create ethical policies and procedures - aoi...

CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT

Create ethical policies and procedures

Inside this reading Create ethical policies and procedures 2

National privacy principles 2

Code of ethics 3

Creating a code of ethics 4

Producing work procedures 4

Implementing the policies, procedures and codes 5

Summary 5

Feedback to activities Error! Bookmark not defined.


Create ethical policies and procedures It is important that IT professionals understand the ethics and values of their organisation,

and their obligation to meet both employer and client expectations of ethical conduct.

Expectations of ethical conduct are often communicated through formal documents such as

workplace codes, standards, policies and procedures. Creating ethical policies and procedures

is about ensuring that business operations reflect ethics and values, as well as the legislation

and standards that apply.

What are workplace policies and procedures?

Workplace policies and procedures are two different types of document that provide guidance

for employees as they go about their work:

A workplace policy is a general statement of intention relating to legislation, standards or

the values of the organisation.

A workplace procedure contains practical information and directions on how work is to

be carried out to an acceptable standard.

As an example, a Safe Workplace Policy may outline the commitment to a safe workplace in

line with OHS legislation. A hazard reporting procedure might then be developed that

describes the method and documentation required for reporting and managing hazards.

National privacy principles Privacy is an important issue for most people, and one that should be reflected throughout IT

workplace policies and procedures, as staff often have easy access to others’ personal

information. As well as laws that protect the rights of others in regard to personal information

the Commonwealth Government has introduced – in the Privacy Act 1988 (as amended) – the

10 National Privacy Principles as a guide to how others’ information should be managed so

that their privacy is protected.

The National Privacy Principles cover the following topics:

Principle 1 – Collection

Principle 2 – Use and disclosure

Principle 3 – Data quality

Principle 4 – Data security

Principle 5 – Openness

Principle 6 – Access and correction

Principle 7 – Identifiers

Principle 8 – Anonymity

Principle 9 – Transborder data flows


Principle 10 – Sensitive information

More information about the National Privacy Principles can be found in Schedule 3, at the

end of the Privacy Act 1988. To find the Act you can search for it in

http://www.comlaw.gov.au/ or http://www.austlii.edu.au/. If you go into the Austlii site click

on ‘Australian Cases and Legislation,’ ‘Commonwealth,’ then ‘Commonwealth Consolidated

Acts’ and then find the Act through the alphabetical list.

Code of ethics

Most organisations or workplaces expect a certain standard of behaviour from their

employees. In small organisations these may be unwritten rules, but larger organisations will

develop an ethics code or statement to ensure that their employees know the standard of

conduct that is expected of them.

The example below shows a policy and procedure for IT support services:

IT support policy statement:

All Solutions1 clients are entitled to prompt and professional support service. Solutions1

will endeavour at all times to minimise disruption to services and ensure security of data.

There may be many procedures may relate to this policy. Following is one example

procedure:

Support team job logging procedure:

Support requests are to be logged and acknowledged within 15 minutes of receipt

Critical support requests are to be given priority. These include, but are not limited to,

threats to information security and interruption to core business operations

Non-critical support requests are to be actioned in order of receipt and finalised within

24 hours. For support requests that cannot be finalised within 24 hours clients are to be

provided with regular status reports.

An organisation’s policies and procedures may cover many aspects of their operations, such

as human resources, customer service, environmental management, operational areas and

occupational health and safety. The policies may be available in print, in electronic format on

the company intranet, or in some cases online on a public website. The documents may be

published collectively as a Policy and Procedures Manual (PPM).

Many industry bodies and associations also publish codes and standards that govern the

ethical conduct of their members. These codes and standards are aimed at promoting the

reputation of the industry by ensuring members maintain professional and ethical conduct.

The standards are not necessarily legally binding, but may be used to support legal argument.

A Code of Ethics may be described as a Code of Conduct, Ethics Statement or similar. Codes

of Ethics published by industry bodies include:

Australian Computer Society (ACS). To access this code online, go to

http://www.acs.org.au/ and choose from the left menu: The ACS/The Society/General

Policies/Code of Ethics

System Administrators Guild of Australia (SAGE-AU). The SAGE-AU Code of Ethics is

published online at http://www.sage-au.org.au/ethics.html

You may be aware of other organisations that produce standards and codes for their

members.

http://www.comlaw.gov.au/

http://www.austlii.edu.au/

http://www.acs.org.au/

http://www.sage-au.org.au/ethics.html


Creating a code of ethics Once the need for a code of ethics is identified, how does an organisation go about creating

one? The code will need to reflect the legal and organisational requirements and the client

expectations, so the first step might be to examine the organisation’s business operations and

client base.

