UNIT IV

COMPUTER TECHNOLOGIES ACCESSIBILITY ISSUES

• Introduction
• Principle of equal access
• Obstacles to access for individuals
– Legislation
– Enabling the Disabled
• Professional responsibility
• Empowering computers in the workplace
– Introduction
• Computers and employment
• Computers and the quality of work
– Psychological Effects
– Health and Safety Hazards
• Computerized monitoring in the work place
– In defense of monitoring in the workplace
– Arguments against monitoring in the workplace
• Telecommuting
– The benefits of telecommuting
– The drawbacks of telecommuting
• Social, legal and professional issues
• Use of
– Software,
– Computers and
– Internet-based Tools
• Liability for Software errors
• Documentation Authentication and Control
• Software engineering code of ethics and practices
– IEEE-CS
– ACM Joint task force.
4.1 Introduction
• What is Accessibility?
– Accessibility can be viewed as the "ability to access“,
and getting benefit from some systems or entities.
– This concept focuses on enabling access for people
with & without disabilities, or special needs, or
enabling access through the use of assistive technology.
• It is strongly related to universal design,
– which is the process of creating products that are
• usable by people with the widest possible range of abilities,
• operating within the widest possible range of situations.
• This is about making things accessible to all people
(whether they have a disability or not).
 Internationally recognized symbol for
accessibility.
4.2 Principle of Equal Access
• Equal access means, that all people have to access
the information they needed.
– Apart from,
• Age,
• Education, language,
• Ethnicity,
• Income,
• Physical limitations of geographic barriers.
– They are able to obtain information in variety of forms.
• Electronic
• Paper print
– Also, they are able access the informations free from
censorship or revenge.
Principles Information and Communication Technology (ICT)
• Information and Communication Technology (ICT) principles of equal
access.
– It is based on the claim that all people have a rights to access this technology.
– In olden Era, anyone that does not have access is disadvantaged in a number of
ways.
• Their access to knowledge is significantly limited
• Their ability to fully participate in the political process and to receive important
information is greatly reduced,
• Their economic prospects are severely delayed.
• Now a days, it is fundamental prerequisite for fully participating in
society.
• So, It provide access in public places,
– Libraries or Internet cafes, etc.,
– Many jobs depend on computer skills.
– E-Sevai. CSC (Common Service Centers)
• The argument for a right to equal access rests on the extent to which
citizens in a given society need to have access to ICT to function in a
society.
4.3 Obstacles to Access for Individuals
• Knowledge :
– Anybody who uses ICT, they have competent in physically & mentally.
• Finance barrier:
– if they want to connect from home, they have to
• Buy the Equipments
• Pay for a internet connections.
• Alternative for this is, but they have to travel
– Get connection via workplace environments (Wi-Fi). Or,
– From Public Libraries. (Swayam, NPTEL, Educational Institution Library, etc.,)
• Language problem:
– It is the major problem for non-native speakers.
– They have to little bit attention in the English language.
• Finally, Motivational barrier:
– That is, either they want(optional) to use ICT, or
– They need to use it(necessary).
• The Standard groups that may be disadvantaged in terms of computer access.
– For, the Un- Educated, Poor, Elderly, Disabled peoples.
4.3.1 Legislation (Laws, considered collectively)
• Human Rights Act :
– means the rights relating to life, liberty, equality and dignity of the
individual.
– Which are all guaranteed by the Constitution or embodied in the
International covenants and enforceable by courts in India.
• Two levels
– National level
– International level
– It requires the establishment of the rule of law at the National
and International levels. 
– International human rights law lays down obligations which States are
bound to respect.
• The HRA, 1998 states that,
– The individuals should not be discriminated against on any one of the
followings.
– Such as, their color, language, gender, religion, community, nationality,
birth, in addition to access the education.
Legislation (Laws, considered collectively)
• In the case of disabled, the relevant words in the ACT are
“other status”.
• It is broadened under the 2016 Act: (INDIA)
– it covers persons with disability,
– persons with benchmark disability, and
– persons with disability having high support needs. 
• The supporting legislation in India enacted the Rights of
Persons with Disabilities Act, 2016 (the “New Act”) and
the rules there under (the “Rules”) in 2017.
• The New Act replaced the Persons with Disabilities (Equal
Opportunity Protection of Rights and Full Participation)
Act, 1995 (the ‘previous Act’), which covered only seven
disabilities.
• The New Act covers more than 21 disabilities
– including dwarfism, acid attack victims, intellectual disability and
specific learning disability.
– It defines a ‘person with disability’ as someone with long term
physical, mental, intellectual or sensory impairment which, in
interaction with barriers, hinders his / her full and effective
participation in society equally with others. 
• Under the New Act, persons with at least 40% of a disability
(referred to as “persons with benchmark disability”) are
entitled to certain benefits.
– One such benefit is that at least 4% of the total number of vacancies
in Indian Government establishments in specified categories (and 1%
in certain others) are required to be reserved for their employment.
