Accessibility Tools

Skip to main content

MHinCS Foundation Charter

Mental Health in Cyber Security Foundation

Links to Other Mental Health Foundation Pages

    Awareness Level Charter text

    The standard text to be used for the Level 1 Charter is:

    “As an organisation we recognise that:

    • Effective cyber security is fundamental to supporting successful business outcomes;
    • cyber security resilience is critical in protecting all organisations;
    • The delivery of sustained, effective cyber security of an organisation relies in part on the resilience of its cyber security teams and leaders;
    • cyber security teams operate in a relentless high-pressure environment;
    • stress, burnout and the deteriorating mental health of cyber security professionals is a real threat to the cyber security industry and the organisations they serve;
    • investing in the effective management of mental wellbeing within cyber security teams can help address this threat.

    In response we will:

    • promote our signatory to this Charter to key stakeholders;
    • raise awareness at all relevant decision-making levels (including HR and recruitment);
    • foster an environment of understanding, openness and transparency for all staff when experiencing feelings of stress / burnout or are becoming / have become mentally unwell;
    • monitor practices which lead to stress / burnout in the short term and impact mental wellbeing in the longer term and take steps to control and ultimately reduce them.”

    The text following the above standard text will be any specific Pledges made by the organisation, and because the Pledges need to be relevant to the business of the organisation and what it wants to commit to, we have provided several examples below.

    The examples provided below are for:

    • Enterprises (who employers of cyber security professionals),
    • Recruiters (who place cyber security professionals into roles);
    • Professional / Certification Bodies (who set the professional working standards of cyber security professionals);
    • Industry Bodies (who set the technical standards of operation for cyber security professionals);
    • Event Organisers (who bring cyber security professionals together to share knowledge and information);
    • Cyber Security Wellbeing Providers (who are providing services to enterprises and individual cyber security professionals).

     

    Enterprise Pledge Example

    In addition to the above, we will take the following actions:

    • Actively promote the Charter
    • establish a system to enable us to help affected staff in a timely and effective manner
    • support security leaders in creating tailored working practices for teams / individuals that help to manage stressful situations
    • establish open effective communication with cyber security teams, with a focus on long-term mental wellbeing

    MHinCS Foundation Content

    Professional Body Pledge Example

    In addition to the above, we will take the following actions:

    • Promote the Charter
    • Encourage all Fellows, Members and Associates of the body adopt the Charter
    • Review our “products” (Bodies of Knowledge, Certification, etc.) to ensure they adequately address the ambitions of this Charter

    Industry Body Pledge Example

    In addition to the above, we will take the following actions:

    • Promote the Charter
    • Encourage all Fellows, Members and Associates of the body adopt the Charter
    • Review our “products” (Bodies of Knowledge, Certification, etc.) to ensure they adequately address the ambitions of this Charter

    Recruiter Pledge Example

    In addition to the above, we will take the following actions:

    • Actively promote the Charter to enterprise clients, to adopt the Charter
    • Encourage enterprise clients to implement the principals of the Charter and safeguard the mental health of their cyber security teams
    • Encourage enterprise clients to create and respect a working environment of openness and transparency for staff who feel negatively stressed, are near burnout and/or those who are having mental wellness issues. Encourage support in these areas, as per the Charter.
    • Assist enterprise clients to ensure they recognise and identify (with full transparency) the roles, teams and environments that might present higher levels of stress and risk of burnout than others, within their organisations.
    • Encourage employers to clarify in advance of starting hiring processes, the roles, teams and environments which might present higher levels of stress and risk of burnout than others, within their organisations, with full transparency
    • Ensure (with the best of available knowledge) full transparency with candidates who have left or are leaving roles due to stress, on the realistic environment of a new opportunity, where the new opportunity, role and environment is a high-stress environment.
      Consult and guide the candidate as to whether the next environment is a beneficial place to join for the candidate’s current needs. Allow the candidate to choose if they would like to be represented in application or not personally.
    • Aim to work to deliver a non-discriminatory culture in relation to stress and transparency between organisations and candidates.
    • We will establish a monitoring system to enable us to consider how we can help more effectively
    • Ensure that the quality talent pool is not being eroded due to stress, burnout or mental health, flag and discuss any identifiable issues to the market.

    Event Organiser Pledge Example

    In addition to the above, we will take the following actions:

    • Promote the Charter at Cyber Security related events
    • Take steps to encourage the inclusion of sessions that cover and discuss the issue of “Stress, burnout and the mental health of cyber security professionals as a cyber threat issue
    • Where possible encourage open discussion on this topic for all levels of cyber security professionals, signposting to relevant support, guidance and the Foundation.

    Service Provider Pledge Example

    In addition to the above, we will take the following actions:

    • Promote the Charter prominently in marketing
    • Encourage clients to adopt the Charter
    • Refine and amplify existing best practices around employee mental health and well-being that a client already has in place.
    • We pledge to prioritize the well-being and mental health of every cyber professional during our work, recognizing that healthy and engaged individuals are fundamental to success.
    • We commit to educating our clients on best practices and tools for fostering an environment of open communication, where employees feel empowered to express their thoughts, concerns, and ideas without fear of judgment.
    • We embrace a culture of continuous learning and commit to teaching our clients best practices and tools for acknowledging that the ever-evolving landscape of cybersecurity requires us to adapt, share knowledge, and grow together as a cohesive unit.
    • We pledge to practice perspective-taking and inclusivity and commit to teaching our clients best practices and tools for understanding that diverse perspectives strengthen our ability to address cybersecurity challenges and create innovative solutions.
    • We commit to educating our clients best practices and tools for individuals—at all levels of an organization—to embrace ownership at an individual, team, and multi-team level, recognizing that each employee plays a crucial role in shared success.
    • We are committed to providing clients with survey-based tools that value individual perceptions of the work environment, team dynamics, leadership behaviours, and personal experiences in the workplace.

    FAQ's

    Do the Pledges have to be Organisation-wide?

    Do the Pledges have to be Organisation-wide?

    This current level of the Charter is the first level intending to raise awareness and allow those who agree with making some pledges to do so. For this reason, it makes sense that for this level only, a specific team, office, site, department, country office, etc. can agree their own pledges to raise awareness of what they will do in their specific environment. This means that for this level, a cyber security team, or an events team in a much larger organisation can make Pledges and agree to the Charter, while they also raise awareness within their own organisation to adopt the Charter at a wider level. In all cases it will require a named individual in a responsible role empowered to make the specified Pledges to be accepted.
    Can different teams sign the Charter at the same time?

    Can different teams sign the Charter at the same time?

    The ideal scenario is that an organisation agrees to make Pledges for the whole organisation, however, some larger organisations have diverse teams and may include departments or teams offering recruitment services, events, and other services as well as an in-house cyber security and incident response teams. For some organisations it may be relevant for each team to make Pledges separately until the organisation has coordinated all Pledges into a single Charter.
    What is the cost of Pledging to the Charter?

    What is the cost of Pledging to the Charter?

    There are currently no charges for this awareness level of the charter. This may have to change at some point if the administration resources become difficult to deal with. For the moment, we don’t want to create any barriers to raising awareness of the issues, and we see that any charge could be a barrier for adoption.
    Will you promote our Agreement and Pledges?

    Will you promote our Agreement and Pledges?

    Anyone agreeing and making Pledges to the Charter will be named in a publicly available list on our website, so that it can be verified. However, we will not be promoting or creating publicity for individual organisations. This does not mean that you shouldn’t promote it yourself. To help you with your promotion, we will provide you with some guidance on doing it properly.
    To Top