It is perhaps easiest to begin the application of ethics to information technology with the ethical responsibilities of IT professionals. Several ethical codes have been developed, and in this chapter we will see how the concepts of Part I apply to these codes. My aim is to establish the ethical basis of these codes. The underlying ethical concepts are Rawlsian, but not his Principles of Justice (Rawls, 1999). Rather, they are distinctions developed as part of the theory of right action. The distinction between duty and obligation is particularly relevant. In addition, something needs to be said about the concept of a profession. Most IT professionals have a very strong sense of their responsibilities as IT professionals. In a way, it is astonishing that such a young profession has developed such a strong sense of its own ethical identity so quickly. Older professions such as Medicine or Law have traditions going back over two thousand years, and their standards have been incorporated into law in most areas. Although IT has its professional organizations, such as the Association for Computing Machinery (ACM) and the Association of Information Technology Professionals (AITP), those organizations do not currently perform a widely recognized credentialing function. Although these organizations promulgate model curricula, they have nothing like the force of the American Medical Association (AMA) certification for medical schools, or the American Bar Association (ABA) certification of law schools. Since IT is a profession without benefit of the formal apparatus of the older professions, it follows that the credentialing and legal sanctions of the older professions are not what makes them professions. Credentialing and legal sanctions safeguard what was already there, namely a calling shared by individuals. Professions differ from mere jobs because those in professions commit themselves indefinitely toward serving a goal beyond their own self-interest, which is their primary focus. Thus, those in the medical profession commit themselves to healing people, and those in the law commit themselves to interpreting and applying the law and preserving the integrity of the legal process. Professional athletes similarly commit themselves to practicing their sport as well as they can. All professionals are prepared to set aside their individual interests when their profession requires it. The basis of a profession—an individually adopted goal beyond self-interest—is also the essential basis for professional ethics.1 What then is this goal for IT professionals? What do IT professionals feel called to do? I think their calling is to provide the best functioning IT systems (infrastructure and applications) possible in the organizational context in which they are dealing. In terms of this calling, IT professionals know what they need to take responsibility for in the technical area, even when managers or clients have other ideas. These responsibilities are often not mandated by management. Indeed, management may not even be aware that IT professionals have assumed and carried out these responsibilities. Yet the well-being of the organization may very well depend on these responsibilities being carried out. A good example is data integrity; nonprofessionals usually have only a vague idea of what is involved in insuring data integrity, and yet failures in insuring data integrity will almost certainly compromise the usability of a system. Even without formal, generally accepted credentialing for IT professionals, there is still a distinct calling recognized by IT professionals with duties attached to it. The absence of generally accepted credentialing does, however, create possibilities for conflicts with management and others, which we will discuss later in this chapter.