Create Ethical Policies and Procedures: Reading

Reading: Create ethical policies and procedures

Create ethical policies and procedures

Inside this reading

Create ethical policies and procedures

National privacy principles

Code of ethics

Creating a code of ethics

Producing work procedures

Implementing the policies, procedures and codes

Summary

Feedback to activities

Create ethical policies and procedures

It is important that IT professionals understand the ethics and values of their organisation, and their obligation to meet both employer and client expectations of ethical conduct.

Expectations of ethical conduct are often communicated through formal documents such as workplace codes, standards, policies and procedures. Creating ethical policies and procedures is about ensuring that business operations reflect ethics and values, as well as the legislation and standards that apply.

What are workplace policies and procedures?

Workplace policies and procedures are two different types of document that provide guidance for employees as they go about their work:

A workplace policy is a general statement of intention relating to legislation, standards or the values of the organisation.
A workplace procedure contains practical information and directions on how work is to be carried out to an acceptable standard.

As an example, a Safe Workplace Policy may outline the commitment to a safe workplace in line with OHS legislation. A hazard reporting procedure might then be developed that describes the method and documentation required for reporting and managing hazards.

National privacy principles

Privacy is an important issue for most people, and one that should be reflected throughout IT workplace policies and procedures, as staff often have easy access to others’ personal information. As well as laws that protect the rights of others in regard to personal information the Commonwealth Government has introduced – in the Privacy Act 1988 (as amended) – the 10 National Privacy Principles as a guide to how others’ information should be managed so that their privacy is protected.

The National Privacy Principles cover the following topics:

Principle 1 – Collection
Principle 2 – Use and disclosure
Principle 3 – Data quality
Principle 4 – Data security
Principle 5 – Openness
Principle 6 – Access and correction
Principle 7 – Identifiers
Principle 8 – Anonymity
Principle 9 – Transborder data flows
Principle 10 – Sensitive information

More information about the National Privacy Principles can be found in Schedule 3, at the end of the Privacy Act 1988. To find the Act you can search for it in or If you gointo the Austlii site click on ‘Australian Cases and Legislation,’ ‘Commonwealth,’ then ‘Commonwealth Consolidated Acts’ and then find the Act through the alphabetical list.

Code of ethics

Most organisations or workplaces expect a certain standard of behaviour from their employees. In small organisations these may be unwritten rules, but larger organisations will develop an ethics code or statement to ensure that their employees know the standard of conduct that is expected of them.

The example below shows a policy and procedure for IT support services:

IT support policy statement:

All Solutions1 clients are entitled to prompt and professional support service. Solutions1 will endeavour at all times to minimise disruption to services and ensure security of data.

There may be many procedures may relate to this policy. Following is one example procedure:

Support team job logging procedure:

Support requests are to be logged and acknowledged within 15 minutes of receipt
Critical support requests are to be given priority. These include, but are not limited to, threats to information security and interruption to core business operations
Non-critical support requests are to be actioned in order of receipt and finalised within 24 hours. For support requests that cannot be finalised within 24 hours clients are to be provided with regular status reports.

/ Activity 1

How might the above policy and procedure relate to ethical business practice?

Check your answers against the feedback provided at the end of this document.

An organisation’s policies and procedures may cover many aspects of their operations, such as human resources, customer service, environmental management, operational areas and occupational health and safety. The policies may be available in print, in electronic format on the company intranet, or in some cases online on a public website. The documents may be published collectively as a Policy and Procedures Manual (PPM).

Many industry bodies and associations also publish codes and standards that govern the ethical conduct of their members. These codes and standards are aimed at promoting the reputation of the industry by ensuring members maintain professional and ethical conduct. The standards are not necessarily legally binding, but may be used to support legal argument.

A Code of Ethics may be described as a Code of Conduct, Ethics Statement or similar. Codes of Ethics published by industry bodies include:

Australian Computer Society (ACS). To access this code online, go to and choose from the left menu: The ACS/The Society/General Policies/Code of Ethics
System Administrators Guild of Australia (SAGE-AU). The SAGE-AU Code of Ethics is published online at

You may be aware of other organisations that produce standards and codes for their members.

/ Activity 2

Review the ACS, SAGE and ISIG Codes. Can you identify some similar themes?

Check your answers against the feedback provided at the end of this document.

/ Activity 3

A workplace code could be in the form of brief statement of expectations, a page of dot points, or a lengthy document including detailed standards. Do an online search of Australian websites and see what examples you can find.

