Code of Ethics In IT
Practice shows that ethical codes really do contain resources to address a wide range of tasks. At the same time, a single methodological approach to codes of ethics is currently lacking.
Code of ethics, in essence, is a set of rules and behaviors that are shared by members of the group. With the use of the code set certain behaviors and common standards of relations and joint activities are set.
Codes are regulating the behavior of specialist in difficult ethical situations specific to the profession, improve status of the professional community in the society and form trust to the representatives of the profession (Joseph, 2007).
When the most significant ethical dilemmas are given by an organization, it is obvious that activities of the employees are regulated by corporate codes.
The underlying cause of ethical issues in the business is contradictions in the interests of stakeholders. Business includes economic relations between many groups of people: customers, employees, shareholders, suppliers, competitors, governments and communities – the stakeholders. For the most effective control the modern manager must take into account all the interests, not only the interests of shareholders.
Interest groups often put forward conflicting claims. For example, the conflict of interests of the company and the consumer: is the sale of a product that does not match the declared quality (unfair advertising) possible?
Therefore, important tasks of the code of corporate ethics are to establish priorities for the target groups and ways to harmonize their interests.
Code of corporate ethics can perform three basic functions: reputational, management and function of the corporate culture development.
Reputational function of the code is to build trust in the company of the external reference group (description of policies traditionally enshrined in international practice in relation to customers, suppliers, contractors, etc.). Thus, the code, as an instrument of corporate PR, increases the investment attractiveness of the company. The presence of this code of corporate ethics is the worldwide standard for business.
Administrative function of the code is to regulate behavior in difficult ethical situations. Improving performance of the employees is carried out by:
- regulation of priorities in collaboration with relevant external groups;
- determination of the decision-making order in complex ethical situations;
- indication of unacceptable behavior.
Corporate ethics, in addition, is an integral part of the corporate culture. Code of Ethics is a significant factor in the development of corporate culture. Code can translate the values of all employees, focus staff on the common corporate objectives and thereby enhance the corporate identity.
Doctors, lawyers and other professionals, whose work involves human life, usually take training courses, which draw attention to the ethical issues specific to their profession. IT security experts often have access to much more confidential data and information about individuals, networks and systems of the companies, which gives them enormous power. This can lead to accidental or deliberate abuse. However, there are no standardized requirements for breeding, necessary for a diploma of IT professional. Associations and organizations of IT professionals are just starting to pay attention to the ethics of the work, but there is no requirement for belonging of the IT staff to such organizations (Hossein, Gholamreza & Hamed, 2012, pp. 546-552).
Education and training of IT specialists, including experts in the field of security, is usually focused on the technical knowledge and skills. You learn how to perform tasks, but little is said about how these opportunities can be abused. In fact, many IT professionals’ attitude to their work in terms of the hacker is the following: you can do anything that you can do (Payne & Landry, 2005, pp. 73-85).
In fact, many IT professionals are not even aware that their work is related to ethical issues.
Many of the ethical issues faced by IT professionals raise issues of privacy. For example:
Whether IT staff should read personal e-mails of users on the network just because they can do it? Should they read the mail of employees as a security measure to make sure that the company is not dsclosed? Should they read the mail of employees to ensure that there is no violation of the rules (for example, against the use of official mail for personal use)? If they read e-mails of employees, whether or not should they tell them about it? In advance or after the breach?
Should IT specialists keep a track of users’ websites visited? Should they keep logs of visits of the sites? Is not the lack of Internet usage tracking negligence leading to the ability to view pornography in the workplace, which can create a hostile work environment?
Should IT staff install on the desktop programs that track keystrokes recording everything that the user enters; programs saving a copy of the screen to see what is displayed there? Whether to inform the users that they are being watched in this way?
Should IT employees read the documents and view image files stored on the computers of users in their folders on the server (Calluzzo & Cante, 2004, pp. 301-312)?
IT professionals should consider the following questions: what if the employee’s reading of random documents reveals trade secrets of the company? What if an employee later leaves the company and go away to work for the competition? Whether to use this knowledge in the employee’s new job?
What if the documents an employee reads, reveal a violation of the law by the company? Do they have a moral right to use them against the company, or they need to respect the secrecy of the employer? Does anything change if the employee made to sign an NDA for employment?
