SMB ISAO Member Terms & Conditions

PLEASE READ THESE CUSTOMER TERMS OF SERVICE CAREFULLY.

This is a contract between you (the Customer) and us (SMB ISAO). It describes the services we will provide to you, how we will work together, and other aspects of our business relationship. It is a legal document so some of the language is necessarily “legalese”, but we have tried to make it as readable as possible. These terms are so important that we cannot provide our products and services to you unless you agree to them. By using the Subscription Service or receiving the Consulting Services, you are agreeing to these terms.

We periodically update these terms. If you have an active SurviveCyber subscription, we will let you know when we do via an email or in-app notification.

IMPORTANT: PLEASE READ THE TERMS AND CONDITIONS OF THESE SERVICE TERMS (AS DEFINED BELOW) CAREFULLY BEFORE USING THE SERVICES (AS DEFINED BELOW).

The SMB ISAO/SurviveCyber Service Terms and Conditions (the "Service Terms") are a legally binding agreement between SMB ISAO, Inc. and its successors and assigns. (“SMB ISAO,” "SurviveCyber," "we," "our," or "us") and you ("you," "your," or "yours"), and describe the terms under which you agree to use the SMB ISAO’s SurviveCyber for Business solution, including any applicable Service Guarantee and Insurance (the "Protection Programs"), cyber threat alerts, CISA compliance and any other service or product which may be made available to you by us for which you have registered or enrolled or have been registered or enrolled by an authorized third party (collectively the "Services" and individually a "Service"). “Subscription Service” or “Service” means our web-based solution that is subscribed to, and developed, operated, and maintained by us, accessible via https://smbisao.com, //www.cybersafeforbusiness.com or another designated URL, and add-on products to our platform. In these Service Terms we may use the term "Member" which refers to a customer that is enrolled in one of our fee-based Services. Collectively we will use the term "Customer or Member" when referring to Members or Users.

Both our Privacy Policy and our Website Terms of Use, which apply to our website (our "Site") and your use of our Site, are available here and are incorporated by reference into these Service Terms. Notwithstanding anything stated otherwise in these Service Terms, the Privacy Policy shall govern with respect to the collection, use, retention or storage of any information or data provided by you or to which you grant SMB ISAO access.

IF YOU DO NOT AGREE TO THESE SERVICE TERMS, YOU MUST NOT ENROLL OR REGISTER FOR ANY OF THE SERVICES OR OTHERWISE USE THE SERVICES.

DEPENDING ON YOUR OFFER, YOUR MEMBERSHIP MAY HAVE AN INTRODUCTORY OR SPECIAL OFFER. AFTER THE INTRODUCTORY OFFER EXPIRES, YOUR MEMBERSHIP WILL AUTOMATICALLY RENEW AT THE APPLICABLE PRICE SET FORTH IN YOUR AGREEMENT UNTIL CANCELLED BY YOU. OUR PRICES, INCLUDING ANY RENEWAL PRICE, ARE SUBJECT TO CHANGE, HOWEVER WE WILL NOTIFY YOU IN ADVANCE. PLEASE NOTE THAT FOR ALL SERVICES OR FEATURES WHICH REQUIRE AN E-MAIL ADDRESS, INCLUDING BUT NOT LIMITED TO ANY ALERTS DELIVERED VIA E-MAIL, YOU MUST KEEP YOUR EMAIL ADDRESS UP TO DATE FOR PURPOSES OF RECEIVING SUBSCRIPTION NOTIFICATIONS AND YOU HEREBY WAIVE YOUR TO RIGHT TO RECEIVE SUCH NOTICES IF YOU DO NOT PROVIDE A VALID EMAIL ADDRESS.

IF YOU WISH TO CANCEL OR TERMINATE YOUR SUBSCRIPTION TO THE SERVICES, PROTECTION PROGRAMS, AND/OR CREDIT SERVICES AND TRANSACTED DIRECTLY WITH SMB ISAO, YOU MUST CONTACT US AT sales@survivecyber.com OR CALL 1‑805-530-7357.

IF YOU HAVE TRANSACTED FOR SERVICES VIA A THIRD PARTY, YOU MUST TERMINATE THE SERVICES DIRECTLY WITH THAT THIRD PARTY IN ACCORDANCE WITH THAT THIRD PARTY'S INSTRUCTIONS.

