Code of Professional Practice for IT

Practitioners

2011 Induction of New Members

Presenter
Dr (Mrs) Titilola Akinlade
 Code of Professional Practice for IT Practitioners

Outline
• Preamble
• Difference between Code of Practice and
Code of Ethics
• Obligations of the IT Practitioner
• Key IT Practices
• Conclusion

June 29, 2011 Code of Professional Practice for IT Practitioners 2 of 14

Dr (Mrs.) Titilola Akinlade
 Code of Professional Practice for IT
Practitioners
• Preamble
The Computer Professionals (Registration Council of Nigeria) was
established by Decree 49 of 1993 (now Act 49) of the Federal Republic of
Nigeria. The Council, among other responsibilities, sets and enforces the
standards of competencies, conduct and ethical practice for the
Information Technology profession in Nigeria.

• Why Code of Practice ?

Information Technology is a regulated profession in Nigeria, just as in many
other countries. Any regulated profession including Medicine, Law,
Accountancy, Pharmacy, Engineering, IT etc should have a code of practice or
a code of ethics, which governs the conduct of practitioners while safeguarding
the interest and well-being of the receiving public. Information Technology has
permeated virtually all aspects of daily life, therefore the consequences of lack
of regulation in its practice or lack of professional standards can be disastrous
and even life-threatening.

June 29, 2011 Code of Professional Practice for IT Practitioners 3 of 14

Dr (Mrs.) Titilola Akinlade
 What is the difference between Code of Practice
and Code of Ethics ?
• The terms: Code of Practice, Code of Conduct, Code of Ethics are sometimes used
interchangeably to describe the standards of technical capability which members must satisfy,
as well as the standards of conduct to which members must either conform or be held
accountable for any lapse.
• Code of Practice
– enumerates specifically what the practitioner can or cannot do
– is enforceable
– License to practice is contingent upon compliance
• Code of Ethics
– a moral guideline and expectation, centered on honesty, trustworthiness, fairness, and respect for privacy,
confidentiality and intellectual property.
– gives ethical principles and expects the practitioner to regulate own behavior accordingly, without specifically
enumerating what he/she can or cannot do.
– enforceable if embedded in Code of Practice

• The Code of Professional Standards for IT practitioners in Nigeria is enforceable, since continued
membership of the profession is contingent upon members‟ strict adherence to it, while non-compliance could lead
to prohibition from practice of IT profession in Nigeria.
• One of the hallmarks of a profession is the commitment by its members to high standards of professional conduct.
• Members of the Computer Professionals (Registration Council of Nigeria) should at all times maintain standards of
conduct worthy of Information Technology professionals. By doing so, they will enhance their personal stature as
IT professionals and help maintain the credibility and prestige of the IT profession. They will also secure the
continuing acknowledgment of their professional merits by the community (country) as a whole.

June 29, 2011 Code of Professional Practice for IT Practitioners 4 of 14

Dr (Mrs.) Titilola Akinlade
 Obligations of the IT Practitioner
• The IT Practitioner has obligations of proper professional conduct
towards the following:
– The Public
– Employer or Client
– Fellow members
– The Profession
– The Country

• The full and complete code is contained in the CPN publication titled
“Code of Ethics and Professional Conduct for the Information
Technology profession in Nigeria”

June 29, 2011 Code of Professional Practice for IT Practitioners 5 of 14

Dr (Mrs.) Titilola Akinlade
 Obligations of the IT Practitioner
• Obligations to the public
– Ensure that the products of your effort are used in socially responsible ways and avoid
harmful effect on life and property. For example, you will not willfully develop malicious code
or other forms of malware, nor promote the acquisition of equipment or components made
from banned or toxic materials
– You will give objective, credible, comprehensive and thorough professional evaluations,
highlighting possible risks. In your recommendations, you will not take advantage of lack of
knowledge and experience of others
• Obligations to the Employer or Client
– You will carry out your work with due care and diligence in accordance with the requirements
of your employer or client, and endeavour to complete agreed work on time and budget
– You will not reveal data or information entrusted to you without prior consent of the client or
employer, except as authorized or required by law
– You will avoid and promptly disclose any conflict of interest situation which may arise from the
work you are handling and other third parties associated with the same work
• Obligations to the country
– You will ensure that you have knowledge and understanding of existing local, state, national
and international laws and regulations relating to the practice of the profession, and obey all
such laws
– You will notify the appropriate organ of government when, in your judgment, a policy, project
or endeavour, especially in your area of expertise, may be detrimental to the country or
harmful to its citizenry.
June 29, 2011 Code of Professional Practice for IT Practitioners 6 of 14
Dr (Mrs.) Titilola Akinlade
 Obligations of the IT Practitioner

