2023 Annual Report

1
Growing Together:
Strengthening Our Impact
Dear ISC2 Members, Associates and Candidates,

Thanks to you, 2023 featured exponential growth and new beginnings for ISC2 and
the entire cybersecurity profession.

The most visible indicator of change is ISC2’s growing community, which more than
doubled in size to 635,000 professionals. The long-term impact of this transformation
is a stronger community that is:

· Better able to internationally defend information and systems

· Tackling the workforce and skills gaps head-on
· Leading in professionalizing the sector
· And so much more

Thank you for being a driving force behind our collective success. With your support,
we will continue to propel ISC2 and the cybersecurity profession for years to come.

Fueled by the ISC2 Candidate program and the One Million Certified in Cybersecurity
pledge, our investment in the next generation of cybersecurity professionals resulted
in more than 44,000 individuals earning the Certified in Cybersecurity certification.
Meanwhile, we grew the ranks of CISSPs to nearly 170,000 worldwide.

As we grew in 2023, so did our impact.

We led as advocates for the cybersecurity profession, engaging with policymakers,

regulators, governments and entities around the world to discuss the issues of greatest
concern to our members, including workforce and skills shortages, lack of harmonization
of proliferating global standards, unintended consequences of rushed policymaking,
and the threat — real and perceived — of licensure of cybersecurity professionals.

We built our collective defense by taking an ecosystem approach to meeting the needs
of members and the profession. In 2023:

· We strengthened our relationships with the U.S. Office of the National Cyber Director,
the UK Cyber Security Council, the EU Digital Skills Academy, the Cyber Security Agency
(CSA) of Singapore and many others.
· We hosted an inaugural DEI Summit, which engaged professionals in the government,
nonprofits, academia and the private industry to discuss how to amplify impact and
advance diversity, equity, inclusion and belonging (DEIB) in cybersecurity.
· We reassured the marketplace about the profession’s ability to secure AI and we raised
our voices about the safe and ethical use of AI.

CEO and Board Chair Letter | 2

dad Library
To support a growing community and foster new connections and collaborations, we worked to
Doodad Library
extend our reach geographically. Whether that was through chapter engagements, professional
development training, virtual events and conferences, ISC2 members had the opportunity to
engage and unite around some of the greatest challenges impacting the industry while discussing
ways to drive change in the profession. As your partner, ISC2 was there to help.

· We launched new educational offerings,

+++++++++
such as+ our Spotlight online event series
++++++++++++++++++ +++
and
++
43
+ + to
Skill-Builder courses, + explore
+ + + +emerging
+ + topics
+ +and
+ +support
+ + + your
+ + professional
+ + + + + +development.
++++ +++ ++
· We introduced a new series of ISC2 Workshops in major cities worldwide focusing on
AI security for actionable strategies to strengthen your organization’s security posture
and build cyber efficiencies by harnessing the power of AI.
· We partnered with leaders in the field such as IBM and Coursera, the Linux Foundation and
the Open Source Security Foundation, Crest and Tokio Marine dR to foster a more robust
cybersecurity ecosystem.

Together, we have achieved remarkable success in 2023. We are confident that our collective
efforts will continue to inspire progress and excellence in the years ahead. Thank you for your
unwavering commitment to a safe and secure cyber world. You inspire us daily, and we are
privileged to support you.

We are proud to have you as part of this community.

Jill Slay, CISSP Clar Rosso, CC

2023 ISC2 Board of Directors Chair ISC2 CEO

635,000
Library

strong
+++++++++ +++++++++++++++++++ +++ ++

CEO and Board Chair Letter | 3

Table of Contents
ISC2 Board of Directors ............................................................... 5

Investing in You ............................................................................ 6

Our Success Framework ............................................................. 12

Amplify the Core .......................................................................... 13

Promote Global Competence ..................................................... 16

Advocate for Members and the Profession .............................. 18

Enhance the Experience .............................................................. 22

Association Governance .............................................................. 24

Audited Financial Statements ..................................................... 25

4
ISC2 Board of Directors
Thank you to the 2023 ISC2 Board of Directors, who guided ISC2 through a year of unprecedented
growth with their steadfast dedication to members, associates, candidates and the entire
cybersecurity profession.

Jill Slay James Packer Laurie-Anne Dan Houser

CISSP, Chair CISSP, CCSP, Bourdain ISSAP, ISSMP,
(Australia) Vice Chair CISSP, Secretary CISSP, CCSP, CSSLP, CC,
(U.K.) (Belgium) Treasurer (U.S.)

Edward Farrell Nalneesh Gaur Rachel Guinto Eiji Kuwana

CISSP, SSCP ISSAP, CISSP CISSP CISSP
(Australia) (U.S.) (Canada) (Japan)

Samara Moore Guy Ngambeket Lori Ross O’Neil Lisa Young

CISSP CISSP CISSP CISSP
(U.S.) (Qatar) (U.S.) (U.S.)

Learn more about the ISC2 Board of Directors at www.ISC2.org/about/board-of-directors.

5
Investing in You
+++++++++ +++++++++++++++++++
ISC2 invests in our members and the future of the cybersecurity profession. Our financial
performance over the past several years demonstrates this commitment.

Financially Strong and Investing in the Future

Revenue (M) Investment (M) Membership

$85.8
$79.3
$72.9
634,810
$62.4

$57.5 $58.7

$39.2 $40.6
$35.3
$27.5 314,481

165,690 161,746 167,396

2019 2020 2021 2022 2023

While ISC2 once again attained record revenue of $85.8 million in 2023, we also invested
a record $58.7 million into programs to better support members. From ensuring our
certifications maintain their premier stature around the world, to creating professional
development opportunities to support members’ career growth, to enabling the next
generation of cybersecurity professionals, ISC2’s financial strength supports a growing
community of members, associates and candidates now and in the future.

ISC2’s full audited financial statements are provided on page 25. Our strong reserves
underscore the financial strength of our association, which enables us to plan and budget
for strategic investment years like 2022 and 2023.

6
 Key Investments
One Million Certified in Cybersecurity
The ISC2 One Million Certified in Cybersecurity pledge continued to gain momentum and introduce
more people to a cybersecurity career. The program offers free Certified in Cybersecurity (CC) online
self-paced training enrollment and an exam to one million people worldwide.

Enabling the Next Generation of Cyber Professionals*

332K+ 90K+ 44K+

CC Course Enrollments CC Exams Administered CC Certifications Earned

30 %
of students who earned the
CC are now employed;
29 %
of job seekers who obtained
CC are now employed;
38% are in cybersecurity roles 44% are in cybersecurity roles.
and 48% are in IT jobs.

17%
of CC holders said they are
59%
of CC holders are planning to
already pursuing another ISC2 pursue another ISC2 certification in
certification. the next 6–12 months.

For more information, visit www.ISC2.org/1mcc.

*Based on cumulative One Million Certified in Cybersecurity participation through

December 31, 2023, and a 2023 ISC2 survey of CC holders.
7
 The New ISC2
(ISC)2 became ISC2 in 2023, ushering in an exciting, modern and more accessible brand for the world’s
leading member organization for cybersecurity professionals. The new ISC2 is guided by our renewed
vision, mission and purpose.

Our Vision
A safe and secure cyber world.

Our Mission
ISC2 strengthens the influence, diversity and vitality of the
field through advocacy, expertise and workforce empowerment that
accelerates cyber safety and security in an interconnected world.

Our Purpose
ISC2 serves to educate, empower, embrace and engage
our members through every step of their careers.

A New Look. A New Voice.

Our new brand mirrors our evolution as an organization. More people will see themselves in our imagery
and language, and the brand reflects where we are today and where we are going tomorrow.