– Penalties for the violation of rights of disabled persons can extend to
a monetary fine of Rs- 5,00,000 and imprisonment for up to five
years.
New ACT covered 21 disabilities
• Blindness
• Low-vision
• Leprosy Cured persons
• Hearing Impairment (deaf
and hard of hearing)
• Loco motor Disability
• Dwarfism
• Intellectual Disability
• Mental Illness
• Autism Spectrum Disorder
• Cerebral Palsy
• Muscular Dystrophy
• Chronic Neurological
conditions
• Specific Learning
Disabilities
• Multiple Sclerosis
• Speech and Language
disability
• Thalassemia
• Hemophilia
• Sickle Cell disease
• Multiple Disabilities
including deaf blindness
• Acid Attack victim
• Parkinson's disease
Additional benefits of ACT 2016
• The Act provides additional benefits for persons with
benchmark disabilities, such as
– Employment vacancies in government & private establishments,
– Education opportunities,
– Land allocation, and
– Poverty improvement schemes, among others.
• Impact on doing business in India
– the company’s human resource (HR) team must be careful to
incorporate policies designed to benefit disabled persons.
– HR managers have identified several benefits of hiring disabled
persons.
– The Act also provides firms with an additional avenue of fulfilling
their corporate social responsibility (CSR) activities.
– Firms can deploy more financial resources towards mandatory CSR
schemes by providing benefits to disabled persons.
• SAKTHI MASALA, Narasus Coffee, and so on
– http://www.jobability.org/jobs
4.3.2 Enabling the Disabled
• There are some technologies are used to support a
person with disabilities to live as independently as
possible.
– Enabling Technology: is the use of various forms of
devices and technology.
• encompass both AT and RS
– Assistive Technology:
• is any item, piece of equipment, software program, or product
system that is used to increase, maintain, or improve the
functional capabilities of persons with disabilities.
– Remote Supports: supports by a remote caregiver.
• means the provision of supports by staff of an agency provider
at a remote location who are engaged with an individual
through equipment with the capability for live two-way
communication.
Enabling Technology
– to support a person with disabilities to live as
independently as possible.  
– These types of technologies include sensors, mobile
applications, remote support systems, and other smart
devices.
• It can support a person
– In navigating their jobs and communities,
– Gain more control of their environment, and
– provide remote support and reminders to assist a
person in independent living.
– It helps their, to communicate with others. 
– It helps their in emergencies and in many other ways.
4.3.3Difficulties to Access the Technologies
• Example :
– if a person wants to take the bus to get from home to the mall,
a mobile application on a smart phone can provide instructions
and notify the person when he or she should get off the bus.
– It is extremely difficult to perform the actions, because the
people who cannot use the standard equipment.
• There are varieties of ways of inputting data and
processing output
• Ways to input data
– Keyboard, Braille keyboard, mouse, stylus pen, voice
recognition software, touch screen.
• Ways of accessing output
– Reading the screen : Text magnification, color choice
– Text-to-voice software
– Braille printout
4.4 Professional Responsibility
• Professionals, as experts in their fields, they have moral
responsibility to improve the society, where possible, the
lives of others.
• The professionals has the following responsibilities:
– Uphold the values of the society, in which they operates.
– Recognize and take by the relevant legislation.
– Promote the good for the public at large, and vulnerable groups
in particular.
• Computing professionals' actions change the world.
– To act responsibly, they should reflect upon the wider impacts of
their work, consistently supporting the public good.
– The Association for Computing Machinery (ACM) Code of Ethics
and Professional Conduct ("the Code") expresses the conscience
of the profession.
• The Code is designed to inspire and guide the
ethical conduct of all computing professionals,
– including current and aspiring practitioners,
– instructors, students, influencers, and
– anyone who uses computing technology in an
impactful way. 
• The Code include principles
– Formulated as statements of responsibility,
– based on the understanding that the public good is
always the primary consideration.
– Each principle is supplemented by guidelines, which
provide explanations to assist computing professionals
in understanding and applying the principle.
 4.5 Empowering Computers in the
workplace - Introduction
• As a “universal tool” that can, perform any tasks.
• It performing many tasks in more efficient than
humans.
• In the industries many workers are already
replaced by computerized devices,
– Bank tellers, telephone operators, typists, security
guards, and so on.
– In addition, medical doctors, teachers, accountants,
lawyers, etc.,
4.5.1 Computers and Employment
• Computers impact employment by both creating and
destroying jobs, by changing the nature of the jobs
available.
• Creating Jobs
– Generally associated with increases in workplace productivity,
– computers allow each employee, using quick technologies
such as email and Internet fact-checking, to accomplish more
with every hour of work.
– A wide variety of new jobs are, hardware engineers, software
engineers, network engineers, system analysts, webmasters,
IT teachers, and so on.,
– As an industry in itself, computer technology also creates jobs
in new fields like programming, computer-aided design and
animation, Internet marketing and online publishing.
