Please use this thread for discussion of the changes to the Section 2 (text of Draft 3 of section 2 is included below). If you have a significant issue to discuss you can start a new thread about it and ping me (Bo Brinkman) and I will add a link to it below.
Draft 3 text
2. PROFESSIONAL RESPONSIBILITIES.
A computing professional should…
2.1 Strive to achieve high quality in both the process and products of professional work.
Computing professionals should insist on high quality work from themselves and from colleagues. This includes respecting the dignity of employers, colleagues, clients, users, and anyone else affected either directly or indirectly by the work. Computing professionals have an obligation to keep the client or employer properly informed about progress toward completing the work. Professionals should be cognizant of the serious negative consequences affecting any stakeholder that may result from poor quality work and should resist any inducements to neglect this responsibility.
2.2 Maintain high standards of professional competence, conduct, and ethical practice.
High quality computing depends on individuals and teams who take personal and group responsibility for acquiring and maintaining professional competence. Professional competence starts with technical knowledge and with awareness of the social context in which the work may be deployed. Professional competence also requires skill in reflective analysis and in recognizing and navigating ethical challenges. Upgrading necessary skills should be ongoing and should include independent study, conferences, seminars, and other informal or formal education. Professional organizations and employers should encourage and facilitate those activities.
2.3 Know, respect, and apply existing rules pertaining to professional work.
"Rules" here includes regional, national, and international laws and regulations, as well as any policies and procedures of the organizations to which the professional belongs. Computing professionals must obey these rules unless there is a compelling ethical justification to do otherwise. Rules that are judged unethical should be challenged. A rule may be unethical when it has an inadequate moral basis, it is superseded by another rule, or it causes recognizable harm that could be mitigated through its violation. A computing professional who decides to violate a rule because it is unethical, or for any other reason, must consider potential consequences and accept responsibility for that action.
2.4 Accept and provide appropriate professional review.
High quality professional work in computing depends on professional review at all stages. Whenever appropriate, computing professionals should seek and utilize peer and stakeholder review. Computing professionals should also provide constructive, critical reviews of other's work.
2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.
Computing professionals should strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives.
Computing professionals are in a position of trust, and therefore have a special responsibility to provide objective, credible evaluations to employers, clients, users, and the public. Extraordinary care should be taken to identify and mitigate potential risks in self-changing systems. A system for which future risks cannot be reliably predicted requires frequent reassessment of risk as the system evolves in use, or it should not be deployed. Any issues that might result in major risk should be reported.
2.6 Have the necessary expertise, or the ability to obtain that expertise, for completing a work assignment before accepting it. Once accepted, that commitment should be honored.
A computing professional is accountable for evaluating potential work assignments.
Once it is decided that a project is feasible and advisable, the professional should make a judgment about whether the work assignment is appropriate to the professional's expertise. If the professional does not currently have the expertise necessary to complete the assignment, the professional should disclose this shortcoming to the employer or client. The client or employer may decide to pursue the assignment with the professional after time for additional training, to pursue the assignment with someone else who has the required expertise, or to forego the assignment. A computing professional's ethical judgment should be the final guide in deciding whether to work on the assignment.
2.7 Improve public awareness and understanding of computing, related technologies, and their consequences.
Computing professionals should share technical knowledge with the public, foster awareness of computing, and encourage understanding of computing. Important issues include the impacts of computer systems, their limitations, their vulnerabilities, and opportunities that they present. Additionally, a computing professional should counter false views related to computing.
2.8 Access computing and communication resources only when authorized to do so.
No one should access another's computer system, software, or data without permission. A computing professional should have appropriate approval before using system resources unless there is an overriding concern for the public good. To support this principle, a computing professional should take appropriate action to secure resources against unauthorized use. Individuals and organizations have the right to restrict access to their systems and data so long as the restrictions are consistent with other principles in the Code.
2.9 Design and implement systems that are robustly and usably secure.
Breaches of computer security cause harm. It is the responsibility of computing professionals to design and implement systems that are robustly secure. Further, security precautions are of no use if they cannot or intentionally will not be used appropriately by their intended audience in practice; for example, if those precautions are too confusing, too time consuming, or situationally inappropriate. Therefore, the design of security features should make usability a priority design requirement.