625 N. Washington Street Biggest CPE credit

CATCH OUR Suite 400
Alexandria, VA 22314
opportunity of
the year!
CATCH O
WORLD RENOWNED WORLD RENO
KEYNOTE KEYNO
SPEAKER EXCLUSIVE Register Now and Save!
SPEAK
LINEUP Rumman Chowdhury, Ph.D.
Responsible AI Fellow,
Nita A. Farahany, JD, Ph.D.
Robinson O. Everett Distinguished Professor
MEMBER LINEU
OFFER
Harvard University, of Law & Philosophy and Founding
former Director of AI Ethics, Twitter Director of the Duke Initiative for Science & Society

INSIDE!
Andy Greenberg Dr. Richard “Harry” Harris, SC OAM Jenny Radcliffe
Senior Writer for WIRED and Author of Australian Anesthetist, Cave Diver People Hacker and
Tracers in the Dark: The Global Hunt for who played a crucial role in Social Engineer
the Crime Lords of Cryptocurrency The Tham Luang Cave Rescue

isc2.org/Congress | #ISC2Congress Oct. 25 - 27 | Nashville, TN + Virtual

625 N. Washington Street Biggest CPE credit

Suite 400 opportunity of
Alexandria, VA 22314 the year!

EXCLUSIVE Register Now and Save!

or
MEMBER
OFFER
ociety

INSIDE!
adcliffe
cker and
gineer

isc2.org/Congress | #ISC2Congress Oct. 25 - 27 | Nashville, TN + Virtual

8
 ++++
++
Supporting a Growing Community

++
+++++++++ +++++++++++++++++++ +++ ++

++
+ + + + + + + ++++ + + + ++
D o o d aDdo oL di ba rda rL yi b r a r y

ISC2 employs a geographically distributed, fully remote workforce that is committed to delivering excellence
to our more than 635,000 members, associates and candidates.

of the ISC2 workforce now holds an

20 %
ISC2 certification, enabling Team ISC2 to better appreciate
the challenges and opportunities facing members.

As ISC2’s community more than doubled, we scaled our workforce by 20% to support it. This increase was
carefully planned to prioritize global coverage and new skills to represent and advocate for a larger and more
diverse membership.

Strengthening Support Through New Technology

Ensuring we provide a seamless experience and easier access to professional development and member
benefits is always a top priority. Our new website and other technology improvements were designed to
make it easier to access the career-building resources ISC2 offers, as well as get the answers and support
members may need.

These investments are just the beginning, enabling us to build upon a stronger, more robust infrastructure
to continually improve the online member experience.

New Global Headquarters

ISC2’s new headquarters in the Washington, D.C., area provides tremendous benefit to the organization.
Located near our largest concentration of members, our new office enables us to:

• Hold Board of Directors meetings when convening in North America

• Host Annual Meetings of the membership
• Host members and others for in-person classes and workshops
• Easily advocate for members and smart cybersecurity policy in the U.S.

9
Growing Around the World
Programs like ISC2 Candidates and the One Million Certified in Cybersecurity pledge continue
to fuel the growth of the ISC2 community across the globe.

ISC2 Members, Associates and Candidates

As of December 31, 2023

Region Members Associates Candidates

Global 222,058 4,578 408,174

North America 135,175 3,081 178,219

Latin America 4,246 14 22,943

Europe, Middle East, Africa 43,934 714 108,583

Asia-Pacific 38,703 769 98,429

A Thriving Online Community

53,507 348,068 92,740 27,763

users followers followers followers
+25% +49% +17% +19%
community.isc2.org 10
2023
Certification
Counts
The following reflects the number of
active ISC2 certifications per credential
as of December 31, 2023.

168,642

44,292

17,501

8,789

4,421

3,414

2,406

1,563

1,421
11
Our Success Framework
Four strategic priorities guide our work. They provide a framework for what’s most important for
ISC2 and our members.

Amplify the Core

Strengthen business model and certifications to ensure ISC2 expertise meets
global marketplace and individual demands.

Promote Global Competence

Deliver comprehensive and innovative products, services and experiences
to help stakeholders stay relevant and engage in lifelong learning.

Advocate for Members and the Profession

Advance ISC2 as the leading global cyber and information security
professional association.

Enhance the Experience

Enhance the ISC2 experience for members, the greater cybersecurity
community and stakeholders.

12
Amplify the Core
Strengthen business model and certifications to ensure ISC2
expertise meets global marketplace and individual demands.

Certifications and Exams

Demand for ISC2 certifications remains strong with ISC2
again achieving record exam deliveries worldwide.

116,942
Exams Delivered Worldwide,
a 188% Increase Compared to 2022

76,915
CC Exams Delivered

Members Drive Exam Development Maintaining the Highest

Thank you to all exam development volunteers who Standards
ensure our exams reflect the latest practices in the field. The ISC2 CC certification received
accreditation from the ANSI National

109 Accreditation Board (ANAB),

meeting ANSI/ISO/IEC Standard
Item development workshops 17024. This recognition confirms
the CC certification program was

1,994 developed and will be maintained

to the same rigorous standards as
all ISC2 certifications.
Volunteers

69,480
Exam items created or improved

13
New Pathways to ISSAP, ISSEP and ISSMP Certification
Cybersecurity professionals looking to demonstrate advanced and specialized expertise
can now pursue ISC2’s architecture, engineering and management certifications without first
earning the CISSP.

Healthcare
Certificates

HCISPP Certification Sunset

The HCISPP certification was discontinued and will be designated an inactive credential in 2026.
Cybersecurity professionals working in healthcare can demonstrate their expertise securing the sector’s
technology and navigating its regulatory and privacy requirements with the ISC2 Healthcare
Certificate program.

Greater Accessibility
2023 saw the introduction of Chinese, English, German, Japanese and Spanish for CC, CCSP,
CISSP and SSCP exams.

Telling Your Story

Cybersecurity remains a hot topic with the
media. ISC2 continues to build awareness
and educate key journalists on how the
cybersecurity workforce is critical to solving
our collective security challenges. Our efforts
generated more than 650 pieces of media
coverage, a 33% increase compared to the
previous year.

14
Research-Driven
Thought Leadership
ISC2 research helps tell members’ stories. The insights it provides are in high demand among
policymakers around the world as they grapple with their own workforce issues.

The 2023 Cybersecurity Workforce Study

A record 14,865 cybersecurity professionals shared their unique perspectives on the state of the
workforce. Our annual workforce study revealed a growing workforce gap of 4 million, in-demand
skills, evolving career pathways, the impact of AI and more.

Global Approaches to Cyber Policy, Legislation

and Regulation: A Comparative Overview
ISC2 and the Royal United Services Institute (RUSI) collaborated on a report about global cybersecurity
policies and legislation. The report included data from six jurisdictions. While many common themes
emerged, it’s clear that more work is needed to harmonize worldwide cybersecurity practices.

Learn more at www.ISC2.org/research.

15
Promote Global
Competence
Deliver comprehensive and innovative products, services and experiences
to help stakeholders stay relevant and engaged in lifelong learning.

The cybersecurity field is one of constant change, and it is accelerating with the rise of AI and other
emerging technologies. ISC2’s continuing education portfolio helps members stay ahead of the latest
threats, keep up with technology and learn best practices to better secure their organizations.

30
Focused Learning
% Faster Course
Completion

To help new and future members, ISC2’s new adaptive learning for CISSP and CCSP focuses
candidates’ time on the subject matter they need to learn while building their confidence where
knowledge is strong.

16
 New in 2023

43 (29.5 CPE Credits)

Skill-Builders
10Certificates
(36 CPE Credits)

Short-format, online learning Earn recognition for

modules are FREE for ISC2 mastering in-demand skills
members with certificates

ISC2 Members Commit to Career-Long Learning

38K+ New Events Introduced

In-person and virtual events and workshops
Skill-Builder Enrollments to learn about emerging topics

2,402
New Workshops
• Securing AI Series

Certificate Program New Spotlight Series

Enrollments • Modernizing Security Operations
• Secure Software Development
• Governance, Risk and Compliance

Learn more at ISC2.org/professional-development. 17

Advocate for Members
and the Profession
Advance ISC2 as the leading global cyber and information security
professional association.

Advocating for Members

Policymakers, lawmakers and regulators around the world have never been more focused on
cybersecurity than they are now. They are looking for guidance on how to secure critical infrastructure,
to defend our economies, small businesses and consumers and to close the workforce gap.

ISC2 advocacy strives to amplify the influential and respected voice of our members. Together, we shape
meaningful and impactful policies, guidance, frameworks, regulations and laws across the globe. As a leader
in the field, we strive to ensure the profession has the support it needs to grow and accomplish its mission.