It is also important to know who might determine who the stakeholders are. Stakeholders are

the people who will have a role in developing, approving and implementing the code.

Creating a code of ethics might follow a process like this:

1 consideration of legal, organisational, client and community requirements and

expectations

2 examination of existing codes from industry bodies and similar organisations

3 preparation of a draft code for review

4 consultation with stakeholders and integration feedback

5 approval and finalisation processes

6 publication of the code

A process similar to this might be used to create a range of workplace policies and

procedures.

Producing work procedures As described earlier in this reading, a workplace procedure contains practical information and

directions on how an activity is to be carried out to an acceptable standard. An ethical

procedure is one that is fair and equitable, is appropriate in terms of privacy and

confidentiality, and complies with relevant standards and legislation.

Creating a simple procedure may involve writing a number of dot points explaining, for

example, how to use a piece of equipment correctly.

For more complex procedures, like setting out how to conduct an interview or report

workplace harassment, you might need to include references to forms that must be completed

during the procedure, legislation or standards that apply, and people who need to be advised

of the activity.

Look at some examples of a work procedures used in your place of work that refer to one or

more of the following:

o privacy or confidentiality


Implementing the policies, procedures and codes

Reviews and skills updates

Promoting ethical conduct in the workplace continues beyond the publication of the code,

policy or procedure. For these to be effective, employees must become familiar with the

documents. Ways of keeping employees informed about the documents include:

staff orientation and training programs

a Policy and Procedures Manual (PPM)

publication of codes and PPM in print and online.

Compliance and monitoring

Once implemented successfully, compliance may be managed through regular monitoring

processes. A range of formal and informal strategies can help ensure standards are

maintained. These could include:

formal processes such as documentation of tasks, performance reviews, audits,

inspections, quality control processes and staff

informal channels such as team meetings and individual discussion to communicate the

expectations of ethical conduct.

These are just some of the activities an organisation may perform to ensure that staff

members understand their legal obligations, and follow the policies and procedures. Other

monitoring activities might include:

consultation with clients to ensure their needs are met

monitoring of client relations, business activities and work procedures ensure all

personnel are following the code of ethics.

Summary In this reading you examined the requirements for developing ethical policy and procedures

in the IT industry. You looked at some examples of the policies and procedures that

organisations have published to help ensure their employees maintain organisational

principles and practice, and at a process for creating policies, procedures and codes for your

workplace.

The topic also covered the implementation of policies and procedures, and strategies to

monitor the organisation and its employees to ensure that the policies and procedures in place

are followed.


Identify Australian IT-related legislation and standards

Inside this reading Relevant legislation and standards 7

Commonwealth Government legislation 7

The legal framework 8

Accessing legislation 8

How Acts are referenced in other documents 9

Legislation for IT and other industries 10

Industry-specific standards, policy and legislation 12

Summary Error! Bookmark not defined.



Relevant legislation and standards As an IT professional your work is governed by Australian legislation and industry standards.

These may include:

Australian Commonwealth legislation

Australian state and territory legislation

legislation and standards that apply to the IT industry

legislation and standards that apply to the client’s core business

international IT and business standards.

Commonwealth Government legislation Commonwealth Government legislation refers to the laws enacted by the Government, and to

the legislative documents that set out these laws. The legislation includes Acts of Parliament

and subordinate Regulations that are the law, and may be supported by Government policies

and guidelines. Some of this legislation covers all industries across Australia, while other

legislation is either industry- or state- specific.

The IT industry is governed by various Commonwealth and State legislation, including

general legislation such as privacy and copyright law, and legislation specifically enacted in

response to new technologies, such as recent anti-spam laws.


The legal framework As shown in the diagram below, only Acts and Regulations are law. Policies, codes,

standards and guidelines are not law; however compliance may be mandatory as a condition

of employment or professional membership.

