ISACA Ethics
Home Up Reports

Informatics Research Institute

Up

Information Systems Audit and Control Association


Information Systems Audit and Control Association (ISACA) got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.

Code of Professional Ethics

The Information Systems Audit and Control Association, Inc. (ISACA) sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders.

Members and ISACA certification holders shall:

  1. Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.
  2. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices.
  3. Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
  4. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
  5. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.
  6. Inform appropriate parties of the results of work performed; revealing all significant facts known to them.
  7. Support the professional education of stakeholders in enhancing their understanding of information systems security and control.
     

Failure to comply with this Code of Professional Ethics can result in an investigation into a member's, and/or certification holder's conduct and, ultimately, in disciplinary measures.


All material on this site is copyright unless otherwise noted.
Please respect the authors rights by requesting permission for use and ensuring proper attribution and credit.