• Destroying Jobs
– While computers have spawned entire new career
fields, their introduction has also displaced many
workers, especially in low-skill jobs such as
warehouse clerks and basic data processing that
were among the first to be replaced by automated
computer technology.
– In sectors like manufacturing that grow slowly and
require large capital investments to do so,
– improvements in productivity brought about by
computers can justify layoffs long before enough
capital is available to invest in job-creating
improvements like new factories.
 4.5.2 Computers and Quality of work
• The job before Automation
• The job after Automation
• Psychological Effects
– Health and Safety Hazards
• Technological Effects
– Effects on Productivity
– Effects on Quality of Employment
• Models and methods for studying technological
impact
• The job before Automation
– customer contact, buying/selling records, etc.,
• The job after Automation
• Automated call recorded system
 Psychological Effects
– Health and Safety Hazards
Models and methods
 Technological impact
• Effects on Productivity
– 1 Frequency of tasks
– 2 Ease of tasks
• 2a Ease of common tasks
• 2b Ease of uncommon tasks
– 3 Quality of training
– 4 Service representative quality
• Effects on Quality of Employment
– 5 Job satisfaction
– 6 Job quality
– 7 Variety
– 8 Satisfaction with work group
– 9 Autonomy
– 10 Challenge
– 11 Impact
– 12 Pressure
– 13 Mental health
– 14 Quality of management
• Attitudes toward Computers
– 15 Positive attitudes
– 16 Competence using computers
4.6 Computerized monitoring in
the work place
 What is Computerized or
E-Monitoring?
• Using electronics to watch, keep track of, or check
employees’ productivity and use of company
equipment.
• Most computer monitoring equipment allows employers
to monitor without the employees' knowledge.
• However, some employers do notify employees that
monitoring takes place.
• This information may be communicated in memos,
employee handbooks, union contracts, at meetings or
on a sticker attached to the computer.
 Types of monitoring
There are several types of monitoring:
• ID tags
• E-mail
• Phone calls
• Keystroke
• Computer monitoring
• Physical monitoring
• Computer software can enable employers to see
what is on the screen or stored in the employees'
computer terminals and hard disks.
• Employers can keep track of the amount of time
an employee spends away from the computer or
idle time at the terminal.
• Keystroke monitoring tell an employer how many
keystrokes per hour each employee is performing.
 The Pros of Employee Monitoring
• Less wasted time
• Fewer errors
• Better employee insights
• Increased security
• More transparency
• Less administrative work
The Cons of Employee Monitoring
• Effect on morale
• It’s understandable why monitoring
employees might cause those employees to
think you don’t trust them.
• Increased stress
• Perceived lack of privacy
• Legal issues
4.7 Telecommuting
 What Is Telecommuting?
– Telecommuting (also known as working from home, or
e-commuting) is a work arrangement in which the
employee works outside the office, often working from
home or a location close to home (including coffee
shops, libraries, and various other venues).
– Rather than traveling to the office, the employee
“travels” via telecommunication links, keeping in touch
with coworkers and employers via telephone and email.
 Benefits of Telecommuting
• There are many benefits to telecommuting.
• Telecommuting allows a worker greater freedom regarding his or
her work hours and work location.
• It gives the employee more flexibility to balance work and
personal obligations.
• Often, working from home can make you more productive,
because you do not have the distractions of an office space.
• There are also many benefits to employers.
• Allowing workers to telecommute often makes them more
productive, which benefits the company.
• Telecommuters are also likely to be happier in their jobs and are
therefore more likely to stay with the company.
• Telecommuting even saves companies money in office expenses.
 Drawbacks of Telecommuting
• However, there can be downsides to working from
home. You have to be extremely self-motivated, or
else you may get distracted easily.
• You also need to find a productive place to do work,
such as a home office or coffee shop.
• Some people also find working from home to be a
bit isolating, because you are not around your
coworkers.
• When considering a telecommuting job, it is
important to weigh these positives and negatives.
 Jobs That Allow Telecommuting
• Email Marketer
• Promotional Video Maker
• Freelance Writer
• Web or Graphic Designer
• Translator
• Customer Service Management
• Crowdsourcing Manager
• Android or iPhone Developer
• E-Book Publisher
4.8 SOCIAL, LEGAL AND PROFESSIONAL
ISSUES
 SOCIAL ISSUES
• The privacy issues is the major in social networks, it can be grouped
into two categories, namely,
• (1) security vulnerabilities threatening the privacy of NET users and
• (2) the use of NET for unlawful surveillance.
• The first category relates to privacy issues caused by security
vulnerabilities of NET.
– Such security vulnerabilities may include, weak authentication, insufficient
encryption, and insecure firmware.
• The second category of issues refers to the use of NET for unlawful
surveillance.
– For example, thieves may use crowdsensing for detecting when a victim is
not at home.
• The term “crowdsensing” refers to sharing data collected by sensing
devices with the aim to measure the phenomena of common interest.
 (1) security vulnerabilities threatening the
privacy of NET users
Security loopholes of NET NET containing pre-installed malware
Weak passwords; NET containing malware pre-installed by
the manufacturer;