Compliance with the relevant legislation is mandatory, and may be controlled in the

workplace through documentation and certification requirements, and formally monitored

through processes such as audits and inspections.

Accessing legislation The full range of Commonwealth and state legislation governing Australians and Australian

business is available online, and libraries and operational areas within the workplace may

also keep print copies of relevant legislation. Referring to the online version is preferable, as

the legislation may have been amended or repealed since a hardcopy was printed.

You can view current legislation online at:

http://www.comlaw.gov.au/ for Commonwealth legislation

http://www.legislation.nsw.gov.au for NSW State legislation

Some government agencies make important information more accessible by publishing

guidelines in ‘plain English’ and a range of other languages.

Navigating legislation websites to find information

At times, you may need to review current legislation or find specific information within an

Act or subordinate document. Learning every piece of relevant legislation would be an

unrealistic expectation, but it is a useful skill to be able to find and review the legislative

documents online.


http://www.legislation.nsw.gov.au/


How information is organised within the legislative document

The title, date version and other identifying information are shown on the first page of the

Act. The body of the Act is divided into parts, sections and subsections. Part 1 contains

preliminary information such as definitions.

How Acts are referenced in other documents Generally, references to legislative documents give the title of the legislation, the year it was

enacted, and the section number where the specific information can be found. It may also

specify whether the legislation is state or Commonwealth; for example:

Your obligations as an employee are set out under the Occupational Health and Safety Act

2000 (NSW) s 20. Here is how you would find the information online:

1 Go to the NSW legislation site: http://www.legislation.nsw.gov.au.

2 From the top navigation, choose ‘Search in force’ (searches for legislation that is

currently in place).

3 Search for the exact phrase ‘Occupational Health and Safety Act’.

4 Choose the document ‘Occupational Health and Safety Act 2000 No40’.

5 From the ‘content’ menu of this document, select ‘20 Duties of Employees’.



Plain English guides to legislation

While it’s important that you know how to access legislation and how information is laid out

within an Act or Regulation, you should not feel that you face the overwhelming task of

learning every law that you need to comply with, or that you need to be able to interpret the

‘legalese’ used to write the documents. Government and industry bodies develop guidelines

and explanations bodies set out the important issues in ‘plain English’, and these cover much

of what you need to know in your day-to-day work. In the case of common law, you probably

know the right thing to do without having to refer to legislation.

If you do need to refer to legislation, make sure it is up-to-date, and relevant to the state or

territory in which your business operates. Both Commonwealth and state legislation is

published online, and this is a good place check the currency of legislation.

Finally, if you are not absolutely certain of your legal position, get advice from an expert.

Breaking the law, knowingly or through misunderstanding or negligence, puts you at risk of

serious penalties.

Legislation for IT and other industries Legislation relevant to IT professionals in NSW in Australia includes the generic legislation

that applies to all industries, workplaces or individuals. Legislation that determines the rights

and obligations of employees and employers, service providers and customers includes:

privacy

copyright and intellectual property

occupational health and safety

equal opportunity and access and equity

anti-discrimination

fair trading

industrial relations

workers compensation and rehabilitation.

Tip: To see a range of general and IT-related legislation that could apply to the IT industry

across Australia, check out the Primary Legislation section of the Oz NetLaw site at:

http://www.oznetlaw.net/home.asp

Occupational health and safety legislation

Occupational health and safety legislation is one example of legislation that is relevant to all

industries, including the IT industry. The legislation is intended to protect workers and others

from workplace-related accident or injury. Each Australian state and territory is responsible

for making and enforcing their OHS laws, and the National Occupational Health and Safety

Commission (NOHSC) sets standards for some industries that are not law, but may be

adopted as law by the state or territory.

Under OHS law both employers and employees have obligations, also known as a ‘duty of

care’ to maintain a safe workplace.



Find out more about your legal obligation to ensure workplace health and safety: Workcover New South Wales provides comprehensive workplace health and safety

information and links at: http://www.workcover.nsw.gov.au/default.htm

Occupational Health and Safety Act 2000 (NSW)

Equal opportunity, access and equity

Equal opportunity and anti-discrimination laws are intended to prevent unfair treatment on

the basis of personal attributes such as disability, race, gender and other social or physical

difference. The Commonwealth laws that protect against discrimination include:

Disability Discrimination Act 1992 (Cwlth)

Racial Discrimination Act 1975 (Cwlth)

Sex Discrimination Act 1984 (Cwlth)

Privacy laws

Privacy laws are an important example of how the IT profession is governed by legislation.

