These principles guide the expected professional behavior, responsibility, and decision-making of any individual licensed by the National Cyber Security Agency (NCSA) to perform cybersecurity audits.

1. Integrity and Impartiality

• Act honestly and objectively in all professional activities.
• Avoid favoritism, bias, or misrepresentation of findings.
• Disclose any actual or potential conflicts of interest prior to accepting an assignment.

2. Confidentiality and Privacy

• Protect all information obtained during the course of the audit.
• Do not disclose, retain, or repurpose sensitive data unless explicitly authorized.
• Respect the privacy of individuals and organizations at all times.

3. Professional Competence and Continuous Improvement

• Maintain the technical and professional knowledge necessary to perform duties competently.
• Engage in continuous learning to keep up with evolving cybersecurity risks, tools, and methods.
• Understand and apply the latest legal and regulatory requirements relevant to cybersecurity and cybercrime in the Maldives.

4. Lawful and Ethical Behavior

• Comply with all applicable laws, national regulations, and professional standards.
• Never engage in or overlook unethical, illegal, or unauthorized behavior.
• Distinguish clearly between the role of an auditor and that of a penetration tester — and never exceed the defined scope of engagement.

5. Scope Adherence and Responsible Access

• Only perform activities defined in the written engagement document.
• Never use unauthorized tools (e.g. Flipper Zero, WiFi spoofing devices) or intrusive methods unless explicitly approved.
• Avoid causing any disruption, damage, or unintended impact during audit procedures.

6. Accountability and Accuracy

• Take full responsibility for your work, findings, and recommendations.
• Deliver accurate, evidence-based, and complete reports.
• Acknowledge and correct any errors promptly and transparently.

7. Professionalism and Respect

• Treat all clients, colleagues, and stakeholders with respect and courtesy.
• Uphold the reputation of NCSA and the broader cybersecurity profession.
• Avoid any behavior that could undermine trust in the audit process or the Agency.

8. Reporting and Ethical Vigilance

• Promptly report any violations, unethical behavior, or unlawful activity encountered during an engagement.
• Support a culture of security, accountability, and transparency in all audit work.

These principles are binding for all NCSA-licensed auditors. Violations may result in removal from the licensed registry, suspension of credentials, or legal and disciplinary actions under national law.