1. Keep private and confidential information gained in your professional work, (in particular as it pertains to client lists and client personal information). Not collect, give, sell, or transfer any personal information (such as name, e-mail address, Social Security number, or other unique identifier) to a third party without client prior consent.
2. Protect the intellectual property of others by relying on your own innovation and efforts, thus ensuring that all benefits vest with its originator.
3. Disclose to appropriate persons or authorities potential dangers to any ecommerce clients, the Internet community, or the public, that you reasonably believe to be associated with a particular set or type of electronic transactions or related software or hardware.
4. Provide service in your areas of competence, being honest and forthright about any limitations of your experience and education. Ensure that you are qualified for any project on which you work or propose to work by an appropriate combination of education, training, and experience.
5. Never knowingly use software or process that is obtained or retained either illegally or unethically.
6. Not to engage in deceptive financial practices such as bribery, double billing, or other improper financial practices.
7. Use the property of a client or employer only in ways properly authorized, and with the owner’s knowledge and consent.
8. Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.
9. Ensure good management for any project you lead, including effective procedures for promotion of quality and full disclosure of risk.
10. Conduct oneself in the most ethical and competent manner when soliciting professional service or seeking employment, thus meriting confidence in your knowledge and integrity.
11. Ensure ethical conduct and professional care at all times on all professional assignments without prejudice.
12. Not to neither associate with malicious hackers nor engage in any malicious activities.
13. Not to purposefully compromise or allow the client organization’s systems to be compromised in the course of your professional dealings.
14. Ensure all penetration testing activities are authorized and within legal limits.
15. Not to take part in any black hat activity or be associated with any black hat community that serves to endanger networks.
16. Not to be part of any underground hacking community for purposes of preaching and expanding black hat activities.
17. Not to make inappropriate reference to the certification or misleading use of certificates, marks or logos in publications, catalogues, documents or speeches.
18. Not convicted in any felony, or violated any law of the land.