By accepting these Terms & Conditions, Member signifies its agreement to all the terms and conditions hereof.
1. Services and Obligations. Member agrees that it will pay annual membership fees according to the then-current schedule of fees described on the H-ISAC Website (“Site”). In addition, Member acknowledges that the mission of H-ISAC is to enable and preserve the public trust by advancing health sector cybersecurity protection and the ability to prepare for and respond to (cyber and physical) threats and vulnerabilities. Member agrees that it will endeavor to submit relevant information regarding its operations and otherwise relating to the H-ISAC mission (“Member Information”) to H-ISAC. In consideration of Member paying the required fees and performing its obligations under these Policies, H-ISAC will provide Member with the services and benefits then described on the Site (“Services”).
2. Public Identification; Trademark License. H-ISAC may identify Member publicly as a member of H-ISAC unless expressly prohibited by the member, in writing. Each party may use the name and logo (collectively, “Marks”) of the other on a non-exclusive basis during the Term, in connection with (a) publicizing H-ISAC and Member’s status as a Member, and (b) identifying information shared according to the terms of these Policies. No other use of either party’s Marks is permitted except with such party’s prior written permission.
3. Term and Termination. These Policies are effective from the date fee payment is received and shall continue if renewed for successive twelve (12) month periods on the anniversary date OF FEE PAYMENT, unless either party gives notice of its intent not to renew at least thirty (30) days prior to the expiration of the then current membership term. Notwithstanding anything to the contrary contained herein, Member may terminate its participation in H-ISAC and agreement to these Policies at any time upon H-ISAC’s receipt of notice thereof. In addition, these Policies shall terminate automatically, if: (a) Member is no longer a member in good standing of H-ISAC (including via breach of these Policies); (b) Member no longer satisfies all of the eligibility criteria for H-ISAC membership or collaboration; Per HIPAA “Covered Entity” definition (1916)(c) Member is dissolved or liquidated; or (d) the operation of H-ISAC is terminated.
4. Confidential Information. Both parties may, in connection with these Policies, disclose to the other party information considered confidential or proprietary information of the disclosing party (“Confidential Information”). Information shall be considered Confidential Information if marked confidential or proprietary, identified as confidential in nature by the disclosing party at the time of disclosure, or which by its nature is normally considered confidential or provides the disclosing party with a competitive advantage. Confidential Information includes, and is not limited to, Member Information and the specific terms and conditions of these Policies. The receiving party shall protect the disclosing party’s Confidential Information with the same degree of care that it regularly uses to protect its own Confidential Information from unauthorized use or disclosure, but in no event less than a reasonable degree of care.
5. No rights or licenses under patents, trademarks or copyrights are granted or implied by any disclosure of Confidential Information by the disclosing party. The obligations of confidentiality hereunder shall survive the termination of these Policies for a period of five (5) years. The obligations of confidentiality under these Policies shall not apply to any Confidential Information that: (a) is rightfully received from a third party without disclosure restrictions; (b) is or becomes publicly available through no wrongful act of the receiving party; (c) is already known to the receiving party as evidenced by documentation bearing a date prior to the date of disclosure; or (d) is independently developed by employees of the receiving party or H-ISAC members who have not had unauthorized access to such Confidential Information. The receiving party may also disclose Confidential Information to the extent required by applicable federal, state or local law, regulation, court order, or other legal process, provided the receiving party has given the disclosing party prior written notice of such required disclosure, unless prohibited by law or regulation, and, to the extent reasonably possible, has given the disclosing party an opportunity to contest such required disclosure at the disclosing party’s expense.
6. DATA CLASSIFICATION AND SHARING. Without limiting the foregoing duties of confidentiality: Member acknowledges that it may receive information of other members of H-ISAC pursuant to its mission. Member will treat all information obtained as a result of these Policies according to the “Traffic Light Protocol” (information classification policy). Information classified as Red is not to be shared except with entities designated by the disclosing entity. Information classified as Amber is not to be shared except within H-ISAC and members’ employees with need to know it. Information classified as Green may be shared with all members, and trusted entities designated by H-ISAC to include other ISACS and government agencies (such as DHS).
7. WARRANTY. Both parties warrant that they have the right to agree to these Policies and grant the rights and licenses made hereunder. EXCEPT AS EXPRESSLY SET FORTH ABOVE, THERE ARE NO OTHER WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR FOR ANY IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, USAGE OR TRADE, OR NONINFRINGEMENT. THE SERVICES ARE PROVIDED “AS IS” AND H-ISAC DOES NOT REPRESENT OR WARRANT THAT SERVICES WILL ACHIEVE ANY SPECIFIC RESULT OR REQUIREMENT FOR MEMBER, OR THAT SERVICES WILL OPERATE WITHOUT INTERRUPTION, OR BE ERROR FREE IN OPERATION. H-ISAC DOES NOT WARRANT AND IS NOT RESPONSIBLE FOR ANY THIRD PARTY MATERIALS OR SERVICES, INCLUDING INFORMATION OF OTHER MEMBERS.
8. LIMITATION OF LIABILITY. IN NO EVENT SHALL H-ISAC OR ITS EMPLOYEES, OFFICERS, DIRECTORS, AGENTS OR CONTRACTORS (“ISAC PARTIES”) BE LIABLE FOR ANY DAMAGES RESULTING FROM LOSS OF DATA, USE, PROFIT OR REVENUE, OR FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ISAC PARTIES’ LIABILITY FOR ANY OTHER DAMAGES SHALL NOT EXCEED $1,000. THIS LIMITATION OF LIABILITY SHALL APPLY REGARDLESS OF THE FORM OF ACTION, HOWEVER CAUSED, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT OR IN TORT, INCLUDING NEGLIGENCE OR ANY OTHER BASIS.
9. Modification. These Policies may be modified by H-ISAC without prior notice to Member. Notifications may be provided at the discretion of H-ISAC. Changes may be highlighted and/or annotated for applicability.
10. Notice. Any notice required or permitted to be given under these Policies shall be given in writing and shall be hand delivered, telecopied, sent via email, sent by certified or registered mail or sent by overnight courier service to the above addresses, and in the case of notice to H-ISAC must be directed to “ATTN: Denise Anderson, President” to be effective.