OT-ISAC Membership Terms and Conditions

OT-ISAC Terms and Conditions

Membership in Operational Technology Information Sharing and Analysis Center (“OT-ISAC”) is contingent upon approval by OT-ISAC and payment of applicable fees. All members of OT-ISAC (each a “Member” and collectively the “Members”) must abide by these terms and conditions (“T&C”) and the OT-ISAC Operating Rules, which will be provided upon onboarding.

(A) GRF Asia-Pacific Pte. Ltd. (“GRF-APAC”) is the manager of the Operational Technology Information Sharing and Analysis Center (“OT-ISAC”).

(B) OT-ISAC offers a system for information exchange among critical infrastructure sector entities within the Asia Pacific region for the purposes of providing members with timely, accurate, and actionable warnings of operational and cyber threats or attacks on individual companies and their organizational infrastructures as well as industry best practices and mitigation strategies.

(C) The Applicant wishes to participate in OT-ISAC Membership will receive all services below and can enroll up to two (2) users.

OT-ISAC Member Benefits

Membership Pricing SGD 15,000

The OT-ISAC Portal provides a platform for sharing cyber and physical threat intelligence in real-time. Intelligence that OT-ISAC Members share and receive includes actionable threat information, vulnerabilities, and advisories from community members, cross-sector partners, affiliated vendors, and government partners.

OT-ISAC Member Portal : 2 Users
OT-ISAC MISP (Malware Information Sharing Platform) : 2 Users

THE PARTIES HEREBY AGREE AS FOLLOWS:

1. Definitions

(a) “Applicant” means the entity set out at Item 1 of Attachment 1.

(b) “Affiliates” means any technology or security service providers of Member that are responsible for acting upon the information provided through OT-ISAC.

(c) “Confidential Information” means any confidential or proprietary data or information obtained from the disclosing party, or to which the receiving party has access which:

(i) shall include all confidential information, trade secrets, proprietary knowledge, financial information, best-practice methodology and any privileged information disclosed through OT-ISAC (including through the OT-ISAC Portal), whether at Committee meeting discussions or otherwise, whether or not pertaining to the disclosing party or its officers, employees, consultants, agents, customers or suppliers.

(ii) shall exclude:
1. Information generally known in the industry or otherwise publicly available at the time of disclosure other than as a result of disclosure in violation of a duty or obligation of confidentiality,
2. information that a party can demonstrate was lawfully in its possession prior to the date of disclosure,
3. information which has been disclosed by third parties not in violation of a duty or obligation of confidentiality, or
4. information developed independently by the receiving party without reference to or use of the Confidential Information, shall not be deemed Confidential Information.

(d) “Eligibility Criteria” means the following criteria, as may be amended from time to time by GRF-APAC: (1) Applicants must be organizations in good standing with all appropriate regulatory bodies or trade groups recognized by GRF-APAC; (2) Applicants must adhere to all applicable regulations and laws, including antitrust, privacy, other relevant laws and strict standards for professional conduct; and (3) Applicants must specialize in GRF-APAC approved sectors.

(e) “GRF-APAC” means GRF Asia-Pacific Pte. Ltd. (UEN: 201919177C).

(f) “Member” means the Applicant, subject to the provisions of Clause 2.1 of this Agreement.

(g) “Member’s Information” means information in any form provided by the Member to GRF-APAC and/or to any other OT-ISAC Member through OT-ISAC (including through the OT-ISAC Portal).

(h) “Operating Rules” means the OT-ISAC operating rules set out to govern the operational activities provided by OT-ISAC which may be amended and modified from time to time by GRF-APAC in its reasonable discretion.

(i) “OT-ISAC Analyst Team” refers to the dedicated team of GRF-APAC analysts and other security professionals authorized by GRF-APAC who are conducting research and intelligence gathering with the objectives of: alerting OT-ISAC Members of emerging or existing threats, incidents, indicators and vulnerabilities, supporting the development of OT-ISAC database and platform content on the OT-ISAC Portal.

(j) “OT-ISAC Information” means any information in any form provided by GRF-APAC or by any OT-ISAC Member through OT-ISAC (including through the OT-ISAC Portal).

(k) “OT-ISAC Members” means all members in OT-ISAC admitted into the OT-ISAC community by GRF-APAC from time to time in accordance with the Eligibility Criteria.

