AfricaCERT CODE OF CONDUCT
AfricaCERT Members shall maintain their memberships by adhering to the AfricaCERT Membership requirements and Code of conduct. A Member who intentionally or knowingly violate any terms of the Code will be subjected to action by Board of Directors, after consultation with the Council of Elders which may result in the revocation of the membership.
The Code of Conduct is intended to help members to identify and resolve the inevitable ethical dilemmas that they will confront during their tenure in the AfricaCERT. It also serves as guidelines that may be considered by the AfricaCERT BOD in judging the behaviors of the members. Therefore, strict adherence to this Code is important as a condition of the membership.
The primary duties of an AfricaCERT member are to respond computer security incidents on behalf of a qualifying constituency as defined within the AfricaCERT Operational Framework.
This Code sets out the principles, which guide the conduct of AfricaCERT members. The Code will be applied in a reasonable and objective manner. Where sanctions for misconduct are available and under consideration, due regard will be paid to the degree of negligence or deliberate fault and to the nature and circumstances of a member’s conduct.
AfricaCERT members should not behave in a way, which is likely to bring discredit upon AfricaCERT or the wider CSIRT community. AfricaCERT members should follow the procedures established in AfricaCERT.
Honesty and integrity
It is of paramount importance that the community has faith in the honesty and integrity of the AfricaCERT members. AfricaCERT members should therefore be open and truthful in their dealings; avoid being improperly beholden to any person or institution; and discharge their duties with integrity.
Fairness and tolerance
AfricaCERT members have a responsibility to act with fairness and impartiality in their dealings with the Internet community and colleagues, treating all with courtesy and respect. Members must avoid favoritism of an individual or group, and all forms of victimization or discrimination.
Abuse of Trust
AfricaCERT members must never knowingly abuse the trust that has been placed in them by virtue of their membership in AfricaCERT.
Performance of duties
AfricaCERT members should be conscientious and diligent in the performance of their duties. They should sustain and, where possible, improve their professional knowledge and competence.
Unless there is good and sufficient, cause to do otherwise, AfricaCERT members must obey all lawful orders and abide by the regulations of their organization. Officers should support their colleagues in the execution of their lawful duties, and oppose any improper behavior, reporting it where appropriate.
Information that comes into the possession of an AfricaCERT member should be treated as confidential. It should not be used for personal benefit and nor should it be divulged to other parties except in the proper course of duty.
Similarly, AfricaCERT members should respect, as confidential, information about policy and operations of other members unless authorized to disclose it in the course of their duties. Personal comment should not be voiced in ways or circumstances likely to damage public confidence in the member or the organization to which the member belongs.
Co-operation and partnership
AfricaCERT members should co-operate with and assist others members of the CSIRT community and other entities mandated to prevent, detect and recover from cyber-attacks.