Privacy concerns the personal information, and is different to confidentiality, which generally

concerns business and operational information.

As an IT professional you might have administrator access to personal information through

your organisation’s electronic records and communications. This type of information is

protected by privacy legislation, and administrative access does not give you the right to

view, use or pass on others’ personal information without their consent.

Personal information can include:

Name, address and contact details

Birth date or age

Marital status

Gender and sexual preference

Private details such as medical records or criminal history

Commonwealth and state governments have enacted privacy legislation to protect individuals

from misuse of their personal information. As a rule of thumb, Commonwealth legislation

governs how Australian public sector departments and agencies can use client information,

while state legislation applies to the private sector businesses in that state.

http://www.workcover.nsw.gov.au/default.htm


Find out more about privacy legislation at: Office of the Federal Privacy Commissioner http://www.privacy.gov.au/index.asp is a

good source of information on privacy legislation, and has specific information on IT and

Internet Issues, and privacy information sheets for business.

Office of the NSW Privacy Commissioner privacy information is published online on the

Lawlink NSW site: http://www.lawlink.nsw.gov.au/privacynsw

Allens Arthur Robinson provide a comprehensive list of privacy information and links at:

http://www.aar.com.au/privacy/index.htm

Industry-specific standards, policy and legislation

IT-related legislation

The rapid growth of the IT industry has led to the introduction of legislation governing IT-

related industries and digital content. In addition to the general Commonwealth and state

legislation that apply to IT and other industries, such as privacy and copyright law, IT

professionals must comply with specific IT-related legislation, in the areas, for example, of:

anti-spam

e-business

telecommunications

digital agenda amendments to copyright law.

IT professionals working within other industries may also be bound by specific legislation

that applies to that industry, and need to understand how this impacts on their IT function.

Tip: To see a range of general and IT-related legislation that could apply to the IT industry

across Australia, check out the Primary Legislation section of the Oz NetLaw site at:


Industry standards

Industry standards might be developed by Government bodies, or by international, national or

state industry organisations and professional associations. The standards are intended to

ensure that industry members conduct their business operations and provide services and

products to an acceptable professional standard. Industry standards are not necessarily legally

binding, but may be used to support legal argument.

Standards that have been adopted by the Australian IT industry include:

OECD standard

ISO standards

Australian Standards

W3C accessibility standards.

http://www.privacy.gov.au/index.asp

http://www.lawlink.nsw.gov.au/privacynsw

http://www.aar.com.au/privacy/index.htm



OECD standards

http://www.oecd.org/ (browse ‘By Country’ to Australia)

Australia is one of thirty OECD (Organisation for Economic Co-operation and Development)

members. The OECD website has information and guidelines for range of IT-related topics,

including Privacy.

IS0 standards

http://www.iso.org

ISO refers to the voluntary standards for members of the International Organization for

Standardization, a non-government standards network based in Switzerland. ISO develops a

range of standards for the IT industry, including software development.

You may be familiar with the term ‘ISO 9001 compliant’. This refers to organisations that

meet the current ISO9001:2000 quality management certification.

Standards Australia

http://www.standards.org.au

Standards Australia is a developer of Australian Standards (AS), and is the Australian

representative for the International Organization for Standardization (ISO).

W3C accessibility standards

http://www.w3c.org.au

The Australian W3C Office promotes World Wide Web Consortium Accessibility Standards

(WC3). These standards aim to ensure that web content is accessible to all users, including

those with disabilities. W3C provides for strategies and alternatives that present content and

navigation in the most accessible format.

Policies

A policy is general statement of intention relating to legislation, standards or the values of an

organisation. Like the standards, a policy is not necessarily legally binding but may be used

to support legal argument.

Government policy

Government policy is not law, but sets out in general terms the position of the government in

relation to the subject of the policy. The policy may govern the conduct of government

officials and organisations and agencies, or provide voluntary guidance material in matters

associated with legislation.

Industry policy

An industry policy provides guidance for industry members in relation to the subject of the

policy, and sets out in general terms the position industry members should maintain.

