Code of Professional Conduct coming soonISC2 is reviewing its Code of Ethics in the context of developing a new Code of Professional Conduct for cybersecurity practitioners. The Standards and Practices team is working with volunteers, and in close collaboration with the ISC2 Board of Directors and ISC2 Professional Conduct (Ethics) Committee, to build foundational framework for all cyber pros to reference.

Establishing a Code of Professional Conduct encourages ethical decision-making and responsible conduct, reinforcing the industry's commitment to protecting individuals and organizations from cyber threats.

The project to develop this new code began in earnest in November of 2024 with the recruitment of volunteers to form a new and dedicated task force focusing on the challenges associated with defining professional cybersecurity practice. This diverse group of ISC2 volunteers from across the globe will serve on the task force for the next year in support of the project. Meetings are on-going in 2025, with volunteers currently working through the development phase of the project. The group meets to discuss the challenges that cybersecurity practitioners face in the course of their professional duties. These can be difficult situations and while the ISC2 Code of Ethics serves as a starting point, there is an opportunity to establish improved guidance that enhances decision-making, fosters accountability and builds trust. The ultimate outcome is to produce a Code of Professional Conduct, to be published by October 2025, for all cybersecurity professionals – both ISC2-certified and not – to reference.

Next Steps

The task force is working closely with the ISC2 Sr. Manager, Ethics and Compliance, Rachel Williams, to prepare a draft for public comment and review in the coming months.

"We have a tremendous group of volunteers who have made a major commitment to develop this guidance, including contributing their extensive first-hand ethical challenge and cybersecurity conduct experiences,” said Williams. “The discussions have been extremely interesting, and we are looking forward to sharing a draft with members for their input.”

When a draft is available, ISC2 will be surveying members and associates to provide their feedback on the document and advise on gaps, grey areas and more. The feedback will be synthesized, categorized and weighted for review and implementation.

The revised and publicly influenced document will be shared with the ISC2 Professional Conduct (Ethics) Committee. Ultimate approval of the Code of Professional Conduct will come from the ISC2 Board of Directors.

Stay Informed and Get Involved

Watch this space – that's www.isc2.org/isc2insights – for how you can participate in the public feedback survey on the first draft of the code. Be sure your email preferences are set to hear about opportunities like this, and others, to be involved in research and volunteer opportunities. Opt-in to “News & Resources” to receive emails about news like this.

You can also learn about opportunities to support other strategic ISC2 priorities at https://www.isc2.org/volunteer/volunteer-opportunities