In Canada, the E.U., Japan, Singapore, the U.K., the U.S. and beyond, the ISC2 advocacy team is engaging in
conversations about breach disclosure rules, cybersecurity licensure, workforce development,
education pathways, skills frameworks, certification requirements, ethics, standards of practice and more.

18
Advocating for Smart and Effective Policy
+++++++++ +++++++++++++++++++
United States European Union
ISC2 was a key partner on the rollout of the National ISC2 gained representation on ENISA’s ad hoc
Cyber Workforce and Education Strategy with the working group on European Cybersecurity Skills
Office of the National Cybersecurity Director. Framework (ECSF).

ISC2 provided Congressional Testimony to House ISC2 participated in ENISA’s second annual
Homeland Security’s Cybersecurity Subcommittee. skills conference.

ISC2 is leading the certification coalition regarding ISC2 was the first organization to make a pledge
DoD 8140 implementation. to the EU Cybersecurity Skills Academy.

ISC2 held meetings with the SEC rule makers ISC2 ran a thought leadership roundtable on
determining corporate board readiness. EU legislations that was attended by key MEPs,
civil servants and the policy influencers.
ISC2 held meetings with the Department of Defense
regarding the DoD National Cyber Strategy. ISC2 was invited by the Swedish Presidency of
the Council of the EU to participate in the annual
ISC2 provided Congressional Testimony Digital Assembly.
to Future of Work Caucus.

United Kingdom Canada

ISC2 successfully delivered the pilots for the ISC2 is a leading resource for the Canadian
UK Cyber Security Council on security architecture Communications Security Establishment and the
and the risk management and was selected to Ministry of Public Safety and National Security
pilot secure operations specialism. on Bill C-26.

ISC2 provided policy positions on a range of ISC2 is positioned as an international partner

topics relevant to the UK cybersecurity sector between the Canadian Ministry of Public
and profession, including cyber resilience Procurement and NIST in the US regarding
of CNI and securing software. NIST and NICE framework harmonization.

19
19
Diversity, Equity and Inclusion
ISC2 is committed to ensuring the cybersecurity profession is a more diverse, equitable and inclusive field.
We do this by sharing resources that professionals and their employers can use to guide their adoption
of DEI practices, as well as convening thought leaders and partnering with other organizations focused on
serving underrepresented groups.

ISC2 Global DEI Summit | July 12, 2023 | Washington D.C.

ISC2 gathered professionals from across governments, nonprofits, academia and private industries
to discuss the state of diversity and the challenges and strategic steps we all must take to ensure a more
diverse cybersecurity workforce.

Fostering a Guide to Inclusive

More Diverse Future Language in Cybersecurity
ISC2 sponsored and hosted a CC training ISC2 and the Chartered Institute of Information
event in Kumasi, Ghana, and Accra, Ghana, Security created an alternative vocabulary guide
helping students to complete the CC training that replaces noninclusive terms with more
and prepare for their exams. inclusive words and phrases. Inclusive terminology

420
is a way to cultivate a sense of belonging.

Students
Reached

ISC2 expanded its DEI Partner network to reach even more career hopefuls through the One Million
Certified in Cybersecurity pledge. New partners include:

20
The Center for Cyber Safety and Education, the charitable arm of ISC2, is on a mission to grow the
cybersecurity profession by fostering a diverse pipeline of cybersecurity professionals and building
a global cyber community for good.

$224,000 3,422
in scholarships granted to volunteer hours donated to help
71 individuals in 12 countries the Center achieve its goals

Safe and Secure Online

Refreshed program to educate our communities about cybersecurity best practices.

465 Volunteers in 53 Countries

Cybersecurity Health Check
The Center began piloting a program that pairs ISC2 volunteers with small businesses and nonprofits
to assess their cyber risk.

Learn more about The Center at iamcybersafe.org.

21
Enhance the Experience
Enhance the ISC2 experience for members, the greater
cybersecurity community and stakeholders.

Anticipating Member Needs

One way ISC2 stays in tune with members and their needs is through our regional advisory councils.
We reestablished groups of member volunteers to form our Latin America, Asia Pacific, U.S., U.K. and
E.U. advisory councils. Members dedicate their time to sharing fresh perspectives on issues from skills
and workforce development, to DEI, to regulatory challenges and more.

Additionally, we formed member task forces to focus on sharing peer-developed guidance in areas like
supply chain risk management, AI and cyber insurance, with findings to be shared in 2024.

Chapters
ISC2 chapters support members by providing a local network of peers who share knowledge,
exchange resources and collaborate on projects. They connect and educate members, inspire those
pursuing careers in cybersecurity, and help secure their communities through local outreach
and volunteering.

40K+ 150+ 50+

Chapter Members Chapters Countries
Around the World

11 New Chartering Chapters

Africa Asia Pacific Europe North America
Algeria Cambodia Scotland Florida Space Coast
Cape Town Pune, India Spain Houston
Manitoba
Saskatchewan
Tulsa

22
Volunteer today, shape tomorrow.
The 2023 launch of ISC2gether Volunteer Days, in partnership
with the Center and ISC2 chapters, encouraged ISC2
members, staff, family and friends to unite in charitable
efforts worldwide. Volunteers completed service projects
in their local communities across the globe for three days
in September. Projects included civic and community
engagement, environmental clean-ups, disaster relief and
recovery efforts and online safety education.

152 391 $12,434

Volunteers Service Hours Economic Impact

Giving Back
From exam item writing and chapter leadership to the ISC2 Board of Directors and advisory councils to
members writing for our blog and representing ISC2 in their communities and beyond, ISC2 relies on the
commitment of our volunteers to help us move the profession forward.

100,000 Member
Volunteer Hours
Thank You!

Recognizing Excellence
ISC2’s Global Achievement Awards program recognizes individuals whose excellence, leadership and volunteer
efforts have significantly advanced the cybersecurity industry and contributed to our vision of inspiring a safe
and secure cyber world.

180 nominations were submitted by members of the

GLOBAL cybersecurity community to recognize their peers.

Achievement Awards 22 individuals were honored at ISC2 Security

Congress 2023 for their contirbutions to the field.

23
Association Governance
ISC2 is an international nonprofit membership association with a vision for a safe and secure
cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP)
certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach
to information and systems security.

ISC2 is a United States 501(c)(6) nonprofit professional corporation. ISC2 operations are led by the
ISC2 CEO and senior leadership team under the authority and guidance of our Board of Directors, who
establish association strategies. Elected by ISC2 members, the Board of Directors comprises cybersecurity
professionals from around the world. Our all-volunteer Board of certified ISC2 members provides
governance and oversight for the organization, establishes requirements for and grants certifications
to qualifying candidates and enforces adherence to the ISC2 Code of Ethics.

Learn more at ISC2.org/About/Governance.

Bylaws Amendments Adopted

A periodic review of bylaws and governance is part of the ISC2 Board of Directors’ legal duties and
a common best practice for associations. In 2023, the Board presented revised Bylaws, which members
voted upon and approved.

The new Bylaws are posted on our website, but in summary, effective January 1, 2024:

• Term limits for the Board of Directors changed to six years total per individual
• Updated language around remote participation in Board meetings to reflect modern practices
• Updated language affirming that members may vote in-person or by proxy at meetings
of the membership

Thanks to all our members who participated, as well as those member volunteers who served
on the Bylaws Committee.

24
DD
oDo oo
dod
ada
dadLdL
i bLi b
ri b
ar a
r yar yr y
+++++++++ ++++++++++
+++++++++ +++++++++++++++++++

++++

+ +++++++++++++++++++ ++ +++

Audited Financial Statements

25
Consolidated Financial Statements and
Report of Independent Certified Public
Accountants

International Information System Security

Certification Consortium, Inc. and Subsidiaries

December 31, 2023 and 2022

Contents Page

Report of Independent Certified Public Accountants 3

Consolidated Financial Statements

Consolidated statements of financial position 6

Consolidated statements of activities 7

Consolidated statements of functional expenses 8

Consolidated statements of cash flows 10

Notes to consolidated financial statements 11

Supplemental Schedule

Consolidating schedule of activities 25

GRANT THORNTON LLP REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS
445 Broad Hollow Road, Suite 300
Melville, NY 11747

D +1 631 249 6001

F +1 631 249 6144

To the Board of Directors of the

International Information System Security Certification Consortium, Inc.
and Subsidiaries:

Opinion
We have audited the consolidated financial statements of the International Information
System Security Certification Consortium, Inc. and Subsidiaries (the “Consortium”),
which comprise the consolidated statement of financial position as of December 31,
2023, and the related consolidated statements of activities, functional expenses, and
cash flows for the year then ended, and the related notes to the consolidated financial
statements.

