causes recognizable harm that could
be mitigated through its violation. A
computing professional who decides
to violate a rule because it is unethical,
or for any other reason, must consider
potential consequences and accept responsibility for that action.
2. 4 Accept and provide appropriate professional review.
High quality professional work in computing depends on professional review
at all stages. Whenever appropriate,
computing professionals should seek
and utilize peer and stakeholder review.
Computing professionals should also
provide constructive, critical reviews of
2. 5 Give comprehensive and thorough
evaluations of computer systems and
their impacts, including analysis of
Computing professionals should strive
to be perceptive, thorough, and objective when evaluating, recommending,
and presenting system descriptions
and alternatives. Computing professionals are in a position of trust, and
therefore have a special responsibility
to provide objective, credible evaluations to employers, clients, users, and
the public. Extraordinary care should
be taken to identify and mitigate potential risks in self-changing systems. A
system for which future risks cannot be
reliably predicted requires frequent reassessment of risk as the system evolves
in use, or it should not be deployed. Any
issues that might result in major risk
should be reported.
2. 6 Have the necessary expertise, or
the ability to obtain that expertise, for
completing a work assignment before
accepting it. Once accepted, that commitment should be honored.
A computing professional is accountable for evaluating potential work assignments.
Once it is decided that a project
is feasible and advisable, the pro-
fessional should make a judgment
about whether the work assignment
is appropriate to the professional’s
expertise. If the professional does
not currently have the expertise nec-
essary to complete the assignment,
the professional should disclose this
shortcoming to the employer or cli-
ent. The client or employer may de-
cide to pursue the assignment with
the professional after time for addi-
tional training, to pursue the assign-
ment with someone else who has the
required expertise, or to forego the
assignment. A computing profes-
sional’s ethical judgment should be
the final guide in deciding whether to
work on the assignment.
2. 7 Improve public awareness and understanding of computing, related
technologies, and their consequences.
Computing professionals should share
technical knowledge with the public,
foster awareness of computing, and encourage understanding of computing.
Important issues include the impacts
of computer systems, their limitations,
their vulnerabilities, and opportunities
that they present. Additionally, a computing professional should counter
false views related to computing.
2. 8 Access computing and communication resources only when authorized to
No one should access another’s
computer system, software, or data
without permission. A computing
professional should have appropriate approval before using system
resources unless there is an overriding concern for the public good. To
support this principle, a computing
professional should take appropriate
action to secure resources against unauthorized use. Individuals and organizations have the right to restrict access to their systems and data so long
as the restrictions are consistent with
other principles in the Code.
2. 9 Design and implement systems that
are robustly and usably secure.
Breaches of computer security cause
harm. It is the responsibility of computing professionals to design and
implement systems that are robustly
secure. Further, security precautions
are of no use if they cannot or intentionally will not be used appropriately
by their intended audience in practice; for example, if those precautions
are too confusing, too time consuming, or situationally inappropriate.
Therefore, the design of security features should make usability a priority
In this section, “leader” means any
member of an organization or group
who has influence, educational responsibilities, or managerial responsibilities. These principles generally apply
to organizations and groups, as well as
A computing professional acting as a
3. 1 Ensure that the public good is the
central concern during all professional
The needs of people—including users,
those affected directly and indirectly,
customers, and colleagues—should
always be a central concern in professional computing. Tasks associated
with requirements analysis, design,
development, testing, validation, deployment, maintenance, retirement,
and disposal should have the public
good as an explicit criterion for quality. Computing professionals should
keep this focus no matter which methodologies or techniques they use in
3. 2 Articulate, encourage acceptance
of, and evaluate fulfillment of the social
responsibilities of members of an organization or group.
Technical organizations and groups affect broader society, and their leaders
should accept the associated responsibilities. Organizational procedures
and attitudes oriented toward quality,
transparency, and the welfare of society reduce harm to the public and raise
awareness of the influence of technology in our lives. Therefore, leaders
should encourage full participation of
all computing professionals in meeting
social responsibilities and discourage
tendencies to do otherwise.
3. 3 Manage personnel and resources to
enhance the quality of working life.
Leaders should ensure that management enhances, not degrade, the quality of working life. Leaders should consider the personal and professional
development, accessibility requirements, physical safety, psychological
well-being, and human dignity of all
workers. Appropriate human-computer ergonomic standards should be used
in the workplace.