Software bugs; NET containing malware pre-installed by a

non-manufacturer.

Lack of security awareness;

Weak or non-existent anti-virus
programs.
 (2)the use of NET for unlawful surveillance
• The following three types of NET are often used for unlawful
surveillance:
– Beacons, i.e., tiny wireless transmitters that constantly send radio
signals. Beacons can be used by criminals to track the location of the
users of mobile devices. For example, a criminal may install malware on
victim’s computers which collects location information from beacons
and sends the collected location information to the criminal.
– Social networks, i.e., platforms allowing their users to build social
network relationships. Social networking can be used by criminals to
receive unauthorized access to personal information. For instance, a
criminal may create a fake profile in Facebook and send a “friend
request” to a victim. By accepting the “friend request,” the victim will
allow the criminal to access a tremendous amount of personal
information about the victim (e.g., personal data, photos, videos, and
location information).
– RFID technology, i.e., the wireless non-contact use of radio-frequency
electromagnetic fields to transfer data with the aim to automatically
identify and track tags attached to objects. A human implanted RFID
chip installed without the knowledge and the authorization of the
receiving person will make that person a lifelong object of surveillance.
 Unlawful use of beacons
• The unlawful use of beacons may allow criminals to:
– (1) identify behavioral patterns of potential victims (e.g., money
spending, visited places, and lifestyle) and
– (2) send spam to potential victims (e.g., customized advertisement).
• The data collection about the behavior patterns can facilitate
criminals in the selection of their victims. For instance, an
individual who attends luxurious restaurants may be more
attractive to thieves than an individual who regularly visits fast
food chains. Thieves’ use of information about the behavior
patterns of their victims is not a new phenomenon from
lawyers after finding on the Internet information about the
lifestyle of the lawyers.
• Similarly, spammers can use the location data to send
advertisements customized by the location of the user. By way
of illustration, a visitor of a golf club will receive spam related
to golf sticks and the visitor of a hospital will receive spam
related to medicaments.
Unlawful collection of personal data
through social networking platforms
• Social networks may be used for obtaining personal data without
authorization.
• The creation of a fake social networking account. Although fake
profiles imitating real people (i.e., the so-called impostor accounts) are
not allowed by Facebook and other social networking platforms,
Facebook reported having around 170 million fake users.
• Hacking a social networking account. The users of social networking
platforms often use weak passwords, e.g., names, birthday, or common
phrases found in a dictionary. Such weak passwords make the users
susceptible to dictionary attacks.
• Distributing a social networking app which collects data from the
users without their authorization. To get personal information about a
larger number of victims, hackers often employ social networking
malware. The malware may be masked as gaming apps and apps
providing access to digital content. Such seemingly innocent apps may
request the user to access his/her public profile, friend list, email
address birthday, current city, and other personal information.
 Unlawful use of RFID technology
• There are two main security concerns related to the use of
RFID chips, namely,
– (1) infection with computer viruses and
– (2) cloning of RFID chips.
• Criminals may obtain unauthorized access to personal
information by infecting human-implanted RFID chips or
cloning them.
• The RFID systems have two components,
– (1) a transponder and
– (2) a detector.
• The transponder transfers data to the detector, whereas the
detector reads the data transferred by the transponder
and/or modifies the data in the transponder. If infected by
computer viruses, human-implanted RFID transponders may
transfer viruses to the devices which receive information
from the infected transponders.
ISSUES RELATED TO GATHERING
EVIDENCE THROUGH NET
 Issues related to gathering evidence through
social networking platforms
• Social networking platforms connecting people in general (e.g.,
Facebook and MySpace) allow various users to connect with each
other. For example, consumers may use such platforms to connect
with companies.
• Social networking platforms connecting professionals (e.g.,
LinkedIn, Plaxo, and Xing) are focused on business communications.
These platforms are used mainly for communication between
professionals.
• Social bookmarking websites (e.g., Digg, Delicious, and
StumbleUpon) allow users to add, edit and share bookmarks of web
documents.
• Internet forums (e.g., Meetup and Craiglist) provide their users with
the opportunity to hold discussions in the form of posted messages.
• Business directories (e.g., Yelp and CitySearch) list business
operating within the same business field.
• Photo and video sharing platforms (e.g., YouTube and Flickr) enable
users to sell, view, and purchase photos and videos.
 Legal, Professional issues
• The legal issues related to “Information Technologies” (IT) fall
within the scope of the laws regulating the use of data, evidence,
creative works, and inventions. We will further focus on four such
laws:
• Privacy law, i.e., the law that regulates the collection, use,
processing, and disclose of personal information.
– Under most privacy laws, personal information is defined as information
which identifies an individual or allows an individual to be identified;
• The law of evidence, i.e., the law that governs the proof of facts
in legal proceedings;
• Copyright law, i.e., the law that governs the ownership and use of
creative works
• Patent law, i.e., the law that regulates the rights to inventions.
4.9 Use of Software, Computers an
d Internet-based Tools; Liability for
•Software
Validation ofErrors
(analysis and design) software
– Responsibility for the outputs of software
• The role of computers in professional practice
• Respect of copyright law: software piracy and
plagiarism
• Computer system security from the perspective of
licensed professionals
• Internet ethics (harassment, courtesy, "netiquette")
 Validation of (analysis and design) software