Workplace policy

A workplace policy will set out in general terms the position of the organisation in relation to

the subject of the policy. The policy should reflect legislation, industry policy, and the

http://www.oecd.org/

http://www.iso.org/

http://www.standards.org.au/

http://www.w3c.org.au/


specific values and operations of the business. The following policy example can be found on

the TAFE NSW website:

Use of TAFE NSW Internet and Intranet Services

The ‘Use of TAFE NSW Internet and Intranet Services’ document on

http://www.tafensw.edu.au/legal/useofservices.htm outlines expected user behaviour for all

staff and students who make use of TAFE NSW Internet and Intranet services including

email, email lists, web browsing, website publication, chat and news groups (forums).

Ensure the integrity and security of others’ information

An IT professional may be responsible for others’ personal or confidential data, or other data

and software critical to business operations. To ensure the integrity and security of

information means to make sure that it is not lost, corrupted or damaged in any way, and is

adequately protected from unauthorised access and use.

Legislation, policies and standards will guide you in maintaining the integrity and security of

information. As we have seen, this includes:

privacy legislation

copyright and intellectual property laws

government, industry and workplace policies.

Commonwealth and state governments have enacted new legislation in response to the

growth of IT-related communication. Examples of this include:

Spam Act 2003 (Cwlth)

This Act is aimed at limiting unwanted electronic communications, such as advertising

material in emails.

Electronic Transactions Act 1999 (Cwlth).

Maintain and work to industry and international standards

Standards organisations such as ISO, Standards Australia and OECD have developed a range

of standards that apply to the information technology industry and IT professionals in

Australia.

The standards are available for purchase, and most standards that apply to Australian business

are available from the SAI global online catalogue at: http://www.sai-global.com

http://www.tafensw.edu.au/legal/useofservices.htm

http://www.sai-global.com/


Identify quality processes

Inside this reading Quality processes 16

Industry and international standards 16

Implementing quality processes 17

Meeting clients’ needs 18

Summary 18

Feedback to activities 18


Quality processes Quality is about ensuring that a high standard product or service is provided to the client or

employer in a cost-effective and timely manner.

Quality processes are designed to maintain and improve products and services on an ongoing

basis, and may form part of a formal organisation-wide quality management system.

Formal quality management systems can include:

Quality Assurance (QA)

Quality Management (QM)

Total Quality Management (TQM)

Continuous Improvement Processes

Quality Frameworks

These are generic terms used to describe similar approaches to

managing quality.

A quality framework describes a business management approach to meeting and maintaining

quality standards, based on a continuous cycle of performance evaluation and improvement.

This approach is usually highly structured and involves a comprehensive system of quality

documentation.

Quality processes can include ongoing monitoring and reviews, project management

procedures, client reports and sign-offs, and documents associated with the legal compliance,

management and operation of software and systems.

An organisation’s quality framework must ensure processes are in line with the appropriate

legislation, industry standards and other organisational guidelines.

Industry and international standards Almost all Australian industries are regulated by industry and international standards. Some,

such as safety standards, are a legal requirement and the product cannot be sold without

having met these. Others are voluntary, and provide assurance that the product or service has

met the standard of quality set by a relevant industry body or standards organisation.


Quality standards may apply to legal compliance, product quality, technical specifications,

for example, software testing and compliance standards, and standards relating to the

reliability, safety and robustness of equipment.

Often, meeting a recognised technical or business standard permits you to include an

identifying label or logo on your product or promotional material. This may be attractive to

potential clients who need reassurance that you will provide a quality product.

ISO compliance

The International Organisation for Standardisation (ISO) provides an international quality

system that that is common in Australia. ‘ISO 9001:2000 compliant’ refers to meeting the

current ISO Quality Management System Standard.

The 9000 Store website at http://www.the9000store.com/Intro-to-ISO-9001.aspx%20

includes some helpful ‘How to’ information that explains how a quality management system

works (although you should be aware that this is a US-based site).

Implementing quality processes In simple terms, implementing quality process is about following the workplace procedures

that are in place, and documenting and recording activities and outcomes so that these can be

used to review and improve products or services in future. It’s likely that you already

implement quality processes in the workplace; for example you might have completed a

testing and evaluation schedule, revised work practices based on customer feedback forms, or

fixed a problem identified in error logs.