YOUR USE OF THE SERVICES CONSTITUTES YOUR ACCEPTANCE OF THESE SERVICE TERMS. WE MAY MODIFY, UPDATE, ADD OR REMOVE PROVISIONS OF THESE SERVICE TERMS AT ANY TIME BY POSTING THOSE CHANGES ON OUR SITE. UNLESS YOU HAVE OTHERWISE AFFIRMATIVELY AGREED TO SUCH CHANGES, YOUR CONTINUED USE OF THE SERVICES AFTER SUCH POSTING SHALL CONSTITUTE YOUR ACCEPTANCE OF ANY SUCH CHANGE(S) TO THESE SERVICE TERMS. IF YOU DO NOT AGREE WITH ANY OF THE UPDATED SERVICES TERMS YOU MUST STOP USING THE SERVICES.

  1. Enrolling in SMB ISAO Services - Members

    In order to enroll in and receive one or more Services, you must provide us with the full and accurate enrollment Information that we require for the applicable Services (collectively, "Enrollment Information"). You agree to keep all Enrollment Information updated and accurate. In the event we do not receive all the required Enrollment Information during your Enrollment Process, you agree that we may, in our sole discretion, use our database, the database of our affiliates, or other resources to attempt to complete the required Enrollment Information on your behalf. If we are unable to obtain the required Enrollment Information or you fail to authenticate your identity as may be required, the Services for which you have enrolled may be limited or unavailable.

    Upon completion of the Enrollment Process, and payment to us of any fees owed, you will become eligible to receive the Services for which you have enrolled.

  2. Reimbursement Protection Coverage Program

    As a Member enrolled in a qualifying Reimbursement Protection Coverage Program(s), should you become a victim of a data breach you may be covered for certain losses in accordance with the Master Insurance Policy, which can be found at www.royalgroupservices.com/nadsrpgdbpii.

    SMB ISAO is not providing insurance directly. SMB ISAO is facilitating access to membership into the Risk Purchasing Group (RPG) insurance coverage. Membership in the RPG confers insured status for SMB ISAO customers. You understand SMB ISAO’s limited role in marketing membership cyber insurance and agree to work directly with RPG.

    All claims and disputes are handled solely by the insurance carrier. Your benefits will be subject to all of the terms, conditions, and exclusions of the RPG coverage plan, even if they are not mentioned in SMB ISAO marketing materials, or this agreement. Your entitlement to benefits under the Master Policy will terminate upon termination of your enrollment in any SMB ISAO Membership Program.

    A complete copy of the Master Policy at

    www.royalgroupservices.com/nadsrpgdbpii

  3. General Nature and Scope of Information Sharing and Data Shared.

    Information sharing with and among SMB ISAO Members is for a “cybersecurity purpose”, in conformity with the cybersecurity purpose of the Cybersecurity Information Sharing Act (CISA) of 2015. The nature of data shared for a cybersecurity purpose includes “cyber threat indicators”, “indicators of compromise”, “routing data”, “anomaly data”, and data having relevance to cybersecurity. The aggregation of this data and the correlation of the data with a repository of malicious cyberattack history by SMB ISAO affords improved situational awareness, which is shared back with Members to help improve cyber resilience. The “privacy scrub” function of SMB ISAO further ensures that Members only share data that is relevant for a cybersecurity purpose, and that a Member benefits from the legal protections afforded under CISA. The Information Sharing practices, procedures, terms and conditions of the SMB ISAO are designed for a cybersecurity purpose and to help Members have greater situational awareness and CISA protections.

  4. Changes to the Services

    We reserve the right to modify, add to, discontinue, and/or retire any Service and/or any feature of a Service at any time. We may also modify the terms and conditions that apply to the features and your use of the Services. We shall make reasonable attempts to provide you with notice of such modifications by posting them on the Site. We have no obligation to provide direct notice of any such changes. We reserve the right to define eligibility criteria for the Services, and make changes to those criteria at any time.

    Unless you have otherwise affirmatively agreed to such changes, by continuing to use the Service(s) and Site after any such changes or modifications to the Service(s) become effective, you agree to be bound by the revised terms. If you object to such change, your sole remedy shall be to terminate and/or cancel the Service.

