The draft Professional Knowledge Curriculum for NZ Computing Professionals has made some great strides towards sustainable practice but has missed an opportunity to demonstrate the excellence the Society is aiming for.
Described as the “non- technical knowledge possessed by ICT professionals” the draft consists of four categories (Ethics and code of conduct; Managing ICT risk; Legal and compliance frameworks; and Organisational roles).
The first of these categories – Ethics and code of conduct – begins with “ethical work practices: understanding the elements of ethical behaviour in dealing with clients and business colleagues”. The topics are headed with “includes an understanding of the following items:” and the first of these is “the 8 tenets of the NZCS Code of Ethics/Conduct”.
The NZCS Code of Ethics/Conduct applies to “all members of the society”. It makes interesting reading. The preamble states that the code is based upon the principles of:
– Interests of the community
– Respect for the individual
– Interests of the client.
It seems the order of these principles is not chance – community comes first (Aside: while this may seem common sense to us, it does not reflect the naïve view of incoming computing students , the majority of whom saw loyalty to the employer as paramount, regardless of consequences). Here’s the first three of the eight tenets:
- Member’s responsibility for the welfare and rights of the community shall come before their responsibility to their profession, sectional or private interests or to other members.
- Members shall act in the execution of their profession with integrity, dignity and honour to merit the trust of the community and the profession, and apply honesty, skill, judgement and initiative to contribute positively to the well-being of society;
- Members shall treat people with dignity, good faith and equity; without discrimination; and have consideration for the values and cultural sensitivities of all groups within the community affected by their work;
So, who is this community? The Code helps here too: “community…refers to all groups in society including members’ own workplaces”. They then go on to define community wider, including the environment:
– Acting and working in a way such that the health, safety and well-being of employees and colleagues are not endangered;
– Ensuring that work undertaken meets community expectations by adopting the norms of recognised professional practice; or communicating any attendant risks or limitations, and their effect, in any work undertaken which does not accord with convention;
– Being vigilant in ‘duty of care’ toward members of the community;
– Communicating the results of work undertaken in a clear and unambiguous way;
– Raising real or perceived conflicts of interest, or issues which may not be in the community interest, at an early stage of involvement;
– Commitment to the principles of sustainable development of the planet’s resources and seeking to minimise adverse environmental impacts of their work or applications of technology for both present and future generations;
– Not being involved in any activity which is known to be fraudulent, dishonest or not in the interests of the community (as described); and
– Not accepting reward or compensation from any more than one party, without the clear understanding and acceptance of all parties.
This section concludes: “these tenets of the Code require members to be mindful of more than their technical and professional responsibilities and their immediate employer or client”.
Sustainability is, therefore, foremost in the NZCS professional knowledge curriculum at place 1.1.1 (it’s not actually numbered, but if it were it would go up to 4.8.5).
Unfortunately, the order of the curriculum is not indicative of the importance of the topic. There are 91 elements in the curriculum. While most professional practices – honesty, integrity, expert advice – are things you would hope from a sustainable professional, they do not by themselves nor in concert constitute a sustainable professional. There is only one more element that approaches sustainability:
importance of informing oneself and one’s clients or employers of the economic, social, environmental or legal consequences which may arise from decisions and actions.
The rest of the curriculum is very heavily weighted to risk avoidance and compliance. Here’s some random (really) examples:
2.2.2 Typical security frameworks and how and when they apply
2.6.2 The concepts of physical security requirements of information and associated technologies
3.1.4 The legal requirements for managing Spam
3.2.5 The role of industry sectors compliance frameworks that impact on ICT eg HIPPA and Sarbanes-Oxley
4.3.2 The need to determine, measure and review service levels.
Sustainability is therefore only two out of 91 elements. I would not like to see any more elements – it is already far too long to be used in assessment of professionals. So what would I like to see changed?
While I am pleased sustainability gets its own element, it should also be a lens for the rest of the document. So too should other integrative and overarching concepts – “mutual respect” comes to mind – but instead the document is heavily compliance focused. I think this legalistic focus is regrettable. Perhaps it reflects the background of the focus group who developed the curriculum (lawyers, security and privacy experts). It also does not properly reflect the intent of the NZCS professionalisation drive – to create a gold standard. Instead of aiming for the top of the professionalism ladder, the focus on compliance is only one step above avoidance on the bottom rungs of maturity models.
