The International Organization for Secure Commerce is first and foremost a professional association.  All of our activities are designed to support, educate and certify professionals with an interest in secure commerce.  The board of directors and all of our committees are made up of individual members who work in a field related to secure commerce.  The majority of our financial support comes from membership dues paid by individuals, with the balance coming from administrative and licensing fees from the education and certification program.  We are very clear on our role as the premier organization for establishing secure commerce standards, providing education, and certifying professionals.

As a not-for-profit professional organization the IOSC maintains our independent from undue influence by any individual, company or other organization.  We do this by not accepting corporate memberships or sponsorships of the organization.  While we may permit companies including vendors in the secure commerce field to sponsor portions of IOSC events, all operational expenses of the organization are paid through membership, licensing and administrative fees.  Details on the financial arrangements for any event sponsorships, as well as all other IOSC financial reports, are available to all members.

There are three primary stakeholders in the IOSC business model; The IOSC organization, secure commerce clients, and authorized providers. Additional stakeholders include the community at large, the clients and vendors of our primary stakeholders, and law enforcement and regulatory agencies at all levels.

The IOSC serves as the common factor between the service provider and the client.  The IOSC trains, certifies and audits authorized providers (AP's) to insure they meet the high standards established for official IOSC training and facility audits.  When a client organization or individual applies for certification or other recognition, the IOSC verifies that all appropriate requirements have been met and then issues the certification.  The IOSC provides qualified personnel to train and certify AP's, but does not provide service directly to the client.

The authorized provider (AP) supplies education or audit services to individuals or organizations seeking IOSC training or certification.  The AP maintains a staff with the proper certifications, follows IOSC procedural and ethical guidelines, and reports the results of all activity to the IOSC.  Rates for training and audit services are set by each individual AP, not by the IOSC.

A client is any person or organization that uses IOSC standards and training, or that seeks certification under the professional or facility certification program.  Each client is free to select any authorized provider to provide training or audit services (not all AP's are authorized for all services).  When qualified, the client may apply to the IOSC for certification under the appropriate program. The client is also encouraged to provide feedback on the level and quality of service provided by the AP, as well as on the IOSC program as a whole.