  5. Payment
    1. Subscription Fee. The Subscription Fee will remain fixed during the Subscription Term unless you: (i) upgrade products or base packages, (ii) subscribe to additional features or products, or (iii) unless otherwise agreed to in a new Order.
    2. Payment by credit card. You authorize us to charge your credit card or bank account for all fees payable during the Subscription Term. You further authorize us to use a third party to process payments, and consent to the disclosure of your payment information to such third party.
    3. Payment Information. You will keep your contact information, billing information and credit card information (where applicable) up to date. Changes may be made on your Billing Page within your SMB ISAO account. All payment obligations are non-cancelable and all amounts paid are non-refundable, except as specifically provided for in this Agreement.
    4. Taxes. You are personally responsible for any applicable state, federal, or other taxes that may be associated with your purchase of the Services. We also reserve the right to collect any and sales taxes applicable to your purchase of and membership to the Service.
  6. Confidentiality of Sensitive Information.
    1. SMB ISAO will have the ability to accept, enrich and modify, store and disseminate materials, information and data from DHS, NCCIC, other ISAOs, members, and government organizations. Once this data is received by SMB ISAO, it is considered sensitive from a security perspective, and may include confidential information, or proprietary information, known hereafter as "Sensitive Information."
    2. Members may not disclose Sensitive Information, except, and further restricted:
      1. To other SMB ISAO members, or
      2. To others for the purpose of preventing or responding to an imminent cybersecurity threat.
    3. Members may only disclose Sensitive Information with employees, supervisors, agents, officers or contractors who are approved by members' organizations to view such information and who have a need to know such information, and who agree to sharing constraints that comport with the Member’s adherence to SMB ISAO sharing restrictions.
      1. SMB ISAO Members' companies and organizations must implement policies and protocols to prevent and prohibit disseminating Sensitive Information outside of the circumstances described herein.
      2. SMB ISAO Members must retain a copy of any incident reports that they submit to the SMB ISAO portal.
  7. Restricted Access.

    Members must ensure that access to SMB ISAO online portal is restricted to their respective personnel designated to SMB ISAO as authorized to access the online portal, and further must be limited to personnel responsible in their duties to the Member in the areas of information security, cybersecurity or personnel security.

  8. Information Sharing.

    Members that share cybersecurity incident information agree to further share the incident data with other SMB ISAO members to enable those other members to improve cybersecurity. SMB ISAO will ensure that a “privacy scrub” is conducted prior to sharing Member’s information, however, Members are encouraged to conduct a “privacy scrub” of all information submitted as well. The data or information may be shared anonymously or by name as authorized in the incident report. Information provided may also be shared by SMB ISAO with DHS unless expressly prohibited by the member in the incident report submitted.

  9. Privacy Scrub Assignment and Agency.
    1. The Member understands and agrees that the applicability of CISA protections from sharing “cyber threat indicators” carries a precondition (under Section 104 of CISA) that a “privacy scrub” has been performed. For the limited purpose and the limited scope of Section 104 protections for sharing “cyber threat indicators”, the Member agrees and authorizes the following:
      1. It assigns to SMB ISAO, as its agent, the function of performing the “privacy scrub” as provided by Section 104(d)(2);
      2. The “privacy scrub” assignment means the period of time and steps in the process whereby the Member or its staff, affiliates, subcontractors, or partners select, format, transmit, upload or transfer a “cyber threat indicator” to SMB ISAO, or its assigns, subcontractors, or partners, whether by electronic media or any other form or media of communication, and the resulting “privacy scrub” function performed by SMB ISAO, or its assigns, subcontractors, or partners;
      3. Acting as its “privacy scrub” agent, SMB ISAO accepts the assignment and to serve as the Member’s agent, limited to performing the “privacy scrub” function, as defined above in paragraph 5b.
      4. The limited assignment and agency contained in this paragraph 5 shall be interpreted to mean, and the Member agrees, that SMB ISAO is not responsible for general CISA compliance, and that the intended effect and meaning of this paragraph is to ensure that the “privacy scrub”, within the meaning of Section 104 of CISA, is performed on behalf of the Member, through assignment to SMB ISAO, to perform certain technical privacy scrubbing functions.
  10. Commercial Use Restrictions.
    1. Acceptable Use. You will comply with our Acceptable Use Policy at www.cybersafeforbusiness.com.com/legal/acceptable-use ("AUP").
    2. Prohibited and Unauthorized Use. You will not (i) use or launch any automated system, including, "robots," "spiders," or "offline readers," that sends more request messages to our servers in a given period of time than a human can reasonably produce in the same period by using a conventional browser; (ii) use the Subscription Service in any manner that damages, disables, overburdens, or impairs any of our websites or interferes with any other party's use of the Subscription Service; (iii) attempt to gain unauthorized access to the Subscription Service; (iv) access the Subscription Service other than through our interface; or (v) use the Subscription Service for any purpose or in any manner that is unlawful or prohibited by this Agreement.
    3. No Sensitive Information. YOU AGREE NOT TO USE THE SUBSCRIPTION SERVICE TO COLLECT, MANAGE OR PROCESS SENSITIVE INFORMATION. WE WILL NOT HAVE ANY LIABILITY THAT MAY RESULT FROM YOUR USE OF THE SUBSCRIPTION SERVICE TO COLLECT OR MANAGE SENSITIVE INFORMATION.
    4. You may not use the Subscription Service if you are legally prohibited from receiving or using the Subscription Service under the laws of the country in which you are resident or from which you access or use the Subscription Service. The Subscription Service is not designed to comply with industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), or the Federal Information Security Management Act (FISMA), so you may not use the Subscription Service where your communications would be subject to such laws. You agree not to use data from the Subscription Service in legal proceedings or otherwise as evidence.
    5. Notification of Unauthorized Use. You will notify us right away of any unauthorized use of your Users’ identifications and passwords or your account by following the instructions at advise@survivecyber.com.
    6. Work products created by SMB ISAO may not be resold or otherwise used for commercial purposes except under license agreement with SMB ISAO or other express written consent of SMB ISAO.
    7. Information and products distributed by SMB ISAO with the express permission of SMB ISAO members, partners, and USG agencies cannot be resold or distributed for commercial purposes without the expressed agreement of the originating authority and its commercial use restrictions.
    8. Members agree to not use any information shared by SMB ISAO to include collateral, processes and organizational data for the purposes of competing with SMB ISAO, including without limitation, the gathering of competitive intelligence.
  11. Public Disclosure Laws.

