Code of Professional Ethics
“Fear-based selling has no place in our organization and should be shunned by our industry” – Claudiu Popa, Datarisk founder
- We strive to be the reference standard for privacy management services
- Act honorably, honestly, justly, responsibly, and legally
- Provide diligent and competent service in all engagements
- Advance and protect the profession and the company
Datarisk Canada acknowledges its focus and professional expertise in the following areas:
- Information risk analysis, auditing, implementation and related executive advisory
- Business education and corporate information security awareness
- Information privacy and business continuity
In arriving at the following guidance, Informatica Corporation and Datarisk Canada are mindful of its responsibility to:
- Engage in positive and just practices
- Research, Teach, Identify and mentor new employees
- Discourage behavior such as:
- Raising unnecessary alarm, fear, uncertainty, or doubt
- Giving unwarranted comfort or reassurance
- Consenting to bad practice
- Attaching weak systems to the public net
- Associating or appearing to associate with criminals or criminal behavior
- These objectives and the following mandates are provided for information only. Although Datarisk Canada is not legally required to agree with them, the company intensely strives to comply with each one in all situations.
The Code of Ethics of the International Information Systems Security Certification Consortium drives the mandates of every Privacy Manager to:
- Promote and preserve public trust and confidence in information and systems
- Promote the understanding and acceptance of prudent information security measures
- Preserve and strengthen the integrity of the public infrastructure
- Discourage unsafe and unethical practices
- Tell the truth; make all stakeholders aware of our actions on a timely basis
- Observe all contracts and agreements, express or implied
- Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort
- Take care to be truthful, objective, cautious, and within our competence
- Provide diligent and competent service to principals
- Preserve the value of client systems, applications, and information
- Respect client trust and the privileges that they grant us
- Avoid conflicts of interest or the appearance thereof
- Advance and protect the profession
- Take care not to injure the reputation of other professionals through malice or indifference
- Avoid professional association with those whose practices or reputation might diminish the profession
The Code of Conduct of the Institute of Electrical and Electronics Engineers inspired the core values of professional conduct every Privacy Manager adheres to:
- Accept responsibility for making decisions consistent with the safety, security, and privacy of client information assets
- Avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist
- Be honest and realistic in stating claims or estimates based on available data
- Reject bribery, intimidation and fraud in all its forms;
- Improve the understanding of information risk management, data protection & related compliance, their applications & potential consequences
- Maintain and improve our professional competence and undertake tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations
- Seek, accept, and offer honest criticism of professional work, to acknowledge and correct errors, and to credit properly the contributions of others
- Treat fairly all parties and not engage in acts of discrimination, intimidation, retaliation, illegal surveillance or unethical conduct
- Avoid injuring others, their property, reputation, or employment by false or malicious action
- Assist colleagues and co-workers in their professional development and support them in following the Datarisk Canada code of ethics.
Six Foundational Principles
- Do No Harm: Our “Zero-Impact Guarantee” means that we will exercise due care and take steps to avoid negatively impacting client systems, applications and operations.
- Be Thorough: The scope of our Verify assessments is designed to provide a comprehensive picture of the system being audited, to support risk-based decisions and enable sound governance.
- Be Clear And Concise: Verify assessments provide actionable results and unambiguous corrective steps laid out in your prioritized Roadmap for Remediation (R4R™).
- Do Not Exaggerate: In compliance with the Code of Ethics that governs our profession, we do not employ pressure tactics to influence public action nor tolerate fear, uncertainty and doubt (FUD) in our work.
- Focus On The Data: As professional security and privacy experts, we focus on what matters: identities, personal information, confidential data, trade secrets and other intangible assets that constitute the core value of every modern organization.
- Transfer Knowledge: In everything we do, we strive to empower clients, partners and the public with the education to gain the confidence to build resilience and integrity into their operations.