In our opinion, the accompanying consolidated financial statements present fairly, in

all material respects, the financial position of the Consortium as of December 31,
2023, and the changes in their net assets and their cash flows for the year then ended
in accordance with accounting principles generally accepted in the United States of
America.

Basis for opinion

We conducted our audit of the consolidated financial statements in accordance with
auditing standards generally accepted in the United States of America (US GAAS).
Our responsibilities under those standards are further described in the Auditor’s
Responsibilities for the Audit of the Financial Statements section of our report. We are
required to be independent of the Consortium and to meet our other ethical
responsibilities in accordance with the relevant ethical requirements relating to our
audit. We believe that the audit evidence we have obtained is sufficient and
appropriate to provide a basis for our audit opinion.

Other matter
The consolidated financial statements of the Consortium as of and for the year ended
December 31, 2022 were audited by other auditors who expressed an unmodified
opinion on those consolidated financial statements in their report dated March 23,
2023.

Responsibilities of management for the financial statements

Management is responsible for the preparation and fair presentation of the
consolidated financial statements in accordance with accounting principles generally
accepted in the United States of America, and for the design, implementation, and
maintenance of internal control relevant to the preparation and fair presentation of
consolidated financial statements that are free from material misstatement, whether
due to fraud or error.

GT.COM Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL and each of its member firms
are separate legal entities and are not a worldwide partnership.
In preparing the consolidated financial statements, management is required to
evaluate whether there are conditions or events, considered in the aggregate, that
raise substantial doubt about the Consortium’s ability to continue as a going concern
for one year after the date the consolidated financial statements are available to be
issued.

Auditor’s responsibilities for the audit of the financial statements

Our objectives are to obtain reasonable assurance about whether the consolidated
financial statements as a whole are free from material misstatement, whether due to
fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable
assurance is a high level of assurance but is not absolute assurance and therefore is
not a guarantee that an audit conducted in accordance with US GAAS will always
detect a material misstatement when it exists. The risk of not detecting a material
misstatement resulting from fraud is higher than for one resulting from error, as fraud
may involve collusion, forgery, intentional omissions, misrepresentations, or the
override of internal control. Misstatements are considered material if there is a
substantial likelihood that, individually or in the aggregate, they would influence the
judgment made by a reasonable user based on the consolidated financial statements.

In performing an audit in accordance with US GAAS, we:

 Exercise professional judgment and maintain professional skepticism throughout

the audit.
 Identify and assess the risks of material misstatement of the consolidated
financial statements, whether due to fraud or error, and design and perform audit
procedures responsive to those risks. Such procedures include examining, on a
test basis, evidence regarding the amounts and disclosures in the consolidated
financial statements.
 Obtain an understanding of internal control relevant to the audit in order to design
audit procedures that are appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness of the Consortium’s
internal control. Accordingly, no such opinion is expressed.
 Evaluate the appropriateness of accounting policies used and the
reasonableness of significant accounting estimates made by management, as
well as evaluate the overall presentation of the consolidated financial statements.
 Conclude whether, in our judgment, there are conditions or events, considered in
the aggregate, that raise substantial doubt about Consortium’s ability to continue
as a going concern for a reasonable period of time.

We are required to communicate with those charged with governance regarding,

among other matters, the planned scope and timing of the audit, significant audit
findings, and certain internal control–related matters that we identified during the
audit.

Supplementary information
Our audit was conducted for the purpose of forming an opinion on the consolidated
financial statements as a whole. The consolidating schedule of activities for the year
ended December 31, 2023 is presented for purposes of additional analysis and is not
a required part of the consolidated financial statements. Such supplementary
information is the responsibility of management and was derived from and relates
directly to the underlying accounting and other records used to prepare the
consolidated financial statements. The information has been subjected to the auditing
procedures applied in the audit of the consolidated financial statements and certain
additional procedures. These additional procedures included comparing and
reconciling such information directly to the underlying accounting and other records
used to prepare the consolidated financial statements or to the consolidated financial
statements themselves, and other additional procedures in accordance with US
GAAS. In our opinion, the supplementary information is fairly stated, in all material
respects, in relation to the consolidated financial statements as a whole.

Melville, New York

April 26, 2024
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

CONSOLIDATED STATEMENTS OF FINANCIAL POSITION

December 31, 2023 and 2022

2023 2022
ASSETS

Current assets
Cash and cash equivalents $ 38,469,336 $ 45,770,040
Accounts receivable 3,219,682 2,232,112
Certification receivables, less allowance for doubtful accounts
of $4,091,000 and $3,331,000 in 2023 and 2022, respectively 866,435 861,938
Other receivables 836,850 2,729,360
Prepaid expenses 3,020,354 3,622,854

Total current assets 46,412,657 55,216,304

Property and equipment, net 5,152,310 2,518,139

Operating lease right-of-use assets 2,084,774 2,846,579
Investments 55,553,398 49,094,993
Examination question pool, net of amortization
of $2,486,000 and $2,174,000 in 2023 and 2022, respectively 5,544,266 3,293,448
Other 777,332 586,918

Total assets $ 115,524,737 $ 113,556,381

LIABILITIES AND NET ASSETS

Current liabilities
Accounts payable and accrued liabilities $ 10,839,538 $ 7,411,802
Deferred revenue 30,857,137 26,889,347
Foreign tax accrual 1,388,589 1,075,801
Operating lease liabilities - current 340,765 648,451

Total current liabilities 43,426,029 36,025,401

Accrued scholarships - non-current 9,540 2,448

Deferred compensation 998,261 501,766
Operating lease liabilities - non-current 3,807,836 4,259,419

Total liabilities 48,241,666 40,789,034

Net assets
Without donor restrictions
Undesignated 13,220,633 27,751,915
Board designated operating reserves 54,000,000 45,000,000

Total net assets without donor restrictions 67,220,633 72,751,915

With donor restrictions 62,438 15,432

Total net assets 67,283,071 72,767,347

Total liabilities and net assets $ 115,524,737 $ 113,556,381

The accompanying notes are an integral part of these consolidated financial statements.

6
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

CONSOLIDATED STATEMENTS OF ACTIVITIES

Years ended December 31, 2023 and 2022

2023 2022

Changes in net assets without donor restrictions

Operating support and revenue
Educational services $ 25,178,051 $ 24,538,308
Professional examinations 32,264,391 29,869,242
Certification renewal fees 24,187,424 21,980,909
In-kind contributions 1,844,450 1,206,050
Contributions 281,189 232,392
Investment return designated for current operations 1,620,508 1,162,269
Other revenue 427,838 481,874
Foreign currency exchange loss (52,950) (182,194)

Total operating support and revenue 85,750,901 79,288,850

Operating expenses
Program services 51,085,057 37,455,697
Supporting services
Administrative 44,373,532 39,171,776
Fundraising 164,997 91,015

Total operating expenses 95,623,586 76,718,488

Change in net assets without donor restrictions

from operations (9,872,685) 2,570,362

Other changes
Investment return (loss) in excess of (deficient to fund)
amounts designated for current operations 4,341,403 (8,489,562)

Change in net assets without donor restrictions (5,531,282) (5,919,200)

Change in net assets with donor restrictions

Contributions 47,006 -

Change in net assets with donor restrictions 47,006 -

CHANGE IN NET ASSETS (5,484,276) (5,919,200)

Net assets at beginning of year 72,767,347 78,686,547

Net assets at end of year $ 67,283,071 $ 72,767,347

The accompanying notes are an integral part of these consolidated financial statements.

