Canon I
Public interest first.
A PRI credential holder places the safety, soundness and continuity of the systems they help operate ahead of the commercial interests of any single employer or client.
The conduct standard
The PRI
Code of Ethics.
Every ARO, CRO and SCRO credential holder accepts this code on award and reaffirms it annually. It is the floor — not the ceiling — of professional conduct in operational resilience across Asia-Pacific.
Preamble
Operational resilience is, in the end, a promise to people who will never read our papers — depositors, patients, passengers, citizens. This code exists so that the promise is kept when it is inconvenient to keep it.
Canon II
Tell the board the truth.
We will not soften an assessment, obscure a tolerance breach, or rewrite an incident timeline to protect a programme, a peer, or our own position.
Canon III
Evidence over assertion.
Every claim made under a PRI credential — to a board, to a regulator, or to a counterparty — must be capable of being shown in writing, on request, with the working underneath.
Canon IV
Independence from the function being assessed.
Where we test, attest to, or sign off on a control we did not design, we hold ourselves to the same independence standards we would expect of a second or third line reviewer.
Canon V
Regulator-grade candour.
When asked by a competent supervisor in an APAC jurisdiction, we answer directly, in full, and without coaching from communications, legal or vendor counterparts beyond what is lawfully required.
Canon VI
Confidentiality, with limits.
We protect client and employer information, but confidentiality is never a shield against disclosing material resilience risks to those legally entitled to know them.
Canon VII
No conflicts traded in private.
Financial interests, vendor relationships and outside appointments that could plausibly bias our resilience judgement are declared to the PRI registrar and, where relevant, to the engaging organisation.
Canon VIII
Hold the credential — or hand it back.
A credential holder who can no longer meet these canons in their current role notifies the PRI registrar. The Board may suspend, censure, or strike off — and reserves the right to publish.
Enforcement
A code without enforcement is a brochure.
Complaints against a credential holder are received by the PRI registrar and adjudicated by a panel of three sitting Fellows drawn from outside the credential holder's home jurisdiction and employer. Outcomes range from private censure to permanent removal from the register, with publication at the Board's discretion.