Code of Ethics & Professional Conduct

Mission

We strive to be the reference standard for information risk advisory services 

Canons

  • Act honorably, honestly, justly, responsibly, and legally
  • Provide diligent and competent service in all engagements
  • Advance and protect the profession and the company

Core Competencies

  • Information risk analysis, auditing, implementation and related executive advisory
  • Business education and corporate information security awareness
  • Information privacy and business continuity

Objectives

In arriving at the following guidance, Knowledgeflow Cybersafety Foundation is mindful of its responsibility to:

  • Engage in positive and just practices
  • Research, Teach, Identify and mentor new employees

Discourage behavior such as:

  • Raising unnecessary alarm, fear, uncertainty, or doubt
  • Giving unwarranted comfort or reassurance
  • Consenting to bad practice
  • Attaching weak systems to the public net
  • Associating or appearing to associate with criminals or criminal behavior

These objectives and the following mandates are provided for information only. Although Knowledgeflow Cybersafety Foundation is not legally required to agree with them, the company intensely strives to comply with each one in all situations.

Mandates

The Code of Ethics of the International Information Systems Security Certification Consortium drives the mandates of every Knowledgeflow Cybersafety Foundation Risk Advisor to: 

  • Promote and preserve public trust and confidence in information and systems
  • Promote the understanding and acceptance of prudent information security measures
  • Preserve and strengthen the integrity of the public infrastructure
  • Discourage unsafe and unethical practices
  • Tell the truth; make all stakeholders aware of our actions on a timely basis
  • Observe all contracts and agreements, express or implied
  • Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort
  • Take care to be truthful, objective, cautious, and within our competence
  • Provide diligent and competent service to principals
  • Preserve the value of client systems, applications, and information
  • Respect client trust and the privileges that they grant us
  • Avoid conflicts of interest or the appearance thereof
  • Advance and protect the profession
  • Take care not to injure the reputation of other professionals through malice or indifference
  • Avoid professional association with those whose practices or reputation might diminish the profession

Conduct

The Code of Conduct of the Institute of Electrical and Electronics Engineers inspired the core values of professional conduct every Risk Advisor adheres to: 

  • Accept responsibility for making decisions consistent with the safety, security, and privacy of client information assets
  • Avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist
  • Be honest and realistic in stating claims or estimates based on available data
  • Reject bribery, intimidation and fraud in all its forms;  
  • Improve the understanding of information risk management, data protection & related compliance, their applications & potential consequences
  • Maintain and improve our professional competence and undertake  tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations
  • Seek, accept, and offer honest criticism of professional  work, to acknowledge and correct errors, and to credit properly the contributions of others
  • Treat fairly all parties and not engage in acts of discrimination, intimidation, retaliation, illegal surveillance or unethical conduct
  • Avoid injuring others, their property, reputation, or employment by false or malicious action
  • Assist colleagues and co-workers in their professional development and support them in following the Knowledgeflow Cybersafety Foundation code of ethics.

Links