7
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

CONSOLIDATED STATEMENT OF FUNCTIONAL EXPENSES

Year ended December 31, 2023

Program Supporting Services

Services Administrative Fundraising Total

Employee salaries and wages $ 16,244,505 $ 14,726,361 $ 26,849 $ 30,997,715

Employee benefits and taxes 3,073,400 3,691,884 4,484 6,769,768

Total personnel costs 19,317,905 18,418,245 31,333 37,767,483

Educational services 8,427,418 17,989 21,537 8,466,944

Professional examinations 12,967,396 - - 12,967,396
Marketing and communications 1,184,185 6,936,776 45,944 8,166,905
Bad debt expense - 766,553 - 766,553
Bank fees 1,918,085 3,145 1,627 1,922,857
Computer licenses and support 28,347 6,820,186 1,200 6,849,733
Contract labor 627,968 192,153 - 820,121
Impairment of intangible assets 162,648 - - 162,648
Membership development 243,591 - - 243,591
Other 88,021 971,932 562 1,060,515
Professional fees 3,062,628 6,254,061 61,023 9,377,712
Rent 49,777 494,235 - 544,012
Scholarships 170,276 - - 170,276
Supplies 30,879 141,179 40 172,098
Telephone and internet 2,247 149,344 - 151,591
Training 44,655 96,703 210 141,568
Travel 595,845 1,933,325 1,372 2,530,542

Total operating expenses before

depreciation, amortization and taxes 48,921,871 43,195,826 164,848 92,282,545

Amortization 2,025,169 - - 2,025,169

Depreciation 138,017 1,177,706 149 1,315,872

Total operating expenses $ 51,085,057 $ 44,373,532 $ 164,997 $ 95,623,586

The accompanying notes are an integral part of this consolidated financial statement.

8
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

CONSOLIDATED STATEMENT OF FUNCTIONAL EXPENSES

Year ended December 31, 2022

Program Supporting Services

Services Administrative Fundraising Total

Employee salaries and wages $ 11,808,477 $ 13,222,331 $ 13,955 $ 25,044,763

Employee benefits and taxes 2,082,758 3,435,866 2,767 5,521,391

Total personnel costs 13,891,235 16,658,197 16,722 30,566,154

Educational services 7,087,251 30,964 - 7,118,215

Professional examinations 7,421,713 - - 7,421,713
Marketing and communications 780,704 5,028,152 - 5,808,856
Bad debt expense - 1,379,027 - 1,379,027
Bank fees 1,728,978 32,911 - 1,761,889
Computer licenses and support 12,918 6,400,611 1,200 6,414,729
Membership development 257,040 45,911 - 302,951
Other 122,916 425,353 320 548,589
Professional fees 3,270,828 5,769,615 71,909 9,112,352
Rent 67,282 1,507,602 - 1,574,884
Scholarships 162,153 - - 162,153
Supplies 58,137 105,436 235 163,808
Telephone and internet 38,469 129,825 - 168,294
Training 20,269 70,322 273 90,864
Travel 467,089 1,077,390 27 1,544,506

Total operating expenses before

depreciation, amortization and taxes 35,386,982 38,661,316 90,686 74,138,984

Amortization 1,665,563 - - 1,665,563

Depreciation 263,268 357,467 329 621,064
VAT, income and other taxes 139,884 152,993 - 292,877

Total operating expenses $ 37,455,697 $ 39,171,776 $ 91,015 $ 76,718,488

The accompanying notes are an integral part of this consolidated financial statement.

9
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

CONSOLIDATED STATEMENTS OF CASH FLOWS

Years ended December 31, 2023 and 2022

2023 2022
Cash flows from operating activities:
Change in net assets $ (5,484,276) $ (5,919,200)
Adjustments to reconcile change in net assets
to net cash provided by operating activities:
Depreciation and amortization 3,341,041 2,286,627
Amortization of operating lease right-of-use assets 761,805 1,203,656
Provision for bad debts 766,553 1,379,027
Impairment of intangibles 162,648 -
(Gain) loss on disposal of assets (12,715) 7,390
Realized and unrealized (gains) losses on investments (4,341,403) 8,533,461
In-kind contributions (1,844,450) (1,206,050)
Decrease (increase) in operating assets:
Accounts, certifications, and other receivables 133,890 (3,638,524)
Prepaid expenses 602,500 (1,112,826)
Other assets (190,414) (156,887)
Increase (decrease) in operating liabilities:
Accounts payable and accrued liabilities 3,427,736 2,303,012
Deferred revenue 3,967,790 1,511,185
Foreign tax accrual 312,788 125,266
Accrued scholarships 7,092 (13,788)
Deferred compensation 496,495 256,069
Operating lease liability (759,269) (1,233,144)

Net cash provided by operating activities 1,347,811 4,325,274

Cash flows from investing activities:

Purchases of property and equipment (3,937,328) (477,976)
Question pool development costs (2,594,185) (1,144,229)
Purchase of investments (32,506,739) (24,592,332)
Proceeds from sale of investments 30,389,737 23,130,094

Net cash used in investing activities (8,648,515) (3,084,443)

NET CHANGE IN CASH AND CASH EQUIVALENTS (7,300,704) 1,240,831

Cash and cash equivalents at beginning of year 45,770,040 44,529,209

Cash and cash equivalents at end of year $ 38,469,336 $ 45,770,040

Supplementary information:
In-kind contribution of examination questions $ 1,844,450 $ 1,206,050

The accompanying notes are an integral part of these consolidated financial statements.

10
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

December 31, 2023 and 2022

NOTE 1 - ORGANIZATION

International Information System Security Certification Consortium, Inc. and Subsidiaries (collectively, the
"Consortium") is a nonprofit organization organized in the state of Massachusetts. The Consortium
establishes international standards of excellence within the field of information systems security and
provides certifications to individuals in the profession. The Consortium also provides education and
professional development services through in-person and online events, certificate programs, courses,
seminars, workshops and more to provide cybersecurity professionals and their employers with the insights
needed to stay ahead of the latest issues, trends, threats and best practices.

The accompanying consolidated financial statements include the accounts of International Information
System Security Certification Consortium, Inc. ("ISC2") and its wholly-owned subsidiaries: International
Information Systems Security Certification Consortium Limited, Hong Kong ("Hong Kong Company") and
International Information Systems Security Certification Consortium Limited, United Kingdom ("UK
Company"), as well as the Center for Cyber Safety and Education (the "Center"), International Information
System Security Certification Consortium GmbH, Germany (“Germany Company”) and International
Information System Security Certification Consortium Pte Ltd. All intercompany transactions have been
eliminated. The Hong Kong, UK, Germany and Singapore Companies were organized to enable business
transactions in Hong Kong, the United Kingdom, Germany and Singapore, respectively. The Center was
established exclusively for charitable purposes.

NOTE 2 - SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES

Basis of Presentation

The accompanying consolidated financial statements have been prepared on the accrual basis and in
accordance with accounting principles generally accepted in the United States of America, which require
the Consortium report information regarding its consolidated financial position and activities based on the
existence or absence of donor-imposed restrictions. Accordingly, net assets and changes therein are
classified and reported as follows:

Net Assets Without Donor Restrictions - Net assets available for general use and not subject to donor
restrictions. The Board of Directors (the "Board") has designated a portion of net assets without donor
restrictions as an operating reserve to fund future capital investments and other long-term needs.

Net Assets With Donor Restrictions - Net assets subject to donor-imposed restrictions. Donor-imposed
restrictions are temporary in nature and will be met either by the passage of time or the accomplishment
of a purpose restriction. When a donor restriction expires, that is, when a stipulated time restriction
ends or a purpose restriction is accomplished, the net assets are reclassified as net assets without
donor restrictions and reported in the accompanying consolidated statement of activities as net assets
released from restrictions. At December 31, 2023 and 2022, net assets with donor restrictions were
$62,438 and $15,432, respectively, and were restricted for specific programs of the Center.

Cash and Cash Equivalents

The Consortium considers all short-term investments with original maturities of three months or less to be
cash equivalents.

Certification and Accounts Receivable

Certification and accounts receivable are recorded at realizable value net of an allowance for doubtful
accounts. The allowance is estimated from historical performance and projection of trends. Accounts that

11
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

are more than 120 days past due are put on credit hold. Certification and accounts receivable are written
off when deemed uncollectible. Certification and accounts receivable may be charged a fee for interest if
the account remains in a delinquent status. Interest income is recorded upon billing.