Implementing a formal quality management process may involve analysing business

operations across the organisation, and developing a full range of quality documentation and

processes designed to ensure that the business can prove compliance with a specific standard

or set of standards. This may be a complex task and requires a dedicated quality management

role or, in a large organisation, a quality management team.

The formal process is also likely to include elements such as:

Audits. This is where quality managers or other authorised persons review documentation

and workplace practices to ensure that established quality measures are being complied

with.

Continuous improvement schedules. This involves the regular monitoring of processes to

identify any problems or gaps.

Controlled documents. These are operational documents and forms that are strictly

controlled to ensure that they are not adapted by unauthorised persons. Version control

ensures that only the latest version is available for use.

http://www.the9000store.com/Intro-to-ISO-9001.aspx


Meeting clients’ needs One important reason that many organisations develop and implement quality processes is to

ensure that the needs of their clients are being met.

An effective quality process might include the documentation and procedures that you would

use to identify client needs, track progress and report on project status, perform testing

procedures and evaluate finished products and outcomes.

Summary In this topic you learned that quality doesn’t just happen, and that as an IT professional you

need to implement quality processes to maintain a standard of work.

The topic examined how national and international standards apply to the IT industry, and

how by implementing quality processes you can meet these standards, and ensure that

products and services continue to meet the needs of your client or employer.


Maintain ethical conduct in IT

Inside this reading:

What is an ethical service? 20

Legal and industry controls 20

Your ‘ethical barometer’ 21

Ensure correct representation 21

Professional presentation 22

Providing unbiased information 22

Accurate quoting and estimating 22

Acknowledging others’ work 23

Protect client interests 24

Reliability and security 24

Confidentiality and proprietary rights 26

Value for money 26

Identify conflicts of interest 26

A word on whistle-blowing 27

Summary 27



What is an ethical service? The Macquarie Dictionary defines ethical, amongst other ways, as ‘in accordance with the

rules and standards of a profession’.

To provide an ethical IT service is essentially to act in an honest and professional manner. IT

professionals will ensure that they and their organisation are correctly represented, that their

clients are advised of any conflict of interest, and that the interests of the client, internal or

external, are properly protected.

As an IT professional you should be able to recognise potential ethical problems and decide

on the appropriate action needed. Before you act, you’ll need to know:

Who decides what is the right thing to do (eg does responsibility lie with the

organisation, the client or customer, or the individual employee)?

How much influence do government, industry and others have in determining ethical

behaviours?

What are the ethical concerns that apply to IT professionals?

Legal and industry controls Professional ethics are governed by legislation, industry standards and workplace policies and

procedures. These controls usually reflect community expectations and commonly held

personal values, although occasionally conflicts arise. For this reason it is important there are

guidelines for professional conduct when dealing with clients and customers, and that

employees understand their obligations.

Legislation

A range of commonwealth and state legislation governs Australians and Australian business.

You can view current legislation online at:

http://www.comlaw.gov.au/ for commonwealth legislation

http://www.legislation.nsw.gov.au for NSW State legislation.

Some government agencies make important information more accessible by publishing

guidelines in ‘plain English’ and a range of other languages.

Industry codes and standards

Many industry bodies and associations publish codes and standards that govern the conduct

of their members. The Australian Computer Society (ACS) Code of Ethics and Code of

Professional Conduct and Professional Practice for IT professionals are available from the

ACS website at http://www.acs.org.au/.



http://www.acs.org.au/


Workplace policies and procedures

Workplace policies and procedures reflect the legislation, standards and values relating to the

business operations. These may be available in print, on the company intranet, or on the

company’s website.

Your ‘ethical barometer’ The term ‘ethics’ comes from the Greek word ethikos, which describes the authority of

custom or tradition, a form of common law. This can be far more complex than ‘right versus

wrong’; it can be a topic full of dark corners, grey areas and divided opinions.

It may help to think of the people around you as an ethical barometer. Before you act, think

about how others might react—or ask them directly. Consider:

What would a legal adviser say?

What would your client, colleagues or employers say?

What would others in your profession or the wider community say?

What would your family and friends think?

How do you feel about it?

If you rely on the advice of others, be aware that some unethical people may try to influence

your thinking. Ethical decision-making is not based on peer pressure or coercion.

