The principles that guide how we work, interact with clients, and uphold the trust placed in us as cybersecurity professionals.
We act with honesty and transparency in all our dealings. We do not exaggerate our capabilities, fabricate findings, or misrepresent the severity of security issues. Our recommendations are based on objective analysis, not commercial interests.
Client data, system information, and assessment findings are treated as strictly confidential. We implement robust access controls and do not disclose sensitive information to unauthorized parties.
We undertake work only within our areas of expertise. Our team maintains relevant certifications and engages in continuous professional development to ensure our knowledge remains current in a rapidly evolving threat landscape.
We provide independent, unbiased assessments. We disclose any potential conflicts of interest and avoid situations that could compromise our professional judgment.
All our activities comply with applicable laws and regulations. We obtain proper authorization before conducting security assessments and respect the legal rights of all parties.
We treat clients, colleagues, and the broader community with respect and courtesy. We do not engage in conduct that could bring disrepute to the cybersecurity profession or to UMBRELLA.
We take responsibility for our actions and their consequences. When mistakes occur, we acknowledge them promptly and take corrective action. We welcome feedback as an opportunity to improve.
Concerns about potential violations of this code may be reported confidentially via our contact page. All reports will be investigated with discretion and appropriate follow-up.