FS-ISAC CERES Forum Subscriber Agreement

BY SIGNING THIS CERES FORUM MEMBERSHIP SUBSCRIBER AGREEMENT (THE “AGREEMENT”), YOU (THE “SUBSCRIBER” OR “YOU”) ARE ACCEPTING ALL OF THE FINANCIAL SERVICES INFORMATION SHARING AND ANALYSIS CENTER’S ("FS-ISAC”) SUBSCRIBER TERMS AND CONDITIONS (THE “AGREEMENT”) IN ADDENDUM 1 (AS MAY BE AMENDED BY FS-ISAC FROM TIME TO TIME). YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT AND AUTHORITY TO SIGN FOR AND BIND THE ENTITY LISTED IN THIS AGREEMENT. IF SUBSCRIBER DOES NOT AGREE WITH ANY PROVISION OF THIS AGREEMENT, SUBSCRIBER MUST AND MAY NOT PARTICIPATE IN THE CERES FORUM IN ANY MANNER FOR ANY PURPOSE.   

 

The Central Bank, Regulator & Supervisor Forum (“CERES Forum”) is a system of information exchange among central banks and entities with supervisory or regulatory responsibilities over financial institutions. It provides members with a platform to securely share best practices and rapidly distribute information regarding cyber threats, vulnerabilities, incidents and other threat intelligence that could impact the members, particularly central banks, regulators and supervisors. 

 

PAYMENT

If Subscriber is a FS-ISAC member in good-standing, membership in the CERES Forum is included in that membership at no additional cost. If Subscriber is not a current FS-ISAC member in good-standing, the following payment terms apply. As payment for the Services, Member will pay to FS-ISAC the fees as described in the Subscriber Agreement (collectively, the “Fees”). Unless otherwise set forth in Subscriber Agreement, payment will be made by credit/debit card, ACH debit or international bank transfer. By providing credit/debit card or bank account information to FS-ISAC, Member authorizes FS-ISAC to debit the credit/debit card or account indicated for Annual Fees. Member understands that this authorization will remain in effect until the Termination or until Member cancels the authorization in writing at least 30 days prior to renewal date. Member agrees to notify FS-ISAC in writing of any changes in account information at least 30 days prior to the next billing date. Unless otherwise set forth in the Agreement, all Fees are due annually in advance and are not cancelable or refundable. Unless otherwise set forth in the Subscriber Agreement, the first annual payment is due as a deposit at the time of execution of the Subscriber Agreement. Member has 30 days to comply with payment method agreed upon. If any Fees remain unpaid for more than fifteen (15) business days after the due date thereof, FS-ISAC may suspend provision of all or part of the Services until such unpaid amounts are paid in full. All Fees are stated in USD. Upon at least sixty (60) days’ prior written notice to Member, FS-ISAC may change the Fees stated on the Subscriber Agreement for any renewal term.

TAXES
All Fees are exclusive of all present and future sales, use, excise, value added, goods and services, withholding and other taxes, and all customs duties and tariffs now or hereafter claimed or imposed by any governmental authority upon the Offerings which shall be invoiced to and paid by the Subscriber. If Subscriber is required by law to make any deduction or withholding on any payments due to FS-ISAC, Subscriber will notify FS-ISAC and will pay FS-ISAC any additional amounts necessary to ensure that the net amount FS-ISAC receives, after any deduction or withholding, equals the amount FS-ISAC would have received if no deduction or withholding had been required. Additionally, Subscriber will provide to FS-ISAC evidence, to the reasonable satisfaction of FS-ISAC, showing that the withheld or deducted amounts have been paid to the relevant governmental authority.

SUBSCRIBERSHIP
Subscriber agrees to be contacted by FS-ISAC for the purpose of verifying (1) the existence of the company; (2) accuracy of address and physical location; (3) the applying individual is a valid employee of the applicant company with authority to bind the Subscriber; and (4) the applicant company is a member in good standing of a recognized industry trade association or is duly licensed or registered with the applicable regulatory body. Subscriber agrees to promptly, notify the FS-ISAC if Subscriber becomes aware that its eligibility status has changed.