Ensure correct representation A qualification alone does not make you a professional. You must act like a professional,

demonstrate honesty and fair play, and correctly represent yourself, your organisation and

your products and services in all business dealings with clients.

A professional:

Dresses and acts appropriately

Respects others’ differences

Is fair and honest in their business dealings

Abides by legal, industry and workplace standards.

For the professional, correct representation means to:

Represent your capabilities, services, or products accurately

Offer unbiased advice and disclose all relevant information

To provide accurate quotes and work estimates.


The consequences of misrepresentation can be disastrous. There are industries that, as a

whole, are perceived as unethical because of the behaviour of a few ‘professionals’.

Businesses may fail and workers lose jobs because of unethical conduct on the part of others.

And let’s not forget the often spectacular fall of corporate high-fliers whose dishonest

dealings are eventually exposed.

Let’s take a closer look at correct representation for IT professionals.

Professional presentation Professional representation is about presenting skills, knowledge and qualifications in an

honest and professional manner. Create a good impression and you will inspire confidence in

what you or your company have to offer.

Professional presentation means:

Representing your capabilities, services, or products accurately

Offering unbiased advice and disclose all relevant information

Providing accurate quotes and work estimates.

To lie about, over-exaggerate or misrepresent expertise and experience in order to create a

good impression would be unprofessional. Nor would it be professional to create a poor

impression through negligence, or to misrepresent another’s skills.

Providing unbiased information A bias is a preference for or against a product, organisation or person, usually for personal or

financial reasons. While a bias is not in itself unethical, clients may rely on your expertise to

make the best decisions for their business. As a professional you must be careful to provide

fair and unbiased information. What would you do in this situation?

Accurate quoting and estimating Accurate quoting and estimating means providing an external client or an internal department

or employer, with a realistic picture of the time, costs, equipment and people needed to

complete a job.

You might use estimating worksheets and formulas based on past projects, or conduct

detailed assessment of the project requirements to do this. Whatever method you use, you

should aim to provide your client with figures that are as accurate as possible, and discuss

with them anything that may affect this later.


Experience is perhaps the best tool available for preparing accurate quotes and estimates. If

you’re not sure that you have it right, ask someone more experienced to look over your

figures first.

Acknowledging others’ work You have a legal and ethical obligation to correctly acknowledge the work done by others.

Source code and digital content are protected under copyright law, and giving credit where

credit is due is an important part of teamwork.

When you use someone else’s work, or where they worked with you on a project, it is only

fair to acknowledge their efforts. For example:

‘Graphics created by Sally Smith’, for unpublished works, or

‘Smith, S. Lifeworks (2001) Moss Publishing’, for published material.

You might also acknowledge assistance informally, or during a presentation. You must also

ensure you do not misrepresent others’ work, or claim it as your own.

Copyright

Copyright protects published and unpublished original works such as:

images, audio and video

source code

other original work.

You have a legal obligation to obtain copyright permissions and correctly acknowledge all

products and services developed by others.

Copyright and intellectual property (IP) is a complex legal issue.

Tip: For an overview of copyright law see the brochure: ‘Copyright Law in Australia - A

short guide’ from the Attorney-General’s website: http://www.ag.gov.au. Use the search

function to look up the word ‘copyright’ then choose ‘A short guide to copyright’.

If you are unsure about copyright, check with someone who knows.

Moral rights

Among other things, moral rights include the right to be acknowledged as the author of a

work, regardless of who owns the copyright. This means that original work produced by an

employee may belong to the employer or client, but they cannot claim authorship.

http://www.ag.gov.au/


Intellectual property (IP)

Intellectual property includes copyright of publicly available material, but also extends to less

tangible assets and knowledge, such as patents, trademarks, designs, trade secrets and ‘know-

how’.

Freeware and shareware

It is a common misconception that freely available web content, freeware and shareware are

copyright free. This is rarely the case, for example:

Some websites allow restricted copying for non-commercial purposes as long as the

material is correctly acknowledged.

Freeware and shareware is not necessarily free. Commercial use is often restricted, and

you still need permission to copy any source code or content.

For commercial products you should seek written permission use or reproduce others’ work.

It may be acceptable to use small examples or quotes as long as they are correctly attributed.

Protect client interests Protecting client interests is about doing what is best for your client’s business operations.

