GIAC, as a professional organization providing certification to the information security community, strives to maintain the highest ethical standards. The GIAC Ethics Council was formed by the GIAC Advisory Board in October 2005 as an independent Council intended to elevate the importance of ethical issues in the security profession. The Council, with an international composition, is elected from the GIAC Advisory board and acts as an independent committee of the board regarding ethical matters that may arise in matters of GIAC certification, use of the GIAC credentials and ethical conduct of GIAC certification holders. The primary functions of the Council are to:
- Provide advice and counsel to the GIAC Director regarding ethical issues, as requested, and recommend appropriate actions the organization may want to evaluate
- Review the GIAC Code of Ethics annually to ensure it is addressing the needs of the membership and profession
- Provide confidential advice to the GIAC membership at-large, assisting members with ethical questions and concerns and reaching out to members whose companies may be involved in publicly-announced ethical situations
- Provide investigative functions and recommendations to the GIAC Director concerning the enforcement of GIAC.s Code of Ethics
Ethics Review Submission
Any GIAC member, or member of the public, may submit a written complaint to the GIAC Ethics Council. Complaints may be submitted via the web-based complaint form.
Ethics Review Process
The Ethics Council.s chief responsibility is to investigate ethics complaints against GIAC certified individuals, or GIAC students.
The investigative process is initiated when the Director of GIAC requests the investigation of a potential misconduct or when the Director is in receipt of a written complaint alleging misconduct.
The Ethics Council will solicit details in writing from the individual being investigated as well as any others who may be able to provide corroborating or exculpatory information.
After all solicited information has been reviewed, the Council may request further clarification as required.
On completion of its investigation, the Ethics Council will make a written report to the Director recommending whether the complaint should be upheld, and the recommended course of discipline. The written report will be communicated to the Director for review and possible further action.
If a Council member or members have a strong opinion against the majority decision of council then a dissenting opinion may also be written and provided to the Director.
Member(s) found to be in violation may file an appeal in writing within 30 days of the notice of decision. The appeal must be addressed to and delivered by certified mail to the GIAC Director, specifically stating the grounds for appeal.
The appeal will be conducted by the GIAC Ombudsman. The Ombudsman will review the details of the original investigation and the submitted appeal to determine if if the appeal has merit. The GIAC Ombudsman will notify the appealing party via registered mail of the result.
Unified Framework of Professional Ethics for Security Professionals
At the present time the GIAC Ethics Council upholds the GIAC Code of Ethics. However, in early 2007 the GIAC Ethics Council joined with other security organizations to formulate a unified code of ethics for the security industry. The GIAC Ethics Council sees this work as an important milestone in achieving increased recognition for the security profession and is proud to be actively involved in this initiative.