Updated March 06, 2024

GIAC Ethics Policy

Information security professionals are afforded a great deal of responsibility and trust in protecting the confidentiality, integrity, and availability of information assets for the organizations within which they work. Such responsibility places a significant expectation on the body awarding certification to these professionals. To maintain the highest standards of quality and excellence as a certification provider, GIAC requires its applicants, candidates, and certification holders to uphold a high level of ethical and professional conduct, and as such this Ethics Policy and Code of Ethics have been developed by the Ethics Council and GIAC management.

Code of Ethics

I acknowledge that certification is a privilege that must be earned and upheld. I agree to advocate, adhere to, and support this Code of Ethics. I further understand that any action taken in opposition to this Code of Ethics may result in an Ethical Violation and disciplinary action(s) by GIAC. Disciplinary actions may include but are not limited to revocation of certifications and/or forfeiture of certification attempts; participation ban on any future GIAC/SANS programs; reporting of violation to management and/or other certifying organizations.

Respect for the Public

• I will accept responsibility in making decisions with consideration for the security and welfare of the community.
• I will not engage in or be a party to unethical or unlawful acts that negatively affect the community, my professional reputation, or the information security discipline.

Respect for the Certification

• I will not share, disseminate, or otherwise distribute confidential or proprietary information pertaining to the GIAC certification process
• I will not use my certification designation, symbols of certification (such as certificates, digital badges, or logos), or information associated with my certification (such as analyst identification number) to represent any individual or entity other than myself as being certified by GIAC.
• I will uphold the highest level of integrity when it comes to the security of the exam content and exposure to GIAC intellectual property in compliance with the Exam Integrity Policy

Respect for the Industry

• I will deliver capable services that are consistent with the expectations of my certification and position
• I will protect confidential and proprietary information with which I come into contact.
• I will minimize risks to the confidentiality, integrity, or availability or an information technology solution, consistent with risk management practice

Respect for Myself

• I will avoid conflicts of interest
• I will not misuse any information or privileges I am afforded as part of my responsibilities
• I will not misrepresent my abilities or my work to the community, my employer, or my peers.

Personal Accountability

I understand that I may only make claims regarding my GIAC certification(s) status(es) with respect to the scope of specific certifications I have earned. I may not use the certification or certification status in such a manner as to mislead others or bring the certification body into disrepute. If at any time matters affect my ability to continue to fulfill the competences associated with my GIAC certification(s), I am required under this Code of Ethics to inform GIAC without delay by emailing ethics@giac.org with specific information. Furthermore, in the event that my certification status is withdrawn due to an official sanction, I understand that I must refrain from use of all references to a previous certification status.

Ethics Violations Procedure

GIAC is committed to enforcing this Ethics Policy and have thus developed the following formal procedures that allow for fair and objective review of allegations and instances of violations.

Ethics Council

The GIAC Ethics Council serves to elevate the importance of ethical issues that arise in matters of GIAC certification, including but not limited to the use of GIAC intellectual property, credentials, logos, trademarked materials, and the overall GIAC brand.

The primary functions of the council are to:

• Provide an impartial voice to matters of ethics as to eliminate potential bias in ethical violation review scenarios.
• Recommend appropriate actions GIAC may take in reaction to ethical issues or concerning disposition of third-party ethics complaints.

The council is comprised of no fewer than nine voting members constituting representation from multiple global regions where GIAC does business.

Ethics Violation Review Process

If an ethics violation is identified, GIAC will conduct a comprehensive investigation of the claims and submit evidence to the GIAC Ethics Council for review and deliberation.

A final vote by the council will take place to determine a recommended action which is submitted back to GIAC management for review and endorsement.

Once endorsed by GIAC management, the matter is considered closed, and the accused will be notified of the outcome.

Complaints

Any applicant, candidate, certification holder, or member of the public may express dissatisfaction relating to the activities of either the certification body or a specific GIAC certification holder. Complaints must be submitted in writing through the GIAC Complaint Form and follow the instructions included on this form for submission in accordance with the GIAC Formal Complaint Procedure.

Appeals

Certification holders may request reconsideration of any decisions made by the certification body related to the status of their individual certification for actions taken due to ethical violations. Appeals must be submitted in writing through the GIAC Appeals Form and follow the instructions included on the form for submission in accordance with the GIAC Formal Appeals Procedure.

Note, the appeals process does not apply to exam failures, challenges to individual examination questions or answers, or retesting requests.