Example of Ethics Policy for Information Security Management System

1.     Overview

XXX is committed to protecting employees, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.  When XXX addresses issues proactively and uses correct judgment, it will help set us apart from competitors. XXX will not tolerate any wrongdoing or impropriety at any time.  XXX will take the appropriate measures act quickly in correcting the issue if the ethical code is broken. 

2.     Purpose

The purpose of this policy is to establish a culture of openness, trust and to emphasize the employee’s and consumer’s expectation to be treated to fair business practices.  This policy will serve to guide business behavior to ensure ethical conduct. Effective ethics is a team effort involving the participation and support of every XXX employee.  All employees should familiarize themselves with the ethics guidelines that follow this introduction.

3.     Scope

This policy applies to employees, contractors, consultants, temporaries, and other workers at XXX, including all personnel affiliated with third parties.

4.     Policy

4.1 Executive Commitment to Ethics

  1. Senior leaders and executives within XXX must set a prime example.  In any business practice, honesty and integrity must be top priority for executives.
  2. Executives must have an open door policy and welcome suggestions and concerns from employees.  This will allow employees to feel comfortable discussing any issues and will alert executives to concerns within the work force.
  3. Executives must disclose any conflict of interests regard their position within XXX

4.2 Employee Commitment to Ethics

  1. XXX employees will treat everyone fairly, have mutual respect, promote a team environment and avoid the intent and appearance of unethical or compromising practices.
  2. Every employee needs to apply effort and intelligence in maintaining ethics value.Employees must disclose any conflict of interests regard their position within XXX
  3. Employees will help XXX to increase customer and vendor satisfaction by providing quality product s and timely response to inquiries.
  4. Employees should consider the following questions to themselves when any behavior is questionable:
    • Is the behavior legal?
    • Does the behavior comply with all appropriate XXX policies?
    • Does the behavior reflect XXX values and culture?
    • Could the behavior adversely affect company stakeholders?
    • Would you feel personally concerned if the behavior appeared in a news headline?
    • Could the behavior adversely affect XXX if all employees did it?

4.3 Company Awareness

  1. Promotion of ethical conduct within interpersonal communications of employees will be rewarded.
  2. XXX will promote a trustworthy and honest atmosphere to reinforce the vision of ethics within the company.

4.4 Maintaining Ethical Practices

  1. XXX will reinforce the importance of the integrity message and the tone will start at the top.  Every employee, manager, director needs consistently maintain an ethical stance and support ethical behavior.
  2. Employees at XXX should encourage open dialogue, get honest feedback and treat everyone fairly, with honesty and objectivity. 
  3. XXX has established a best practice disclosure committee to make sure the ethical code is delivered to all employees and that concerns regarding the code can be addressed.
  4. Employees are required to recertify their compliance to Ethics Policy on an annual basis.

4.5 Unethical Behavior

  1. XXX will avoid the intent and appearance of unethical or compromising practice in relationships, actions and communications. 
  2. XXX will not tolerate harassment or discrimination.Unauthorized use of company trade secrets & marketing, operational, personnel, financial, source code, & technical information integral to the success of our company will not be tolerated.
  3. XXX will not permit impropriety at any time and we will act ethically and responsibly in accordance with laws.
  4. XXX employees will not use corporate assets or business relationships for personal use or gain.

5.     Policy Compliance

5.1 Compliance Measurement

The CISO will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback.

5.2  Exceptions


5.3  Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Leave a Reply