ISC2 Code of Ethics

Report Exam and Test Center Fraud

Code

All information security professionals who are certified by ISC2 recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all ISC2 members are required to commit to fully support this Code of Ethics (the "Code"). ISC2 members who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. ISC2 members are obligated to follow the ethics complaint procedure upon observing any action by an ISC2 member that breaches the Code. Failure to do so may be considered a breach of the Code pursuant to Canon IV.

There are only four mandatory canons in the Code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.

Code of Ethics Preamble:

The safety and welfare of society and the common good, duty to our principals, and duty to each other, require that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
Therefore, strict adherence to this Code is a condition of certification.

Code of Ethics Canons:

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.

Ethical Complaint Procedures

ISC2 members are professionals and are expected to behave in an ethical manner. They are expected to make difficult ethical decisions and to support one another in doing so. While the board recognizes its obligation to provide the certificate holder with guidance on making ethical decisions, it does not expect to supervise or judge professionals in making these difficult decisions. The board recognizes its responsibility to maintain the integrity of the certification. It accepts that, from time to time, the good of the profession may require it to disassociate the profession from egregious behavior on the part of a particular certificate holder. It intends to deal with necessary complaints in a timely manner. This document describes the procedure to be used when complaints are necessary. By publishing these procedures, the board does not expect, invite, solicit, or encourage such complaints. The use of these procedures is for the sole purpose of protecting the reputation of the profession. They are not intended to be used to coerce or punish certificate holders.

The board and its agents undertake to keep the identity of the complainant and respondent in any complaint confidential from the general public. While disclosure of the identity of the complainant will be avoided where possible, upon filing a complaint, the complainant implies consent to disclose his identity to the respondent, where the board or its agents deem it necessary for due process. Actions of the board may be published at its discretion. Parties are encouraged to maintain confidentiality and certificate holders are reminded of their obligation to protect the profession.

The committee will consider only complaints that specify the canon of our ISC2 Code of Ethics that has been violated. If you are unsure of the canon violated, file the complaint to the best of your ability or contact the Ethics Committee contact listed at the end of these procedures.

The Professional Conduct (Ethics) Committee is a standing committee to assist ISC2 in the review of allegations of ethical misconduct of ISC2 members. It is established to oversee the application of the ISC2 Code of Ethics as it relates to exam candidate eligibility, deliver recommendations concerning the enforcement of the ISC2 Code of Ethics, and periodically review and recommend revisions to the Code. Learn more about the Professional Conduct (Ethics) Committee.

Complaints will be accepted only from those who claim to be injured by the alleged behavior. While any member of the public may complain about a breach of Canons I or II, only principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.

All complaints must be in writing. The committee is not an investigative body and does not have investigative resources. Only information submitted in writing will be considered. Two copies must be submitted. One in written form and the other in PDF.

Complaints must be in the form of a sworn affidavit. The committee will not consider allegations in any other form. - Download an Ethics Complaint Affidavit Form

Complaints should be sufficiently complete to enable the board to reach an appropriate judgment. At a minimum, the affidavit should specify the respondent, the behavior complained of, the canon breached, the standing of the complainant, and any corroborating evidence.

Neither the board nor its committee is an investigative body and neither has the authority to compel testimony. We can consider only evidence submitted to us voluntarily. There may be many cases where this evidence is not sufficient to support any action. We can proceed only where a prima facie case is made. Where no such case is made, the committee will close the complaint without prejudice to either party.

Where a prima facie case has been made, the Ethics Committee will review and tender a recommendation to the board.

Respondents to complaints are entitled to timely notification of complaints. It is the intent of the board and its agents to notify the respondent within thirty days from receipt of the complaint. The respondent is entitled to see all complaints, evidence, and other documents. The respondent will have thirty days from accepting and acknowledging delivery to submit information in defense, explanation, rebuttal, extenuation, or mitigation. As with the complaint, in order to be considered this information must be in the form of a sworn affidavit. As in the law, silence implies consent. That is, to the extent that the respondent is silent, the committee may assume that he does not dispute the allegations. The committee may grant necessary extensions of time to the respondent upon request.

Where there is disagreement between the parties over the facts alleged, the Ethics Committee, at its sole discretion, may invite additional corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to resolve such dispute. The committee is not under any obligation to make a finding where the facts remain in dispute between the parties. Where the committee is not able to reach a conclusion on the facts, the benefit of all doubt goes to the respondent. That is to say, where the respondent disputes the facts alleged, then the burden of proof is on the complainant.

The Ethics Committee will submit findings and recommendations for action to the board. In reaching its findings, the committee will consider any published guidance that has been given to certificate holders. In reaching its recommendations, the committee will prefer the most limited and conservative action consistent with its findings.

The Ethics Committee will notify the parties of its recommendation prior to any board action. Parties have 14 days submit a response or comments on the recommendations for consideration by the board.

Discipline of certificate holders is at the sole discretion of the board. Decisions of the board are final.

Parties will be notified of the final disposition within thirty days of board action. All complaints should comply with the procedure stated and be mailed to the following address:

Ethics Complaint
ISC2
Attn: Legal - Ethics Complaint
625 N Washington Street, Suite 400
Alexandria, VA 22314

Questions should be directed to: legal@isc2.org

ISC2 Code of Ethics

Ethical Complaint Procedures

Loading component...

Ethical Complaint Procedures