Code of Conduct


The PCI Security Standards Council (PCI SSC) has developed this Code of Professional Responsibility to define the expectations for professional and ethical conduct of all PCI SSC-qualified individuals. All PCI SSC-qualified individuals must advocate, adhere to, and support the following principles:


1. Actions must reflect professional competence and due care, and be in accordance with PCI SSC standards and guidance.

  • Perform each aspect of your work honorably, responsibly, diligently and objectively.
  • Act in the best interest of the entities to which you provide services or support, and keep them apprised of changes to PCI SSC standards and guidance.
  • Render only those services for which you are fully competent and qualified to perform.
  • Promote current information security best practices and standards.

2. Perform duties in a way that supports data security, confidentiality and integrity.

  • Respect and safeguard confidential, proprietary, or otherwise sensitive information with which you come into contact during the course of professional activities.
  • Immediately notify appropriate authorities and/or industry personnel as required should you discover or suspect a compromise or breach.

3. Operate with integrity.

  • Refrain from conduct that could damage or reflect poorly on the reputation of PCI SSC, its standards, your profession, or the practice of colleagues, clients or employers.
  • Refrain from any activities that might constitute a conflict of interest.
  • Maintain honesty and accuracy when delivering any information or guidance related to PCI SSC programs, standards and related documentation.
  • Report ethical violations to PCI SSC in a timely manner.

4. Comply with all applicable laws, regulations and industry standards.

PCI SSC-qualified individuals who violate any of the foregoing principles will be subject to disciplinary action by PCI SSC, including but not limited to revocation of qualification.