(l) “OT-ISAC Portal” means the web portal where OT-ISAC Information is assessible through a platform as advised by GRF-APAC.

(m) “Security Incident” means any actual or reasonably suspected unauthorized or unlawful access to or disclosure of any Confidential Information.

(n) “Support Group” means lawyers, staff, and agents of the respective organization who:
1. are assigned security, fraud, or critical infrastructure protection responsibilities,
2. provide technology or security services that are directly related to the services and information provided through OT-ISAC, or
3. are responsible for acting upon the information provided through OT-ISAC to secure or maintain the organization’s technology infrastructure or facilities or to mitigate a specific threat.

(o) “Traffic Light Protocol (TLP)” means a set of designations used to ensure sensitive information is shared only with the correct audience as is intended by the sharer. It employs four colors to designate varying degrees of sensitivity and the corresponding sharing restrictions to be applied by the recipient(s) as follows:

• TLP “Red”: Information will not be shared by GRF and its subsidiaries. If Partner shares information tagged TLP Red, GRF and its subsidiaries will not share this outside of restricted recipients within GRF specified by Partner.
• TLP “Amber + Strict ”: GRF will only share restricted TLP Amber +Strict information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
• TLP “Amber”: GRF will only share restricted TLP Amber information with Partner, e.g. non-attributable, “digest” summaries of GRF intelligence. GRF may occasionally share specific, detailed intelligence with Partner either upon request or when GRF believes this information is directly relevant and urgent.
• TLP “Green”: information may be re-shared on a need-to-know basis with interested parties within or external to the recipient’s organization.
• TLP “Clear”: information may be generally redistributed.

Any member or employee of Partner must sign an individual subscriber agreement with GRF to be granted access to GRF infrastructure (e.g. portal, events.)

(p) “Trusted Partners” means trusted government, critical infrastructure partner organizations, other industry information sharing organizations, service providers, and academia with whom there is a partnership and/or contractual relationship with GRF-APAC to participate in information sharing in accordance with the TLP.

(q) Clause, schedule and paragraph headings do not affect the interpretation of this Agreement.

(r) A reference to a Clause or an Attachment is a reference to a Clause of, or Attachment to, these Rules. A reference to a paragraph is to a paragraph of the relevant Attachment.

(s) A person includes a corporate or unincorporated body.

(t) A reference to a company shall include any company, corporation, or other body corporate, wherever and however incorporated.

(u) Words in the singular include the plural and words in the plural include the singular.

(v) A reference to one gender includes a reference to the other gender.

(w) A reference to a law is a reference to it as it is in force for the time being taking account of any amendment, extension, application or re-enactment and includes any subordinate legislation for the time being in force made under it.

(x) A reference to the term "including" shall, unless the context requires otherwise mean "including, but not limited to".

2. Membership

2.1. Admission of the Applicant into OT-ISAC as a Member under this Agreement is conditional on the Applicant:
a. satisfying and continuing to satisfy the Eligibility Criteria; and
b. remaining current with all financial obligations due to GRF-APAC, including membership fees, unless expressly waived by GRF-APAC.

2.2. For the purposes of verifying from time to time (i) the existence of Member, (ii) the addresses and physical location(s) of Member, and (iii) whether the Member satisfies the Eligibility Criteria, Member agrees to:
a. be contacted by GRF-APAC;
b. provide GRF-APAC with all certificates, documents and instruments reasonably requested by GRF-APAC; and
c. promptly notify GRF-APAC if Member becomes aware at any time that (1) it no longer satisfies the Eligibility Criteria, or (2) it will not satisfy the Eligibility Criteria for the next consecutive 30 days, but in no event more than five business days after Member first learns that it does not satisfy or will not satisfy for such consecutive 30 days’ the Eligibility Criteria, as the case may be.

3. Term and Termination

3.1. This Agreement is effective from the date of acceptance of this Agreement by GRF-APAC. The Member shall have the option to continue its OT-ISAC membership at the end of the membership at the applicable Membership Level in accordance with the Eligibility Criteria. On or before the end of the membership, Member will notify OT-ISAC, which can be made by email to membership@OTISAC.org of its intent to continue or discontinue membership.

3.2. Member may terminate this Agreement without cause at any time by written notice to GRF-APAC, though no pro rata amounts paid by the Member for the terminated portion of the term of the Agreement will be refunded.

