RH-ISAC Member Code of Conduct

By joining and using these platforms, you agree that you have read and will follow these rules and guidelines. If you have questions, please contact support@rhisac.org.  

Traffic Light Protocol (TLP) 

Sharing of information within the RH-ISAC community is governed by the Traffic Light Protocol. Unless otherwise noted, all information shared on RH-ISAC platforms and during RH-ISAC meetings and events is designated as TLP:AMBER + STRICT. It is important that all members familiarize themselves with TLP and respect these sharing restrictions to maintain trust within the community. You can read more about TLP in the RH-ISAC Data Handling Policy. 

The five TLP markings are: 

• TLP:RED – Not for disclosure, restricted to participants only. 
• TLP:AMBER+STRICT – Limited disclosure, restricted to participants’ organization and select business partners with a need to know.
• TLP:AMBER – Limited disclosure, restricted to participants’ organization and business partners.
• TLP:GREEN – Limited disclosure, restricted to the cybersecurity community. 
• TLP:CLEAR – Disclosure is not limited. 

Discretion 

Please do not talk about the RH-ISAC member-sharing platforms in public. These are private, TLP-AMBER+STRICT, invitation-only channels. Please do not discuss any conversations you have participated in or read in public or with people who are not members. Recipients may only share TLP-AMBER+STRICT information with employees in their own organization, and with select business partners who need the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing – and these must be adhered to. Keeping the existence of these platforms private makes it more difficult for bad actors to triangulate their targets' social footprints. 

If you wish to credential an additional member of your team or nominate another company for membership, please contact support@rhisac.org before you speak to the person you wish to invite. 

 
Avoid Marketing/Obey Copyright & Anti-Trust Laws 

You are welcome to post your experience with tools, products or services that you personally found useful, but please refrain from blatant advertising, marketing or any kind of spam. In particular, posting affiliate links to third-party services such that clicking on the link or buying the services within would directly or indirectly financially benefit the poster is prohibited, due to the potential conflict of interest. On the other hand, posting a link to your employer’s site is fine, even if it has ads or any other monetization method set up, as long as this is not obscured in any way. 

Respect intellectual property. Post content that you have personally created or have permission to use and have properly attributed to the content creator. It is advisable to contact the owner of any material if you would like to reuse it, consistent with the Traffic Light Protocol. 

Messages should not be posted if they encourage or facilitate members to arrive at any agreement that either expressly or impliedly leads to price fixing, a boycott of another's business, or other conduct intended to illegally restrict free trade. Messages that encourage or facilitate an agreement about the following subjects are inappropriate: prices, discounts, or terms or conditions of sale; salaries; profits, profit margins, or cost data; market shares, sales territories, or markets; allocation of customers or territories; or selection, rejection, or termination of customers or suppliers. 

Additionally, please refrain from posting about job positions that are open at your company or any other organization. 

 
Disparagement & Harassment 

The RH-ISAC Member sharing platforms – including our Slack Channels, Listserv and Member Exchange – as well as our in-person and online events are places for RH-ISAC members to interact, discuss and share information affecting their organizations or the retail and hospitality sectors. 
We want this to be a place where members can share information, ask questions and post comments in a harassment-free environment for everyone, regardless of gender, race, religious beliefs, sexual orientation, disability or physical appearance. We do not tolerate harassment of participants in any form. 

Be nice. Do not disparage any company, whether an RH-ISAC member or not. Respect others. Focus on the content of posts and not on the people making them. Please extend the benefit of the doubt to newer guests and members; there’s no such thing as a stupid question. 
All defamatory, abusive, profane, threatening, offensive, or illegal materials are strictly prohibited. Information posted on the discussion groups and in the libraries is available for all to see, and comments are subject to libel and slander laws. Do not post anything that you would not want the world to see or that you would not want anyone to know came from you. 
There is zero tolerance for harassment of any kind on the RH-ISAC Member sharing platforms. This includes: 