Prepaid Expenses

Prepaid expenses consist primarily of insurance premiums, software license agreements, and software
maintenance. These items are expensed pro rata over the contract period in which the Consortium receives
the benefits.

Property and Equipment

Property and equipment with an estimated life greater than one year are recorded at cost and depreciated
using the straight-line method of depreciation over the estimated useful lives of the underlying assets.
Acquisitions of property and equipment equal to or in excess of $1,000 are capitalized.

Leases

The Consortium determines if an arrangement is a lease at inception. All of the Consortium’s leases meet
the criteria for classification as operating leases. Operating leases are included in operating lease right-of-
use ("ROU") assets, and operating lease liabilities in the consolidated statement of financial position.

ROU assets represent the right to use an underlying asset for the lease term and lease liabilities represent
the Consortium's obligation to make lease payments arising from the lease. Operating lease ROU assets
and liabilities are recognized at lease commencement date based on the present value of lease payments
over the lease term. As most of the Consortium's leases do not provide an implicit rate, the Consortium has
used the incremental borrowing rate based on the information available at the commencement date in
determining the present value of lease payments. The Consortium uses the implicit rate when readily
determinable. The operating lease ROU asset excludes lease incentives. The lease terms may include
options to extend or terminate the lease when it is reasonably certain that the Consortium will exercise that
option. Rent expense for lease payments is recognized on a straight-line basis over the lease term.

Assets Limited as to Use

As of December 31, 2023 and 2022, investments include assets limited as to use representing assets held
by trustees for the Consortium's 457(b) and 457(f) deferred compensation plans as more fully described in
Note 9.

Investments

Investments consisting primarily of mutual funds and money market funds are measured at fair value based
on quoted market prices. Investments also include corporate and government bonds which are measured
at fair value based on quoted market prices in markets that may not be active. Gains and losses on fair
value adjustments are recognized on the specific identification basis, net of investment expenses.

The Consortium's deferred compensation plan investments are measured at fair value on a recurring basis
and consist primarily of mutual funds, corporate and government bonds, and money market funds.

Examination Question Pool

The examination question pool consists of costs for developing exam questions that are the basis for
certification exams. Questions are used on a statistically determined rotating basis and are updated

12
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

periodically to provide exams that are statistically unique. The question pool is being amortized on a
straight-line basis over an estimated life of three years.

Impairment or Disposal of Long-Lived Assets

The Consortium reviews long-lived assets for impairment whenever events or changes in circumstances
indicate that the carrying amount of an asset may not be recoverable. The Consortium assesses the
recoverability of the cost of the asset based on a review of projected undiscounted cash flows. In the event
an impairment loss is identified, it is recognized based on the amount by which the carrying value exceeds
the estimated fair value of the long-lived asset. The Consortium recorded a loss from impairment of exam
questions of $162,648 and $0 for the years ended December 31, 2023 and 2022, respectively.

Revenue Recognition and Operations

The Consortium derives revenue from educational services, professional examinations ("examinations" or
"exams"), and certification renewal fees ("certification").

Educational services include revenues from seminar attendance fees, annual event attendance fees, and
kit sales. The Consortium recognizes revenue for seminar attendance fees and annual event attendance
fees when the service is provided to the customer, generally over the time period of the seminar or annual
event. The Consortium has determined that over time recognition is appropriate because the customer
receives and consumes the benefit of the services ratably over the days the seminar or annual event is
held. The Consortium recognizes revenue for kit sales when the control of products has been transferred
to the customer. The Consortium has determined that a point in time recognition is appropriate because
the customer receives and consumes the benefit of the goods once control of the kit has been transferred
to the customer.

Examination revenues include examinations and exam rescheduling fees. The Consortium recognizes
examination revenue and exam rescheduling fees at a point in time when the examination has been
completed by the applicant. The Consortium has determined that a point in time recognition is appropriate
because the customer receives and consumes the benefit of the examination when the examination has
been taken by the applicant.

Certification revenue includes fees earned from renewals of memberships and professional certifications.
The Consortium recognizes certification revenue over the term of the membership. The Consortium has
determined that over time recognition is appropriate because the customer receives and consumes the
benefit of the certification over the term of the membership.

Deferred Revenue

Education service fees received in advance are deferred and recognized over the course of the training
program. Professional examination fees and rescheduling fees received from certification applicants are
deferred for revenue recognition purposes until the examination has been completed by the applicants.
Certification renewal fees covering future periods, for which payment has been received, are deferred and
recognized as revenue over the period of membership.

Contributions

All contributions are reflected in net assets without donor restrictions or in net assets with donor restrictions
based on the existence or absence of donor restrictions. Amounts received with donor-imposed restrictions
that are recorded as revenues in net assets with donor restrictions are reclassified to net assets without
donor restrictions when the time or purpose restriction has been satisfied.

13
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

Donated Services

Donated services (in-kind contributions) are recognized if the services received (a) create or enhance an
asset or (b) require specialized skills, are provided by individuals possessing those skills, and typically need
to be purchased if not provided by donation. Unless otherwise noted, contributed services do not have
donor-imposed restrictions.

For the years ended December 31, 2023 and 2022, the Consortium recognized contributed services
provided by subject matter experts for the development of exam questions totaling $1,844,450 and
$1,206,050, respectively. The value of the services and relating examination question pool assets is based
on current rates for similar services.

Advertising

The Consortium uses external advertising resources. External advertising consists of promotions,
publications, and internet advertising. The Consortium expenses advertising costs when incurred.
Advertising costs incurred during 2023 and 2022 were $7,131,850 and $5,051,752, respectively, and are
included in marketing and communications expense.

Income Taxes

The Consortium, excluding the Center, is generally exempt from U.S. income taxes under Section 501(c)(6)
of the Internal Revenue Code. The Center is generally exempt from U.S. income taxes under Section
501(c)(3) of the Internal Revenue Code. Information returns (Forms 990) are filed with the Internal Revenue
Service. The Consortium has evaluated its tax positions taken for all open tax years and does not believe
it has any uncertain income tax positions as defined by accounting principles generally accepted in the
United States of America for income taxes. The 2021, 2022 and 2023 tax years are open and subject to
examination by the Internal Revenue Service. The Consortium is not currently under audit nor has the
Consortium been contacted by the Internal Revenue Service.

Some foreign operations of the Consortium are subject to foreign income taxes. Foreign taxes are expensed
when incurred. There was no income tax expense related to United Kingdom foreign operations for the
years ended December 31, 2023 and 2022. The Consortium has net operating loss carryforwards of
approximately $5,501,190 in Hong Kong taxing jurisdictions. The Consortium operates in countries where
foreign taxes are not paid, so there may be additional foreign tax jurisdictions that may assess income taxes
to the Consortium.

Use of Estimates

The preparation of consolidated financial statements in conformity with accounting principles generally
accepted in the United States of America requires management to make estimates and assumptions that
affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the
date of the consolidated financial statements, and the reported amounts of revenues and expenses during
the reporting period. Actual results could differ from those estimates.

The most significant estimates include those used in determining the carrying value of the allowance for
doubtful accounts, amortization life of examination question pool assets, in-kind contributions, and the
foreign tax accrual. Although some variability is inherent in these estimates, management believes that the
amounts presented are adequate.

14
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

Functional Allocation of Expenses

The costs of providing the various programs and activities and supporting services have been summarized
on a functional basis in the consolidated statements of activities. The consolidated statements of functional
expenses present the natural classification detail of expenses by function. Expenses directly attributable to
a specific functional area of the Consortium are reported as direct expenses of those functional areas while
indirect costs that benefit multiple functional areas have been allocated among the functional areas based
on either time spent by employees on each functional area or based on the Consortium's square footage
analysis for all indirect occupancy-related indirect costs.

Subsequent Events

The Consortium has evaluated subsequent events through April 26, 2024, the date the consolidated
financial statements were available to be issued. The Consortium is not aware of any subsequent events
which would require recognition or disclosure in the accompanying consolidated financial statements.

NOTE 3 - LIQUIDITY AND AVAILABILITY OF RESOURCES

The Consortium regularly monitors liquidity to meet its operating needs and other contractual commitments
while also striving to maximize the investment of its available funds. The Consortium has various sources
of liquidity at its disposal, including cash and cash equivalents and marketable debt and equity securities.

