Corporate Ethics, Standards of Conduct, Business Practices, and Corporate Values


Many corporations in many countries of the world today concern themselves with ethics, standards of conduct, business practices, and values. What does all that mean? Basically, it still means that one must know the difference between right and wrong, acceptable conduct versus unacceptable conduct. In today's world, corporations are successfully sued because of the unethical conduct of their employees. Therefore, if for no other reason than loss of revenue, such matters are a serious concern of corporate management.

There are corporate policies and awareness training sessions given to employees and often special training given to management. This is because it seems that it is mostly management that is involved in the unethical conduct. For example, management may direct their employees to act in an unethical manner by taking a shortcut in a manufacturing process such as a quality check in order to get the product out the door faster.

ISSO professionals in corporations are often involved in following up on ethics matters that have been reported by managers or employees, either directly or through a corporate ethics hotline, for example, noncompliance with the CIAPP. The ethics hotline provides a communications medium to obtain reports of unethical behavior. It should never be used to try to identify the caller if that caller did not leave any information relative to his or her identity. In fact, to do so would be unethical in itself, and once word got out of such conduct by management, the chances of obtaining further information concerning unethical behavior would be almost zero. If that did occur, that manager seeking the identity of the caller should be the subject of an ethics inquiry. One should never dwell so much on the messenger as the message. After all, isn't that the objective of the ethics program and ethics hotline? It is amazing how many managers in corporations focus on identifying the caller instead of acting on the information the caller provided. That alone tells a great deal about the ethics of some managers.

One often hears about managers "shooting the messenger." Any manager who verbally or otherwise attacks the messenger is "not getting the message." So, what does this have to do with the ISSO and professionalism? As an employee of a corporation, you have probably been on one end or the other—or both—of such incidents. Think about it. No one likes to receive bad news, and finding out through some ethics channel that some assets were stolen, someone was not complying with the assets protection policies, and that this person was a senior executive, may cause management to "shoot the messenger."

As an ISSO professional, you have a professional responsibility not to allow the shooting of messengers. Instead, you must direct management efforts to the identified problem. If you are requested or directed to do all you can to identify the anonymous reporter of ethics violations, you should explain that such conduct is in violation of the corporate ethics policy and therefore, the request or demand itself is unethical. Unfortunately, it may cost you your merit raise, a less than favorable performance review, and the like, but that is a price that you must be willing to pay. It is a matter of principle—your professional integrity—and that means a matter of ethical conduct.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net