Study Material - Code of Professional Responsibility

Located at https://programs.pcissc.org/user/pcipreg/PCIP%20Code%20of%20Professional%20Responsibility.pdf

Copyright 2012 PCI Security Standards Council, LLC

Appendix B

Code of Professional Responsibility

The PCI Security Standards Council (PCI SSC) is an open global forum for the ongoing development,enhancement, storage, dissemination and implementation of security standards for account data protection. PCI SSC’s mission is to enhance payment account data security by driving education and awareness of the PCI SSC security standards (the “PCI Standards”). To help achieve this goal, PCI has adopted this Code of Professional Responsibility to help ensure information security professionals adhere to the highest standards of ethical and professional conduct. Adherence with this Code will help ensure the safe handling of cardholder information and enhance payment card data security.

All PCI SSC qualified individuals and all PCI SSC qualification candidates must advocate, adhere to, and support the following Code of Professional Responsibility. PCI SSC qualified individuals who intentionally or knowingly violate any principle of this Code will be subject revocation of qualification and/or other disciplinary action by PCI SSC.

Principles

Professional Competence and Due Care

Perform each aspect of your work honorably, responsibly, and legally

Act in the best interests of all entities that you provide services or support to, while maintaining high standards of conduct and being consistent with the PCI Standards and guidance

Deliver diligent and competent services in accordance with the PCI Standards and applicable laws

Render only those services for which you are fully competent and qualified

Promptly advise all entities that you provide services or support to on changes in PCI

Standards and guidance

Participate in learning throughout your career to maintain the knowledge, skills and expertise needed in the payment security industry

Promote current information security best practices and standards Security and Confidentiality

Respect and safeguard confidential, proprietary, or otherwise sensitive information with which you come into contact in the course of professional activities, unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties

Take affirmative steps to comply with the PCI Standards to assure that confidential information is maintained securely

Immediately notify the appropriate authorities and proper industry personnel should you suspect a compromise or breach in security

Integrity

Refrain from conduct which would damage or reflect poorly on the reputation of PCI SSC, its standards, the profession, or the practice of colleagues, clients, and employers

Report ethical violations to PCI SSC in a timely manner

Refrain from any activities which might constitute a conflict of interest

Perform all duties with objectivity

Compliance with Industry Laws and Standards

Perform duties in accordance with the PCI Standards

Comply with existing laws and regulations, with local laws taking precedence over PCI Standards

Cooperate with law enforcement agencies

Violation and Enforcement

Depending on the severity of the violation, disciplinary action could include:

Warning

A written warning could be issued that specifies the consequences if the situation occurs again, or if there is another violation.

Suspension

PCI SSC qualification could be suspended for all programs in which the individual participates.

Revocation

PCI SSC qualification could be revoked for all programs in which the individual actively participates.

PCI SSC is committed to enforcing its Code of Professional Responsibility, and has adopted a procedure that allows fair and objective review of allegations of violations of the Code.


Copyright 2012 PCI Security Standards Council, LLC