CED Ethical Development Company Checkmark Policies & Code of Conduct

Standards for Earning and Maintaining the CED Ethical Company Checkmark

1. Introduction

The Certified Ethical Developer (CED) Company Checkmark is awarded to organisations that demonstrate a meaningful and ongoing commitment to ethical software development. This policy outlines the expectations, principles, and behaviours that a company must uphold in order to earn, and continue to hold, the mark. These standards apply to all employees involved in software creation, from junior developers to senior executives.

Earning the mark is not about perfection; it is about transparency, accountability, and a genuine intention to build technology that respects people and society.

2. Foundational Ethical Principles

To qualify for the checkmark, a company must show clear alignment with the following core principles:

2.1 Respect for Users

The organisation must treat users as humans with rights, autonomy, and dignity, not as data points or revenue streams. Software should be developed with empathy, care, and an understanding of real human impact.

2.2 Transparency and Honesty

The company must communicate openly about how its software works, how data is used, and what risks or limitations may exist. Deceptive patterns, misleading wording, or intentionally confusing user interfaces are strictly prohibited.

2.3 Privacy and Security by Design

User data must be handled responsibly, securely, and minimally. Privacy should never be treated as a post-launch feature or a growth obstacle. Security must be integrated throughout the development lifecycle, not bolted on at the end.

2.4 Inclusion and Accessibility

Applications and services must aim to be accessible, inclusive, and usable by people of varied abilities, backgrounds, and cultural contexts. Accessibility should be planned early and considered continually.

2.5 Social, Environmental, and Organisational Responsibility

Companies must consider the wider impact of their technology, from societal consequences to energy usage. Ethical behaviour must also shape internal culture, leadership, and communication.

2.6 Accountability and Continuous Improvement

Mistakes, incidents, or ethical dilemmas must be handled with transparency, responsibility, and a commitment to improvement. A company’s ethical maturity is demonstrated not by the absence of issues, but in the way it responds to them.

3. Ethical Development Policies

The following policies set the minimum required standard for organisations seeking CED accreditation.

3.1 Data Ethics Policy

A qualifying company must have a written and enforced data ethics policy that includes:

Clear rules on data minimisation, retention, deletion, and anonymisation

Defined purposes for data collection, with no hidden secondary uses

A formal review process for new tracking, analytics, or storage systems

Explicit bans on selling personal data or using it for manipulative profiling

3.2 Security Policy

The organisation must commit to secure engineering practices, including:

Regular security training for all developers

Secure coding guidelines used consistently across teams

Mandatory code reviews including a security lens

Formal incident response and breach notification processes

Timely patching and vulnerability management

3.3 Accessibility and Inclusive Design Policy

To meet the standard, the company must:

Aim to meet at least WCAG 2.1 AA (or equivalent for product type)

Conduct accessibility reviews as part of the development cycle

Test with real users or assistive technologies where feasible

Provide documented accessibility statements for public-facing products

3.4 Responsible AI & Algorithmic Fairness Policy

If a company uses AI or automated decision-making, it must have policies addressing:

Bias detection and mitigation

Transparency regarding automated decisions

Human oversight of high-impact decisions

Clear ethical review of data sets and model outputs

Prohibition of opaque “black-box” decisions where harm may occur

3.5 Sustainability Policy

Organisations must consider the environmental impact of their software, including:

Efficient code and infrastructure

Use of green hosting or low-carbon cloud options where possible

Monitoring and addressing digital waste (e.g., redundant processing or storage)

Lifecycle planning for hardware dependencies

3.6 Organisational Culture and Conduct Policy

A company must create a culture where ethical behaviour is encouraged, expected, and safe to discuss. This includes:

Anti-discrimination and anti-harassment commitments

Protection for whistle-blowers

Open communication channels for raising concerns

Ethical decision-making training for developers and leaders

Non-punitive handling of reported issues

4. Code of Conduct for Ethical Software Development

The Code of Conduct formalises the behaviours expected from individuals in CED-accredited companies.

4.1 Commitment to Integrity

Employees must act with honesty in both code and communication. Misrepresenting capabilities, hiding flaws, or knowingly allowing harmful functionality is not acceptable.

4.2 Protection of Users

Developers must prioritise user well-being over business pressure. If a feature risks harm, they are expected to raise concerns and advocate for alternatives.

4.3 Responsible Coding Practices

All code must be:

Maintainable

Well-documented

Tested appropriately

Written in accordance with clean code principles

Developers must avoid introducing shortcuts that create long-term risk simply to meet short deadlines.

4.4 Stewardship of Data

Individuals must treat user data as if it were their own, handled sensitively, stored securely, and accessed only when necessary.

4.5 Respectful Collaboration

Team members must communicate clearly, listen openly, and work cooperatively across disciplines. Toxic behaviour, withholding information, or undermining colleagues is unethical.

4.6 Commitment to Learning

Ethical development is an evolving field. Employees must stay informed, seek training, and remain open to new practices and perspectives.

4.7 Reporting Obligations

If an employee becomes aware of unethical, unsafe, insecure, or discriminatory behaviour, they must report it through appropriate channels. Silence or complicity breaches the code.

5. Compliance Requirements for Earning the Checkmark

To be approved, a company must demonstrate:

Documented policies for all relevant sections above

Evidence of training for developers and technical staff

Examples of procedures used in real development cycles

Accessibility and security practices integrated into workflow

Leadership endorsement of ethical commitments

A clear, confidential reporting mechanism for staff

An annual ethics review, including incident logs and improvements made

CED may request anonymised documentation, interviews, or audits when necessary.

6. Ongoing Obligations for Maintaining Accreditation

Accreditation is not permanent. Companies must:

Renew annually

Update policies as standards evolve

Demonstrate ongoing training and awareness

Report major ethical incidents or breaches

Allow periodic review of compliance documentation

A company may lose the checkmark if it:

Engages in deceptive, harmful, or illegal data practices

Fails to protect user data responsibly

Falsifies evidence or hides incidents

Shows a pattern of unethical behaviour or unresolved issues

7. Summary

This Ethical Development Policy and Code of Conduct aims to ensure that any organisation granted the CED Ethical Company Checkmark is genuinely committed to building software that is responsible, safe, inclusive, and respectful of users and society. It sets a high but achievable standard, one shaped not just by technical excellence but by moral intention, transparency, and care.