FITSI Code of Ethics

The Federal IT Security Institute (FITSI) has established a Code of Ethics that the organization uses. It includes eight canons or principles that all individuals associated with FITSI are expected to follow.

FITSI’s Code of Ethics includes the business ethics policies of FITSI. These policies include Whistleblower Protections, Impartiality, Conflicts of Interest, Reporting Potential Conflicts, and Confidentiality.

The principles outlined in the FITSI Code of Ethics apply to the FITSI Board of Directors, FITSI Officers, and others involved in the operation of the FITSI organization. It also applies to all persons (employees, consultants, or volunteers) involved with the certification of personnel for the FITSP Certification Program, and Certification Holders, Associate Members, Founding Members, and Certified Members.

These categories of individuals are collectively known as FITSI stakeholders.

FITSI Code of Ethics

All FITSI stakeholders must adhere and subscribe to the following Code of Ethics:

      • Endeavor to protect the nation’s citizens, information systems, information, processes, and facilities.
      • Maintain a high level of personal integrity in any and all transactions with customers, stakeholders, colleagues, and acquaintances.
      • Maintain the confidentiality of all sensitive information (i.e., Personally Identifiable Information) such that it does not create unnecessary risk for people and organizations.
      • Refuse to engage in intentional activities that affect the availability of any and all information technology systems and processes, both personally and professionally.
      • Promote research and sharing of ideas and information that are worthy of such action. Give back to the community by adding value when possible.
      • Refuse to foster Fear, Uncertainty, and Doubt (FUD) in any and all interactions with both personal and professional relationships.
      • Avoid conflicts of interest and recuse oneself when appropriate.
      • Mentor and teach whenever possible.

Violations of any of this Code of Ethics can be grounds for revocation of employment, board participation, volunteer work, membership, and certification status in FITSI.

Business Ethics
FITSI is committed to high standards of ethical, moral, and legal business conduct. All personnel (including employees, consultants, and volunteers) must practice honesty, integrity, and impartiality in fulfilling their responsibilities to FITSI and must comply with all applicable laws and regulations.

A. Whistleblower Protections
All personnel have an obligation to report any improper accounting or auditing matter and any evidence of fraudulent, dishonest, unlawful, or otherwise unethical action arising in connection with FITSI’s operations or activities. Reports should be made to the Chief Executive Officer (CEO) or Chief Operating Officer (COO) of FITSI. FITSI will not tolerate any acts of retribution, retaliation, or disciplinary action against any person who makes a good faith report under this policy. Any person found to have violated this policy of non-retaliation will be subject to discipline, up to and including dismissal and certification revocation.

B. Impartiality and Conflicts of Interest
FITSI adheres to the principles of fairness and due process and endorses the principles of equal opportunity in all aspects of employment and certification. FITSI does not discriminate or deny an opportunity to anyone on the basis of race, color, sex, sexual orientation, gender identity, age, employment status, religion, national or ethnic origin, marital status, veteran status, disability, or any other protected characteristic.

FITSI is committed to impartiality in carrying out its certification activities and requires that all personnel remain objective. In conducting activities on behalf of FITSI, all personnel owe a duty to FITSI to advance its legitimate interests and not the personal interests of the individual. Thus, personnel may not engage in any activity (including certification activities) that would create or appear to create a conflict of interest. Personnel must disclose any possible conflicts so that the FITSI may assess and prevent potential conflicts of interest from arising. A potential or actual conflict of interest occurs whenever an individual is in a position to influence a decision that may result in a personal gain for the individual or an immediate family member (i.e., spouse or significant other, children, parents, siblings) as a result of the FITSI’s business dealing.

Personnel must avoid or terminate any relationship or activity that might:
• impair, or even appear to impair, their ability to make objective and fair decisions in the performance of their duties to FITSI;
• be interpreted as self-dealing; or
• conflict with the mission, goals, and fundamental purpose of the FITSI.

In addition, personnel shall not use FITSI’s property or confidential or proprietary information for personal gain or to usurp any business opportunity that is afforded through their position with FITSI.

Examples of behavior prohibited under this policy include:
• Soliciting or accepting gifts, entertainment, or other benefits from potential and actual applicants/customers, vendors, or suppliers;
• Serving on boards of organizations or working for organizations that are in direct competition with the FITSI;
• Using the membership base or other resources of FITSI to obtain personal gain or to benefit another group;
• Disclosing FITSI Confidential Information or plans to outside persons or groups when such information is not readily available to the public;
• Using FITSI Confidential Information for personal gain or to FITSI’s detriment;
• Owning or holding any significant interest in a supplier, customer, or competitor of FITSI; or
• Involvement in organizations that are doing or seek to do business with FITSI, including actual or potential certification applicants.

C. Reporting Potential Conflicts
Although it is not possible to specify every action that might create a conflict of interest, this policy sets forth those which most frequently present problems. All personnel must promptly disclose actual or potential conflicts of interest in writing to the CEO of FITSI. Only the CEO may approve proceeding after an actual or potential conflict of interest has been identified. Approval will not be granted if the relationship will interfere with the individual’s duties or will damage FITSI’s business or reputation.

If an individual has any question whether an action or proposed course of conduct would create a conflict of interest, they should immediately contact the CEO of FITSI to obtain advice on the issue. A violation of this policy will result in immediate and appropriate discipline or corrective action, up to and including, immediate termination of employment or other relationship with FITSI.

D. Confidentiality
FITSI takes the protection of Confidential Information very seriously. Confidential Information includes any FITSI proprietary information, technical data, trade secrets, or know-how which is not known to FITSI’s competitors or within FITSI’s industry generally, and which is of great competitive value to FITSI, including, but not limited to:
• financial or accounting records, information, and data
• business and marketing plans, practices, and strategies
• proprietary computer programs and other methods of operation, techniques, systems, and processes
• trade secrets
• intellectual property and other research and development
• statistical data and analyses
• supplier, vendor, or member lists and records
• pricing information including, member fees and costs
• other business information which is used in FITSI’s business and which allow FITSI to obtain an advantage over competitors who do not know or use such information
• information which, if known to the competitors of FITSI, could reasonably be conceived to harm the business interests of FITSI

Confidential Information also includes proprietary information from third parties subject to a duty on FITSI’s part to maintain the confidentiality of such information and to use it only for certain limited purposes. Personnel must hold the Confidential Information of FITSI in strict confidence, and neither use the information nor disclose it to anyone, except to the extent necessary to carry out the individual’s duties to FITSI or as specifically authorized in writing by FITSI.

A violation of this policy will result in immediate and appropriate discipline or corrective action, up to and including, immediate termination of employment or other relationship with FITSI.

FITSI personnel and Certification Holders may also be required to sign a separate confidentiality, intellectual property, and restrictive covenant agreement as a condition of employment or engagement with FITSI.