USE OF DATA
Subscriber hereby grants to FS-ISAC a non-exclusive, non-assignable, non-transferable, royalty-free, revocable, worldwide license to use information provided by Subscriber, including information provided via an FS-ISAC email list server or the FS-ISAC Secure Portal submission process, ("Subscriber Information"), solely for the purpose contemplated herein. All entities receiving Subscriber Information shall be bound to a confidentiality obligation. FS-ISAC shall not identify Subscriber as the source of Subscriber Information except as provided in this Section 3. Nothing contained herein shall be deemed as granting, whether express or implied, any other license, right, title or interest in and to any of Subscriber’s Confidential Information (defined below) or other information provided or made available by Subscriber. Such license shall include (i) a right for FS-ISAC to disseminate such information to other Subscribers and partners, subject to, and solely in accordance with, the terms and conditions set forth in this Agreement and the Rules (defined below); and (ii) such other sublicense rights as granted herein to FS-ISAC, provided, however, that FS-ISAC and/or other Subscribers shall be prohibited from using the Subscriber’s Information in a manner which attributes it to the Subscriber, unless permitted by the Subscriber, in accordance with the Rules. FS-ISAC information, regardless of medium, must only be given to staff with security, fraud, or critical infrastructure protection responsibilities on a need-to-know basis and strictly in accordance with the Rules. Specifically, Subscriber shall not disseminate or provide access to FS-ISAC information to regulatory examiners; people responsible for formulating or informing public policy, marketing activities, business development; or any other people who do not have a direct need to have and use the information to protect the Subscriber’s data, network, systems, people or facilities.

SYSTEM
Subscriber understands that FS-ISAC will have periodic downtime, although FS-ISAC will use reasonable commercial efforts to minimize downtime and the duration of each instance of downtime.

REPRESENTATIONS AND WARRANTIES
Subscriber represents, warrants and covenants that it is duly formed and existing and in good standing under the laws of the State or Country of its incorporation, if a corporation or formation otherwise.  

INDEMNIFICATION
If a Subscriber is a resident of a country that has ratified by the Berne Convention, then FS-ISAC shall indemnify and defend such Subscribers against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines that are incurred by Subscriber in a final non-appealable judgment arising out of any third-party claim pertaining to the actual infringement of any copyright or trademark arising from the Subscriber’s use of information provided by FS-ISAC.

CONFIDENTIALITY
Each party shall hold in strict confidence, and will not use or disclose to any third party, other than on a confidential basis to its and its affiliate’s directors, officers, employees, consultants, agents and representatives with a need to know such information and who are subject to obligations of confidentiality at least as stringent as those set forth herein (but in no case less than those reasonably employed to protect a company’s confidential information) to effectuate the parties' mutual intent hereunder, any confidential or proprietary data or information obtained from the disclosing party, or to which the receiving party has access, including without limitation with respect to the disclosing party’s business or financial condition, technical information, customer lists or otherwise (collectively, the "Confidential Information"). Information generally known in the industry or otherwise publicly available at the time of disclosure, information that a party can demonstrate was lawfully in its possession prior to the date of disclosure, information which has been disclosed by third parties which have a right to do so, or information developed independently by the receiving party without reference to or use of the Confidential Information, shall not be deemed Confidential Information for purposes of this Section 7. Each party’s obligations pursuant to this Section 7 shall survive the termination of this Agreement for any reason. Each party shall have adequate and appropriate physical measures, policies and procedures to (i) ensure the security and confidentiality of the Confidential Information, (ii) protect against any anticipated threats or hazards to the security or integrity of such Confidential Information, (iii) protect against unauthorized access to or use of such Confidential Information that could result in harm or inconvenience to the disclosing party or its customers and (iv) where possible, ensure the complete, secure and permanent disposal of such Confidential Information, as may be directed by Subscriber or required by applicable law. Each party shall notify the disclosing party promptly if there is any actual or reasonably suspected (a) unauthorized or unlawful access to or disclosure of any Confidential Information, or (b) unauthorized access to any facility, computer network or system containing any Confidential Information (collectively, “Security Incidents”). Where a Security Incident has occurred, the breached party shall promptly take all steps necessary to mitigate the damages caused by the Security Incident.

ASSIGNMENT
Neither party may assign this Agreement, or its rights and obligations hereunder, without the prior written consent of the other party except that Subscriber may assign this Agreement or any rights or obligations hereunder to a parent, subsidiary or affiliate upon written notice to FS-ISAC. This Agreement shall be binding upon, and inure to the benefit of, the parties and their respective successors and permitted assigns.

LIMITATION OF LIABILITY
In no event shall either party be liable to the other party or to any third party for incidental, special, punitive, or consequential damages (including without limitation lost profits) arising from acts under this agreement even if such party or subscriber has been advised of the possibility of such damages. Each party’s maximum liability to the other party shall be limited to the amounts paid by subscriber to the other party under this agreement.

