6/14/2013

ISACA Code of Ethics

Information Systems Audit & Control Association Code of Professional Ethics

ISACA® sets forth this Code of Professional Ethics to guide the professional and
personal conduct of members of the association and/or its certification holders.
Members and ISACA certification holders shall:
1. Support the implementation of, and encourage compliance with, appropriate
standards, procedures and controls for information systems.
2. Perform their duties with objectivity, due diligence and professional care, in
accordance with professional standards and best practices.
3. Serve in the interest of stakeholders in a lawful and honest manner, while
maintaining high standards of conduct and character, and not engage in acts
discreditable to the profession.
4. Maintain the privacy and confidentiality of information obtained in the
course of their duties unless disclosure is required by legal authority. Such
information shall not be used for personal benefit or released to inappropriate
parties.
5. Maintain competency in their respective fields and agree to undertake only
those activities, which they can reasonably expect to complete with
professional competence.
6. Inform appropriate parties of the results of work performed; revealing all
significant facts known to them.
7. Support the professional education of stakeholders in enhancing their
understanding of information systems security and control.

ISACA Overview and History

ISACA got its start in 1967, when a small group of individuals with similar jobs—
auditing controls in the computer systems that were becoming increasingly critical to
the operations of their organizations—sat down to discuss the need for a centralized
source of information and guidance in the field. In 1969, the group formalized,
incorporating as the EDP Auditors Association. In 1976 the association formed an
education foundation to undertake large-scale research efforts to expand the
knowledge and value of the IT governance and control field.
Today, ISACA’s membership—more than 65,000 strong worldwide—is characterized
by its diversity. Members live and work in more than 140 countries and cover a
variety of professional IT-related positions—to name just a few, IS auditor, consultant,
educator, IS security professional, regulator, chief information officer and internal
auditor. Some are new to the field, others are at middle management levels and still
others are in the most senior ranks. They work in nearly all industry categories,
including financial and banking, public accounting, government and the public sector,
utilities and manufacturing. This diversity enables members to learn from each other,
and exchange widely divergent viewpoints on a variety of professional topics. It has
long been considered one of ISACA’s strengths. Previously known as the Information
Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect
the broad range of IT governance professionals it serves.

1
 6/14/2013

Another of ISACA’s strengths is its chapter network. ISACA has more than 170
chapters established in over 70 countries worldwide, and those chapters
provide members education, resource sharing, advocacy, professional
networking and a host of other benefits on a local level. Find out if there’s a
chapter near you.
In the three decades since its inception, ISACA has become a pace-setting global
organization for information governance, control, security and audit
professionals. Its IS auditing and IS control standards are followed by
practitioners worldwide. Its research pinpoints professional issues challenging
its constituents. Its Certified Information Systems Auditor (CISA) certification is
recognized globally and has been earned by more than 50,000 professionals
since inception. The Certified Information Security Manager (CISM) certification
uniquely targets the information security management audience and has been
earned by more than 6,500 professionals. It publishes a leading technical
journal in the information control field, the Information Systems Control
Journal. It hosts a series of international conferences focusing on both technical
and managerial topics pertinent to the IS assurance, control, security and IT
governance professions. Together, ISACA and its affiliated IT Governance
Institute lead the information technology control community and serve its
practitioners by providing the elements needed by IT professionals in an ever-
changing worldwide environment

Standards for Information Systems Control Professionals

Standards, Guidelines and Procedures

Introduction
ISACA® has long recognised that the specialised nature of information systems (IS) auditing, and the skills
necessary to perform such audits, require standards that apply specifically to IS auditing. However, as the
proportion of members from the IS Control Professional community grows, ISACA has perceived a need to
produce further ethical guidance and standards for its non-audit membership.
The Standards for IS Control Professionals are the ISACA first steps in meeting this need.

Objectives
The objectives of ISACA Standards for IS Control Professionals are to inform IS Control Professionals of the
minimum level of acceptable performance required to meet the professional responsibilities set out in the
ISACA Code of Professional Ethics

•Management and other interested parties of the profession's expectations concerning the work of
practitioners

Scope and Authority of Standards for IS Control Professionals

ISACA's intent is to respond to the growing need for standards outside the IS
Audit profession, including but not limited to the areas of:
•data security
•business continuity planning
•data and media administration
•quality assurance
The framework for the ISACA Standards for IS Control Professionals
provides for multiple levels of standards, as follows:
Standards define mandatory requirements for IS Control functions.
Guidelines provide guidance in applying standards for IS Control
Professionals. The IS Control Professional should consider them in
determining how to achieve implementation of the standards, use
professional judgment in their application and be prepared to justify any
departure.
Procedures provide examples of procedures an IS Control Professional
might follow. The procedure documents provide information on how to meet
the standards when performing IS Control Professional functions, but do not
set requirements.