Center for Qualified CyberSecurity Excellence & Mastery

"Where Qualified Cyber Education Happens"

Text Box: Security University Testing

SUT - Report Ethics Violation

The SUT organization takes ethics very seriously. As part of a leading association of information security professionals, SUT certification holders and those attempting to obtain SUT certification, must act in a lawful and ethical fashion for the benefit of the public, the profession and the companies to whom they provide professional services.

SUT is committed to enforcing its Code of Ethics, and has formal procedures that allow fair and objective review of allegations and evidence of violations to the Security University Code of Ethics. The SUT Ethics Council has the responsibility of formally reviewing any charges and evidence of ethics violations. The SUT Ethics code is available at http://www.Security University.org/about/ethics/code

Complaint Submission

Any SUT member, or member of the public, may submit a written complaint to the SUT Ethics Council. report@SU-testing.com

The complaint must include the following at a minimum:

  1. A detailed description of the facts known and circumstances relevant to the complaint
  2. The Complainant's source(s) of information, the names, addresses, phone numbers and other contact information for and of witnesses and other knowledgeable individuals as known.
  3. Any and all supporting information or evidence
  4. The section or sections of the SUT Code of Ethics violated

Each complaint will be reviewed for completeness and forwarded to the SUT Ethics Council to initiate the review process. If not enough information is present to initiate a review, the form will be returned to the complainant requesting more information.

If enough corroborating evidence is available to support a thorough investigation, the identity of the accuser will not be necessarily divulged to the individual being investigated. If the investigation relies more heavily on testimony from a single source or the evidence presented obviously implicates the identity of the accuser, it may not be possible for the accuser to remain unidentified.

Grievance Procedure

Grievances and complaints are a serious matter. SUT has an established process for answering candidate questions and addressing issues and complaints. If a student has contacted SUT previously and have not received a satisfactory response to the exam issue, he/she may submit a grievance form to escalate the matter. To report a Code of Ethics violation, please see the Code of Ethics violation form. For all other matters, please submit a SUT Grievance Form. After submitting a SUT Grievance Form: the individual will receive a confirmation email, which he/she shall retain a copy of the email for the record. SUT will contact the person within two (2) working days confirming that the grievance has been received and is under review or to request further information. SUT will notify the individual by email within fourteen (14) working days of receipt of the grievance with his/her findings. If the individual and SUT cannot reach a resolution, s/he may file an appeal by electronic mail within five (5) working days of receiving the findings requesting that the issue be sent to a secondary reviewer. SUT will initiate a secondary review and will be notified of the outcome within five (5) working days. The request for the appeal must be made by email within five (5) working days of receiving the findings of the secondary review. Failure to file an appeal will indicate consent and waiver of all objections to the findings

Confidentiality

The SUT undertake to keep the identity of the complainant and respondent in any complaint confidential from the general public. While disclosure of the identity of the complainant will be avoided where possible, upon filing a complaint, the complainant implies consent to disclose his identity to the Board only for due process. Actions of the Board may be published at its discretion. Parties are encouraged to maintain confidentiality and qualification holders are reminded of their obligation to protect the IS and IA profession.

The Ethics Committee

The Ethics Committee is established as needed by the SU CEO to hear all ethics complaints and resolve all ethics issues. The committee serves at the convenience and discretion of the SU CEO. As complaints and responses are received, the committee reviews both sides and renders a decision to the SU CEO for a final approval.

Standing of Complainant

Complaints will be accepted only from those who claim to be injured by the alleged unethical behavior. While any student or the public may complain about a breach of Canon I, only principals (those with an employer/contractor relationship with the qualification holder) may complain about other violations.

Form of Complaints

All complaints must be in writing. The newly selected committee will not have an investigative body or resources. Only information submitted in writing will be considered in the form of sworn affidavits. Filing of false affidavits will mean revocation for the complainant and revocation of Q/ISP Qualification forever. The CEO will not consider allegations in any other form.

Complaints should be sufficiently complete to enable the CEO to reach an appropriate resolution. The affidavit should specify the respondent, the behavior complained of, the violation or breach, and any corroborating evidence.

Rights of Respondents

Respondents to complaints are entitled to timely notification of complaints. The CEO will notify the respondent within thirty days from receipt of the complaint. The respondent is entitled to review all complaints, evidence, and other documents. The respondent will have thirty days from accepting and acknowledging delivery to submit information in defense, explanation, rebuttal, extenuation, or mitigation. The defense submission must sent to the CEO who will forward it to the committee in the form of a sworn affidavit. At no time will silence imply consent, that is, to the extent that the respondent is silent, the CEO will assume that they do not dispute the allegations.

Disagreement on the Facts

Where there is disagreement between the parties over the alleged facts, the CEO and Ethics Committee at its sole discretion, may invite additional corroboration, exculpation, rebuttals, and sur-rebuttals in the attempt to resolve the dispute.

Findings and Recommendations

In reaching its recommendations, the CEO will prefer the most direct and conservative action consistent with its findings.

Notification and Right of Comment

The CEO will notify the parties of its resolution thirty days prior to any action. Parties may submit comment on these recommendations for consideration by the CEO.

Disciplinary Action & Resolution

Discipline of qualification holders is at the sole discretion of the CEO. Decisions of the CEO are final. Parties will be notified of the final disposition within thirty days of CEO's actions. All complaints should comply with the procedure stated and be mailed to the following address:

Ethics Complaint, Security University, 1821 Michael Faraday Dr., Suite 100, Reston, VA 20190, USA

Questions should be directed to: s0ndra@securityuniversity.net or ethics@securityuniversity.net

Ethics Committee

The Ethics Committee is established as needed by SU's CEO to hear all ethics complaints and advise of resolutions. The students of the committee serve at the convenience and discretion of the CEO.