Home / Credentialing / Code of Professional Ethics


Code of Professional Ethics

ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders.

Members and ISACA certification holders shall:

  1. Support the implementation of, and encourage compliance with, appropriate standards and procedures for the effective governance and management of enterprise information systems and technology, including: audit, control, security and risk management.
  2. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards.
  3. Serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting their profession or the Association.
  4. Maintain the privacy and confidentiality of information obtained in the course of their activities unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
  5. Maintain competency in their respective fields and agree to undertake only those activities they can reasonably expect to complete with the necessary skills, knowledge and competence.
  6. Inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the results.
  7. Support the professional education of stakeholders in enhancing their understanding of the governance and management of enterprise information systems and technology, including: audit, control, security and risk management.

Failure to comply with this Code of Professional Ethics can result in an investigation into a member's or certification holder's conduct and, ultimately, in disciplinary measures.


ISACA Anti-Harassment Policy


The Information Systems Audit and Control Association, Inc., (“ISACA”) is an organization which fosters and encourages free, active and productive collaboration between and among its directors and officers, members, employees and the public. For the benefit of the Organization, all such collaboration is expected to be conducted in a professional business-like manner. It cannot include harassment and/or offensive conduct of any kind, and all individuals working together for or on behalf of ISACA must be aware that they are expected to conduct themselves appropriately at all times. All such individuals are expected to be vigilant to discourage and to refrain from engaging in any sort of prohibited harassing conduct or prohibited sexual harassment, as defined below. Anyone found to be acting contrary to this expectation will be asked to immediately cease such conduct and/or remedy its effects or risk losing their affiliation with ISACA and/or their authorization to act or collaborate for or on behalf of ISACA.

Policy Against Harassing Conduct

ISACA strictly prohibits any harassing conduct or other behavior which creates an intimidating, hostile, or offensive environment for directors and officers, members, employees or others collaborating on behalf of or for the benefit of ISACA or its membership. Harassing or otherwise inappropriate conduct includes, but is not limited to, verbal or physical conduct that denigrates or shows hostility or aversion toward an individual because of that person’s race, skin color, religion, gender, national origin, sexual orientation, gender identity, age, disability, veteran status or other such characteristic. Slurs, jokes, insensitive cultural references, use of stereotypes, hostility, insults and/or expressions of hatred or dislike directed at groups or individuals as members of groups within society can all be examples of prohibited harassing conduct.

Policy Against Sexual Harassment

ISACA also strictly prohibits conduct that may be considered to constitute sexual harassment. Such conduct includes but is not limited to, behavior such as unwelcome sexual advances, request for sexual favors, and other verbal or physical conduct of a sexual nature, particularly when such conduct has the purpose or effect of unreasonably interfering with the person’s efforts on behalf of or for the benefit of ISACA and/or which creates an intimidating, hostile, or offensive working environment on the basis of sex.

Sexual harassment also may involve the following strictly prohibited conduct:

  • unwelcome requests for sexual favors;
  • lewd or derogatory comments or jokes; comments regarding sexual behavior or the body of another individual;
  • sexual innuendo and other vocal activity such as cat calls or whistles;
  • obscene letters, notes, invitations, photographs, cartoons, articles, or other written or pictorial materials of a sexual nature;
  • continuing to express sexual interest after being informed the interest is unwelcome;
  • retaliating against or behaving in a hostile manner toward someone for refusing a sexual advance or reporting an incident of possible sexual harassment; or
  • offering or providing favors of any kind in return for sexual favors.

Complaint Procedure

Anyone who feels subjected to harassment or witnesses’ harassment prohibited by this policy by or involving an ISACA officer or director, employee, member, or fellow ISACA participant should immediately report it to, or report it directly to the ISACA Human Resources Department at Reports can also be submitted anonymously to Ethics Point, a secure third party service, either online at, or by dialing toll-free, within the United States, Guam, Puerto Rico and Canada: 1-855-207-1017.

ISACA will investigate all complaints promptly and thoroughly, with sensitivity toward confidentiality. Where the complaint has merit and/or the circumstances warrant, ISACA will take appropriate corrective action which may include suspension from participation in ISACA activities or termination of membership.

ISACA strongly encourages its members and participants to utilize this Complaint Procedure and to freely report incidents or events that they feel violate this policy without fear of reprisal. ISACA prohibits retaliation against any member or participant who has made an honest complaint based on a good faith belief that he or she has been subjected to or has witnessed harassment or who has cooperated in the investigation of such a complaint. Retaliation includes any conduct made with the intent to punish a member or participant for complaining about or assisting in the investigation of harassment.