Terms & Conditions

Contents

1.0   REN-ISAC Objectives and Policies (Back to top)

1.1      The REN-ISAC is organized and operated according to the objectives, structure, and principles described in the Charter; its membership is developed and guided according to terms described in the Membership Guide; and its policies and operating rules are described in Information Sharing Policy, and Terms and Conditions [this document]. The Member agrees to support the REN-ISAC objectives and to abide by the policies and operating rules.

2.0   Membership (Back to top)

2.1      Institutions and organizations are members and are represented by a management representative and one or more member representatives. The responsibilities and privileges of the management and member representatives are outlined in the Membership Guide.

3.0   Fees (Back to top)

3.1     Annual fees are charged per institution (see Section 3.5). The fee permits multiple member representatives at no additional cost per representative. The rate is consistent with the financial principles outlined in the Charter. The fee schedule is published in the Membership Fees document. Fee rates are set and communicated to members at the beginning of the calendar year, invoices are sent prior to services being rendered, and payment terms are net 30 days from the invoice date. If payment is not received by the due date, REN-ISAC reserves the right to suspend membership until the invoice is paid in full. 

3.2      New members activated after July 1^st will be sent an invoice for the prorated first year fee. Payment of the invoice and a signed copy of these Terms & Conditions are required before the new institution can be activated as a member of REN-ISAC. All invoices are due net 30 days of the invoice date. If payment is not received by the due date, REN-ISAC reserves the right to suspend membership until the invoice is paid in full.  

3.3      The scope of "per institution" depends on organizational structure. Single-campus institutions require a single fee; likewise, campus extensions are not considered to be separate entities. Regarding multi-campus systems, if a single central team handles security system-wide, then a single fee is required for the system. If security responsibility is shared between a system-wide unit and campus units that perform autonomous protection and response, then a separate fee is required for the system-wide unit, and for each campus choosing to participate in REN-ISAC. In that scenario, the system-wide team must take care regarding REN-ISAC information sharing policy in regard to campuses that are not members. If there is no system-wide team, the fee is required of each campus choosing to join.

4.0   Term of Membership (Back to top)

4.1      The term of membership begins upon confirmation by the REN-ISAC Membership Services Director (in consultation with the Membership Committee) and continues through the remainder of the term stated on the invoice, unless otherwise terminated.

5.0   Termination for Convenience (Back to top)

5.1      The management representative of an institution, with sole discretion, can terminate membership for that institution at any time for convenience, effective upon receipt of confirmed notice to the REN-ISAC Membership Services Director. Paid fees are not refundable. 

6.0   Information Sharing (Back to top)

6.1      The Information Sharing Policy describes the incumbent behaviors for marking, sharing, and protecting shared information. Members are required to earnestly abide by the Information Sharing Policy.  Failure to do so may result in a member representative being removed.

7.0   Disclaimer (Back to top)

7.1      Information is shared by or within REN-ISAC for the objective of cybersecurity protection and response. Information is shared in good faith and there are no explicit or implied guarantees or warranties to the veracity or applicability of the information shared within REN-ISAC, and Members agree that such information is provided “as is.”

7.2       Information received from any REN-ISAC service, product, or member must be analyzed fully by representatives of the receiving institution, and inherent risks determined and understood. Any local action taken must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments. Each Member is solely responsible for its own actions and determinations.

7.3      The REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information distributed within or by REN-ISAC publicly, to the membership generally, or to specific institutions.

8.0   Liability (Back to top)

8.1      REN-ISAC membership, with the attendant terms, conditions, and policies, is not intended to introduce a legal liability on a member or on the REN-ISAC organization, its host and sponsoring organizations, or officers.

9.0   Notices (Back to top)

9.1      Notices regarding membership processing should be communicated to the REN-ISAC Membership Services team. Notices on any other matter should be communicated to the REN-ISAC Executive Team.  Emergency communications may be established 24x7 through the REN-ISAC Watch Desk. 

10.0   Survival (Back to top)

10.1      The requirements for controlling the dissemination of received information, described in the Information Sharing Policy, shall survive the expiration or termination of these Terms and Conditions.

11.0   Document Control and Changes (Back to top)

11.1      Changes to the REN-ISAC organizational documents, including the Charter, Membership Guide, Membership Terms and Conditions, Membership Fees, Information Sharing Policy, and Disclaimer, will be conducted in the following manner:

11.1.1      Minor revisions that do not affect substance are made by REN-ISAC staff without consultation with advisory groups or members. The version number of the revised document will be incremented by a decimal. A summary of the revisions will be reported to the membership mailing list.

11.1.2      Major revisions, affecting substance, will be developed by REN-ISAC staff in cooperation with the advisory groups, and will be vetted though a member comment period. The version number of the revised document will be incremented by an integer. A summary of the revisions will be reported to the membership mailing list.

11.1.3     Following the execution of major revision to the Terms and Conditions, management representatives will be required to indicate agreement to the new terms and conditions.

11.1.4      Following the execution of major revision to the Information Sharing Policy, management representatives, member representatives, and referred-trust associates will be required to indicate agreement to the new policy.

11.1.5      Members are encouraged to comment on the documents, at any time, to the Membership Committee.