• Obligations to Fellow Members

– You will not injure or attempt to maliciously injure the professional reputation and
prospects of other members of the profession. Conversely, you have an
obligation to report members suspected of engaging in illegal or unprofessional
activities to the proper authority, for action.
– You will give proper credit for all intellectual property, and for professional work
performed by others

• Obligations to the Profession

– You will uphold the reputation of the profession in all your conduct and not
promote your own interest at the expense of the dignity and integrity of the
profession
– You will exercise care not to misrepresent the Profession, the Council, its policies
or its position on any issue of public interest

June 29, 2011 Code of Professional Practice for IT Practitioners 7 of 14

Dr (Mrs.) Titilola Akinlade
 Key IT Practices - Common

• Practices common to all IT Disciplines

– Acquire and Maintain professional competence
– Perform services only in areas of your competence, undertaking only
assignments for which you (or your organization) are qualified by education
and/or experience.
– Once you accept an assignment, you must assume responsibility for the entire
deliverables which must be signed off and sealed with your professional seal.
– Honour property rights including copyrights, patents, trade secrets and
terms of licence agreements
– Respect the privacy of others by maintaining the integrity and privacy of data
which you may have access to, in the course of your professional work.
– Develop and deliver documentation, designs, drawings, operating procedures
etc that not only completely describe the „as built‟ solution that you have
provided, but also facilitate subsequent audit, maintenance, enhancement and
operation

June 29, 2011 Code of Professional Practice for IT Practitioners 8 of 14

Dr (Mrs.) Titilola Akinlade
 Key IT Practices - Specific
• Project Management
Definition:
A project is a temporary endeavor, having a defined beginning and end, usually constrained by one or more resources such as time,
people or funds, and undertaken to meet unique goals and objectives. Project management is the discipline of planning, organizing, and
managing resources to bring about the successful completion of a particular project, within a specified time frame.
Obligations:
– The IT Practitioner should ensure that a formal Project Management process or methodology is in place for
all projects (may be scaled according to the size of the project).
– Ensures that Project Plans are documented, agreed to by you and client, and progress monitored throughout
execution to ensure completion within time and budget.
– Ensures that, upon completion, a formal handover and acceptance is concluded with the client.

• Relationship Management
Definition:
• Relationship management is the collection of methodologies, processes and tools used to manage customer contacts and
relationships in an organized way. For example, an organization may have a database which contains sufficient details about their
customers to allow management, the sales team, the service team and even the customer have access to pertinent information to
manage and expand the relationship. Such information might include: online orders and tracking, history and pattern of previous
purchases, new products and offers that may match customer needs, service reminders etc. There are many Customer Relationship
Management (CRM) tools available from SAP, Oracle/Seibel, Salesforce etc
Obligations:
– The IT Practitioner should determine need for a CRM tool and make objective recommendations.
Recommended tool will then be used to manage and nurture interactions with existing and prospective
clients, ensuring effective long-term usage of information technology to increase profitability and reduce
operational costs
June 29, 2011 Code of Professional Practice for IT Practitioners 9 of 14
Dr (Mrs.) Titilola Akinlade
 Key IT Practices - Specific
• Security
Definition:
Computer system security is the collective processes and mechanisms by which sensitive and valuable information and services are
protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events. The objective
of computer system security includes protection of information and infrastructure (property) from theft, corruption, or natural disaster, while
allowing the system and its environment to remain accessible and productive to its intended users.
Obligations:
– The IT Practitioner is expected to identify and evaluate all potential risks in the IT environment, mindful of cost-
effectiveness and practicability of the proposed level of security. He /she should propose a mechanism for
subsequent, ongoing monitoring of the agreed level of security.
– Recommends and, if applicable, implement actions to be taken to protect life and equipment and recover data
in the event of disaster in the IT environment or in one or more component.

• Safety Engineering
Definition
Safety management is that function which assists all managers in better performing their responsibilities for operational system design and
implementation through either the prediction of management systems deficiencies before errors occur or the identification and correction of
such deficiencies by professional analysis of accidental incidents (performance errors).
Obligations:
– The IT Practitioner ensures that systems are designed to capture operational, error and audit logs and provide
tools for periodic analysis and reporting for system performance monitoring.
– Determines optimum operating conditions and tolerances for Computing Facilities, environment and equipment
and activates appropriate alarms and notifications in the event of significant deviations.

