Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Text Box: Security University Testing

Code of Ethics and Professional Conduct

All Qualified professionals who are certified by the SUT recognize that such certification is a privilege that must be both earned and maintained. In support f this principle, all SUT Qualified professionals are required to commit to fully support the Code of Ethics and Professional Conduct (COEPC). Qualified professionals who intentionally or knowingly violate any provision of the COEPC will be subject to action by a peer review panel, which may result in the revocation of certification.

In order to maintain their certification, all certified and registered professionals will be required to successfully comply with all rules and requirements for conduct in an ethical manner, as outlined in the Code of Ethics and Professional Conduct. All SUT certified individuals must agree to comply with the SUT Certificant Code of Ethics and Professional Conduct as outlined below:

•  I will conduct my business and/or professional activities with honesty and integrity.
•  I will represent my certifications and qualifications honestly and provide only those services for which I am qualified to perform.
•  I will strive to maintain and improve my professional knowledge and competence through regular self-assessments and continuing education /hands-on training.
•  I will act in a manner free of bias and discrimination against clients or customers.
•  I will maintain the privacy of individuals and confidentiality of information obtained in the course of my duties unless disclosure is required by legal authority.
•  I will follow all certification policies, procedures, guidelines and requirements of SUT.

Code of Ethics

All qualified cybersecurity professionals who are qualified by SUT recognize that such qualification is a privilege that must be earned, validated and maintained. In support of this principle, all SUT members are required to commit to fully support this Code of Ethics and Professional Conduct (the "Code"). SUT qualified credential holders who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of qualification. A Certificate candidate is obligated to follow the ethics complaint procedure upon observing any action by a SUT qualification holder that breaches the Code. Failure to do so may be considered a breach of the Code.

Before SUTgrants certification under any of its Q/ISP certification programs, candidates must agree and communicate in writing that they agree to the terms and conditions of the Certification Agreement. This document is part of exam registration application package located on the Testrac SUT registration website.

There are 3 mandatory guidelines in the Code. By necessity, high-level guidance is not a substitute for the ethical judgment of the Qualified Cybersecurity Professional.

Guidance is provided for the Code and is intended to help IS, IA and Cybersecurity Professionals identify and resolve any ethical dilemmas they confront during the normal course of their Q/ISP Qualified/Information Security Profession and cybersecurity career.

Code of Ethics Preamble:

To each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Strict adherence to this Code is a condition of Qualification.

Code of Ethics Guideline:

Guideline 1: Act honorably, responsibly, and legally

Guideline 2: Provide diligent and qualified services

Guideline 3: Advance and protect the profession

Ethics Board

SUT strives to maintain the highest ethical standards. The SUT Ethics Board was formed by the SUT Advisory Board as an independent Board intended to elevate the importance of ethical issues in the security profession.

SUT, as a professional organization providing certification to the information security community, strives to maintain the highest ethical standards. The SUT Ethics Board was formed by the SUT Advisory Board in October 2005 as an independent Board intended to elevate the importance of ethical issues in the security profession. The Board, with an international composition, is elected from the SUT Advisory board and acts as an independent committee of the board regarding ethical matters that may arise in matters of Security University certifications, use of the SUT credentials and ethical conduct of Security University certification holders. The primary functions of the Ethics Board members are to:

Ethics Review Process

The Ethics Board responsibility is to investigate ethics complaints against SUT certified individuals, or SUT students.

The investigative process is initiated when the SUTAdvisory Board requests the investigation of a potential misconduct or when the Advisory Board is in receipt of a written complaint alleging misconduct.

The Ethics Board will solicit details in writing from the individual being investigated as well as any others who may be able to provide corroborating or exculpatory information.

After all solicited information has been reviewed, the Board may request further clarification as required.

On completion of its investigation, the Ethics Board will make a written report to the SUT Director recommending whether the complaint should be upheld, and the recommended course of discipline. The written report will be communicated to the SUT Director for review and possible further action.

If a Board member(s) have a strong opinion against the majority decision of the Board then a dissenting opinion may also be written and provided to the SUT Director.

Report Violation

SUT takes ethics very seriously. As part of a leading association of information security professionals, SUT certification holders and those attempting to obtain the SUT Q/ISP certification, must act in a lawful and ethical fashion for the benefit of the public, the profession and the companies to whom they provide professional services.