REN-ISAC logo

Membership Terms and Conditions

Document version 2.1, September 22, 2009

0.1REN-ISAC Organizational Documents
 
1.Charter
2.Membership Guide
3.Membership Terms and Conditions  ( this document )
4.Membership Fees
5.Information Sharing Policy
6.REN-ISAC Disclaimer
0.2Table of Contents
 
1.REN-ISAC Objectives and Policies
2.Membership
3.Fees
4.Term of Membership
5.Termination for Convenience
6.Information Sharing
7.Disclaimer
8.Liability
9.Notices
10.Survival
11.Document Control and Changes
1.0REN-ISAC Objectives and Policies
1.1The REN-ISAC is organized according to the objectives, structure, and principles described in the Charter [1]; its membership is developed and guided according to terms described in the Membership Guide [2]; and its policies and operating rules are described in Information Sharing Policy [3], and Terms and Conditions [this document]. The Member agrees to support the REN-ISAC objectives and to abide the policies and operating rules.
2.0Membership
2.1Institutions and organizations are members, and are represented by a management representative and one or more member representatives. The responsibilities and privileges of the management and member representatives are outlined in the Membership Guide.
3.0Fees
3.1Annual fees are charged per institution (3.2). The fee permits multiple member representatives at no additional cost per representative. The rate is consistent with financial principles outlined in the Charter. The fee schedule is published in the Membership Fees document [4]. The first year fee is prorated and due 30 days after receipt of invoice. Fee rates are set and communicated to members in January, invoiced in March, and are due July 1. If payment is not received within 30 days of the due date, membership privileges will be suspended until paid in full. Payments are not refunded for early termination.
3.2The scope of "per institution" depends on organizational structure. Single-campus institutions are clear-cut. Campus extensions are not considered to be separate entities. Regarding multi-campus systems, if a single central team handles security system-wide, then a single fee is required for the system. If security responsibility is shared between a system-wide unit and campus units that perform autonomous protection and response, then a separate fee is required for the system-wide unit, and for each campus choosing to participate in REN-ISAC. In that scenario, the system-wide team must take care regarding REN-ISAC information sharing policy in regard to campuses that are not members. If there is no system-wide team, the fee is required of each campus choosing to join.
4.0Term of Membership
4.1The term of membership begins upon confirmation by the Membership Committee, continues through the remainder of the fiscal year (July through June), and is automatically renewed for twelve month periods every July 1, unless otherwise terminated.
5.0Termination for Convenience
5.1The management representative of an institution, with sole discretion, can terminate membership for that institution at any time for convenience, effective upon receipt of confirmed notice to the Membership Committee [5]. Paid fees are not refunded.
6.0Information Sharing
6.1The Information Sharing Policy describes the incumbent behaviors for marking, sharing, and protecting shared information. Members are required to earnestly abide the information sharing policies.
7.0Disclaimer
7.1Information is shared within REN-ISAC for the objective of cyber security protection and response. Information is shared in good faith and there are no explicit or implied guarantees or warranties to the veracity or applicability of the information.
7.2Information received from any REN-ISAC service, product, or member must be analyzed fully by representatives of the receiving institution, and inherent risks determined and understood. Any local action taken must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments.
7.3The REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information sent to the membership generally, or to specific institutions.
8.0Liability
8.1REN-ISAC membership, with the attendant terms, conditions, and policies, is not intended to introduce a legal liability on a member or on the REN-ISAC organization, its host and sponsoring organizations, or officers.
9.0Notices
9.1Notices regarding membership processing should be communicated to the Membership Committee. Notices on any other matter should be communicated to the REN-ISAC Secretary [6]. Emergency communications may be established 24x7 through the REN-ISAC Watch Desk [7].
10.0Survival
10.1The requirements for controlling the dissemination of received information, described in Information Sharing Policy, survive the expiration or termination of this Agreement.
11.0Document Control and Changes
11.1Changes to the REN-ISAC organizational documents, including the Charter, Membership Guide, Membership Terms and Conditions, Membership Fees, Information Sharing Policy, and Disclaimer, will be conducted in the following manner:
11.1.1Minor revisions that do not affect substance are made by REN-ISAC staff without consultation with advisory groups or members. The version number of the revised document will be incremented by a decimal. A summary of the revisions will be reported to the membership mailing list.
11.1.2Major revisions, affecting substance, will be developed by REN-ISAC staff in cooperation with the advisory groups, and will be vetted though a member comment period. The version number of the revised document will be incremented by an integer. A summary of the revisions will be reported to the membership mailing list.
11.1.3Following the execution of major revision to the Terms and Conditions, management representatives will be required to indicate agreement to the new terms and conditions.
11.1.4Following the execution of major revision to the Information Sharing Policy, management representatives, member representatives, and referred-trust associates will be required to indicate agreement to the new policy.
11.1.5Members are encouraged to comment on the documents, at any time, to the Membership Committee.

Footnotes

  1. REN-ISAC Charter; http://www.ren-isac.net/docs/charter.html
  2. REN-ISAC Membership Guide; http://www.ren-isac.net/docs/membership.html
  3. REN-ISAC Information Sharing Policy; http://www.ren-isac.net/docs/information_sharing_policy.html
  4. REN-ISAC Membership Fees; http://www.ren-isac.net/fees.html
  5. REN-ISAC Membership Committee; http://www.ren-isac.net/about/advisory.html#membership
  6. REN-ISAC Secretary, http://www.ren-isac.net/contacts.html
  7. REN-ISAC Watch Desk; http://www.ren-isac.net/watch.html