Code of Ethics & Professional Conduct


We strive to be the reference standard for information risk advisory services


Act honorably, honestly, justly, responsibly, and legally

Provide diligent and competent service in all engagements

Advance and protect the profession and the company

Core Competencies

Information risk analysis, auditing, implementation and related executive advisory

Business education and corporate information security awareness

Information privacy and business continuity


In arriving at the following guidance, Knowledgeflow Cybersafety Foundation is mindful of its responsibility to:

Engage in positive and just practices

Research, Teach, Identify and mentor new employees

Discourage behavior such as:

Raising unnecessary alarm, fear, uncertainty, or doubt

Giving unwarranted comfort or reassurance

Consenting to bad practice

Attaching weak systems to the public net

Associating or appearing to associate with criminals or criminal behavior

These objectives and the following mandates are provided for information only. Although Knowledgeflow Cybersafety Foundation is not legally required to agree with them, the company intensely strives to comply with each one in all situations.


The Code of Ethics of the International Information Systems Security Certification Consortium drives the mandates of every Knowledgeflow Cybersafety Foundation Risk Advisor to: 

Promote and preserve public trust and confidence in information and systems

Promote the understanding and acceptance of prudent information security measures

Preserve and strengthen the integrity of the public infrastructure

Discourage unsafe and unethical practices

Tell the truth; make all stakeholders aware of our actions on a timely basis

Observe all contracts and agreements, express or implied

Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort

Take care to be truthful, objective, cautious, and within our competence

Provide diligent and competent service to principals

Preserve the value of client systems, applications, and information

Respect client trust and the privileges that they grant us

Avoid conflicts of interest or the appearance thereof

Advance and protect the profession

Take care not to injure the reputation of other professionals through malice or indifference

Avoid professional association with those whose practices or reputation might diminish the profession


The Code of Conduct of the Institute of Electrical and Electronics Engineers inspired the core values of professional conduct every Risk Advisor adheres to: 

Accept responsibility for making decisions consistent with the safety, security, and privacy of client information assets

Avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist

Be honest and realistic in stating claims or estimates based on available data

Reject bribery, intimidation and fraud in all its forms;

Improve the understanding of information risk management, data protection & related compliance, their applications & potential consequences

Maintain and improve our professional competence and undertake  tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations

Seek, accept, and offer honest criticism of professional  work, to acknowledge and correct errors, and to credit properly the contributions of others

Treat fairly all parties and not engage in acts of discrimination, intimidation, retaliation, illegal surveillance or unethical conduct

Avoid injuring others, their property, reputation, or employment by false or malicious action

Assist colleagues and co-workers in their professional development and support them in following the Knowledgeflow Cybersafety Foundation code of ethics.


Personal Information Protection and Electronic Documents Act

Security of Information Act