Terms & Conditions for ST-ISAC Membership
The following sets forth the terms and conditions for membership in the Surface Transportation Information Sharing and Analysis Center (ST-ISAC), owned and operated by ROGERCO, Inc. (RCI). By signing, attesting, or becoming a participating member, you agree to the terms and conditions set forth below.
1. Definitions:
a. ST-ISAC: The Surface Transportation Information Sharing and Analysis Center, a program owned and operated by RCI to further support security and industry engagement for the Freight Rail and Trucking industries.
b. Participant Proprietary Information: Company Confidential Data provided by any member under the terms of this agreement.
c. Data: Information shared by or between the ST-ISAC or any member in accordance with these membership terms and conditions. Data may include any information collected, analyzed, or compiled in relation to, but not limited to, General Freight, Long-Distance Freight, Local Freight, Trucking, Commercial Trucking, Hotshot Trucking, Support Trucking, Freight railways, passenger railways, railroad transportation, or line haul, adjacent critical infrastructure domains, supply support, supply chain, tangential organizations, freight, rail and trucking manufacturing, in addition to the security, support, industry practices, engagement, or safety of any of the aforementioned areas.
d. Member Organization: A qualifying organization under the ST-ISAC that has agreed to these terms and conditions. For the purpose of these terms and conditions, “Member” shall include all employees, agents, or assigns of the Member organization.
e. Individual Member: An individual from a qualifying member organization whose application to join the ST-ISAC is approved and has agreed to these terms and conditions.
2. Purpose: The Purpose of the ST-ISAC is to support information sharing amongst sector members and partners; collect and analyze sector-specific cyber and physical security-related information; leverage subject matter analytical expertise to produce and disseminate sector-focused reports and alerts to members; coordinate and collaborate with cross-sector critical infrastructure partners; and help critical infrastructure partners and, when appropriate, government understand the sector’s specific critical information/intelligence requirements and potential impacts of both man-caused and natural threats and incidents to the Freight Rail and Trucking industries.
a. The ST-ISAC provides the following reports and benefits:
i. Freight Rail and Trucking (FRAT) Report: Focuses on situational awareness, terrorism & extremism, supply chain security, asset protections, industry news, and technology. Weekdays.
ii. The Daily Open-Source Cyber Report: Extracted from multiple sources by inhouse, member, or external analysts to support our members’ cyber security efforts. The report includes an executive news section and a technical summary with subsections covering emerging threats and exploits, attacks, breaches, leaks, security vulnerabilities, alerts, advisories, updates, and tool-specific news. Weekdays.
iii. Priority and Situational Awareness Messages: “Alerts” - Provides awareness of relevant events as they occur. Periodic.
iv. Situational Awareness Bulletins, Special Reports, & Partner Reports: Provides in-depth analyses of various threats, incidents, events, and topics. Periodic. Partner Reports represent relevant reports from our many private sector and government partners. Periodic.
v. Request for Information support. The number of RFI requests may be limited by membership tier. If limited, please note here: ___________________________. RFI responses are subject to team resourcing and availability.
vi. Quarterly Membership Meetings. Virtual meetings open to all Members.
vii. Membership Portal. A membership portal for access to various posts, reports and information.
viii. ST-ISAC Committees. The ST-ISAC will form Committees. Committees are limited to a maximum of eight (8) members and are formed by invite and referral, at the discretion of the ST-ISAC and RCI leadership. If a Member fails to attend 90% of Committee meetings, they are subject to removal from the Committee. Committee membership is reviewed annually.
ix. ST-ISAC will form Working Groups. Working Groups are open to all members on a first-come first-served basis until they are full. Once full, a waitlist will be formed. Working Groups run for three (3) to twelve (12) months. Should a member no longer wish to participate, or attendance drops below 70%, another member from the waitlist may take their place.
b. Strategic Members may include members who have been determined to be experts in any specific area of relevance, as determined exclusively by ST-ISAC, and may receive additional benefits and commitments as defined in Appendix A , provided separately, if applicable.
