In the security industry, the ideal posture is to be proactive. To do this, requires a relationship with people, processes, tools, and the core values of the client.
And ideally, the client is now able to identify risk, analyze and assess that risk, and then mitigate the risk down to an acceptable level.
If this is true, how do you assess the methodology and the core values of a vendor before they take on this central and significant task?
We have a discussion with the co-founder of TorchStone Global, David Niccolini. David discusses the "Business of Before" in the context of their code of ethics. You can see why the company has won numerous awards and the respect of key industry insiders.
As a reference, the key elements of this code are:
Above All, Do No Harm We endeavor to do no harm, and we actively work to do good. That statement might seem trite to some, but to those associated with TorchStone, we mean it sincerely. We try hard to form relationships of trust with the people with whom we work. We do all we can to develop and maintain that trust, to uphold professional standards, and to take full responsibility for our actions.
Gut Check We refuse engagements or recuse ourselves from situations that do not pass these simple gut check questions: 1) Is this going to cause harm to someone or something? 2) Is this activity lawful? 3) Would I be comfortable if this work was made public? We expect and demand that employees and associates will consult with TorchStone leadership immediately if something seems amiss with any relationship or project.
We Honor the Dignity and Worth of All People We deeply believe in the dignity and worth of all people. We treat others with respect, and we do not tolerate harassment or discrimination of any kind. TorchStone will NOT assist in any investigation or provide any services (paid or pro bono) that may have been requested with the intent to kill, injure, suppress, stalk, or harass an individual or group. TorchStone will NOT conduct any operations or provide any services that violate others’ rights or any fundamental freedoms. TorchStone will NOT use deception, coercion, or threats to obtain information or provide services. This reinforces that above all, we at TorchStone strive to do no harm.
We Follow Laws and Regulations, and Foster Ethical Relationships We respect the laws and regulations wherever we do business around the world. TorchStone assesses and mitigates the risk of potential physical, cyber, and reputational threats through lawful open-source information collection, principled executive protection, and sound security consulting. We do not take on any work that may infringe upon another person’s or group’s fundamental rights. We are honest and transparent in our discussions with employees, partners, and clients about what we can and cannot do. We build positive relationships free from corruption, bribes, kickbacks, or any other unethical activity. If potential conflicts of interest arise, financial or otherwise, we immediately consult with all parties involved, both internal and external, to transparently discuss the situation and to identify, together, the best way forward.
We Welcome Diversity TorchStone is an Equal Employment Opportunity employer for all qualified candidates. We welcome and support people from diverse backgrounds and experiences. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
We Play Nice in the Sandbox We respect our competitors. While we are focused on growing our company, we want to do so in a way that reflects our values. We want to compete with our competitors fairly and honestly.
How Can We Be Better? In order to improve, we need to know when we are falling short. TorchStone supports a culture of trust and encourages speaking-up when something is not right. We are all human. This means that not only are we fallible, but also, we have feelings. It does not feel good to tell someone when something is not working, nor does it feel good to receive that information. We recognize that speaking up in these situations takes courage, and listening takes humility. We value that courage and are committed to humbly listening to feedback (the good, the bad, and the ugly).
Enjoy the Conversation!