The primary goal of the Holistic Information Security Practitioner Institute (HISPI) is to promote and encourage management best practices that will ensure the confidentiality, integrity and availability of information resources. To achieve this goal, members of the HISPI must reflect the highest standards of ethical conduct.

HISPI sets forth this Code of Professional Ethics to guide the professional and personal conduct of members and/or its certification holders; and requires its observance as a prerequisite for continued membership and affiliation with HISPI.

Members and HISP certification holders shall:

  • Support and promote the implementation of, and encourage compliance with, appropriate standards and procedures for information security management best practices.
  • Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards, applicable laws and best practices.
  • Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
  • Maintain the privacy, confidentiality and integrity of sensitive information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
  • Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.
  • Inform appropriate parties of the results of work performed; revealing all significant facts known to them and refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of their employers, the information security profession or HISPI.
  • Support the professional education of stakeholders in enhancing their understanding of information security.

Failure to comply with this Code of Professional Ethics can result in an investigation into a member's, and/or certification holder's conduct and, ultimately, in disciplinary measures.

Frequently Asked Questions (FAQ)

A complaint must be:

  • Specific to a section of the HISPI Code of Ethics;
  • In writing and signed by the individual lodging the complaint;
  • Supported by definitive and specific evidence of such accusation; or
  • Made against a current holder of HISPI membership and/or holder of a HISP certification.

Any complaint should be submitted to the attention of the Chair of the Certification Maintenance Committee at the HISPI Website ( The complaint and all related documentation are dealt with in a strictly confidential manner.

  • Once a complaint is filed, the complainant agrees to hold in strict confidence, and will not announce or promote in any manner, or use personal or HISPI communication vehicles to announce filing of a complaint.
  • If it is determined that additional information and evidence is required, this will be requested from the complainant and a specific timeframe needed to receive such information. If this additional information is not received, a decision will be rendered based on the information initially provided.
  • If it is determined that no further action is warranted, the complainant will be advised in writing of the outcome of the initial investigation.
  • If the initial investigation supports the complaint, an independent investigation will commence, and the information will be handed over to the appropriate Certification Maintenance Committee.

The Certification Maintenance Committee consists of:

  • At least five independent HISPI members
  • The respective chairs of the Certification Maintenance Committee and Certification Maintenance Committee.

The communications with the subject of a complaint are made as follows:

  • If a preliminary investigation of the information/evidence reveals a valid compliant, the individual(s) named in the written complaint will be sent a "Notice of Complaint" by registered or certified mail. The Certification Maintenance Committee will also request any additional information needed.
  • The Certification Maintenance Committee will submit a written report of its findings within sixty (60) business days of receiving all further requested supporting information.
  • Within ten (10) business days of the written report findings being accepted, the findings of the Certification Maintenance Committee will be communicated to the subject of the complaint.

If a complaint is found to have valid grounds, the independent Certification Maintenance Committee could recommend one of the following disciplinary actions depending on the severity of the infraction:

  • Warning-a written warning and notice of such shall remain in the member's file and articulate clearly the consequences if the situation occurs again, or if there is another violation.
  • Suspension-HISPI membership and/or HISP certification or eligibility to become certified could be suspended for a period up to one (1) year.
  • Revocation of Certification or and/or Membership-HISPI membership and or HISP certification could be revoked.

If the subject of the complaint wishes to appeal the disciplinary actions:

  • The appeal should be made in writing and submitted to the attention of the Chair of Certification Maintenance Committee within thirty (30) days of receipt of the decision.
  • Once the appeal is received, the subject of the complaint will be contacted to arrange for a hearing.
  • The outcome of this appeal hearing is final.
Holistic Information Security Practitioner
You can be notified of upcoming industry events that our HISPI members are participating in

2910 Evans Mill Road, Suite B367
Lithonia, Georgia 30038

Recent Security Discussion