I should like to see the elements in the curriculum that do describe a sustainable professional strengthened. Specifically, 1.4.2 (“importance of informing oneself and one’s clients or employers of the economic, social, environmental or legal consequences which may arise from decisions and actions”) needs to go beyond informing, to taking action. Merely raising an issue doesn’t clear oneself of ethical obligations. Further, the equivalent areas in security, delivery risk etc have elements that specify understanding of appropriate strategies and tools for action – so too should this section.
Also, as referenced by 1.1.1. the Code of Ethics statement that defines community to include sustainable development should be widened to include
– a full definition of sustainability (ie include social and economic)
– and go beyond a requirement to “minimise adverse environmental impacts” to a position of restorative sustainability (ie promote actions that improve outcomes)
Sustainability should be added to elements where appropriate. For example:
2.3. (ICT investment risk) lifecycle and replacement models should take into account full life-cycle analysis (including models such as cradle-to-cradle)
2.3.3 (ICT investment risk) should extend cost-benefit analysis to include less tangible return on investment considerations.
3.1.1 (ICT- related laws) should include the Resource Management Act, and have a statement to the effect of maintaining understanding of new and emerging legal frameworks. These might include the extended producer responsibility, carbon accounting, and environmental labelling.
3.2. (compliance frameworks) should include expectations of market standards (international, national, and market place).
3.2.4 (compliance frameworks) good practice frameworks should include triple bottom line accounting.
3.4.2 (public sector requirements) public agencies should have reference to government sustainable procurement programmes.
4.2.2 and 4.2.3 (role of information systems strategy) should include environmental drivers for IS strategy.
4.6.4 (business acumen) should include environmental drivers in trends that affect organisations
This is not a complete list, the lens of sustainability should be used to review the entire list. It is not though a matter of writing “…and sustainability” to the list of considerations. Rather, an understanding that computing is in a privileged position to make a positive impact beyond our own footprint, and that this is the responsibility of all of us – especially those aiming for a gold standard, should guide a revisioning.
Computing for Sustainability 
Paul Matthews
August 9, 2009
Hi Sam,
Thanks for the feedback about this, albeit on a blog rather than through the open consultation process.
As per the emails that included the detail of the curriculum, and in fact the file to which you linked, the Curriculum is currently in draft only.
In fact you would have received an invitation inviting you to make a submission, and details of the submission process are also in the document. Whilst a little regrettable you chose to comment here rather than contribute to the consultation process, the fact still remains that the Curriculum is a work in progress and your input would be warmly received.
Whilst the submission process completed last Friday, if you were to make a submission in the next couple of days it would still be considered before the document is finalised.
Note also that NZCS will shortly propose to members that the current Code of Ethics evolve into a Code of Conduct with a few changes. This will again be a consulted process to which you and others are welcome to contribute.
And lastly, note that the headline contents of the Curriculum were defined during the initial definition of the ITCP standard, to which literally hundreds of IT professionals contributed. Whilst we did assemble a focus group with the knowledge to put together the detail in the specialised areas covered, the areas themselves were defined during the initial process which included a very wide and open consultation (with nationwide workshops and scores of formal and informal submissions received).
Thanks heaps for your feedback however – it is through the contribution of many that we have created what I believe is a very worthwhile and high quality benchmark for IT professionals.
Regards,
Paul Matthews
NZCS Chief Executive
Paul Matthews
August 9, 2009
Addendum: I see these comments have now also come through the Submissions process.
Thanks Sam – they will be considered in detail.
– PM
dave bremer
August 11, 2009
The thing that stood out most to me was the huge bias to government contractors. As if the community only/mainly included that sector. I am not convinced that the wider IT community has contributed to this, or has been consulted by the working group.
While risk and the principals of the privacy act applies to everyone involved in IT, many of the specified compliance items are really only relevant if you’re working in the public sector.
If they’re including things such as the public records act, why not include PCI? Or any number of compliance requirements/recommendations specific to other sectors? The short answer is they shouldn’t. Rather than assume everyone works for the govt it would be better to have requirements that people are aware of compliance requirements in their sector. That does require the CS to be aware of the requirements of all sectors of IT.
And no Paul, I have no intention of making a submission. The head-long rush to push certification through convinces me that haste is more of a concern than getting things right through careful consideration. Nothing, including any effort of mine to make a submission, is going to slow down the progress.
Ian Simpson
August 11, 2009
Dave: You’re not allowed to complain in the future if you don’t make a submission!