A number of members of the ISACA London Chapter have raised their considerations over the e-voting system launched for the Chapter’s upcoming Extraordinary Basic Assembly (EGM) on March 13.
Through the occasion, members of ISACA’s London Chapter will elect the following board of administrators. ISACA London Chapter is the most important of 228 ISACA regional chapters, with over 5500 members. Every ISACA chapter is an unbiased, self-governing group.
Members of the London Chapter unable to attend the occasion have been allowed to nominate a consultant to vote on-line on their behalf by 6 pm GMT on March 11, 2025.
In a LinkedIn publish printed on March 12, Allan Boardman, Founding father of CyberAdvisor.London and Committee Member of ISACA’s Licensed Knowledge Privateness Options Engineer (CDPSE) certification, criticized the e-voting system.
He stated it was “deployed unexpectedly” and “with out the required safety measures and scrutiny, undermining the integrity of our governance course of.”
Among the shortcomings talked about by Boardman embrace:
- An absence of authentication: Boardman claimed that the e-voting system solely depends on a membership quantity with no secondary verification, which he stated poses a big safety danger
- An absence of e-mail affirmation: Boardman stated voters obtain no affirmation post-vote, eradicating any private audit capabilities and exposing the system to potential fraud
He stated that these shortcomings might expose the e-voting system to malicious exercise.
“For example, hypothetically, if somebody with unrestricted entry to the membership database, which incorporates ISACA IDs, have been to take advantage of this entry, it might result in a number of unauthorized votes being forged undetected,” he stated
“It is vital to notice that entry to this complete database is offered to a number of board members,” he added.
Moreover, Sarb Sembhi, CTO at Just about Knowledgeable Restricted, informed Infosecurity that members of the ISACA London Chapter weren’t knowledgeable that their private knowledge can be shared with the agency facilitating the e-vote.
Confusion was additionally prompted when an e-mail despatched to members on behalf of the e-voting agency gave the impression to be from ISACA World, slightly than the ISACA London Chapter.
Whereas the e-mail, which Infosecurity had entry to, displayed a banner exhibiting ‘ISACA London Chapter,’ the e-mail topic talked about “Your probability to vote within the ISACA EGM.”
Responding to this criticism, a spokesperson for ISACA World informed Infosecurity that the message was not despatched from ISACA World.
Questions Over ISACA Privateness Coverage and GDPR
Moreover, Boardman believes that the e-voting system violates each the UK’s Basic Knowledge Safety Regulation (UK GDPR) and ISACA London Chapter’s personal Privateness Coverage, which doesn’t authorize sharing members’ knowledge for e-voting.
“Regardless of having raised these considerations with the chapter management on a number of events, there was a scarcity of motion to handle these vulnerabilities,” Boardman added.
The complainant urged all members of ISACA London Chapter to “demand a full and unbiased investigation and audit of the e-voting course of.”
Though the deadline for e-voting has handed, he recommended members attend the EGM on March 13 and “use your voice to problem the present practices.”
ISACA London Chapter Board Says E-Vote is Compliant
Talking to Infosecurity, a spokesperson for ISACA’s London Chapter Board denied Boardman’s claims, stating that “the net voting platform chosen has been independently verified, safe, and extensively examined to make sure that members’ private knowledge is processed in full compliance with relevant knowledge safety laws.”
“The platform is particularly designed to guard the integrity and confidentiality of votes whereas minimizing knowledge processing to solely what’s strictly needed for conducting a legitimate and environment friendly vote,” the spokesperson added.
The spokesperson additionally famous that the London Chapter Board has a transparent and bonafide curiosity in processing member knowledge for governance and democratic participation functions, as acknowledged underneath the UK Basic Knowledge Safety Regulation (UK GDPR) and the Knowledge Safety Act 2018.
They defined that this consists of facilitating votes on Chapter issues, which fall underneath the lawful foundation of ‘authentic pursuits’.
Lastly, the spokesperson additionally acknowledged that this implies the processing of information for such functions doesn’t require consent, supplied it’s needed and doesn’t override the rights and freedoms of members.
Additionally peaking to Infosecurity, Julia Kanouse, Chief Membership Officer of ISACA World, commented: “We’re conscious of points raised relating to the voting course of for the London Chapter’s Extraordinary Basic Assembly [and] we require chapters to adjust to related rules and governance finest practices. We expect a good, conclusive and safe vote so all events can transfer ahead confidently to hold out the chapter members’ remit.”
