Code of Ethics and Professional Conduct

All Qualified professionals who are certified by the SUT recognize that such certification is a privilege that must be both earned and maintained. In support f this principle, all SUT Qualified professionals are required to commit to fully support the Code of Ethics and Professional Conduct (COEPC). Qualified professionals who intentionally or knowingly violate any provision of the COEPC will be subject to action by a peer review panel, which may result in the revocation of certification.

In order to maintain their certification, all certified and registered professionals will be required to successfully comply with all rules and requirements for conduct in an ethical manner, as outlined in the Code of Ethics and Professional Conduct. All SUT certified individuals must agree to comply with the SUT Certificant Code of Ethics and Professional Conduct as outlined below:

•  I will conduct my business and/or professional activities with honesty and integrity.
•  I will represent my certifications and qualifications honestly and provide only those services for which I am qualified to perform.
•  I will strive to maintain and improve my professional knowledge and competence through regular self-assessments and continuing education /hands-on training.
•  I will act in a manner free of bias and discrimination against clients or customers.
•  I will maintain the privacy of individuals and confidentiality of information obtained in the course of my duties unless disclosure is required by legal authority.
•  I will follow all certification policies, procedures, guidelines and requirements of SUT.

Code of Ethics

All qualified cybersecurity professionals who are qualified by SUT recognize that such qualification is a privilege that must be earned, validated and maintained. In support of this principle, all SUT members are required to commit to fully support this Code of Ethics and Professional Conduct (the "Code"). SUT qualified credential holders who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of qualification. A Certificate candidate is obligated to follow the ethics complaint procedure upon observing any action by a SUT qualification holder that breaches the Code. Failure to do so may be considered a breach of the Code.

Before SUTgrants certification under any of its Q/ISP certification programs, candidates must agree and communicate in writing that they agree to the terms and conditions of the Certification Agreement. This document is part of exam registration application package located on the Testrac SUT registration website.

There are 3 mandatory guidelines in the Code. By necessity, high-level guidance is not a substitute for the ethical judgment of the Qualified Cybersecurity Professional.

Guidance is provided for the Code and is intended to help IS, IA and Cybersecurity Professionals identify and resolve any ethical dilemmas they confront during the normal course of their Q/ISP Qualified/Information Security Profession and cybersecurity career.

Code of Ethics Preamble:

To each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Strict adherence to this Code is a condition of Qualification.

Code of Ethics Guideline:

• Protect society, the commonwealth, and the infrastructure.
• Act honorably, justly, honestly, legally and responsibly.
• Provide diligent and competent service to principals.
• Advance and protect the profession.
• Compliance with the preamble and guidelines is mandatory. If conflicts arise they should be resolved and are not intended to create ethical binds.

Guideline 1: Act honorably, responsibly, and legally

• Tell the truth.
• Observe all contracts and agreements, express or implied.
• Treat all members fairly.
• Take care to be truthful, objective, cautious, and within your competence. Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort.

Guideline 2: Provide diligent and qualified services

• Preserve the value of their systems, applications, and information.
• Respect their trust and the privileges that they grant you.
• Avoid conflicts of interest or the appearance thereof.
• Work on systems for which you are fully qualified and validated.

Guideline 3: Advance and protect the profession

• Sponsor for professional advancement those best qualified. All other things equal, prefer those who are qualified, validated and who adhere to these guidelines.
• Maintain your competence; keep your hands-on security skills and knowledge current. Give generously of your time and knowledge in training others .

Ethics Board

SUT strives to maintain the highest ethical standards. The SUT Ethics Board was formed by the SUT Advisory Board as an independent Board intended to elevate the importance of ethical issues in the security profession.

SUT, as a professional organization providing certification to the information security community, strives to maintain the highest ethical standards. The SUT Ethics Board was formed by the SUT Advisory Board in October 2005 as an independent Board intended to elevate the importance of ethical issues in the security profession. The Board, with an international composition, is elected from the SUT Advisory board and acts as an independent committee of the board regarding ethical matters that may arise in matters of Security University certifications, use of the SUT credentials and ethical conduct of Security University certification holders. The primary functions of the Ethics Board members are to:

• Provide advice and counsel to the SUT Advisory Director regarding ethical issues, as requested, and recommend appropriate actions the organization may want to evaluate
• Review the SUT Code of Ethics and Professional Conduct to ensure it is addressing the needs of the membership and profession
• Provide confidential advice to the SUT membership at-large, assisting members with ethics questions and concerns and reaching out to members whose companies may be involved in publicly-announced ethical situations
• Provide investigative functions and recommendations to the SUT Advisory Board concerning the enforcement of SUT Code of Ethics.

Ethics Review Process

The Ethics Board responsibility is to investigate ethics complaints against SUT certified individuals, or SUT students.

The investigative process is initiated when the SUTAdvisory Board requests the investigation of a potential misconduct or when the Advisory Board is in receipt of a written complaint alleging misconduct.

The Ethics Board will solicit details in writing from the individual being investigated as well as any others who may be able to provide corroborating or exculpatory information.

After all solicited information has been reviewed, the Board may request further clarification as required.

On completion of its investigation, the Ethics Board will make a written report to the SUT Director recommending whether the complaint should be upheld, and the recommended course of discipline. The written report will be communicated to the SUT Director for review and possible further action.

If a Board member(s) have a strong opinion against the majority decision of the Board then a dissenting opinion may also be written and provided to the SUT Director.

Report Violation

SUT takes ethics very seriously. As part of a leading association of information security professionals, SUT certification holders and those attempting to obtain the SUT Q/ISP certification, must act in a lawful and ethical fashion for the benefit of the public, the profession and the companies to whom they provide professional services.