Located at https://programs.pcissc.org/user/pcipreg/PCIP%20Code%20of%20Professional%20Responsibility.pdf
Copyright 2012 PCI Security Standards Council, LLC
Appendix B
Code of Professional Responsibility
The PCI Security Standards Council (PCI SSC) is an open global forum for the ongoing development,enhancement, storage, dissemination and implementation of security standards for account data protection. PCI SSC’s mission is to enhance payment account data security by driving education and awareness of the PCI SSC security standards (the “PCI Standards”). To help achieve this goal, PCI has adopted this Code of Professional Responsibility to help ensure information security professionals adhere to the highest standards of ethical and professional conduct. Adherence with this Code will help ensure the safe handling of cardholder information and enhance payment card data security.
All PCI SSC qualified individuals and all PCI SSC qualification candidates must advocate, adhere to, and support the following Code of Professional Responsibility. PCI SSC qualified individuals who intentionally or knowingly violate any principle of this Code will be subject revocation of qualification and/or other disciplinary action by PCI SSC.
Principles
Professional Competence and Due Care
Perform each aspect of your work honorably, responsibly, and legally
Act in the best interests of all entities that you provide services or support to, while maintaining high standards of conduct and being consistent with the PCI Standards and guidance
Deliver diligent and competent services in accordance with the PCI Standards and applicable laws
Render only those services for which you are fully competent and qualified
Promptly advise all entities that you provide services or support to on changes in PCI
Standards and guidance
Participate in learning throughout your career to maintain the knowledge, skills and expertise needed in the payment security industry
Promote current information security best practices and standards Security and Confidentiality
Respect and safeguard confidential, proprietary, or otherwise sensitive information with which you come into contact in the course of professional activities, unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties
Take affirmative steps to comply with the PCI Standards to assure that confidential information is maintained securely
Immediately notify the appropriate authorities and proper industry personnel should you suspect a compromise or breach in security
Integrity
Refrain from conduct which would damage or reflect poorly on the reputation of PCI SSC, its standards, the profession, or the practice of colleagues, clients, and employers
Report ethical violations to PCI SSC in a timely manner
Refrain from any activities which might constitute a conflict of interest
Perform all duties with objectivity
Compliance with Industry Laws and Standards
Perform duties in accordance with the PCI Standards
Comply with existing laws and regulations, with local laws taking precedence over PCI Standards
Cooperate with law enforcement agencies
Violation and Enforcement
Depending on the severity of the violation, disciplinary action could include:
Warning
A written warning could be issued that specifies the consequences if the situation occurs again, or if there is another violation.
Suspension
PCI SSC qualification could be suspended for all programs in which the individual participates.
Revocation
PCI SSC qualification could be revoked for all programs in which the individual actively participates.
PCI SSC is committed to enforcing its Code of Professional Responsibility, and has adopted a procedure that allows fair and objective review of allegations of violations of the Code.
Copyright 2012 PCI Security Standards Council, LLC