• Software validation is a critical tool used to assure the quality of device software
and software automated operations.
• BENEFITS OF SOFTWARE VALIDATION
• Software validation can increase the usability and reliability of the device,
resulting in decreased failure rates, fewer recalls and corrective actions, less risk
to patients and users, and reduced liability to device manufacturers.
• Software validation can also reduce long term costs by making it easier and less
costly to reliably modify software and revalidate software changes.
• Software maintenance can represent a very large percentage of the total cost of
software over its entire life cycle.
• An established comprehensive software validation process helps to reduce the
long-term cost of software by reducing the cost of validation for each
subsequent release of the software
Validation of (analysis and design) software
 Software Validation report
• All validation activities should be documented and that may seem to be
an overwhelming job.
• However, if the recommendations in this method are followed
systematically, the work will become reasonable and it will be quite easy
to produce a proper validation report.
• There are two main tasks associated with each life cycle phase:
– Preliminary work. To specify/summarize the requirements (forward/reverse
engineering for prospective/retrospective validation), to manage the design and
development process, make the validation test plan, document precautions (if
any), prepare the installation procedure, and to plan the service and
maintenance phase. All documents and actions should be dated and signed.
– Peer review and test. To review all documents and papers concerning the
validation process and conduct and approve the planned tests and installation
procedures. All documents and actions should be dated and signed. It is
recommended always to mark topics that are excluded from the validation as
“not relevant” or “not applicable” (n/a)
• The software product should be designed to handle critical events (in terms
of when, where, whom, and why) applied during use.
• Such events should be traceable through all life cycle phases and measures
taken to ensure the traceability should be stated in the validation report.
• It may be good validation practice to sign (by date and initials) the different
parts of report as the validation proceeds,
• e.g.
– Requirements specification should be approved and signed before the Design is
done,
– Test specifications should be approved and signed before the tests are carried out,
etc.
• It is also important to identify the persons who are involved in the
validation and are authorized to approve and sign the report, e.g.
– Other persons than those who built the software product should do the testing.
– Acceptance test should be done by the system user/owner rather than by the
development team.
– The persons approving documents should not be the same as those who have
authored them.
 Validation report contains 5 sections
• 1. Objectives and scope of application.
– Tables to describe the software product, to list the involved persons, and to
specify the type of software in order to determine the extent of the
validation.
• 2. Software life cycle overview.
– Tables to specify date and signature for the tasks of preliminary work and
the peer reviews assigned to each life cycle phase as described above.
• 3. Software life cycle activities.
– Tables to specify information that is relevant for the validation. It is the
intention that having all topics outlined, it should be easier to write the
report.
• 4. Conclusion.
– Table for the persons responsible to conclude and sign the validation report.
• 5. References and annexes.
– Table of references and annexes.
 Respect of copyright law:
• Piracy is defined as; the unauthorized use of another's production,
invention, or conception especially in infringement of a copyright.
• Piracy is the popular term for the illegal activity that is more
correctly known as copyright infringement.
– Software piracy involves the violation of license agreements and occurs
when you download, copy, file share, install, or distribute digitized
material in the form of computer software programs and entertainment
media without authorization from the owner/creator.
• Plagiarism is defined as;
– to steal and pass off (the ideas or words of another) as one's own;
– to use (another's production) without crediting the source;
– to commit literary theft;
– to present as new and original an idea or product derived from an
existing source.
4.10 Document Authentication and
Control
• Authentication of documents
• Use of stamp or seal, verification stamps
• Electronic authentication of documents
• Review of documents
• Document revision control
• As-built drawings – responsibility for
– Record keeping and turning over records when required
• Preservation of records in a usable format (faded paper,
etc.)
• Responsibility for control of personal stamp or seal
 4.10.1 Concepts and Principles of
Authentication
• Principles
• Purpose of the Seal
• Obtaining a Seal
• Electronic Version of the Seal
• Digital Signature
• Custody and Control of Seals
 Principles of Authentication
• Sealing, signing and dating (collectively referred
to as “authentication”) of documents.
• The principles involved in authenticating a
document are independent of the methods
employed for producing the document.
• The seal constitutes the distinctive mark of the
professional.
– It certifies that, this holder is a member of the
Association, and is licensed to practice professional
engineering .
 Purpose of the Seal
• The seal constitutes the distinctive mark of the professional.
• It identifies work performed by, or under the direct supervision
of a licensed professional.
• It assures the document’s recipient that the work meets the
standards expected of experienced professionals who take
personal responsibility for their judgments and decisions.
• The seal is important because it is a visible commitment to the
standards of the profession and signifies to the public that a
particular professional has accepted responsibility for the
document.
• It should be considered a “mark of reliance”, an indication that
others can rely on the fact that the opinions, judgments, or
designs in the sealed documents were provided by a professional
held to high standards of knowledge, skill and ethical conduct.
• The seal represents the professional’s commitment to
standards of care and excellence. By affixing the seal,
professionals assume responsibility and are answerable for
the quality of the work presented therein.
• It is a statement by the professional to others that they can,
with a high degree of confidence, depend upon the contents
of the document for the furtherance of their projects.
• The seal is not, and should not be considered, a certification
mark or warranty of correctness.
• It is important to emphasize to professionals that they are
still responsible for work in which they are involved, but
choose not to seal.
• Use of the seal should not be subject to specification by
contract or work arrangements.
 Obtaining a Seal
• The traditional seal used on a document is the
impression of the rubber stamp issued by the
Association to its licence holders.
 Electronic Version of the Seal
• The holder of the original seal may reproduce it by
use of information technologies.
• The impression must correspond in all respects to the
original seal to preserve its characteristics except that
of size.
– The size must be large enough that the elements of the
seal are legible.
– Similarly the professional’s signature may be reproduced
electronically and be used in a size that ensures it is legible.
• The professional should ensure that access to the
electronic version of the seal and signature remains
under their control to prevent unauthorized use.
 Digital Signature
• The traditional seal and signature differs with the form of security known
as a "digital signature“.
– which is an encrypted alphanumeric data set,
– used as personal electronic identification information,
– that people attach to a document to permanently associate themselves with the
document.
• It is not an identical electronic copy of a handwritten signature obtained by
scanning or electronic pen.
• A digital signature is intended to have the same legal force and
distinguishing effect as the use of a signature affixed by hand.
• For this reason, the digital signature must be:
– unique to the person using it;
– capable of verification;
– under the sole control of the person using it; and
– attached to, or associated with, data in such a manner that it authenticates its own
attachment to the particular data using it and the integrity of the data transmitted.
 Custody and Control of Seals
• A seal issued to a member or licensee shall at
all times remain under the direct control of
that member or licensee.
• All professional seals are the property of the
Association
• The members or licensees for use as defined
in the Act and Bylaws, and shall be returned
upon request.
 4.10.2 Authentication of Documents