For purposes of analyzing resources available to meet general expenditures over a 12-month period, the
Consortium considers all expenditures related to its ongoing program activities as well as activities
conducted to support those programs to be general expenditures. In addition to the financial assets
available to meet general expenditures over the next 12 months, the Consortium operates with a balanced
budget and anticipates collecting sufficient revenue to cover general expenditures not covered by donor-
restricted resources. Refer to the accompanying consolidated statements of cash flows which identify
sources and uses of the Consortium's cash and cash equivalents and show positive cash flows generated
from operations for the years ended December 31, 2023 and 2022.

As of December 31, 2023 and 2022, the Consortium’s financial assets available to meet cash needs for
general expenditures for the next 12 months were as follows:

2023 2022
Financial assets
Cash and cash equivalents $ 38,469,336 $ 45,770,040
Accounts, certification and other receivables, net 4,922,967 5,823,410
Investments 55,553,398 49,094,993

Total financial assets 98,945,701 100,688,443

Less amounts unavailable for general expenditure within the next

12 months due to:
Contractual or donor-imposed restrictions
Donor-restricted for specific purposes (62,438) (15,432)
Board-designations
Operating reserves (54,000,000) (45,000,000)

Financial assets available to meet cash needs for

general expenditures over the next 12 months $ 44,883,263 $ 56,673,011

15
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

NOTE 4 - PROPERTY AND EQUIPMENT

Property and equipment and estimated useful lives consist of the following at December 31:

Estimated
2023 2022 Useful Lives

Computer equipment and software $ 4,256,230 $ 2,491,319 3-5 years

Office equipment 429,093 477,037 3 years
Website 604,527 604,527 3 years
Furniture and fixtures 423,250 497,773 7-10 years
Leasehold improvements 1,197,523 1,002,613 7 years

6,910,623 5,073,269

Less accumulated depreciation (3,297,555) (4,647,517)

Construction in process 1,539,242 2,092,387

$ 5,152,310 $ 2,518,139

Depreciation expense for the years ended December 31, 2023 and 2022 was $1,315,872 and $621,064,
respectively.

NOTE 5 - INVESTMENTS AND FAIR VALUE MEASUREMENTS

The Consortium records fair value measurements according to accounting principles generally accepted in
the United States of America, which define fair value and specify a hierarchy of valuation techniques. The
disclosure of fair value estimates in the hierarchy is based on whether the significant inputs into the
valuation are observable. In determining the level of hierarchy in which the estimate is disclosed, the highest
priority is given to unadjusted quoted prices in active markets and the lowest priority to unobservable inputs
that reflect the Consortium's significant market assumptions. The Consortium measures investments at fair
value on a recurring basis.

The following is a brief description of the types of valuation information (inputs) that qualify a financial asset
for each level:

Level 1 - Unadjusted quoted market prices for identical assets or liabilities in active markets which are
accessible by the Consortium.

Level 2 - Observable prices in active markets for similar assets or liabilities, prices for identical or
similar assets or liabilities in markets that are not active, market inputs that are not directly
observable but are derived from or corroborated by observable market data.

Level 3 - Unobservable inputs based on the Consortium's own judgment as to assumptions a market
participant would use, including inputs derived from extrapolation and interpolation that are
not corroborated by observable market data.

16
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

Financial assets classified as Level 1 in the fair value hierarchy include mutual funds and money market
funds in 2023 and 2022. These investments are traded on a daily basis in active markets and the
Consortium estimates the fair value of these securities using unadjusted quoted market prices.

Corporate and government bonds are recorded as Level 2 in the hierarchy. The valuation of these bonds
is based on quoted market prices in inactive markets.

A review of fair value hierarchy classification is conducted on an annual basis. Changes in the observability
of valuation inputs may result in a reclassification of levels for certain securities within the fair value
hierarchy.

The Consortium evaluates the various types of financial assets to determine the appropriate fair value
hierarchy classification based upon trading activity and the observability of market inputs. The Consortium
employs control processes to validate the reasonableness of the fair value estimates of its assets and
liabilities, including those estimates based on prices and quotes obtained from independent third-party
sources.

The following table sets forth by level, within the fair value hierarchy, the Consortium’s assets at fair value
as of December 31, 2023 and 2022:

Fair Value Measurements at December 31, 2023

Significant
Other
Assets Observable Observable
Measured at Inputs Inputs
Description Fair Value (Level 1) (Level 2)

Mutual funds
Mid cap $ 75,900 $ 75,900 $ -
Small cap 2,819 2,819 -
Large cap 131,827 131,827 -
Stock index 3,347,305 3,347,305 -
Emerging markets 2,669,670 2,669,670 -
International 6,624,715 6,624,715 -
Equities - ETF 32,945,480 32,945,480 -
Real estate 1,068,847 1,068,847 -
Corporate bonds 6,015,520 - 6,015,520
Government bonds 2,052,873 - 2,052,873
Money market funds 618,442 618,442 -

$ 55,553,398 $ 47,485,005 $ 8,068,393

17
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

Fair Value Measurements at December 31, 2022

Significant
Other
Assets Observable Observable
Measured at Inputs Inputs
Description Fair Value (Level 1) (Level 2)

Mutual funds
Mid cap $ 52,646 $ 52,646 $ -
Small cap 1,166 1,293 -
Large cap 90,262 90,262 -
Stock index 9,235,604 9,235,477 -
Emerging markets 1,886,744 1,886,744 -
International 468,913 468,913 -
Equities - ETF 1,959,114 1,959,114 -
Real estate 7,356,942 7,356,942 -
Corporate bonds 3,380,156 3,380,156 -
Government bonds 898,454 898,454 -
Money market funds 12,659,779 - 12,659,779

$ 49,094,993 $ 27,814,374 $ 21,280,619

NOTE 6 - CONCENTRATIONS

Credit Risk

The Consortium maintains cash balances at various banking institutions. The accounts are insured by the
Federal Deposit Insurance Corporation ("FDIC") up to $250,000. Cash balances in banks in excess of FDIC
insured limits were approximately $38.2 million at December 31, 2023 and $45.5 million at December 31,
2022. These funds could be subject to loss if the financial institutions were to fail. Management believes
the financial institutions are financially stable and that the funds are secure.

The functional currency of the majority of the Consortium's operations is the U.S. dollar; however, there are
a number of transactions for which the Consortium is paid in foreign currency (British pounds or Euro).

18
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

The Consortium has included the following in cash and cash equivalents and accounts receivable,
respectively at December 31:

2023
Foreign Exchange U.S.
Currency Rate Dollars

Cash
Funds in British pounds £ 746,585 1.27 $ 948,238
Funds in Euro € 173,822 1.10 191,867

Accounts receivable
Funds in British pounds £ 134,441 1.27 170,754
Funds in Euro € 336,841 1.10 371,805

$ 1,682,664

2022
Foreign Exchange U.S.
Currency Rate Dollars

Cash
Funds in British pounds £ 348,702 1.21 $ 421,929
Funds in Euro € 349,208 1.06 370,160

Accounts receivable
Funds in British pounds £ 177,512 1.21 214,790
Funds in Euro € 128,625 1.06 136,343

$ 1,143,222

Cash and receivables have been adjusted to reflect the current exchange rate of the U.S. dollar at
December 31, 2023 and 2022. A risk of change in foreign currency rates will remain until the cash is
converted to U.S. dollars or receivables are settled. This risk is not considered material to the Consortium's
overall consolidated financial statements. Gains and losses that result from remeasurement are included
in operating support and revenue within the accompanying consolidated statements of activities. The effects
from foreign currency translation were losses of $52,950 and $182,194 during 2023 and 2022, respectively.

Accounts receivable at December 31, 2023 include approximately $1,107,489 of receivables due from one
significant customer.

Accounts receivable at December 31, 2022 include approximately $822,000 of receivables due from one
significant customer.

Vendors

During 2023 and 2022, the Consortium utilized one vendor for a significant portion of operations related to
test delivery. During 2023 and 2022, the Consortium paid this vendor approximately $13.9 million and
$7.9 million, respectively. Approximately $1,244,000 and $1,339,000 was payable to this vendor as of
December 31, 2023 and 2022, respectively.