3.3. GRF-APAC may terminate this Agreement if:
a. To the satisfaction of GRF-APAC, Member is no longer a Member in good standing, including if Member has materially breached this Agreement and/or the Operating Rules and such breach has not been cured;
b. To the satisfaction of GRF-APAC, Member no longer satisfies the Eligibility Criteria; or
c. the operation of OT-ISAC is terminated.

3.4. GRF-APAC and their employees, agents, contractors, subcontractors, information providers shall not be liable to Member for any costs, expenses or damages whatsoever where this Agreement is terminated under Clause 3.3 in good faith by GRF-APAC.

3.5. Without prejudice to Clause 3.4, in the case of a termination under Clause 3.3c above, GRF-APAC will refund to Member the portion of the amounts paid to GRF-APAC under this Agreement (if any) pro-rated for the terminated portion of the term of this Agreement.

4. Use of Information

4.1. Member’s information

a. Information provided by Member to GRF-APAC shall be used in accordance with the Traffic Light Protocol and shall not be otherwise used by GRF-APAC except as expressly provided in this Agreement.

b. Subject to Clause 4.1a, Member hereby grants to the following groups a non-exclusive, non-assignable, non-transferable, royalty-free, irrevocable, worldwide, perpetual license to use Member’s Information:

1. GRF-APAC,
2. OT-ISAC Analyst Team,
3. Affiliates and their Support Group,
4. Trusted Partners,
5. Other OT-ISAC Members and their Support Group

4.2. OT-ISAC Information

a. Parties shall use OT-ISAC Information in accordance with the Traffic Light Protocol.

b. Each party (the Disclosing Party) understands and agrees that the other party (the Receiving Party) has authority to disclose OT-ISAC Information received from the Disclosing Party to law enforcement, government authorities, or any other third party pursuant to a subpoena or other legal order, but only to the extent so required to be disclosed under the applicable law or regulation. To the extent allowed by law, the Receiving Party will use reasonable and customary efforts to provide GRF-APAC and all potentially impacted parties with advance notice of such disclosure requests so as to allow all parties to seek an appropriate protective order or other relief to prohibit or limit such disclosure.

c. Save as set out at Clauses 4.2a and 4.2b, Parties shall not disseminate or provide access to OT-ISAC Information to regulatory examiners; people responsible for formulating or informing public policy, marketing activities, business development; or any other people who do not have a direct need to have and use the information to protect the Member’s data, network, systems, people, or facilities.

5. Representations and Warranties

5.1. Member represents and warrants that:
a. it is duly formed and existing and in good standing under the laws of the State or Country of its incorporation, if a corporation, or formation otherwise,
b. it satisfies the Eligibility Criteria in full as of the date of this Agreement, and
c. it is duly authorized to execute and deliver this Agreement and to perform its obligations under this Agreement.

5.2. GRF-APAC represents and warrants that:
a. it is a duly formed corporation and existing in good standing under the laws of Singapore,
b. it is duly authorized to execute and deliver this Agreement and to perform its obligations under this Agreement,
c. it has resources sufficient to perform its obligations under this Agreement and to render the related services contemplated by this Agreement to be performed by GRF-APAC in a timely and professional manner, and
d. GRF-APAC shall not engage in any unfair, deceptive or abusive acts or practices.
5.3. Notwithstanding Clause 5.2,
a. The OT-ISAC Portal may contain information and materials uploaded by other OT-ISAC Members, including to bulletin boards and chat rooms, or contain links to other sites and resources provided by third parties. Such information, materials, links, as well as information derived from such materials and/or links, have not been verified or approved by GRF-APAC and do not represent GRF-APAC’s views or values. GRF-APAC shall have no liability or obligation in respect of such information, materials and/or links.

b. All information obtained through OT-ISAC (including through the OT-ISAC Portal) is provided “as is” and is not intended to amount to advice on which the Member should rely. The Member must obtain professional or specialist advice before taking or refraining from taking any action on the basis of information or services obtained through OT-ISAC (including through the OT-ISAC Portal).

c. GRF-APAC makes no warranty, express or implied, in respect of all information and services obtained through OT-ISAC (including through the OT-ISAC Portal), including warranties as to its availability, accuracy, completeness, merchantability, fitness for any particular purpose, currency, quality, and performance.

d. All faults and the entire risk as to availability, accuracy, completeness, merchantability, fitness for any particular purpose, currency, quality, and performance (if any) of the information and services obtained through the OT-ISAC Portal shall be the Member’s.