• Authenticating Single Discipline Documents

• Authenticating Multi-Discipline Documents
• Authenticating Other Types of Documents
Authenticating Single Discipline Documents
• Each document covering a single discipline or specific area of
expertise should be authenticated by the professional at the lowest
level of full responsibility.
– For documents covering work within a single discipline but developed by
several professionals, the coordinating professional responsible for
faithfulness to concept or corporate standards and coordinating the work of
the team should authenticate the document.
• That professional should be intimately connected to the work.
– Administrative supervision over a group would not entitle the supervisor to
authenticate the work of the group.
• In cases when several professionals are authenticating a single
discipline document, each shall apply their seal and qualify their
responsibility to specific portions of the document.
• Professionals should be encouraged to authenticate all their
documents, regardless of whether there is a coordinating
professional.
Authenticating Multi-Discipline Documents
• For a project covering work within several disciplines, all documents
within a particular discipline must be signed and sealed by the
professional taking overall responsibility for work within that
discipline.
• The coordinating professional (if there is one) should also sign and
apply their seal to indicate that the work of the various disciplines
has been coordinated.
• If only one signature and seal is used, it should be that of the
professional taking responsibility for the work, generally the
coordinating professional.
– Each professional applying their signature and seal should qualify their level
of responsibility, i.e.: what discipline they are taking responsibility for.
• In multi-discipline projects and teams, all professionals should be
encouraged to authenticate their portion of the work, whether or
not there is a coordinating professional.
 Authenticating Other Types of Documents
• Manuals prepared for direction and guidance of others in
technical and/or public safety matters should be
authenticated.
– Preliminary documents that are incomplete should not be
authenticated.
• A document should not be signed and sealed unless it is
complete for the purposes intended.
– For example, a blue print submitted for a permit may not be
complete for construction.
– However, it must be complete for the purpose of obtaining a
permit and it should be authenticated for that purpose.
• Preliminary plans, reports and specifications that have been
authenticated should be clearly marked PRELIMINARY or
NOT FOR CONSTRUCTION.
 4.10.3 Other Recommended Policies

• Modifications to Documents
• Retention Policies and Procedures
• Transmission of Documents
• Withdrawal of Seal
 Modifications to Documents
• All sealed documents are considered to be final documents. However,
occasionally such documents need to be edited, altered or amended
either during the course of the project or as part of a new project.
• In order to ensure that professionals are not unknowingly accepting
responsibility for work they did not do, it is important that documents,
once sealed, are not altered without undergoing an appropriate
revision documentation process.
• Modifying an authenticated document constitutes a professional act
that should be identified as such.
• Authors of the modifications are professionally responsible for the
work segment directly or indirectly affected by their modifications,
particularly if these modifications affect the original concept.
• The author of the modifications should authenticate the documents
they have modified. The purpose and precise subject of all
modifications should be indicated.
• In cases where altering of documents signed and sealed by another
professional is required for an ongoing project the following procedure
should be followed:
– original authentication to remain on documents unaffected by the alterations;
– professional(s) altering documents authenticates their work;
– professional(s) clearly identifies alterations and who is responsible for them.
• The author(s) should authenticate modifications, including all elements of
the original document affected by the modification, and clearly document
and define the professional responsibility of the original author(s) and the
author(s) of the modifications.
• The procedure used to modify a document should be appropriate to the
medium used for the document.
• Wherever possible, it should be the same as that used for the original
document.
• The same principles and procedures for authentication should apply to the
modification, review or revision of documents.
• In the case of a review, the review report, or any documented opinion or
advice should also be authenticated using the same policies and procedures.
 Retention of Documents
• Documents should be retained for as long as any liability for the work exists.
• Once a document is authenticated, it should be stored in a manner that preserves
the integrity of the document and the seal.
• Professionals responsible for sealing documents should ensure that their
organization implements a document management process that prevents the
possibility of:
– others altering sealed documents without the knowledge of the author;
– removal, or duplication and unauthorized use, of the seal; and
– unauthorized use of documents.
• To provide this protection, the document management process should
incorporate the following, non-exclusive, features:
– procedures that assure all documents have been prepared by or under the direct
supervision and control of a professional;
– procedures that assure the design, report, or other output of technical work complies with
all applicable regulations, codes, standards, practices;
– an authenticating procedure to ensure that all documents are signed and sealed by the
professional taking responsibility for the work;
– procedures that assure data integrity by prohibiting unauthorized and/or undocumented
changes;
 – procedures to identify unauthorized copies of final documents;
– records retention procedures such that the records to be retained are
selected by the professional responsible for sealing the documents;
– procedures for validating records before storage;
– established document retention periods; and
– protection of records against loss or inadvertent destruction.
• Because electronic documents can easily be changed and copied with
no obvious indication, organizations must have well documented
processes to support the authenticity and integrity of documents with
electronic signatures and seals.
• Professionals responsible for sealing technology-based documents
should ensure that their organizations adopt a method of creating,
archiving and distributing electronic format documents that will:
– control and protect the electronic facsimile of the seal and signature;
– ensure document integrity, i.e. documents are not altered once signed,
without undergoing the revision process; and
– allow verification of the identity of the professional originating the document.
 Transmission of Documents
• When transmitting documents electronically, steps must be taken to
protect the copyright of the work, and ensure the integrity of the
documents and authenticating marks (seals, signatures).
• The document should contain a digital signature, which is unique to the
user, under the sole control of the user and able to be verified.
• It is recommended that a technology-based signing procedure be used
which guarantees the integrity of the documents and authenticating
marks transmitted and received.
– If such a procedure cannot be used, any seals or signatures should be removed
and notice to this effect be included.
• Thus a technology-based document that is not authenticated can be
transmitted without a technology-based signature or specific security;
but it should not contain any authenticating mark.
• The name of the author should always be indicated on any non-
authenticated document.
– Such a document should include a notice that it is transmitted for information or
coordination purposes only.
 Withdrawal of Seal
• There are circumstances under which a professional may
decide they no longer take professional responsibility for
the work they have prepared and sealed.
• This amounts to a revocation of the approval that existed
at the time the seal was applied.
• This is appropriate when the professional becomes aware
of a deficiency in the work or when some parameters have
changed which negate the work.
• However, it is not appropriate or ethical to revoke an
approval as a means to enforce the position of the
professional in contractual disputes with the client once
the work has been released and in the hands of a third
party.
 4.10.4 Certificate of Authorization Seal