19
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

NOTE 7 - VALUED-ADDED TAXES

The Consortium has recorded a liability for value-added tax for services sold in foreign countries. The bulk
of services are sold through independent training partners, which insulate the Consortium from value-added
tax exposure. However, there is a portion of services provided that are not provided through independent
training partners and an accrual has been recorded as an estimate of tax exposure in these foreign
countries. There may be additional foreign tax jurisdictions that may assess taxes to the Consortium.

In areas where the Consortium collects and remits tax, revenues are recorded net of tax.

The tax accrual for value added taxes at December 31 is as follows:

2023 2022

United Kingdom value-added tax $ 188,589 $ 175,801

Other unidentified foreign taxes 1,200,000 900,000

$ 1,388,589 $ 1,075,801

As the Consortium continues to expand and to administer examinations and provide training in foreign
countries, there will be tax exposure to the Consortium. Management is in a continual process of evaluating
that exposure and has set aside a reserve of approximately $1,200,000 and $900,000 for unidentified tax
liability at December 31, 2023 and 2022, respectively. While the Consortium believes that this reserve is
sufficient to cover unidentified tax liabilities as of December 31, 2023 and 2022, there is the potential for
additional unrecognized tax consequences.

NOTE 8 - 401(K) RETIREMENT PLAN

The Consortium sponsors a 401(k) retirement plan covering substantially all employees meeting certain
service requirements. The Consortium makes discretionary safe harbor contributions which vest
immediately. Contributions to the plan were $1,118,482 and $906,264 for the years ended December 31,
2023 and 2022, respectively.

NOTE 9 - 457 NON-QUALIFIED DEFERRED COMPENSATION PLANS

Effective November 15, 2015, the Consortium adopted a non-qualified Deferred Compensation Benefit
Plan, as described in Section 457(b) of the Internal Revenue Code, for key management employees
designated by the Board of Directors and Chief Executive Officer. The 457(b) plan operates on a calendar-
year basis, whereby the participants are eligible to make contributions to the accounts up to a maximum
amount mandated by the Internal Revenue Code. The funds set aside for the 457(b) plan remain assets of
the Consortium, and are available to satisfy the claims of all general creditors of the Consortium until such
time as the participant withdraws the funds in accordance with plan provisions.

Effective June 1, 2021, the Consortium adopted a non-qualified Deferred Compensation Benefit Plan, as
described in Section 457(f) of the Internal Revenue Code, for key managerial and highly compensated
employees. For the 457(f) plan, an annual discretionary contribution is made on the participants' behalf
under Code Section 457(f). The amount is maintained on the Consortium's books in a designated account
and will remain the sole property of the Consortium and is available to satisfy the claims of all general
creditors of the Consortium. The participants shall have a fully vested, nonforfeitable interest in their

20
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

deferred compensation if the Consortium dissolves or if the participant (1) dies; (2) becomes disabled; or
(3) is terminated from employment for reasons other than for cause.

As of December 31, 2023, the assets and corresponding liabilities of the 457(b) and 457(f) plans in the
amount of $434,583 and $563,678, respectively, are recorded in investments and deferred compensation
in the accompanying consolidated statement of financial position. As of December 31, 2022, the assets and
corresponding liabilities of the 457(b) and 457(f) plans in the amount of $278,305 and $223,461,
respectively, are recorded in investments and deferred compensation in the accompanying consolidated
statement of financial position.

NOTE 10 - OPERATING LEASES

The Consortium has one lease for office space that expires November 2034. Lease extension and
termination options have not been included in the operating lease liability calculation as the Consortium
does not consider it to be reasonably certain that those options will be exercised. The lease does not include
any restrictions or covenants. The Consortium accounts for lease and non-lease components as a single
lease component and as such, there may be variability in future lease payments as the amount of non-
lease components is typically revised from one period to the next. These variable lease payments, which
are primarily comprised of common area maintenance, utilities and real estate taxes that are passed on
from the lessor in proportion to the space leased, are not included in the recognition of ROU assets and
related lease liabilities. These variable lease payments are recognized in the period in which the obligation
for those payments was incurred.

Lease expense was comprised of the following for 2023 and 2022:

2023 2022
Lease costs
Operating lease costs $ 975,394 $ 1,286,566
Short-term lease costs 71,658 120,685
Variable lease costs 79,300 167,633

$ 1,126,352 $ 1,574,884

Weighted average remaining lease term on operating leases at December 31, 2023 was 10 years.
Weighted average discount rate on operating leases at December 31, 2023 was 5.5% and was determined
by reference to the Consortium’s incremental borrowing rate.

21
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

Maturities of operating lease liabilities are as follows:

Year Ending December 31,

2024 $ (25,803)
2025 519,666
2026 532,658
2027 545,974
2028 559,624
Thereafter 3,609,571

Total lease payments 5,741,690

Less: imputed interest (1,593,089)

Present value of operating lease liabilities 4,148,601

Less: current portion of operating lease liabilities 340,765

Operating lease liabilities, less current portion $ 3,807,826

Additional information about the Consortium’s leases is as follows:

2023 2022

Cash paid for amounts included in measurement of operating

lease liabilities $ 761,805 $ 1,340,155

Operating lease ROU asset obtained in exchange for lease

obligations $ - $ 2,285,049

The Consortium also has lease agreements for various office equipment and office space that are payable
on month-to-month terms.

NOTE 11 - FUTURE AMORTIZATION OF INTANGIBLE ASSETS

Intangible assets at December 31, 2023 consist of examination question pool costs. The estimated future
amortization expense for these intangible assets is as follows:

Year Ending December 31,

2024 $ 2,559,514
2025 1,980,343
2026 1,004,409

$ 5,544,266

22
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - CONTINUED

December 31, 2023 and 2022

NOTE 12 - CONTINGENCIES

From time to time the Consortium is involved in legal matters that arise in the ordinary course of business.
Management does not believe that the ultimate resolution of these matters will have a material impact on
the Consortium's consolidated financial position or change in net assets.

23
SUPPLEMENTAL SCHEDULE
 International Information System Security Certification
Consortium, Inc. and Subsidiaries

CONSOLIDATING SCHEDULE OF ACTIVITIES

Year ended December 31, 2023

Consortium Center Eliminations Total

Changes in net assets without donor restrictions

Operating support and revenue
Educational services $ 25,178,051 $ - $ - $ 25,178,051
Professional examinations 32,264,391 - - 32,264,391
Certification renewal fees 24,187,424 - - 24,187,424
In-kind contributions 1,844,450 - - 1,844,450
Contributions - 881,189 (600,000) 281,189
Investment return designated for current operations 1,620,508 - - 1,620,508
Other revenue 427,838 - - 427,838
Foreign currency exchange loss (52,950) - - (52,950)

Total operating support and revenue 85,469,712 881,189 (600,000) 85,750,901

Operating expenses
Program services
Certification programs 50,470,318 - - 50,470,318
Scholarship programs - 314,267 - 314,267
Safe and Secure program - 132,460 - 132,460
1MCC program - 40,194 - 40,194
Outreach program - 127,818 - 127,818
Supporting services
Administrative 44,260,379 113,153 - 44,373,532
Fundraising - 164,997 - 164,997

Total operating expenses 94,730,697 892,889 - 95,623,586

Change in net assets without donor restrictions

from operations (9,260,985) (11,700) (600,000) (9,872,685)

Other changes
Investment return (loss) in excess of (deficient to fund)
amounts designated for current operations 4,341,403 - - 4,341,403

Change in net assets without donor restrictions (4,919,582) (11,700) (600,000) (5,531,282)

Change in net assets with donor restrictions

Contributions - 47,006 - 47,006

Change in net assets with donor restrictions - 47,006 - 47,006

CHANGE IN NET ASSETS (4,919,582) 35,306 (600,000) (5,484,276)

Net assets at beginning of year 72,561,579 205,768 - 72,767,347

Net assets at end of year $ 67,641,997 $ 241,074 $ (600,000) $ 67,283,071

This schedule should be read in conjunction with the Report of Independent Certified Public Accountants and the accompanying consolidated
financial statements and notes thereto.

25
 +++++++++ +++++++++
+++++++++ ++++++++++++++++++

© 2024 ISC2, Inc.

All rights reserved. 26