Home Organisations managing Identity Provider servers do not commit to the Code of Conduct for Service Providers. However, Home Organisations as data controllers of their End users may consider taking the following steps to manage the attribute release to the Service Providers and reduce their risks