• Obtaining a Certificate of Authorization Seal

• Electronic Version of the Certificate of
Authorization Seal
Obtaining a Certificate of Authorization Seal
• The Act specifies that all seals must be ordered
through the Association office.
• The approved design of the seal to be used by the
holder of a Certificate of Authorization issued in
accordance with the Act and Bylaws.
 Electronic Version of the Certificate of
Authorization Seal
• Entities may reproduce their certificate of authorization seal
by any means to generate an impression, including
procedures that use information technologies.
• The impression must correspond in all respects to the
original seal to preserve its characteristics except that of
size.
• The size must be large enough that the elements of the seal
are legible.
– Similarly, each professional signature may be reproduced
electronically and be used in a size that ensures it is legible.
• The entity should ensure that access to the electronic
version of the seal and signatures remains under their
control to prevent unauthorized use.
4.11 Software Engineering Code
of Ethics and Practices
IEEE-CS
ACM Joint task force
AITP
SANS
4.11.1 IEEE-CS
IEEE CS-Software Engineering Body of
Knowledge (SWEBOK)
The 15 knowledge areas are grouped into
four modules
helps to prepare the students for the IT
industry.
 4.11.2 Association for Computing Machinery
(ACM) Code of Ethics and Professional Conduct
 1. GENERAL ETHICAL PRINCIPLES.
• A computing professional should...
– Contribute to society and to human well-being,
acknowledging that all people are stakeholders in
computing.
– Avoid harm to others.
– Be honest and trustworthy.
– Be fair and take action not to discriminate.
– Respect the work required to produce new ideas,
inventions, creative works, and computing artifacts.
– Respect privacy.
– Honor confidentiality.
 2. PROFESSIONAL RESPONSIBILITIES.
• A computing professional should...
– Try hard to achieve high quality in both the processes and products
of professional work.
– Maintain high standards of professional competence, conduct, and
ethical practice.
– Know and respect existing rules pertaining to professional work.
– Accept and provide appropriate professional review.
– Give comprehensive and thorough evaluations of computer systems
and their impacts, including analysis of possible risks.
– Perform work only in areas of competence.
– Encourage public awareness and understanding of computing,
related technologies, and their consequences.
– Access computing and communication resources only when
authorized or when compelled by the public good.
– Design and implement systems that are strongly and usably secure.
 3. PROFESSIONAL LEADERSHIP PRINCIPLES.
• A computing professional, especially one acting as a leader,
should...
– Ensure that the public good is the central concern during all
professional computing work.
– Articulate, encourage acceptance of, and evaluate fulfillment of
social responsibilities by members of the organization or group.
– Manage personnel and resources to enhance the quality of
working life.
– Articulate, apply, and support policies and processes that reflect
the principles of the Code.
– Create opportunities for members of the organization or group to
grow as professionals.
– Use care when modifying or retiring systems.
– Recognize and take special care of systems that become
integrated into the infrastructure of society.
 4. COMPLIANCE WITH THE CODE.
• A computing professional should...
– Maintain, promote, and respect the principles of the
Code.
– Treat violations of the Code as inconsistent with
membership in the ACM.
– Example
• The web designer make provision for alternative user
interfaces, for Disabilities and
• The system administrator should aware of alternative
assistive technologies.
 4.11.3 Association of
Information Technology
Professionals (AITP) Code of
Ethics and Standard of Conduct
 Code of Ethics
• I Acknowledge
– That, I have an obligation to management,
– That, I have an obligation to my fellow members,
– That, I have an obligation to Society,
– That, I have an obligation to my college or University,
– That, I have an obligation to my employer whose trust
me,
– That, I have an obligation to my country,
• I accept these obligation as a personal responsibility
and as a member of this Association.
 Standard of Conduct
• First of all, the IT professionals will abide by the
appropriate laws of their country and community.
• The following standards address the code of belief,
that apply to the IT profession.
1. In recognition of my obligation to management I shall,
2. In recognition of my obligation to my fellow members
and the profession I shall,
3. In recognition of my obligation to Society I shall,
4. In recognition of my obligation to Employer I shall,
In recognition of my obligation to management I shall,

