ISC2 launches code of professional conduct

ISC2 launched the Code of Professional Conduct, a global framework designed to define the responsibilities and obligations of cybersecurity practitioners and leaders.

The Code built upon the ISC2 Code of Ethics and set expectations for professionals worldwide; it provided guidance intended to support decision-making, foster trust and uphold professional integrity.

The Code is organized around two guiding principles: Ethics and Professional Conduct. Within Ethics, it discusses integrity, confidentiality, respect for laws and regulations, public safety and societal impact. The Professional Conduct principle outlines responsibility and accountability, collaboration and teamwork, competence and continuous improvement, and reporting issues and concerns.

ISC2 facilitated development through a dedicated task force of volunteers from across the globe who met regularly to examine practitioner challenges and the Code’s potential uses. Development included input from nearly 1,400 cybersecurity professionals, endorsement by the ISC2 Professional Conduct (Ethics) Committee and approval by the ISC2 Board of Directors; feedback sources included ISC2 membership, academia, industry and other guiding bodies, and contributors ranged from Certified in Cybersecurity holders to CISSP holders.

“As emerging technologies, particularly AI, become more integrated into cybersecurity and organizational workflows, we created guidelines on ethical implementation and integration,” said ISC2 Member and Code Volunteer Panos Vlachos, CCSP. “Our goal with the global Code is to ensure that AI and other transformative innovations align with ethical best practices, fostering responsible adoption while mitigating potential risks.”

The Code will be a living document that is amended and refined as the cybersecurity profession continues to evolve.