3. Membership
a. Membership is limited to carefully vetted organizations and individuals who qualify according to specific criteria established and approved by RCI in coordination with key sector stakeholders.
b. ST-ISAC operations are funded by annual organizational dues from approved Individual Members or Member organizations. Member Organizations must ensure member dues payments remain current.
i. Organizational Memberships remain active for a period of twelve (12) calendar months after the payment is successfully processed. ST-ISAC will invoice the Recipient at least (30) days prior to the anniversary date of membership and the amount due shall be billed to the method of payment on file, unless notice of written cancellation is received at least thirty (30) days prior to the due date. Notices of cancellation shall be sent to:
[email protected]
ii. Failure to pay Organizational Member dues by the renewal date will result in the suspension of the ST-ISAC membership until dues are paid, at which time their membership will reinstate after their payment is successfully processed. Please note that payments more than 60 days late will renew at the current new member rate, regardless of previously offered promotional pricing.
c. Members must ensure all relevant member data is current.
i. Member agrees to promptly inform the ST-ISAC of any substantive organizational changes that could impact their suitability for membership. Changes may include, but are not limited to, member engagement, qualifications, representations, and or any array of legal implications.
ii. Member agrees to promptly inform the ST-ISAC of any substantive changes to the employment status, legal name, phone number, email address, physical address, role, or title of registered individual members.
4. Operation of ST-ISAC
a. Homeland Security Presidential Directive 7 (HSPD-7) calls for the creation of private sector Information Sharing and Analysis Centers (ISACs) to protect United States critical infrastructures from attack. At the request of the U.S. Department of Transportation (DOT) and with the support of key industry stakeholders, RCI formed the Surface Transportation Information Sharing and Analysis Center (ST-ISAC) in 2002.
b. The ST-ISAC is administered exclusively by RCI.
c. RCI, at their sole discretion, may retain outside contractors to provide services to the ST-ISAC and its members.
5. Intellectual Property Rights: All intellectual property rights in the materials, reports, and data generated or provided by ST-ISAC belong exclusively to ST-ISAC, unless otherwise specified. Members agree not to use, reproduce, or distribute ST-ISAC materials without express written permission.
6. Proprietary Information/Data Protection
a. ST-ISAC and Members both acknowledge that the protection of shared Data is essential to the security of both Members and the mission of the ST-ISAC. The intent of the Data protection terms are to: (a) enable Member to make disclosures of Data to ST-ISAC while still maintaining rights in, and control over, the Data; and (b) set common information sharing protocol that will determine the extent to which Data can be shared with others.
b. Nothing in these terms and conditions grants ST-ISAC or Members an express or implied license or an option on a license, or any other rights to, or interests in, the Data, except as express in Article 5: Intellectual Property Rights.
c. The Company will retain Member information and shared Data for the duration of the membership and for a period of three (3) years after membership termination, unless otherwise required by law or requested in writing by the Member to delete such data.
7. Data Sharing
a. All Data provided by any ST-ISAC Member or the ST- ISAC shall include an information sharing designation in accordance with the Traffic Light Protocol (TLP) 2.0: https://www.cisa.gov/sites/default/files/2023-02/tlp-2-0-user-guide_508c.pdf
b. The ST- ISAC and Member each agree not to remove, alter, or obscure TLP markings without prior written authorization of the party sharing the Data. The ST-ISAC and Member also agree to abide by the relevant TLP designation guidelines and any other expressly stated handling or “Fair Use” guidance unless otherwise authorized in writing by the party sharing the Data.
c. In the event that Data shared by the Member or ST-ISAC does not include a TLP designation, it shall be considered as having been designated ‘TLP: Red’, unless the entity sharing the Data otherwise specifically changes the designation.
d. Unless a Member designates in writing that the Data cannot be shared or that such sharing is subject to stated restrictions, all Data provided by Members may be shared with ST-ISAC Members and trusted partners provided that the Data is anonymized and not attributable to the Member.
e. The ST-ISAC and Member acknowledge that certain Data may also be designated with a notice of patent, copyright, trade secret, or other proprietary right. The ST-ISAC and Member each agree not to remove, alter, or obscure any such designation without the prior written authorization of the party sharing the Data.
8. Data Retraction
a. If a Member retracts any Data it sent to the ST-ISAC, then, upon notification by the Member, the ST-ISAC will delete such Data and all copies thereof, and as applicable, notify other ST-ISAC Members and its federal partners to delete the Data. Parties to this agreement understand that simple retractions, redactions, or changes may substantially alter the contextual benefit of the Data.
b. Upon receiving retraction notification, ST-ISAC Members will delete such information and all copies thereof. If a ST-ISAC Member is unable to delete the Data based on applicable law, then that Member will continue to maintain the confidentiality of the Data. In this instance, notice may be provided to the ST-ISAC that Data cannot be deleted.