6. Indemnification

6.1. Each party shall indemnify, defend and hold harmless the other party and its respective affiliates, directors, managers, officers, partners (if such party is a partnership), members (if such party is a limited liability company), employees and agents, from and against any claims, losses, damages or expenses (including reasonable attorney fees, expenses and disbursements) by third parties pertaining to the actual or alleged infringement of any intellectual property right, including, without limitation, patents, copyrights, trademarks, service marks, or misappropriation of trade secrets or any similar intellectual property rights, arising from the indemnified party accessing, using or distributing information provided by the indemnifying party, in accordance with the terms and conditions of this Agreement.

6.2. In the event of any claim or suit relating to any matter for which one party is providing indemnification under this Section 6, the indemnified party shall promptly provide notice of such claim or suit to the indemnifying party, although any failure or delay in providing such notice will not reduce the indemnifying party’s obligations under this Section 6 except, and only to the extent, that the indemnifying party is prejudiced by such failure or delay.

6.3. The indemnifying party shall then have the sole right to control the defense of the claim or suit and the indemnified party shall reasonably cooperate in the defense of such claim or suit at the expense of the indemnifying party; provided, however, that the indemnified party may, in its own discretion and at its own expense, participate in the defense of any claim or suit including counsel of its own choosing but such participation shall not relieve the indemnifying party of its obligations to defend such claim or suit.

6.4. In the event that the defense of such claim or suit by the indemnifying party presents an actual or potential conflict between the indemnifying party or its counsel, on the one hand, and the indemnified party, on the other hand, such claim or suit shall be defended instead by the indemnified party at the expense of the indemnifying party.

6.5. In no event, however, may there be a settlement of any such claim or suit without the written consent of the indemnified party. The indemnified party has the sole and exclusive authority to enter into any settlement that would impose an injunction or any other equitable relief on the indemnified party or that provides for any relief or term of settlement other than the payment of money damages by the indemnifying party solely.

7. Limitation of Liability

7.1. In no event shall GRF-APAC be liable to the Member or to any third party for incidental, special, punitive, or consequential damages (including without limitation lost profits) arising from acts under this Agreement even if such party has been advised of the possibility of such damages.

7.2. The maximum liability of GRF-APAC to the Member under this Agreement shall be limited to an amount equal to the aggregate amounts paid by the Member to GRF-APAC under this Agreement during the 12-month period preceding the first incurrence of any such liability.

7.3. Notwithstanding the foregoing Clauses 7.1 and 7.2, GRF-APAC’s liability shall not be limited in respect to any claims based on GRF-APAC’s fraud and willful misconduct.

8. Intellectual Property

The Member acknowledges and agrees that GRF-APAC owns all intellectual property rights in the OT-ISAC Portal. Except as expressly stated herein, this Agreement does not grant the Member any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licenses in respect of the OT-SIAC Portal.

9. Confidentiality

9.1. Each Party shall hold in strict confidence, and will not use or disclose to any third party, other than on a confidential basis to its and its Affiliate’s directors, officers, employees, consultants, agents, representatives and contractors with a need to know such information and who are subject to obligations of confidentiality at least as stringent as those set forth herein (but in no case less than those reasonably employed to protect a company’s confidential information) to effectuate the parties' mutual intent hereunder, but subject in all respects to the restrictions provided for in Clause 4, any Confidential Information.

9.2. Each party shall have appropriate physical measures, policies and procedures reasonably designed in accordance with industry standards to

a. ensure the security and confidentiality of the Confidential Information,
b. protect against any anticipated threats or hazards to the security or integrity of such Confidential Information,
c. protect against unauthorized access to or use of such Confidential Information that could result in harm or inconvenience to the disclosing party or its customers and
d. where possible, ensure the complete, secure and permanent disposal of such Confidential Information, as may be requested by the disclosing party or as required by applicable law.

9.3. Each party shall notify the other party promptly if it learns of Security Incidents. Where a Security Incident has occurred, the breached party shall promptly take all steps necessary to mitigate the damages caused by the Security Incident.

