A number of members of the ISACA London Chapter have raised their issues over the e-voting system launched for the Chapter’s upcoming Extraordinary Normal Assembly (EGM) on March 13.
Throughout the occasion, members of ISACA’s London Chapter will elect the following board of administrators. ISACA London Chapter is the biggest of 228 ISACA regional chapters, with over 5500 members. Every ISACA chapter is an unbiased, self-governing group.
Members of the London Chapter unable to attend the occasion have been allowed to nominate a consultant to vote on-line on their behalf by 6 pm GMT on March 11, 2025.
In a LinkedIn put up printed on March 12, Allan Boardman, Founding father of CyberAdvisor.London and Committee Member of ISACA’s Licensed Knowledge Privateness Options Engineer (CDPSE) certification, criticized the e-voting system.
He mentioned it was “deployed swiftly” and “with out the mandatory safety measures and scrutiny, undermining the integrity of our governance course of.”
A few of the shortcomings talked about by Boardman embrace:
- A scarcity of authentication: Boardman claimed that the e-voting system solely depends on a membership quantity with no secondary verification, which he mentioned poses a major safety threat
- A scarcity of e-mail affirmation: Boardman mentioned voters obtain no affirmation post-vote, eradicating any private audit capabilities and exposing the system to potential fraud
He mentioned that these shortcomings might expose the e-voting system to malicious exercise.
“As an illustration, hypothetically, if somebody with unrestricted entry to the membership database, which incorporates ISACA IDs, have been to use this entry, it might result in a number of unauthorized votes being forged undetected,” he mentioned
“It is necessary to notice that entry to this complete database is on the market to a number of board members,” he added.
Moreover, Sarb Sembhi, CTO at Nearly Knowledgeable Restricted, informed Infosecurity that members of the ISACA London Chapter weren’t knowledgeable that their private knowledge could be shared with the agency facilitating the e-vote.
Confusion was additionally brought about when an e-mail despatched to members on behalf of the e-voting agency gave the impression to be from ISACA International, quite than the ISACA London Chapter.
Whereas the e-mail, which Infosecurity had entry to, displayed a banner displaying ‘ISACA London Chapter,’ the e-mail topic talked about “Your likelihood to vote within the ISACA EGM.”
Responding to this criticism, a spokesperson for ISACA International informed Infosecurity that the message was not despatched from ISACA International.
Questions Over ISACA Privateness Coverage and GDPR
Moreover, Boardman believes that the e-voting system violates each the UK’s Normal Knowledge Safety Regulation (UK GDPR) and ISACA London Chapter’s personal Privateness Coverage, which doesn’t authorize sharing members’ knowledge for e-voting.
“Regardless of having raised these issues with the chapter management on a number of events, there was an absence of motion to handle these vulnerabilities,” Boardman added.
The complainant urged all members of ISACA London Chapter to “demand a full and unbiased investigation and audit of the e-voting course of.”
Though the deadline for e-voting has handed, he urged members attend the EGM on March 13 and “use your voice to problem the present practices.”
ISACA London Chapter Board Says E-Vote is Compliant
Chatting with Infosecurity, a spokesperson for ISACA’s London Chapter Board denied Boardman’s claims, stating that “the web voting platform chosen has been independently verified, safe, and extensively examined to make sure that members’ private knowledge is processed in full compliance with relevant knowledge safety laws.”
“The platform is particularly designed to guard the integrity and confidentiality of votes whereas minimizing knowledge processing to solely what’s strictly mandatory for conducting a legitimate and environment friendly vote,” the spokesperson added.
The spokesperson additionally famous that the London Chapter Board has a transparent and bonafide curiosity in processing member knowledge for governance and democratic participation functions, as acknowledged underneath the UK Normal Knowledge Safety Regulation (UK GDPR) and the Knowledge Safety Act 2018.
They defined that this consists of facilitating votes on Chapter issues, which fall underneath the lawful foundation of ‘authentic pursuits’.
Lastly, the spokesperson additionally acknowledged that this implies the processing of information for such functions doesn’t require consent, offered it’s mandatory and doesn’t override the rights and freedoms of members.
Additionally peaking to Infosecurity, Julia Kanouse, Chief Membership Officer of ISACA International, commented: “We’re conscious of points raised concerning the voting course of for the London Chapter’s Extraordinary Normal Assembly [and] we require chapters to adjust to related rules and governance finest practices. We predict a good, conclusive and safe vote so all events can transfer ahead confidently to hold out the chapter members’ remit.”
