...
1. Introduction
2. Supporting staff to meet the six principles
2.1. Supportive environment
2.2. Reporting incidents
2.3. Share with IASME
3. Examples of how to apply this code of conduct within an Assured Service Provider
4. Signatures
4.1 Your signature below indicates your acceptance of this code on behalf of your organisation.
1. Introduction
This document sets out the six ethical principles that must be followed by Assured Service Providers (ASPs), that are part of the NCSC Cyber Incident Exercising Scheme.
...
Integrity – Act in accordance with the law and consistently exercise the highest moral principles
Honesty – Present facts clearly and truthfully
Objectivity – Perform all duties and make all decisions in relation to the scheme based on facts, not personal feelings or commercial concerns
Professional competence and due care – Render only those services which you are fully competent and qualified to perform
Confidentiality – Limit access to information to protect the interests of customers, partners, and employees
Customer-Centric – Advise only what is in the best interest of the customer and not aspects motivated by the Advisor’s business objectives
The six ethical principles must be followed by all ASPs in all Incident Exercising engagements.
...
The UK Cyber Security Council provides examples for cyber security organisations and professionals of how to deal with potential ethical conflicts here https://www.ukcybersecuritycouncil.org.uk/ethics/ethics-scenarios/
4. Signatures
4.1 Your signature below indicates your acceptance of this code on behalf of your organisation.
| IASME | Assured Service Provider |
Signature: |
|
|
Print Name: |
|
|
Job Title: |
|
|
Date: |
|
|
...