• Offensive comments related to gender, gender identity and expression, sexual orientation, disability, mental illness, neuro(a)typicality, physical appearance, body size, race or religious beliefs.
• Unwelcome comments regarding a person’s lifestyle choices and practices, including those related to food, health, parenting, drugs and employment.
• Deliberate misgendering (referring to someone using a word, especially a pronoun or form of address, that does not correctly reflect the gender with which they identify).
• Gratuitous or off-topic sexual images or behavior in spaces.
• Simulated physical contact (e.g., textual descriptions like “hug” or “backrub”) without consent or after a request to stop.
• Threats of violence.
• Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
• Deliberate intimidation.
• Sustained disruption of discussion.
• Unwelcome sexual attention.
• Continued one-on-one communication after requests to cease.
• Publication of non-harassing private communication.

 
Etiquette 

Post your message or documents only to the most appropriate channels and communities. This helps ensure all messages receive the best response by eliminating "noise." State concisely and clearly the topic of your post or comments. This allows fellow members to respond more appropriately to your posting and makes it easier for members to search the archives by subject. 

Send messages such as "thanks for the information" or "me, too" to individuals, not to the entire list. 
Do not send administrative messages, such as “remove me from the list,” to the group. Instead, when possible, use the appropriate web interface to change your settings or to remove yourself from a list, channel, group, or community. For help, please contact support@rhisac.org. 

 
Take Care When Following Advice 

Community posts might include advice on commands to run on your computer, or any other actions for you to perform. This sort of advice is provided by community members as-is, without any liability. Consider any such advice carefully and ask for clarification as needed. Any potential damage or loss of data resulting from following advice is your own responsibility. Remember, each post only reflects the views and opinions of its author, and you, as a community member, are solely responsible for anything you post. 

 
Confidentiality, Logs & Message Retention 

Please keep what is said on the RH-ISAC Member sharing platforms confidential. Do not repeat or quote things said here without the affirmative consent of the speaker(s). When quoting (with consent), please be careful not to reveal the existence of the RH-ISAC Member sharing platforms. Rather, you can refer to the quote as something that was said while you were conversing with a fellow cybersecurity professional or colleague. 

Please be mindful that things you say here may at some point become public. While we expect members to honor the confidentiality of this space, we cannot guarantee that they will do so, nor can we guarantee that every member's login credentials and logged-in devices are secure. We also cannot prevent people from screen capturing or otherwise logging conversations. Files uploaded here can be downloaded by anyone with a login. Please exercise caution and refrain from sharing sensitive information that could harm you or others if it became public. 

Because these platforms are provided by third parties, these companies retain complete logs of all channels and direct messages back to the creation of the RH-ISAC’s instances. These are U.S. companies and therefore subject to subpoenas from U.S. courts. Our logs may be subject to subpoena and could become public as part of legal proceedings. 

 
Reporting & Consequences 

While RH-ISAC staff actively follows our sharing platforms, it does not do so 24 hours a day, nor on its own undertake editorial control of postings. If you are being harassed, notice that someone else is being harassed, or have any other concerns about postings that do follow any of this Code of Conduct, please contact support@rhisac.org. We will respond as promptly as possible. 

We will respect confidentiality requests for the purpose of protecting victims of abuse. At our discretion, we may publicly name a person about whom we have received harassment complaints or privately warn third parties about them. We will not name harassment victims without their affirmative consent. 
Participants asked to stop any harassing behavior are expected to comply immediately. If a participant engages in harassing behavior, the RH-ISAC administrators may take any action they deem appropriate, up to and including expulsion from the RH-ISAC Member sharing platforms. 

 
Credits and License 

This Code of Conduct borrows heavily from Annalee Flower Horne's Sample Slack Code of Conduct, which is in turn based on Geek Feminism's Community Anti-Harassment Policy. It also adapts and includes boilerplate language from Higher Logic’s Community Rules & Etiquette and Privacy Guidelines. We have adapted the materials from these sources for our own use under the terms of the Creative Commons Attribution License.