The BCS - avoids the issue by not defining an ethical policy - only has a code of conduct which
'... governs your personal conduct as an individual member of the BCS and not the nature of business or ethics of the relevant authority'.
This is a bit of a cop-out, and avoids the difficult questions altogether.
The IEEE - does have a code of ethics - which does, on first glance seem to fit the bill:
1. to accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;
9. to avoid injuring others, their property, reputation, or employment by false or malicious action;
But I'm also aware that the IEEE has many high profile members who work in the defence industry and also produces specifications created and used in the defence industry.
The ACM - Much better, uses the term 'human rights', and takes the most care of these three bodies to make clear their ethical stance and to give direction:
This principle concerning the quality of life of all people affirms an obligation to protect fundamental human rights and to respect the diversity of all cultures. An essential aim of computing professionals is to minimize negative consequences of computing systems, including threats to health and safety. When designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will be used in socially responsible ways, will meet social needs, and will avoid harmful effects to health and welfare.
In addition to a safe social environment, human well-being includes a safe natural environment. Therefore, computing professionals who design and develop systems must be alert to, and make others aware of, any potential damage to the local or global environment.There's also an interesting discussion of ethics in this paper here, and a very thorough discussion of ICT bodies and ethics, with recommendations here.
I'm still undecided - I believe I need to spend a lot more time researching this topic, as the standard policy for most IT organisations appear to allow members working in defence - even if it's only discernible by reading between the lines.