Code of Conduct

Introduction

SECO-Institute is proud of its students and alumni, just as we hope that they are proud to be a member of the SECO community. We feel it should be considered a privilege to be part of this family of Information Security, Data Protection, Business Continuity, Crisis Management, Ethical Hacking, and Secure Programming professionals. But with this privilege also comes responsibility.

This code of conduct describes in plain language what we expect of members of the SECO community. It lists the principles and behaviour SECO-Institute, your fellow members of the SECO community, and the global community of security and continuity professionals in general, consider the tenets of “good” and ethical conduct and that you are expected to respect and abide by.

We feel that your fellow members of the SECO community, and anyone that works with you or relies on you, should aways and without hesitation be able to assume such conduct of you. For that reason we have made this code of conduct an integral part of the rules of membership. In other words: to be a member of the SECO community you will have to honour this code of conduct.

SECO-Institute fully recognises it has no jurisdiction outside its own community, and therefore cannot enforce, or even expect to enforce, this code of conduct outside of the SECO community. However, there is no place in the SECO community for anyone that does not feel bound by its principles and rules, or knowingly violates them. If we are made aware of such behaviour, and the person concerned cannot explain it in a satisfactory manner, we will revoke their membership and any certifications they hold. In such cases the matter will be brought before representatives of SECO-Institute and possibly a group of peers from the SECO community to judge. When this happens the person in question will be offered the possibility to explain themselves before the committee, because there can always be circumstances that leave someone no realistic choice, but any judgement of the committee will be final and cannot be appealed.

Members of the SECO community recognise that there can always be circumstances that ask for an update of this code of conduct. In such cases SECO will actively try to let the SECO community know about the changes, but ultimately it is each member’s own responsibility to be aware of and abide by the latest version of this code of conduct.

Principles to guide your decisions and actions

Not everything can be captured in a fixed set of rules. Therefore it is important to have some guiding principles you should apply to situations that are not immediately clear.

  • Do you know enough about a particular situation to be a fair judge? If not, be honest about it and let the other parties know.
  • If you have agreed to do or not do something (both implicitly and explicitly), then honour your part of the agreement.
  • If you cannot uphold your part of the agreement without violating that agreement or without acting against the law, then let the parties involved know as soon as you can.
  • If you give advice, do so using information that to the best of your knowledge is correct, up-to-date, and complete. If you have any doubt concerning any of these, then let the other parties know.
  • If you give advice, always include all relevant factors, even if they are disagreeable to your point of view. Also, be clear about the limitations of your advice.
  • Be a dependable partner by always telling the truth, being transparent where possible, delivering as promised, and communicating timely about circumstances that prevent you from doing so.
  • Be objective when resolving a conflict of interest, a conflict between parties, or any other difficult situation that requires you to make a judgement.
  • If it is expected of you to do or not do something that clearly goes against the law or the ethical principles of yourself, society in general, or this code of conduct, then consult a more senior person that can help you make the proper decision and provide backing to support that decision. It might also be wise to seek legal advice in such cases.

Behaviour to display

What you do dictates how people see you as a professional and how they perceive the SECO community you represent. Therefore, when performing tasks, giving advice, or interacting in any other way with people or assets, these are the rules you should apply to your behaviour:

  • Always try to earn respect and trust by actively “doing what is right”.
  • Only perform tasks or give advice when you are confident you are qualified to do so.
  • Always make it known when you end up in a situation where a possible conflict of interests might occur.
  • Never break the trust people have put in you by disclosing sensitive or confidential personal or organisational information without their consent.
  • Do not intentionally expose people or organisations to risk that might harm their assets, data, processes, interests, or reputation, unless explicitly asked to by those involved.
  • Always try to prevent damage to assets, data, processes, people, or reputations, where appropriate.
  • Make sure your knowledge and skills are maintained and up-to-date.
  • Where appropriate, share you knowledge and skills freely, so that others can benefit from your endeavours.
  • Always try to be a stabilising factor in your environment that people can turn to for guidance and support in your fields of expertise.
  • Always try to improve the performance of the people and processes you are involved with by actively helping to improve them where you can, unless that would be inappropriate.
  • Promote the security and continuity posture of people and organisations by making them aware of deficiencies in the security or dependability of their assets, processes or behaviour when you learn about any such short comings, unless this would expose you to unreasonable personal or legal risks.
  • If you are acting without prior consent only do so when your actions are legal and ethical. In such cases also make sure you can demonstrate that your actions were for the benefit of the parties involved or the constituents of these parties, and that your actions were strictly limited to what was needed to protect their interests or make them aware of deficiencies in their infrastructure, systems, processes or procedures.
  • If circumstances allow it, be an active member of the SECO community that other members can rely upon and turn to with their questions.