Check your answers against the feedback provided at the end of this document.

Creating a code of ethics

Once the need for a code of ethics is identified, how does an organisation go about creating one? The code will need to reflect the legal and organisational requirements and the client expectations, so the first step might be to examine the organisation’s business operations and client base.

It is also important to know who might determine who the stakeholders are. Stakeholders are the people who will have a role in developing, approving and implementing the code.

Creating a code of ethics might follow a process like this:

1consideration of legal, organisational, client and community requirements and expectations

2examination of existing codes from industry bodies and similar organisations

3preparation of a draft code for review

4consultation with stakeholders and integration feedback

5approval and finalisation processes

6publication of the code

A process similar to this might be used to create a range of workplace policies and procedures.

Producing work procedures

As described earlier in this reading, a workplace procedure contains practical information and directions on how an activity is to be carried out to an acceptable standard. An ethical procedure is one that is fair and equitable, is appropriate in terms of privacy and confidentiality, and complies with relevant standards and legislation.

/ Activity 4

Consider the following scenario.

A colleague was on leave when a new log sheet was introduced. No one thought to tell him of the change and he is very upset when everyone hears the boss criticise him for not complying. What would you suggest to avoid problems like this future?

Check your answers against the feedback provided at the end of this document.

Creating a simple procedure may involve writing a number of dot points explaining, for example, how to use a piece of equipment correctly.

For more complex procedures, like setting out how to conduct an interview or report workplace harassment, you might need to include references to forms that must be completed during the procedure, legislation or standards that apply, and people who need to be advised of the activity.

/ Activity 5

Look at some examples of a work procedures used in your place of work that refer to one or more of the following:

privacy or confidentiality
occupational health and safety.

What procedures did you find?

Check your answers against the feedback provided at the end of this document.

Implementing the policies, procedures and codes

Reviews and skills updates

Promoting ethical conduct in the workplace continues beyond the publication of the code, policy or procedure. For these to be effective, employees must become familiar with the documents. Ways of keeping employees informed about the documents include:

staff orientation and training programs
a Policy and Procedures Manual (PPM)
publication of codes and PPM in print and online.

Compliance and monitoring

Once implemented successfully, compliance may be managed through regular monitoring processes. A range of formal and informal strategies can help ensure standards are maintained. These could include:

formal processes such as documentation of tasks, performance reviews, audits, inspections, quality control processes and staff
informal channels such as team meetings and individual discussion to communicate the expectations of ethical conduct.

These are just some of the activities an organisation may perform to ensure that staff members understand their legal obligations, and follow the policies and procedures. Other monitoring activities might include:

consultation with clients to ensure their needs are met
monitoring of client relations, business activities and work procedures ensure all personnel are following the code of ethics.

Summary

In this reading you examined the requirements for developing ethical policy and procedures in the IT industry.You looked at some examples of the policies and procedures that organisations have published to help ensure their employees maintain organisational principles and practice, and at a process for creating policies, procedures and codes for your workplace.

The topic also covered the implementation of policies and procedures, and strategies to monitor the organisation and its employees to ensure that the policies and procedures in place are followed.

Feedback to activities

Activity 1

This policy and procedure could be considered ethical, as they promote the fair and equal treatment of all clients, and protect client interests by giving priority to issues of security and continuity of service. In this context, an unethical policy or procedure might give priority based on the value of client business, regardless of operational need. An example of unethical conduct would be if support staff ignored the equitable policy and procedure and gave priority service in return for personal gain.

Activity 2

Similar themes include:

values and ideals
honesty
integrity
competence
social responsibility

If you read the Codes carefully, you are sure to find other commonalities. These will be helpful in developing a Code of Ethics for your workplace.

Activity 3

You may have found some complex examples, such as the Code of Conduct and Ethics Guidelines published by the Department of Commerce Office of Information Technology:

You may also have identified simpler examples, such as the one published by the Australian Government Solicitor:

Activity 4

You might suggest that appropriate written procedures are created; in this case:

a procedure describing the use of the new log sheet, including listing the names, for follow up on their availability, of those who have missed the initial information session
a procedure requiring the supervisor to discipline employees in a private location.

Activity 5

You may have identified the following procedures:

work appraisals or grievance procedures that describe the requirements for privacy and confidentiality.
equipment operation procedures that include health and safety requirement.