    SMB ISAO may, with the permission of any originating source, disseminate information of a critical nature considered relevant for immediate distribution. Members may not disseminate such information and must protect that information except as described under paragraph (1).

  12. Termination of Membership.
    1. The Subscription Term is monthly and will automatically renew unless you cancel the subscription. We do not provide refunds if you decide to stop using the SMB ISAO subscription during your Subscription Term and will be charged through the end of the month.
    2. SMB ISAO retains the rights to terminate membership of this agreement without notice for:
      1. Use of the Subscription Service in a way that violates applicable local, state, federal, or foreign laws or regulations or the terms of this Agreement or violate these terms of the AUP.
      2. Failure to remit membership fees as required by contract.
      3. Providing access to Member’s portal and membership privileges to non-Member organizations.
      4. Using SMB ISAO information and products for a commercial purpose.
      5. Any other violation of these terms and conditions, or for a breach of trust not enumerated herein by decision of the SMB ISAO leadership after consultation with selected members.
      6. Non-payment may result in suspension of your access to any or all of the Subscription Services or termination. If a Subscription Service is suspended for non-payment, we may charge a re-activation fee to reinstate the Subscription Service.
      7. SMB ISAO reserves the right to seek all remedies available at law and in equity for violations of these terms and conditions, including the right to block access to the SMB ISAO website. Member agrees to indemnify, defend and hold harmless SMB ISAO from any liability, loss, claim and expense, including attorney’s fees, related to your violation of these terms and conditions or your use of the services and information provided at the SMB ISAO website.
  13. Post Membership Responsibilities.

    Members remain subject to these Terms and Conditions with respect to protecting information and commercialization use restrictions despite termination of their membership.

  14. Disclaimer of Warranties
    1. SMB ISAO provides the following disclaimers in support of the information, services or partner support provided.
      1. SMB ISAO is not required and shall not be expected by a Member to evaluate or verify information submitted to it or disseminated by it that originates with partners, members or others. SMB ISAO makes no representation or warranty with respect to the accuracy, completeness or currency of such information, and disclaims any and all liability whatsoever with respect to or in any way related to such information. Members bear the sole responsibility for, and assume all risks and liabilities related to, the taking or not taking of any action based on such information.
      2. SMB ISAO makes no representation or warranty with respect to the services and products provided by its Partners or vendors to SMB ISAO Members. Members bear the sole responsibility for, and assume all risks and liabilities related to the use of such services and products.
      3. SMB ISAO makes no representation or warranty with respect to the protections provided by the Cybersecurity Information Sharing Act of 2015 and applicable to a Member’s cybersecurity situation. Members bear the sole responsibility to ensure that protections afforded by the CISA Act of 2015 are properly interpreted and applied by their legal counsel in the case an incident incurs. SMB ISAO does not provide any legal counsel or services in the case of a cybersecurity event.
      4. By joining SMB ISAO, members agree to fully comply with these Terms and Conditions, including any amendments thereto, and to otherwise abide by the provisions of this Agreement. Individuals affirm that the information provided in connection with the member’s application for SMB ISAO membership is true and correct.
  15. Proprietary Rights.

