Force Majeure and Sanctions - Draft (WIP)

Background

This policy is designed to be apolitical when responding to force majeure and implementing sanctions. The goal of this policy is to offer assistance or return to normal as soon as permitted by law.

OWASP understands that affected OWASP members are not the cause of various crises or sanctions, and thus this policy is designed to assist affected members, by firstly offering relief and practical assistance to OWASP members for the duration of a Force Majeure event (unpredictable, not able to be avoided, and prevents normal life or business), and a measured response for sanctions.

Sanctions in particular can be seen by those affected as highly political. However, as a US based 501 (c)(3) not-for-profit, and with a fully controlled entity in the European Union, we must implement both US and EU sanctions. Not all sanctions are alike.

Force Majeure Assistance

For the duration of a Force Majeure event, including war, riots, natural disasters, extreme weather events, and so on, the following assistance measures shall come into effect:

• Personal safety. Leaders and chapters are exempt from all activity requirements.
• Membership fee relief. Membership renewal fees are waived.
• Employment assistance. Members living in or formerly from a country affected by Force Majeure can request OWASP share their online resume or job profile.
• Connecting Members with Employers. OWASP shall connect Leaders and Members with employers for remote and refugee hiring. Assistance shall be provided at zero cost to employers and members.
• Immigration assistance. In consultation with local leaders, OWASP offers immigration letters of support so that our members can resettle in new countries.
• Professional references. OWASP Leaders are permitted to provide professional references on OWASP Letterhead.
• Restore Standing. Members affected by a membership lapse due to Force Majeure, can submit a ticket for the Global Board to vote on restoring their standing if they wish to run for the Board in the next election.

OWASP must prioritize OWASP Leaders and Members as we are a small organization with limited funding and resources. On a case-by-case basis, Leaders can introduce us to their chapter, event, committee, or project participants on the same basis as members, and we shall try our best to assist. OWASP may perform a donation drive to affray costs if they exceed our available finances.

Sanctioned Countries, Governments, Entities, and Leaders

The OWASP Foundation must comply with US Government or EU sanctions. Breaching sanctions may cause the OWASP Foundation to be subject to fines, civil or criminal liability. Many sanctions are highly specific and change frequently.

The OWASP Foundation shall periodically review the list of sanctioned chapters and leaders to determine if the OWASP Foundation can restore operations for Chapters, leadership, and membership.

The OWASP Foundation shall inform the OWASP Global Board and Chapter Committee of any sanctioned chapters, leadership, or access changes.

Focused Sanctions

Focused sanctions are used to target governments, entities, and individuals. In these situations, it’s unlikely OWASP must withdraw from a country, city, or terminate OWASP memberships.

For a sanctioned government, entity, or specific individual, the following shall occur:

• Sanctioned chapter leaders shall be removed
• Sanctioned chapter or event locations must move to a non-sanctioned and independent location, or the chapter must be deactivated, or event cancelled.
• New individual memberships shall not be processed. Existing individual memberships shall be terminated.
• New corporate memberships shall not be processed. Existing corporate memberships shall be terminated. Chapter and event sponsorships shall be terminated.
• New chapter sponsors, grants, and donations shall not be accepted.

Economic Sanctions

Economic sanctions vary a great deal, but in general, it’s extremely unlikely that OWASP members or leaders caused the economic sanctions. OWASP does not have to withdraw from countries subject to most economic sanctions, but the inability to transfer funds hampers many basic OWASP functions.

Depending on the nature of the economic sanctions in place, OWASP may be unable to do the following:

• Process new or renewing memberships. Existing one and two-year memberships are valid until expiry. Lifetime memberships are not affected.
• Accept or renew corporate memberships, sponsorships, donations, or grants
• Process expenses, including chapter expenses
• Obtain insurance for meetings or events. No in person or hybrid meetings or events can be approved or held.

Chapters can continue to meet virtually, as long as the meetings or activities are cost free.

Comprehensive Sanctions

Comprehensive sanctions, which are in place for only a very few countries, requires OWASP to withdraw completely from the sanctioned country, and terminate all events, chapters, memberships, sponsorships, and grants.

Where an entire country is sanctioned:

• New chapters cannot be formed. Existing chapters shall be dissolved or made independent of the OWASP Foundation.
• New individual memberships shall not be processed. Existing individual memberships shall be terminated.
• New corporate memberships or event sponsorships shall not be processed. Existing corporate memberships shall be terminated.
• New sponsors, grants, and donations shall not be accepted.

Refunds

Economic sanctions make financial transactions range from difficult to impossible and can be illegal. OWASP shall attempt to refund residual fees or membership dues but cannot guarantee the return of any fees or dues if such a transaction is illegal or blocked by our financial institutions or payment processors.

• Individual membership fees are refunded on a prorated basis.
• Lifetime memberships shall be refunded in full.
• Corporate membership fees are refunded on a prorated basis.
• Sponsorships for chapters are refunded on a prorated basis.
• Sponsorships for upcoming events shall be canceled and refunded in full, or on a prorated basis if some sponsorship benefits or services have been delivered.
• Existing restricted grants or donations relating to chapters shall be returned to the chapters expense pool. Unrestricted grants and donations shall return to general revenue.

Access to OWASP systems and materials by sanctioned countries, entities, or individuals

Access to OWASP materials is free and open-source, and can be obtained through many means, including OWASP shared cloud platforms. OWASP relies solely upon the technical controls in place by our shared cloud platforms to prevent access or prohibit the “export” of such freely available information. The OWASP Foundation has no control over these technical controls.

The OWASP Foundation shall not subvert these technical controls to allow access from sanctioned countries.