IT professionals and security consultants who are working with several companies have to deal with much more ethical problems. If they know anything about one of the customers, which could affect the other client, who will be loyal to those professionals?
Moreover, proliferation of network attacks, hacking, viruses and other threats to the IT infrastructure of the company, makes them afraid. Information security consultants can very easily play on that fear to force companies to spend much more money than it is really necessary. Is it honestly to inflate the cost of equipment and software, purchased from a client? Is it honestly to take «commissions» from the manufacturers persuading customers to take their products? Is it honestly to advice the clients products of the companies they have a stock of? All these are other important ethical issues (Stone & and Henry, 2003, pp. 337-350).
The answer to the question “Is it ethical?” is to be found by every IT specialist individually.
However, be that as it may, the question of ethics of IT professionals is starting to pay attention to. Voluntary professional associations, such as the Association for Computing Machinery (ACM), have developed their own codes of ethics and professional guidelines that can serve as guidance for individuals and other organizations.
Code of corporate ethics of IT specialists may include the following fundamental corporate values, based on which the activities of IT specialists are carried out:
Competence and professionalism
In the first place, the result of the IT specialist’s work should be perfect from the professional point of view. Officials in the IT sector should have a quality education, work experience, ability to make informed and responsible decisions.
The following is ethical:
- attitude to the interests of clients, as a major target in actions of the company;
- competence, efficiency and courtesy, reflected in the ability of specially trained staff to serve customers;
- membership of the company in the public organization that unites specialized companies is for customer the evidence of professional recognition and corporate culture;
- writing of technical specifications, promotional materials, references and explanatory character in the language understandable for customers, explaining the text of all the special terms and concepts;
- meeting the requirements of the verifiability of all the available materials to the customers;
- availability of the reasoned motivations expressed in the correct form in case of disagreement with the opinion of customers;
The following is not ethical:
- introduction of customer to confusion about the reputation, competence and professional qualifications of employees and the company as a whole;;
- false or exaggerated promises about products and services;
- intentional or unintentional introduction of customer to confusion about service opportunities;
- self-serving bias or interest in the service;
- failure to maintain the confidentiality of the client;
- unfair and unethical advertising.
Ethical norms of relations between market players
The following is ethical:
- respect for the legitimate rights of market participants, operating together in the same region with the company;
- maintaining high ethical principles of interaction of the market participants in order to maintain and enhance public confidence in their work;
- settling disputes with the market players only in a lawful manner;
- supporting efforts of other companies in creation and expansion of a civilized market of IT products and services;
- approval of the spirit of trust and reciprocity between market participants;
- adherence to the principles of honest, fair competition;
- active stance against professional dishonesty;
- creating equal conditions for all players who interact with the company.
The following is not ethical:
- an action sowing discord among the companies that causes damage to the reputation of their community;
- distributing libelous or false information damaging reputation of other companies;
- cultivation of contradictions based on personal ambitions;
- dumping as a means of competition;
- application of rates and conditions, in cooperation with other companies, leading to economic pressure on these companies to gain competitive advantage in the market;
- providing false information about professional opportunities of the company;
Ethical norms of relations with the media
The following is ethical:
· providing for the media only reliable information and urgent fixing of mistakes, if incorrect information was provided;
· demands from the media of the denials in cases of dissemination of false or misleading information about the company;
· bound in the publications of links to sources of information.
The following is not ethical:
· unrealistic promises in advertising;
· providing false information about the company;
· providing false information on the personnel staff of the company;
· providing false information about management of the company;
· providing false information about customers of the company;
· disclosure of confidential information of the customers and employees of the company;
· disclosure of information in the environment of the shortcomings of the company and its problems;
· providing false information on the services provided and their quality;
· initiating in the media information discrediting competitors.
Obviously, each company defines its own purposes for which it intends to use a tool such as a code of corporate ethics. But creation of the code, of course, is not limited to the writing of the text of the document. There are specifics in implementation of such documents: it is not possible to force to execute ethical code. Therefore, to ensure that it will work, even at the stage of its creation, it is necessary to provide procedures, including all the employees in the development of this paper (if possible). Only if the code by each employee is accepted, the document will actually be executed.