• Keep my knowledge up-to-date, insure that

proper expertise is needed.
• Share my knowledge with others
• Accept full responsibility for work that I perform.
• Not misuse the authority entrusted to me.
• Not misrepresent or withhold information
concerning the capabilities of equipment,
software & hardware.
In recognition of my obligation to my fellow
members and the profession I shall,
• Be honest in all my professional relationships
• Take necessary action in regard to any illegal or
unethical practices.
• Cooperate with others in achieving and identifying
problems
• Not use or take credit for other’s work, without
specific acknowledgement and authorization.
• Not take advantage of the lack of knowledge on
others for personal gain.
In recognition of my obligation to Society
I shall,
• Protect the privacy and confidentiality of all
information entrusted to me.
• Use my skill and knowledge, to help the public in
all areas of my expertise.
• Support, respect and abide by the local , state
and federal laws.
• To the best of my ability, insure that the products
of my work are used in a socially responsible
way.
In recognition of my obligation to Employer I shall

• Avoid conflicts of interest and insure that my

employer is aware of any potential conflicts.
• Present a fair, honest and objective viewpoint.
• Protect the proper interests of my employer at all
times.
• Without proper approval, not use the resources
of my employer for personal gain.
• Not exploit the weakness of a computer system
for personal gain or personal satisfaction.
4.11.4 SYSADMIN,AUDIT, NETWORK,SECURITY
(SANS)
IT CODE OF ETHICS

• I will strive to know myself and be honest about

my capability.
• I will conduct my business in a manner that
assures the IT profession is considered one of
integrity and professionalism.
• I respect privacy and confidentiality.
I will strive to know myself and be honest about my
capability.
• I will strive for technical excellence in the IT profession by
maintaining and enhancing my own knowledge and skills.
– I acknowledge that there are many free resources available on
the Internet and affordable books and that the lack of my
employer's training budget is not an excuse nor limits my ability
to stay current in IT.
• When possible I will demonstrate my performance
capability with my skills via projects, leadership, and/or
accredited educational programs and will encourage
others to do so as well.
• I will not hesitate to seek assistance or guidance when faced
with a task beyond my abilities or experience.
– I will embrace other professionals' advice and learn from their
experiences and mistakes.
– I will treat this as an opportunity to learn new techniques and
approaches. When the situation arises that my assistance is called
upon, I will respond willingly to share my knowledge with others.
• I will strive to convey any knowledge (specialist or
otherwise) that I have gained to others so everyone gains
the benefit of each other's knowledge.
• I will teach the willing and empower others with Industry
Best Practices (IBP).
– I will offer my knowledge to show others how to become security
professionals in their own right. I will strive to be perceived as and
be an honest and trustworthy employee.
• I will not advance private interests at the expense of end users,
colleagues, or my employer.
• I will not abuse my power.
– I will use my technical knowledge, user rights, and permissions only to
fulfill my responsibilities to my employer.
• I will avoid and be alert to any circumstances or actions that might
lead to conflicts of interest or the perception of conflicts of
interest.
– If such circumstance occurs, I will notify my employer or business
partners.
• I will not steal property, time or resources.
• I will reject corruption or kickbacks and will report such illegal
activity.
• I will report on the illegal activities of myself and others without
respect to the punishments involved.
– I will not tolerate those who lie, steal, or cheat as a means of success in
IT.
 I will conduct my business in a manner that assures the IT
profession is considered one of integrity and professionalism.
• I will not injure others, their property, reputation, or employment by false or
malicious action.
• I will not use availability and access to information for personal gains through
corporate espionage.
• I distinguish between advocacy and engineering. I will not present analysis
and opinion as fact.
• I will adhere to Industry Best Practices (IBP) for system design, rollout,
hardening and testing.
• I am obligated to report all system vulnerabilities that might result in
significant damage.
• I respect intellectual property and will be careful to give credit for other's
work. I will never steal or misuse copyrighted, patented material, trade
secrets or any other intangible asset.
• I will accurately document my setup procedures and any modifications I have
done to equipment. This will ensure that others will be informed of
procedures and changes I've made.
 I respect privacy and confidentiality.
• I respect the privacy of my co-workers' information.
– I will not peruse or examine their information including data, files,
records, or network traffic except as defined by the appointed roles, the
organization's acceptable use policy, as approved by Human Resources,
and without the permission of the end user.
• I will obtain permission before probing systems on a network for
vulnerabilities.
• I respect the right to confidentiality with my employers, clients,
and users except as dictated by applicable law.
– I respect human dignity.
• I treasure and will defend equality, justice and respect for others.
• I will not participate in any form of discrimination,
– whether due to race, color, national origin, ancestry, Gender orientation,
gender/sexual identity or expression, marital status, creed, religion, age,
disability, veteran's status, or political ideology.
Characteristics of professional/unprofessional
behavior