Version 2.2 (February 2018)
1.0 REN-ISAC Objectives and Policies (Back to top)
1.1 The REN-ISAC is organized according to the objectives, structure, and principles described in the Charter ; its membership is developed and guided according to terms described in the Membership Guide ; and its policies and operating rules are described in Information Sharing Policy , and Terms and Conditions [this document]. The Member agrees to support the REN-ISAC objectives and to abide the policies and operating rules.
2.0 Membership (Back to top)
2.1 Institutions and organizations are members, and are represented by a management representative and one or more member representatives. The responsibilities and privileges of the management and member representatives are outlined in the Membership Guide.
3.0 Fees (Back to top)
3.1 Annual fees are charged per institution (3.2). The fee permits multiple member representatives at no additional cost per representative. The rate is consistent with financial principles outlined in the Charter. The fee schedule is published in the Membership Fees document . The first year fee is prorated and due 30 days after receipt of invoice. Fee rates are set and communicated to members in January, invoiced in March, and are due July 1. If payment is not received within 30 days of the due date, membership privileges will be suspended until paid in full. Payments are not refunded for early termination.
3.2 The scope of "per institution" depends on organizational structure. Single-campus institutions are clear-cut. Campus extensions are not considered to be separate entities. Regarding multi-campus systems, if a single central team handles security system-wide, then a single fee is required for the system. If security responsibility is shared between a system-wide unit and campus units that perform autonomous protection and response, then a separate fee is required for the system-wide unit, and for each campus choosing to participate in REN-ISAC. In that scenario, the system-wide team must take care regarding REN-ISAC information sharing policy in regard to campuses that are not members. If there is no system-wide team, the fee is required of each campus choosing to join.
4.0 Term of Membership (Back to top)
4.1 The term of membership begins upon confirmation by the Membership Committee, continues through the remainder of the fiscal year (July through June), and is automatically renewed for twelve month periods every July 1, unless otherwise terminated.
5.0 Termination for Convenience (Back to top)
5.1 The management representative of an institution, with sole discretion, can terminate membership for that institution at any time for convenience, effective upon receipt of confirmed notice to the Membership Committee . Paid fees are not refunded.
6.0 Information Sharing (Back to top)
6.1 The Information Sharing Policy describes the incumbent behaviors for marking, sharing, and protecting shared information. Members are required to earnestly abide the information sharing policies.
7.0 Disclaimer (Back to top)
7.1 Information is shared within REN-ISAC for the objective of cyber security protection and response. Information is shared in good faith and there are no explicit or implied guarantees or warranties to the veracity or applicability of the information.
7.2 Information received from any REN-ISAC service, product, or member must be analyzed fully by representatives of the receiving institution, and inherent risks determined and understood. Any local action taken must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments.
7.3 The REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information sent to the membership generally, or to specific institutions.
8.0 Liability (Back to top)
8.1 REN-ISAC membership, with the attendant terms, conditions, and policies, is not intended to introduce a legal liability on a member or on the REN-ISAC organization, its host and sponsoring organizations, or officers.
9.0 Notices (Back to top)
9.1 Notices regarding membership processing should be communicated to the Membership Committee. Notices on any other matter should be communicated to the REN-ISAC Secretary . Emergency communications may be established 24x7 through the REN-ISAC Watch Desk .
10.0 Survival (Back to top)
10.1 The requirements for controlling the dissemination of received information, described in Information Sharing Policy, survive the expiration or termination of this Agreement.
11.0 Document Control and Changes (Back to top)
11.1 Changes to the REN-ISAC organizational documents, including the Charter, Membership Guide, Membership Terms and Conditions, Membership Fees, Information Sharing Policy, and Disclaimer, will be conducted in the following manner:
11.1.1 Minor revisions that do not affect substance are made by REN-ISAC staff without consultation with advisory groups or members. The version number of the revised document will be incremented by a decimal. A summary of the revisions will be reported to the membership mailing list.
11.1.2 Major revisions, affecting substance, will be developed by REN-ISAC staff in cooperation with the advisory groups, and will be vetted though a member comment period. The version number of the revised document will be incremented by an integer. A summary of the revisions will be reported to the membership mailing list.
11.1.3 Following the execution of major revision to the Terms and Conditions, management representatives will be required to indicate agreement to the new terms and conditions.
11.1.4 Following the execution of major revision to the Information Sharing Policy, management representatives, member representatives, and referred-trust associates will be required to indicate agreement to the new policy.
11.1.5 Members are encouraged to comment on the documents, at any time, to the Membership Committee.