    No license to any software is granted by this Agreement. The SMB ISAO Products are protected by intellectual property laws. The SMB ISAO Products belong to and are the property of us. We retain all right, title and interest (including all copyright, trademark, patent, trade secrets and all other intellectual property rights) in our Services, our websites (including the Data) as well as our trademarks, service marks, designs, logos, URLs, and trade names that are displayed in connection with our Services. You agree not to copy, rent, lease, sell, distribute, or create derivative works based on the SMB ISAO Content, or the SMB ISAO Products in whole or in part, by any means, except as expressly authorized in writing by us. SMB ISAO and SurviveCyber for Business, the SMB ISAO and SurviveCyber for Business logos, and other marks that we use from time to time are our trademarks and you may not use them without our prior written permission, except as otherwise set forth in this Agreement.

  16. Local Laws; Export Control

    We control and operate the Services from our headquarters in the United States of America and the content and features may not be appropriate or available for use in other locations. If you use the Services outside the United States of America, you are responsible for following applicable local laws. By using the Services, you represent and warrant that (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a "terrorist supporting" country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.

  17. Limitation of Liability

    TO THE EXTENT PERMITTED BY APPLICABLE LAW, SMB ISAO, OUR AFFILIATES, OUR RESPECTIVE LICENSORS, LICENSEES, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXTRAORDINARY, EXEMPLARY OR PUNITIVE DAMAGES, OR ANY OTHER DAMAGES WHATSOEVER (HOWEVER ARISING), ARISING OUT OF, RELATING TO OR RESULTING FROM YOUR USE OR INABILITY TO USE OR ACCESS THE SERVICES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, OR OTHER INTANGIBLE LOSSES (EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. WITHOUT LIMITING THE FOREGOING LIMITATION OF LIABILITY, IN THE EVENT WE ARE FOUND LIABLE FOR DAMAGES TO YOU IN A COMPETENT LEGAL PROCEEDING OUR AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE SERVICE TERMS IS LIMITED TO THE LESSER OF (a) ONE THOUSAND U.S. DOLLARS ($1,000) OR (b) THE AMOUNTS PAID TO US FOR THE SERVICES THAT ARE THE BASIS OF THE CLAIM IN THE TWELVE (12) MONTHS PRECEDING THE DATE OF THE CLAIM. SOME JURISDICTIONS DO NOT ALLOW CERTAIN LIMITATIONS ON LIABILITY. ONLY LIMITATIONS THAT ARE LAWFUL IN THE APPLICABLE JURISDICTION WILL APPLY TO YOU AND OUR LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

  18. Jurisdiction

    These Service Terms and any Services provided hereunder will be governed by the laws of the State of Colorado, without regard to any laws that would direct the choice of another state's laws and, where applicable, will be governed by the federal laws of the United States.

  19. Indemnification

    You will indemnify and hold SMB ISAO (and our officers, directors, agents, subsidiaries, joint ventures, licensees, employees, and third-party partners) harmless from any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of your breach of these Service Terms, or your violation of any law or regulation, or the rights of any third party.

  20. General

    Neither these Service Terms, nor any rights hereunder, may be assigned by operation of law or otherwise, in whole or in part, by you without our prior written permission. Any purported assignment without such permission shall be void. Any waiver of our rights under these Service Terms must be in writing, signed by SMB ISAO, and any such waiver shall not operate as a waiver of any future breach of these Service Terms. In the event any portion of these Service Terms is found to be illegal or unenforceable, such portion shall be severed from these Service Terms, and the remaining terms shall be separately enforced. Your use of the Services shall at all times comply with all applicable laws, rules, and regulations. These Service Terms, and all documents incorporated into these Service Terms by reference, are the entire agreement between the parties with respect to this subject matter, and supersede any and all prior or contemporaneous or additional communications, negotiations, or agreements with respect thereto. Our failure to enforce any of these Service Terms is not a waiver of such term or right. The proprietary rights, disclaimer of warranties, representations made by you, indemnities, limitations of liability and general provisions shall survive any termination of these Service Terms. These Service Terms are solely and exclusively between you and SMB ISAO and you acknowledge and agree that (i) no third party, including a third-party partner of SMB ISAO is a party to these Service Terms, and (ii) no third party, including any third-party partner of SMB ISAO has any obligations or duties to you under these Service Terms.