constructively with others at all times.
More specifically, Organizational Security Community spaces are committed to promote the following values:
Confidentiality: We will handle all incoming information confidentially and will not disclose it to third parties without consent. We will handle incoming information responsibly and protect it against inadvertent disclosure to unauthorised parties. The security of the methods of storing and transmitting information inside or outside the orgsec.community will be appropriate to its sensitivity.
Collaboration: We have a strong commitment towards fostering solidarity, connection, cooperation and a sense of community in our convening spaces.
Inclusivity: We believe in the importance of diversity in a way that fosters non-discrimination, free expression, participation and equality.
Do-No-Harm: We are aware of how our actions, behaviors and ways of communicating can have a positive or negative effect on the people surrounding us, and try to mitigate these as much as possible. We are aware of the elements affecting our own position of power, and make space for acknowledging these structures within orgsec.community spaces. The Organizational Security Community is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, religion (or lack thereof), technology choices, skill set or level of knowledge. We do not tolerate harassment of community members in any form. Anyone who violates this code of conduct may be sanctioned or expelled from these spaces at the discretion of the orgsec.community Response Team.
This code of conduct applies to all Organizational Security Community spaces, either in online interactions or associated events or social gatherings. Members and participants are responsible for knowing the values promoted by the orgsec community, which are detailed in this document, and abiding by the rules detailed below. If you are being, or have previously been, harassed by a person involved in the organizational security community outside our spaces, we still want to know about it. We will take all good-faith reports of harassment seriously.
Harassment may occur online or in person. Examples of unacceptable behavior include:
We prioritise marginalised people’s safety over privileged people’s comfort.
Our team will not act on complaints regarding:
Let someone leave a conversation that makes them uncomfortable, and do not follow people who asked to be left alone. If you discuss difficult topics that may be traumatic for participants, provide warnings so people may leave a conversation or plan coping strategies.
If you are being harassed, notice that someone else is being harassed, or have any other concerns, please notify by sending an email to orgsec.community-editor@lists.riseup.net. This group of volunteers rotates every year within the community and this list is always updated to reflect the current group.
Reports are confidential. You will not be asked to take actions that make you feel unsafe. If the person who is harassing you is part of the Response Team, they will be recused from handling your incident. We will respond as promptly as we can within 2 weeks.
Participants asked to stop any harassing behavior are expected to comply immediately. If a participant engages in harassing behavior, the Response Team may take any action they deem appropriate, up to and including expulsion from all orgsec.community spaces and identification of the participant as a harasser to other orgsec.community members or the general public.
The Response Team will contact the reported person in order to inform them about the process and give them an opportunity to respond. The Response Team reserves the right to exclude people from the organizational security community based on their past behavior, including behavior outside orgsec.community spaces. We will respect confidentiality requests for the purpose of protecting victims of abuse. At our discretion, we may privately warn third parties about reported persons, if we believe that doing so will increase the safety of partners or people involved with orgsec.community. We will not name harassment victims without their affirmative consent.
This policy is licensed under the Creative Commons Zero license. It is public domain, no credit and no open licensing of your version is required. This Code of Conduct was adapted from the Rapid Response Networks' Code of Practice Code of Conduct, which is itself based on the example policy from the Geek Feminism wiki, created by the Geek Feminism community, and also the Code Of Conduct Generator. This Code of Conduct was also inspired by the Internet Freedom Code of Conduct.