9.4. The parties acknowledge that improper disclosure of Confidential Information in violation of Section 4, 8 and/or 9 may cause irreparable injury to the disclosing party, and that remedies at law for any such breach would be inadequate. In the event of a breach or threatened breach, the disclosing party has the right to seek injunctive relief (in addition to any and all other remedies available at law or equity) without the need to post a bond or other security, or demonstrate the confidential nature of its Confidential Information and the other party will not contest such relief on the basis that the disclosing party has an adequate remedy at law or other relief.

9.5. Each OT-ISAC Member is an intended third-party beneficiary of Section 4 and this Clause 9 with respect to the Confidential Information of such OT-ISAC Member.

10. Press Releases and Marketing

10.1. OT-ISAC may only issue a press release or publish other marketing materials that identify Member upon receiving Member's prior written consent, such consent to be granted in Member's sole discretion.

10.2. Member may only issue public releases related to OT-ISAC upon receiving OT-ISAC’s written consent after review of copy, such consent to be granted in OT-ISAC’s sole discretion; provided, however, Member may issue a press release to announce its Membership in the OT-ISAC without the written consent of OT-ISAC. For the avoidance of doubt, this Agreement will not restrict Member from informing clients, prospective clients, regulators, and other parties in non-public communications of its relationship with OT-ISAC.

11. Force Majeure

Neither party shall be held financially or otherwise responsible for any delay or failure in performance under this Agreement, which is caused by the unavailability of third-party communications facilities, fires, strikes, embargoes, government requirements, civil or military authorities, acts of God, acts by terrorists or terrorist organizations or by the public enemy or other similar causes beyond the reasonable control and without the fault or negligence of such party.

12. Assignment

Neither party may assign this Agreement, or its rights and obligations hereunder, without the prior written consent of the other party except that GRF-APAC may assign this Agreement, or its rights and obligations hereunder, whether partly or wholly, without prior written consent of the Member. Any purported assignment made in violation of this Clause 12 shall be null and void. This Agreement shall be binding upon, and inure to the benefit of, the parties and their respective successors and permitted assigns.

13. Rights and Remedies

The remedies afforded to the parties in this Agreement are not intended to be exclusive, and each remedy shall be cumulative and shall be in addition to all other remedies available to the parties at law or in equity. This Agreement shall not be construed to confer any rights or remedies upon any person or entity, except OT-ISAC and Member. No delay or omission by any party in exercising any rights or remedies under this Agreement or applicable law shall impair such right or remedy or be construed as a waiver of any such right or remedy.

14. Third Party Rights

This Agreement does not create, and shall not be construed as creating, any rights enforceable by any person not a party to this Agreement, other than the indemnification rights provided to indemnified parties under Section 6 and the rights provided to OT-ISAC Members under Clauses 4 and 9.

15. Notice

Any notice required or permitted to be given under this Agreement shall be given in writing and shall be hand delivered, telecopied (provided that another method set forth in this Clause 15 is also used), sent by e-mail, sent by certified or registered mail or sent by overnight courier service to:

a. The Member as set forth at Item 2 of Attachment 1, or at such address or e-mail address as it may have specified in writing to GRF-APAC, and

b. GRF-APAC at the below address or at such location as GRF-APAC shall have specified in writing to Member as its principal office:

OT-ISAC
ATTN: OT-ISAC Membership Services
OT-ISAC Office Address: 61 Robinson Road Level 6, Singapore 068893
Email: membership@otisac.org

16. Survival

16.1. The provisions of Clauses 3, 4, 7, 8, 9, 10, 13, 15, 16, 19, 20, 21 and 26 shall survive the expiration or earlier termination of this Agreement.

16.2. In addition, claims and liabilities for breaches of this Agreement accruing prior to the termination of this Agreement (if any) and indemnification claims under Clause 6, accruing prior to such termination (if any) will also survive expiration or termination of this Agreement.

17. Antitrust

17.1. Parties shall comply with all national and state antitrust laws and regulations. All officers, directors, managers, partners (for any party organized as a partnership), staff, and members must not engage in any conduct that may constitute violation of the antitrust laws, including but not limited to price fixing, group boycotts, or allocations of market among organizations or institutions.

