Establish, implement, and maintain ethical decision-making guidelines.

Back

CONTROL ID
12908

CONTROL TYPE
Behavior

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain an ethics program., CC ID: 11496

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Establish and champion decision-making guidelines on how to choose a course of action when the circumstances are not explicitly covered by the code of conduct, policies, procedures, or standards. (OCEG GRC Capability Model, v. 3.0, P2.6 Develop and Implement Ethical Decision-Making Guidelines, OCEG GRC Capability Model, v 3.0)
competence and probity in the manner in which it makes decisions. (§ 5 ¶ 2 c) 5), ISO 37000:2021, Governance of organizations â Guidance, First Edition)
The organization shall develop, establish, implement and maintain processes to assess, evaluate, investigate and close reports on suspected or actual instances of noncompliance. These processes shall ensure fair and impartial decision-making. (§ 8.4 ¶ 1, ISO 37301:2021 Compliance management systems â Requirements with guidance for use, First Edition, Edition 1)
The organization shall develop, establish, implement and maintain processes to assess, evaluate, investigate and close reports on suspected or actual instances of non-compliance. These processes shall be governed by the principles of due process, the right to be heard and the right to a fair and imp… (§ 8.4 ¶ 1, ISO/DIS 37301, Compliance management systems â Requirements with guidance for use, DRAFT)
can comply with legal and relevant ethical requirements; and (¶ 2.37 b., SOC 2Â® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)