Code of Professional Ethics
ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders.
Members and ISACA certification holders shall:
- Support the implementation of, and encourage compliance with, appropriate standards and procedures for the effective governance and management of enterprise information systems and technology, including: audit, control, security and risk management.
- Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards.
- Serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting their profession or the Association.
- Maintain the privacy and confidentiality of information obtained in the course of their activities unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
- Maintain competency in their respective fields and agree to undertake only those activities they can reasonably expect to complete with the necessary skills, knowledge and competence.
- Inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the results.
- Support the professional education of stakeholders in enhancing their understanding of the governance and management of enterprise information systems and technology, including: audit, control, security and risk management.
Failure to comply with this Code of Professional Ethics can result in an investigation into a member's or certification holder's conduct and, ultimately, in disciplinary measures.
Complaint procedure
Anyone who witnesses a member violation of the ISACA Code of Professional Ethics can report it by filling out the Report of Alleged Violation Form and following the Code of Professional Ethics Member Violation Complaints and Appeals Policy.
In addition, the following forms can be submitted if a Respondent would like information included in an Ethics Complaint Investigation Summary or if a Subject would like to appeal a Corrective Action.
All forms are submitted to ethics@yscfrp.com.
For CMMI-related complaints please visit http://cmmiinstitute.com/partners/quality/complaints.
Other policies that may cover your concern
ISACA also has specific governance policies in place regarding impartiality, discrimination and harassment. Before submitting a Code of Professional Ethics complaint, please review these additional governance policies to determine if the complaint is better suited to that policy.