Code of ethics for IT companies servicing businesses and non-profits

I watched an episode of the TV show Silicon Valley in which two big tech CEOs fight over who qualifies for a newly written “Code of Tethics” (tech-ethics), and got thinking about what kind of standards and best practices we need in the IT industry.

We in IT services need to operate ethically and consistently. Ultimately, if we raise standards for all of us, our companies all benefit.

On one hand, every entrepreneur has to start somewhere. You should not have to spend a million dollars to start an IT consulting company. On the other hand, I do sometimes see IT companies using their clients as guinea pigs. The IT company may have no experience with a product, no testing. They have their clients sign up for various vendor contracts, and clients can end up being locked in to products that are not optimal.

So where is the accountability for IT consultants and service companies? We need a consistent standard to prevent inexperienced or unethical IT companies from doing damage. I suggest the following guidelines for our community of IT service providers to consider. Let’s raise our standards together.

IT best practices and standards: what we need to give better service and save clients money

1. A standardized shop rate chart (similar to auto-mechanics). Clients should know how much it costs, say, for us to set them up at a new physical office space.
2. More pricing transparency. We advertise our pricing. IT service companies can be tempted to treat each client as bespoke, but that can turn into price gouging. IT costs are approximately the same across almost all clients, so there should be pricing consistency across clients.
3. Proof of expertise with a professional designation or trade ticket. Many product vendors have certification programs but the tests seem to have no bearing on capability (everyone manages to pass them regardless of practical competency).
4. Professional accountability. If an IT company is the architect of a business solution, someone should ensure adherence to best practices for that solution. An individual would sign off on it and be held responsible, like a professional engineer.
5. Sticking firmly to best practices. No cutting corners. There is a range of best practices to follow, so where do we start? Best practices are determined by government bodies like the US NIST, while large vendors have their own guidelines as well. ISO 2007 is the most respected IT security framework. If everyone follows these guidelines, we are off to a great start.