June 29, 2011 Code of Professional Practice for IT Practitioners 10 of 14

Dr (Mrs.) Titilola Akinlade
 Key IT Practices - Specific
• Change Management
Definition:
Change management is a structured approach to transitioning a system or organization from a current state to a desired future state.
Change management (or change control) is the process during which the changes to a system are implemented in a controlled manner by
following a pre-defined framework or methodology.
Obligations:
– The IT Practitioner should employ standardized methods and procedures for efficient and prompt handling of
all changes to a controlled IT system – hardware, communication system, software and
documentation/procedures.
– Ensures that all change requests are properly raised, recorded, assessed in terms of impact, costs,
benefits and risks, business justified, approved, managed, monitored and closed.

• Quality Management
Definition:
IT Quality Management helps in ensuring and managing quality throughout the system lifecycle from requirements analysis, to system
build/development to test scenarios, actual testing as well as error and defect handling.
Obligations:
– The IT Practitioner should utilize automated (software) functional, integration and regression testing tools (if
cost effective).
– Includes performance and load testing in IT Quality Management. Tools exist for run-time analysis, memory
leak detection, performance profiling, and component unit testing of embedded systems.
– Utilizes Web site security and compliance solutions to help identify vulnerabilities and assess compliance
requirements to improve the accuracy and reliability of online systems.
.
June 29, 2011 Code of Professional Practice for IT Practitioners 11 of 14
Dr (Mrs.) Titilola Akinlade
 Key IT Practices - Specific

• Education and Research

Obligations in Education - The Practitioner in IT Education should:
– take reasonable precautions to distinguish between his/her personal views and those of the educational
institution which he/she is affiliated with;
– not deliberately distort or suppress, or deny access to educational materials or information in order to
promote his/her personal views or interests
– keep in confidence information that has been obtained in the course of providing professional service, unless
disclosure serves a compelling professional purpose or is required by law;
– safeguard and maintain the confidentiality of test materials and information
– not use or allow the use of the institution‟s resources (including computers, internet etc) for private or
commercial purposes
– accord just and equitable treatment to all students as they exercise their educational rights and
responsibilities.
– make reasonable effort to protect students from conditions harmful to learning or to health and safety;
– not engage in physical or emotional abuse of students or sexual conduct with a student
– not exploit their professional relationship with students for private gain
Obligations in Research - The Practitioner in IT Research should ensure that:
– his/her research does no harm to the community.
– the design, implementation, analysis, interpretation, reporting, publication and distribution of the research
are culturally relevant to the community and in agreement with the standards of competent research.
– The research will contribute something of value to the community in which the research is being conducted.
– must be prepared to address any issues that are raised as a result of research.
– must promote academic diffusion of knowledge through written publications and oral presentations. This
includes adequate documentation of the research work as well as the results.
June 29, 2011 Code of Professional Practice for IT Practitioners 12 of 14
Dr (Mrs.) Titilola Akinlade
 Key IT Practices - Specific

• System Lifecycle
Definition:
A complete system lifecycle includes: Requirements Analysis and specification, system development, installation, testing, training,
operations and ongoing support/maintenance.
Obligations - The IT Practitioner should ensure that:
– Specifications and requirements definition are thorough and agreed with the client before qualified
vendors/service providers are invited.
– Vendor proposals are evaluated against previously agreed system specification.
– Sufficient time is allocated for meetings, clarifications etc and be fair to all invited vendors.
– One Vendor‟s proposal are not leaked to or discussed with other vendors.
– Avoid undue involvement with the staff of a particular vendor.
– Ensure that a consistent and objective scoring mechanism is applied across board to all proposals. It is
courteous and professional to notify unsuccessful bidders and inform them of reasons why they failed.
– Critical systems are designed and implemented with redundancy in mind.
– All systems are tested and accepted by the client in line with agreed comprehensive testing plan and
acceptance criteria.
– Adequate provision is made for training end users, management and support/operation staff.
– After installation, ongoing operations are efficient, reliable and at a reasonable cost.
– Operating procedures and user desk guides are available to ensure that the system continues to produce
expected results.
– A support structure (e.g. Helpdesk) is put in place to maintain formal and informal contact with the end user
for problem resolution, ongoing support and routine maintenance.

June 29, 2011 Code of Professional Practice for IT Practitioners 13 of 14

Dr (Mrs.) Titilola Akinlade
 CONCLUSION

• Information Technology is a regulated profession, just like the older

professions such as Engineering, Medicine, Law etc.

• The IT Practitioner in Nigeria is expected to abide by the Code of

Ethics and Professional Conduct as published by the Registration
Council.

• You are therefore enjoined to go forth and be good

ambassadors of The Computer Professionals
(Registration Council) of Nigeria.

June 29, 2011 Code of Professional Practice for IT Practitioners 14 of 14

Dr (Mrs.) Titilola Akinlade