17.2. In line with compliance under Clause 17.1:

a. Members are prohibited from discussing any company-specific, competitively sensitive information, including terms, sales, conditions, pricing, or future plans, related to their firms or any vendors or service providers they engage;
b. The member community mailing lists and forums are not to serve as a conduit for discussions or negotiations between or among vendors, manufacturers, or security service providers with respect to any member or group of members;
c. Each Member will determine the effect of the exchanged information on its individual purchasing and related decisions;
d. Any breach of this Section 17 may result in termination of this Agreement and forfeiture of remaining annual Subscription Fee (as defined below).

18. Severance

If any provision in this Agreement (or part of a provision) is found to be invalid, unlawful or unenforceable to any extent, the parties shall endeavor in good faith to amend this Agreement to preserve the intention of parties at the time the Agreement was entered into. If the parties fail to agree on such an amendment, such invalid provision will be enforced to the maximum extent permitted by law or, if not enforceable, will be severed from the remaining terms, conditions and provisions, which will remain in full force and effect.

19. No Waiver

No failure on the part of one party to exercise, or delay in exercising, any right or remedy hereunder shall operate as a waiver thereof, nor shall any single or partial exercise of any such right or remedy by such party preclude any other or further exercise thereof or the exercise of any other right or remedy. A waiver on one occasion shall not constitute a waiver on any further occasion.

20. No Partnership

Nothing in this Agreement is intended or shall operate to create a partnership or joint venture between the parties or to create any inference that either party may be regarded as an agent of the other party for any purpose or to authorize either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

21. Variation

21.1. Notwithstanding anything herein, Parties accept and acknowledge that from time to time the Membership Agreement and Operating Rules may be modified by GRF-APAC by notifications to the Member of each amendment or modification (if any), with all such amendments and modifications highlighted and/or annotated for applicability.

22. Entire Agreement

22.1. The provisions of this Agreement and all Addenda, including all documents incorporated herein by reference, such as the Operating Rules, constitute the entire agreement between the parties and supersede all prior agreements, arrangements and understandings relating to the subject matter hereof.

22.2. Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.

23. Inconsistency

In the event of any inconsistency, contradiction, or conflict between the terms of this Agreement and any terms or conditions in the Operating Rules, the terms of this Membership Agreement shall prevail.

24. Counterparts

This Agreement may be executed in any number of separate counterparts with the same effect as if all parties hereto had signed the same document. All counterparts shall be construed together and shall constitute one instrument.

25. Further Assurance

Each of the parties to this Agreement covenants to execute upon request of the other party any further documents that the requesting party reasonably deems necessary to effectuate the terms, conditions or intent of this Agreement.

26. Governing Law and Dispute Resolution

26.1. This Agreement and any disputes or claims arising out of or in connection with its subject matter are governed by and construed in accordance with the laws of the Republic of Singapore.

26.2. Any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (“SIAC”) in accordance with the Arbitration Rules of the Singapore International Arbitration Centre ("SIAC Rules") for the time being in force, which rules are deemed to be incorporated by reference in this clause. The seat of the arbitration shall be Singapore. The Tribunal shall consist of 1 arbitrator. The language of the arbitration shall be English.

27. Operational Technology Information Sharing and Analysis Center (MFG-ISAC) Traffic Light Protocol

All information submitted, processed, stored, archived, or disposed of will be classified and handled in accordance with its classification and the terms of the Member Agreement to which the Member has entered into with OT-ISAC.

a) Unless otherwise specified, all information will be treated as Confidential Information (AMBER) and will not be disclosed to parties without the permission of the originator.

b) No Confidential Information (RED) or (AMBER) will be disclosed to any director of the GRF board or any GRF personnel who are employees of any OT-ISAC member.

c) Information will be classified using the Traffic Light Protocol, defined as:

TLP:RED - Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.
TLP:AMBER+STRICT - Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
TLP:AMBER - Recipients may share TLP:AMBER information with members of their own organization and its clients on a need-to-know basis to protect their organization and its clients and prevent further harm.
TLP:GREEN - Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. Unless otherwise specified, TLP:GREEN information may not be shared outside of the cybersecurity or cyber defense community.
TLP:CLEAR - Recipients may share TLP:CLEAR information without restriction. Information is subject to standard copyright rules.

NOTE: If you have any questions regarding the Terms and Conditions, please contact membership@otisac.org