[SystemSafety] professionalism

Steve Tockey Steve.Tockey at construx.com
Thu Feb 20 15:45:22 CET 2014


Martyn,
Things like certification and licensing aren't self-enforcing: there isn't a "police force" that actively searches for violations. We're dependent on someone making us aware of a suspected violation. Regardless of what someone thinks about the Affordable Care Act (ACA, aka "Obamacare") in the US, I think it's safe to say that the healthcare.gov project was a complete debacle. From the press reports it's pretty obvious that everything that could have been done wrong on a software project was done wrong. And if I were to find out in some way that a CSDA- or CSDP-certified individual **was in a position to make the kinds of decisions that led to that outcome** then we would investigate. Similarly, if someone were to report to IEEE-CS that there had been a suspected violation then we would also have to investigate.

The process followed would most likely end up being specific to that situation and would have to be dealt with case-by-case.

Would the action possibly run into issues of confidentiality or court challenge? Absolutely. We might never be able to overcome these difficulties and some offenders would undoubtedly get away with it. But at least we tried. I don't know about specific insurance carried by IEEE-CS for this situation but clearly the CS has some sort of insurance and it likely covers this kind of situation. I'm sure the CS lawers looked into the issues of running a certification program before we ever got approval to work on it.

Finally, insofar as CSDA and CSDP are strictly voluntary, there is no legal backing only moral/ethical. I mean, CSDA and CSDP aren't like licensing of professional engineers (Chartered Engineer in the UK, PEng in Canada, different names in different states in the US, …) so we're clearly more limited in what we can do. A licensed/chartered engineer has legal liability and can be jailed or fined for violations. The worst we can do with CSDA and CSDP is to simply revoke the certification. We could sue the individual if they continued to use the designation after it had been revoked, but that's absolute worst-case.


-- steve




From: Martyn Thomas <martyn at thomas-associates.co.uk<mailto:martyn at thomas-associates.co.uk>>
Reply-To: "martyn at thomas-associates.co.uk<mailto:martyn at thomas-associates.co.uk>" <martyn at thomas-associates.co.uk<mailto:martyn at thomas-associates.co.uk>>
Date: Wednesday, February 19, 2014 8:22 AM
To: Steve Tockey <Steve.Tockey at construx.com<mailto:Steve.Tockey at construx.com>>, "systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>" <systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>>
Subject: Re: [SystemSafety] professionalism

On 19/02/2014 15:38, Steve Tockey wrote:
For what it's worth, I run the CSDP and CSDA certification programs for IEEE-CS. Candidates need to sign a statement saying they have read, and will abide by, the IEEE-CS/ACM code of ethics. If we can prove that any certificate holder is/was not abiding, we (I) will—without question—revoke that certificate.


I'm certainly not questioning or doubting your integrity or commitment, but I would like to understand how you would do this (in the hope that I can find a way to emulate it in the UK).

How would you know that a certificate holder had perhaps not abided by the code? Would you only act on a complaint, or would you (say) follow up press reports of a major project failure to investigate whether a certificate holder was professionally implicated?

And what process would you then follow to establish the facts and to determine whether to issue a warning or to revoke the certificate?

Would you expect your action to run into issues of commercial confidentiality or to be challenged in the courts? If so, how would you overcome these difficulties? Do you or the IEEE-CS carry insurance to cover such eventualities?

These questions have always seemed to me to be major barriers to effective enforcement of a code that includes professional competence. I can see how to handle cases where financial fraud or criminal behaviour have already been established through court proceedings, but I would welcome any insight into how standards of professional competence can be enforced in our field, where there is so much professional disagreement about the right way to buld and assure software.

Regards

Martyn


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140220/880a7119/attachment.html>


More information about the systemsafety mailing list