DISCLAIMER OF WARRANTIES
ALL INFORMATION PROVIDED BY FS-ISAC IS PROVIDED "AS IS." EXCEPT AS PROVIDED HEREIN, THERE IS NO WARRANTY, EXPRESS OR IMPLIED, THAT ANY INFORMATION ACCESSIBLE ON OR THROUGH FS-ISAC WILL FULFILL ANY OF SUBSCRIBER'S PARTICULAR PURPOSES OR NEEDS. ALL INFORMATION ACCESSIBLE ON OR THROUGH FS-ISAC IS PROVIDED WITH ALL FAULTS, AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH THE USER.

RIGHTS AND REMEDIES
The remedies afforded to the parties in this Agreement are not intended to be exclusive, and each remedy shall be cumulative and shall be in addition to all other remedies available to the parties at law or in equity. This Agreement shall not be construed to confer any rights or remedies upon any person or entity, except FS-ISAC and Subscriber. No delay or omission by any party in exercising any rights or remedies under this Agreement or applicable law shall impair such right or remedy or be construed as a waiver of any such right or remedy.

OPERATING RULES AND EULA
Subscribers agree to the terms and conditions of this Agreement, the FS-ISAC Operating Rules, and the End User License Agreement (collectively, the "Rules"). The Rules are incorporated into this Agreement by reference herein and FS-ISAC reserves the right to revise such Rules from time to time. The Subscriber and its agents may not modify or waive any term of this Agreement.

DISPUTE RESOLUTION
Any unsettled controversy or claim between the parties arising out of or relating to this Agreement or any breach thereof shall be settled as follows:

  • Subscribers based in North America/LATAM: All disputes arising out of or in connection with the present Agreement shall be by final and binding arbitration in New York, New York pursuant to the rules then in effect of the American Arbitration Association (“AAA”) and in accordance with the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards. There shall be one arbitrator agreed to by the parties within twenty (20) days of receipt by respondent of the request for arbitration or in default thereof appointed by the AAA in accordance with its Commercial Rules. The arbitration shall be conducted in and the award shall be rendered in English.
  • Subscribers based in Europe/Middle East/Africa: All disputes arising out of or in connection with the present Agreement shall be by final and binding arbitration under the Rules of Arbitration of the International Chamber of Commerce (“ICC”) by one (1) arbitrator agreed to by the parties within twenty (20) days of receipt by respondent of the request for arbitration or in default thereof appointed by the ICC in accordance with its Rules of Arbitration. The place of arbitration shall be Paris, France. The arbitration shall be conducted in and the award shall be rendered in English.
  • Subscribers based in Asia Pacific: All disputes arising out of or in connection with the present Agreement shall be by final and binding arbitration under the Rules of Arbitration of the ICC by one (1) arbitrator agreed to by the parties within twenty (20) days of receipt by respondent of the request for arbitration or in default thereof appointed by the ICC in accordance with its Rules of Arbitration. The place of arbitration shall be Singapore, Singapore. The arbitration shall be conducted in and the award shall be rendered in English.

Except as may be required by law, neither a party nor the arbitrator may disclose the existence, content or results of any arbitration without the prior written consent of both parties. 

NOTICES; NOTIFICATION OF CHANGES
Any notice required or permitted to be given under this Agreement shall be given in writing and shall be hand delivered, sent by certified or registered mail or sent by overnight courier service to the (a) Subscriber as set forth in this Agreement, or at such address or e-mail address as it may have specified in writing to the FS-ISAC, and (b) to FS-ISAC at the below address or at such location as FS-ISAC shall have specified in writing to Subscriber as its principal office.

FS-ISAC, Inc., ATTN: CERES 
12020 Sunrise Valley Drive Ste. 230, Reston, VA  20191 USA 
Email: membership@ceresforum.com

INDEPENDENT CONTRACTORS
Nothing in this Agreement shall make FS-ISAC and Subscriber partners, joint ventures or otherwise associated in or with the business of the other. Service Provider is and shall always remain an independent contractor. Neither party shall be liable for any debts, accounts, obligations or other liabilities of the other party, its agents or employees. The parties are not authorized to incur debts or obligations of any kind, on the part of or as agent for the other except as may specifically be authorized in writing.

ENTIRE AGREEMENT
The provisions of this Agreement, including all documents incorporated herein by reference, such as the Rules, constitute the entire agreement between the parties and supersede all prior agreements and understandings relating to the subject matter hereof.

WAIVER
No failure on the part of one party to exercise, or delay in exercising, any right or remedy hereunder shall operate as a waiver thereof, nor shall any single or partial exercise of any such right or remedy by such party preclude any other or further exercise thereof or the exercise of any other right or remedy.