This may be an external client, an internal department, or a colleague. It may also be an

individual whose details are stored by your organisation.

Your client will expect:

Security and reliability

Confidentiality

Value for money

Professional service

Appropriate IT solutions.

Let’s take a look at some of the ways client interests can be protected.

Reliability and security Interests such as data security, reliability and efficiency of systems, processes and equipment

are obviously important to the client, as these are often the heart of their business operations.

Two types of threat to the continuity of service are:

accidental loss of data or services resulting from system failure, human error or act of

nature

deliberate or incidental loss or damage from hacking or other unauthorised actions.

In organisations that deal with sensitive information a security flaw, hacking incident or

misuse of access privileges may also threaten continuity of service. Even if the system is

otherwise intact it may need to be quarantined until the appropriate level of security can be


re-established. Properly protecting your client’s interests and ensuring the continuity of

service could include:

Software and data protection: Take all possible measures to prevent system crashes,

viruses and other disasters, and to minimise downtime and loss of data should a critical

incident occur.

Hardware: Ensure hardware is well-maintained and protected from power failure or

surges. Forward planning will minimise disruption caused by old, obsolete or inadequate

equipment.

Process: Develop efficient processes. Hardware and software solutions are only as good

as the processes that support them.

People: Ensure that key staff and trained personnel are available to support computing

services.

Firewalls, virus protection and system backups would be basic requirements for most IT

functions. Further to this, client requirements for security and reliability should be discussed

as part of the provision of IT services.

As part of providing a professional service you may need to advise clients on what’s needed

to ensure the security and reliability of their system. This will largely depend on the

operational aspects of the client organisation, such as the sensitivity of the data, how much

the organisation can afford, and any national and international standards that apply.


Confidentiality and proprietary rights The IT professional often has access to information that is confidential or commercially

sensitive.

Confidentiality is about protecting the client’s proprietary rights. These are the patents,

copyrights, trademarks, trade secrets, knowledge (know-how) and other intellectual property

rights that belong to the client, and are not public knowledge. It is so important to some

employers that they will require you to sign a confidentiality agreement or undergo security

clearances before you can work for them.

Confidentiality covers business and operational information, such as tenders, data, systems,

security, product details, financial dealings and product specifications. This is different from

privacy, which protects the rights of individuals.

Value for money

‘Wants’ versus ‘needs’

While pleasing your client is important, you should be aware that what the client wants and

needs may not always be the same thing.

Another aspect of protecting client interests is to ensure that the products and services

provided represent value for money while at the same time meeting current and projected

operational needs.

Finally, protecting client interests is also to ensure that the project remains within legal and

ethical guidelines, and that the client is advised of any potential threats or conflicts in these

areas.

Identify conflicts of interest A conflict of interest is a situation where you or your organisation has goals or values that

conflict with the client’s or employer’s needs. This situation may create an appearance that

you are not acting in the best interests of the client or employer, whether or not you actually

do so.

It is a professional responsibility to advise the employer or client of any conflict of interest as

soon as possible. If the conflict cannot be resolved, it may be necessary to withdraw from a

project or refuse a contract. Some examples of a conflict of interest include:

financial or personal gain at the client’s expense

professional or personal involvement with the client’s competition

non-professional relationships

involvement in a project for client’s business rival


an inappropriate business connection through a friend, partner or relative

personal or ethical bias against the client or their business.

Managing potential conflicts

There are two steps that may be taken when a conflict of interest is identified.

notify the client and employer as soon as possible

admit any bias when providing information.

Let’s look at some examples of conflict of interest that might occur in the IT industry. What

would you do in this situation?

A word on whistle-blowing You may have heard the term ‘whistle-blowing’. This is when an insider to an organisation

alerts the outside world about perceived wrongdoing within that organisation, rather than just

reporting internally. As in real cases of whistle-blowing, the consequences for whistle-

blowers can be severe, such as becoming very unpopular with other staff and even losing

their job.

Summary In this reading you examined a range of issues relating to ethical conduct, and the ethical

concerns that may arise in your work as an IT professional. You were also introduced to the

legal, professional and ethical responsibilities of IT professionals, including:

representing yourself and your organisation correctly

identifying and managing conflicts of interest

protecting the interests of your client.

create ethical policies and procedures - aoi...

Documents