Version 2.3 (June 2021)
Contents
1.0 REN-ISAC Objectives and Policies
2.0 Membership
3.0 Fees
5.0 Termination for Convenience
7.0 Disclaimer
8.0 Liability
9.0 Notices
10.0 Survival
1.0 REN-ISAC Objectives and Policies (Back to top)
1.1 The REN-ISAC is organized and operated according to the objectives, structure, and principles described in the Charter [1]; its membership is developed and guided according to terms described in the Membership Guide [2]; and its policies and operating rules are described in Information Sharing Policy [3], and Terms and Conditions [this document]. The Member agrees to support the REN-ISAC objectives and to abide the policies and operating rules.
2.0 Membership (Back to top)
2.1 Institutions and organizations are members and are represented by a management representative and one or more member representatives. The responsibilities and privileges of the management and member representatives are outlined in the Membership Guide.
3.0 Fees (Back to top)
3.1 Annual fees are charged per institution (see Section 3.5). The fee permits multiple member representatives at no additional cost per representative. The rate is consistent with financial principles outlined in the Charter. The fee schedule is published in the Membership Fees document [4]. The first-year fee is prorated and due 30 days after receipt of invoice. Fee rates are set and communicated to members in January, invoices are sent in the spring, and payment is due in July. If payment is not received within 30 days of the due date, membership privileges will be suspended until paid in full. Payments are not refunded for early termination.
3.2 New members applying before March 31 will be sent an invoice for the prorated first year fee. Payment of the invoice and a signed copy of these Terms & Conditions are required before the new institution can be activated as a member of REN-ISAC. All invoices are due 30 days after receipt of invoice.
3.3 New members applying after March 31 will be sent an invoice for a full year’s membership, effective July 1 of that year. Payment of the invoice and a signed copy of these Terms & Conditions are required before the new institution can be activated as a member of REN-ISAC. All invoices are due 30 days after receipt of invoice. In these cases, the new institution will not be activated until July 1.
3.4 Fee rates are set and communicated to members in January and invoiced annually each May. If payment is not received within 30 days of the due date, membership privileges will be suspended until paid in full. Payments are not refunded for early termination.
3.5 The scope of "per institution" depends on organizational structure. Single-campus institutions are clear-cut. Campus extensions are not considered to be separate entities. Regarding multi-campus systems, if a single central team handles security system-wide, then a single fee is required for the system. If security responsibility is shared between a system-wide unit and campus units that perform autonomous protection and response, then a separate fee is required for the system-wide unit, and for each campus choosing to participate in REN-ISAC. In that scenario, the system-wide team must take care regarding REN-ISAC information sharing policy in regard to campuses that are not members. If there is no system-wide team, the fee is required of each campus choosing to join.
4.0 Term of Membership (Back to top)
4.1 The term of membership begins upon confirmation by the REN-ISAC Membership Services Director (in consultation with the Membership Committee) and continues through the remainder of the term stated on the invoice, unless otherwise terminated.
5.0 Termination for Convenience (Back to top)
5.1 The management representative of an institution, with sole discretion, can terminate membership for that institution at any time for convenience, effective upon receipt of confirmed notice to the REN-ISAC Membership Services Director [5]. Paid fees are not refundable.
6.0 Information Sharing (Back to top)
6.1 The Information Sharing Policy describes the incumbent behaviors for marking, sharing, and protecting shared information. Members are required to earnestly abide the Information Sharing Policy.
7.0 Disclaimer (Back to top)
7.1 Information is shared by or within REN-ISAC for the objective of cyber security protection and response. Information is shared in good faith and there are no explicit or implied guarantees or warranties to the veracity or applicability of the information shared within REN-ISAC, and Members agree that such information is provided “as is”.
7.2 Information received from any REN-ISAC service, product, or member must be analyzed fully by representatives of the receiving institution, and inherent risks determined and understood. Any local action taken must be informed by local technical expertise and applied as appropriate to the local technical, functional, and cultural environments. Each Member is solely responsible for its own actions and determinations.
7.3 The REN-ISAC, its sponsoring organizations, and members accept no responsibility for negative impacts of any sort that results from local actions taken on information distributed within or by REN-ISAC publicly, to the membership generally, or to specific institutions.
8.0 Liability (Back to top)
8.1 REN-ISAC membership, with the attendant terms, conditions, and policies, is not intended to introduce a legal liability on a member or on the REN-ISAC organization, its host and sponsoring organizations, or officers.
9.0 Notices (Back to top)
9.1 Notices regarding membership processing should be communicated to the REN-ISAC Membership Services team. Notices on any other matter should be communicated to the REN-ISAC Executive Team [6]. Emergency communications may be established 24x7 through the REN-ISAC Watch Desk [7].
10.0 Survival (Back to top)
10.1 The requirements for controlling the dissemination of received information, described in the Information Sharing Policy, shall survive the expiration or termination of these Terms and Conditions.
11.0 Document Control and Changes (Back to top)
11.1 Changes to the REN-ISAC organizational documents, including the Charter, Membership Guide, Membership Terms and Conditions, Membership Fees, Information Sharing Policy, and Disclaimer, will be conducted in the following manner:
11..1.1 Minor revisions that do not affect substance are made by REN-ISAC staff without consultation with advisory groups or members. The version number of the revised document will be incremented by a decimal. A summary of the revisions will be reported to the membership mailing list.
11.1.2 Major revisions, affecting substance, will be developed by REN-ISAC staff in cooperation with the advisory groups, and will be vetted though a member comment period. The version number of the revised document will be incremented by an integer. A summary of the revisions will be reported to the membership mailing list.
11.1.3 Following the execution of major revision to the Terms and Conditions, management representatives will be required to indicate agreement to the new terms and conditions.
11.1.4 Following the execution of major revision to the Information Sharing Policy, management representatives, member representatives, and referred-trust associates will be required to indicate agreement to the new policy.
11.1.5 Members are encouraged to comment on the documents, at any time, to the Membership Committee.