RCI does not maintain liability for Members who do not follow this guidance. However, if it is determined that a Member has knowingly disregarded a notice to delete data, their membership may be subject to suspension or termination.
9. Reports Containing Data
a. From time to time, the ST-ISAC may use member-supplied data to generate reports. In these instances, data will be anonymized, and the Member(s) supplying the information shall have the right to review such reports prior to release to correct factual inaccuracies and make recommendations and comments regarding the report.
b. ST-ISAC and Members shall work in good faith to reach mutually agreed-upon language for the reports.
c. If agreement cannot be reached, Member may request that its Data be removed from the report.
10. Data Usage and Privacy
a. By providing your information, you consent to the collection and use of your data for the purpose of delivering email required and occasional promotional communications via our third-party service provider, MailChimp. Your data will be securely stored and processed in accordance with our Privacy Policy and MailChimp's privacy practices .
b. We intend to use your information solely for the purpose of delivering relevant reports, bulletins, and communications. We do not sell, rent, or share your personal data with any third parties for their own marketing purposes. You may opt out of receiving our non-required communications at any time by following the unsubscribe link provided in our emails. Please note that we do not send SPAM.
c. Voluntary Membership Directory: As part of our membership, you will have the option to identify which information, if any, will be shared in our Membership Directory, which other Members may view. The Directory is housed in the Membership Access area, and is not made publicly available. Participation in the directory is completely voluntary. By choosing to be included, you consent to the display of your selected information to other Members. You may request to modify or remove your information from the directory at any time by contacting us directly in writing.
11. Term & Termination
a. Member’s obligations under these terms shall continue so long as they remain a member of the ST-ISAC, except that the obligations of confidentiality of Data as provided herein shall survive the expiration of Member’s membership.
b. Member may terminate its ST-ISAC membership at any time upon written notice to the ST-ISAC, at least thirty (30) days prior to their next annual billing date. Members do not receive prorated refunds, and membership will continue through the end of the current membership/billing cycle, and subject to item 12(c) below.
c. Membership shall terminate automatically: (i) if the Participant no longer meets the criteria for participation in the ST-ISAC; (ii) if the operation of the ST-ISAC is terminated.
d. Members shall conduct themselves in accordance with the highest ethical standards and agree not to misuse ST-ISAC resources, Data, or member information for purposes other than those intended under this agreement. ST-ISAC reserves the right to terminate a Member’s participation immediately if the Member is found to be in violation of these Terms and Conditions, including but not limited to the misuse of Data and sharing of Membership credentials.
12. Indemnification: Members agree to indemnify, defend, and hold harmless the Company, its officers, directors, employees, agents, affiliates, and members (collectively, “Indemnified Parties”) from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorney’s fees and court costs) arising out of or in connection with:
a. Any use of the information, analysis, or guidance provided by the ST-ISAC in a manner inconsistent with the purposes for which it was intended;
b. Any reliance on the information shared through the ST-ISAC’s services that leads to harm, including but not limited to, financial losses, security breaches, or operational disruptions; and
c. Any third-party claims resulting from actions or decisions taken based on the use of ISAC-provided data, guidance, or analysis.
13. Hold Harmless: Members agree to hold the Indemnified Parties harmless from any and all claims, losses, or damages, whether direct or indirect, incurred as a result of their participation in ST-ISAC activities or the use of ST-ISAC’s services and materials.
14. Jurisdiction and Venue
a. Any disputes arising under this agreement shall be governed by the laws of the State of Delaware without regard to choice of law provisions and may be heard in any Court of Competent Jurisdiction.
15. Dispute Resolution: Any dispute, controversy, or claim arising out of or relating to these Terms and Conditions or the breach thereof, shall be settled by third-party arbitration under its rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.
16. Severability
a. Should any court of competent jurisdiction consider any provision of these terms and conditions to be invalid, illegal, or unenforceable, such provisions shall be considered severed from these terms and conditions.
b. All other provisions, rights, and obligations shall continue without regard to the severed provision(s).
17. Entire Understanding and Agreement
a. The terms and conditions contained herein represent the entire agreement of the ST-ISAC and Member and supersede all prior understandings.
b. ST-ISAC retains the right to modify these Terms and Conditions from time to time. Updated Terms and Conditions will be provided to the Members and will become binding 45 days after delivery.
By selecting the button to submit your application, you agree to the Terms & Conditions herein and are attesting you have the authority to do so.