Code of Conduct

PCI SSC CODE OF PROFESSIONAL RESPONSIBILITY

The PCI Security Standards Council (PCI SSC) has developed this Code of Professional Responsibility to define the expectations for professional and ethical conduct of all PCI SSC-qualified individuals. All PCI SSC-qualified individuals must advocate, adhere to, and support the following principles:

1. Actions must reflect professional competence and due care, and be in accordance with PCI SSC standards and guidance.

Perform each aspect of your work honorably, responsibly, diligently and objectively.
Act in the best interest of the entities to which you provide services or support, and keep them apprised of changes to PCI SSC standards and guidance.
Render only those services for which you are fully competent and qualified to perform.
Promote current information security best practices and standards.

2. Perform duties in a way that supports data security, confidentiality and integrity.

Respect and safeguard confidential, proprietary, or otherwise sensitive information with which you come into contact during the course of professional activities.
Immediately notify appropriate authorities and/or industry personnel as required should you discover or suspect a compromise or breach.

3. Operate with integrity.

Refrain from conduct that could damage or reflect poorly on the reputation of PCI SSC, its standards, your profession, or the practice of colleagues, clients or employers.
Refrain from any activities that might constitute a conflict of interest.
Maintain honesty and accuracy when delivering any information or guidance related to PCI SSC programs, standards and related documentation.
Report ethical violations to PCI SSC in a timely manner.

4. Comply with all applicable laws, regulations and industry standards.

PCI SSC-qualified individuals who violate any of the foregoing principles will be subject to disciplinary action by PCI SSC, including but not limited to revocation of qualification.