Top of Page
 

(ISC)² Code Of Ethics

Code

All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all (ISC)² members are required to commit to fully support this Code of Ethics (the "Code"). (ISC)² members who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. (ISC)² members are obligated to follow the ethics complaint procedure upon observing any action by an (ISC)² member that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon IV.

There are only four mandatory canons in the Code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.

Code of Ethics Preamble:

  • The safety and welfare of society and the common good, duty to our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
  • Therefore, strict adherence to this Code is a condition of certification.

Code of Ethics Canons:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principals.
  • Advance and protect the profession.

Ethics Complaint Procedures

  • Preamble Preamble
    (ISC)² members are professionals and are expected to behave in an ethical manner. They are expected to make difficult ethical decisions and to support one another in doing so. While the board recognizes its obligation to provide the certificate holder with guidance on making ethical decisions, it does not expect to supervise or judge professionals in making these difficult decisions. The board recognizes its responsibility to maintain the integrity of the certification. It accepts that, from time to time, the good of the profession may require it to disassociate the profession from egregious behavior on the part of a particular certificate holder. It intends to deal with necessary complaints in a timely manner. This document describes the procedure to be used when complaints are necessary. By publishing these procedures, the board does not expect, invite, solicit, or encourage such complaints. The use of these procedures is for the sole purpose of protecting the reputation of the profession. They are not intended to be used to coerce or punish certificate holders.
  • Confidentiality Confidentiality
    The board and its agents undertake to keep the identity of the complainant and respondent in any complaint confidential from the general public. While disclosure of the identity of the complainant will be avoided where possible, upon filing a complaint, the complainant implies consent to disclose his identity to the respondent, where the board or its agents deem it necessary for due process. Actions of the board may be published at its discretion. Parties are encouraged to maintain confidentiality and certificate holders are reminded of their obligation to protect the profession.
  • Specificity of Complaints Specificity of Complaints
    The committee will consider only complaints that specify the canon of our (ISC)² Code of Ethics that has been violated. If you are unsure of the canon violated, file the complaint to the best of your ability or contact the Ethics Committee contact listed at the end of these procedures.
  • Professional Conduct (Ethics) Committee Professional Conduct (Ethics) Committee
    The Professional Conduct (Ethics) Committee is a standing committee to assist (ISC)² in the review of allegations of ethical misconduct of (ISC)² members. It is established to oversee the application of the (ISC)² Code of Ethics as it relates to exam candidate eligibility, deliver recommendations concerning the enforcement of the (ISC)² Code of Ethics, and periodically review and recommend revisions to the Code. Learn more about the Professional Conduct (Ethics) Committee.
  • Standing of Complainant Standing of Complainant
    Complaints will be accepted only from those who claim to be injured by the alleged behavior. While any member of the public may complain about a breach of Canons I or II, only principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.
  • Form of Complaints Form of Complaints

    All complaints must be in writing. The committee is not an investigative body and does not have investigative resources. Only information submitted in writing will be considered. Two copies must be submitted. One in written form and the other in PDF.

    Complaints must be in the form of a sworn affidavit. The committee will not consider allegations in any other form.. - Download an Ethics Complaint Affidavit Form

    Complaints should be sufficiently complete to enable the board to reach an appropriate judgment. At a minimum, the affidavit should specify the respondent, the behavior complained of, the canon breached, the standing of the complainant, and any corroborating evidence.

    Neither the board nor its committee is an investigative body and neither has the authority to compel testimony. We can consider only evidence submitted to us voluntarily. There may be many cases where this evidence is not sufficient to support any action. We can proceed only where a prima facie case is made. Where no such case is made, the committee will close the complaint without prejudice to either party.

  • Committee Procedures Committee Procedures
    Where a prima facie case has been made, the Ethics Committee will review and tender a recommendation to the board.
  • Rights of Respondents Rights of Respondents
    Respondents to complaints are entitled to timely notification of complaints. It is the intent of the board and its agents to notify the respondent within thirty days from receipt of the complaint. The respondent is entitled to see all complaints, evidence, and other documents. The respondent will have thirty days from accepting and acknowledging delivery to submit information in defense, explanation, rebuttal, extenuation, or mitigation. As with the complaint, in order to be considered this information must be in the form of a sworn affidavit. As in the law, silence implies consent. That is, to the extent that the respondent is silent, the committee may assume that he does not dispute the allegations. The committee may grant necessary extensions of time to the respondent upon request.
  • Disagreement on the Facts Disagreement on the Facts
    Where there is disagreement between the parties over the facts alleged, the Ethics Committee, at its sole discretion, may invite additional corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to resolve such dispute. The committee is not under any obligation to make a finding where the facts remain in dispute between the parties. Where the committee is not able to reach a conclusion on the facts, the benefit of all doubt goes to the respondent. That is to say, where the respondent disputes the facts alleged, then the burden of proof is on the complainant.
  • Findings and Recommendations Findings and Recommendations
    The Ethics Committee will submit findings and recommendations for action to the board. In reaching its findings, the committee will consider any published guidance that has been given to certificate holders. In reaching its recommendations, the committee will prefer the most limited and conservative action consistent with its findings.
  • Notification and Right of Comment Notification and Right of Comment
    The Ethics Committee will notify the parties of its recommendation prior to any board action. Parties have 14 days submit a response or comments on the recommendations for consideration by the board.
  • Disciplinary Action Disciplinary Action
    Discipline of certificate holders is at the sole discretion of the board. Decisions of the board are final.
  • Final Disposition Final Disposition

    Parties will be notified of the final disposition within thirty days of board action. All complaints should comply with the procedure stated and be mailed to the following address:

    Ethics Complaint
    (ISC)²
    Attn: Legal - Ethics Complaint
    625 N Washington Street, Suite 400
    Alexandria, VA 22314

    Questions should be directed to: legal@isc2.org

Ok