MDISS

F.A.Q.'s

Question: What is MDISS?

Answer: The Medical Device Innovation, Safety and Security Consortium (MDISS) founded in 2011, is a non-profit public health initiative and patient safety organization focused on medical device cybersecurity. MDISS also helps its member organizations by providing a forum for sharing expertise in practical technology, operations and policy solutions, with the goal of contributing substantially to improved safety of connected medical devices.

MDISS was the first organization dedicated to specifically addressing these important medical device cyber health challenges.

MDISS members bring deep expertise and understanding of technical vulnerabilities to bear on the complex. In addition, MDISS programs also support the development of epidemiologic methods, regulatory science and a public-private partnership model for public health interventions.

Question: What is MDISS’ Mission?

Answer: MDISS’ mission is to protect public health and well-being by advancing computer risk management practices to ensure wide availability of innovative and safe medical devices through collaborative innovation activities with providers, payers, manufacturers, universities, government agencies, technology companies, individuals, patients, patient advocates and associations.

As a 501(c)3 non-profit public health and patient safety organization, MDISS is focused on medical device cybersecurity. Our primary purpose is to help member organizations develop practical technologies, practices and policy solutions for making connected medical devices safer and more secure. We do this by:

Applying deep expertise in identifying and mitigating technical vulnerabilities
• Promoting effective standards and regulations
• Focusing on patient-centered security

Question: How can my organization join forces with MDISS?

Answer: MDISS Membership offers multiple engagement levels:

Leadership Council Membership is open to a variety of organizations, including:

o Large medical device manufacturers
o Large technology and consulting firms in the medical device arena
o Insurance companies
o Trade associations and other non-profit groups serving the medical device community, including advocacy and lobbying groups

• Working Group Council Membership is open to small and medium device manufacturers and technology firms.

• Start-Up Membership is open to new medical device and healthcare software companies with less than $25M in funding.

• Health Delivery Organizations (HDOs) and hospital networks are eligible for membership. There are two levels of HDO membership:

o Basic HDO membership is free and includes access to MDRAP
o HDO Enhanced membership provides members with additional benefits and services on a fee-based plan

Question: Does MDISS offer personal memberships?

Answer: MDISS does not currently offer personal memberships. If you are an individual in the Medical Device arena who is interested in exploring membership in MDISS, please contact Don Rahtjen, Director of Partner Engagement, at don.rahtjen@mdiss.org for information about the level of MDISS membership that may best suit your needs.

Question: What is the term of an MDISS membership?

Answer: Any membership in MDISS runs for 12 months from the date of initial acceptance and is renewable in 12 month increments thereafter.

Question: What benefits does MDISS offer our members?

Answer: MDISS offers a variety of benefits to our members. Benefits include helping member organizations develop practical technologies, practices and policy solutions for making connected medical devices safer and more secure. Additionally, MDISS provides opportunities to collaborate, engage and lead the development and awareness in this space.

Below is a list of prospective membership benefits. While representative, this list is subject to change and is not to be considered comprehensive. Current membership benefits will be detailed in each member’s formal Membership Agreement.

Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world.
• 
Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices.
• 
Admission to regular MDISS working group sessions.
• 
Admission to steering group strategy sessions.
• 
Speaking slots at MDISS-hosted events.
• 
Complimentary Tickets to MDISS events requiring a registration fee.
• 
MDISS members get preferred access to WHISTL™ labs all over the world. This network of labs not only enables healthcare providers to verify and validate the control claims of medical device manufacturers but to identify, validate and share control practices across the community. (WHISTL™) facilities are federated network of medical device security testing labs, independently owned and operated by MDISS-member organizations. The goal is to help organizations work together to more effectively address the public health challenges arising from cyber security issues emergent in complex, multi-vendor networks of medical devices.
• 
Promotion on MDISS Website as a LEADERSHIP organization, MDISS quotes for your press releases, and support for a joint press release announcing your Leadership stake in MDISS. MDISS will syndicate your blog posts and whitepapers as desired in MDISS blogs and social media.

Question: How does MDISS promote its mission and goals?

Answer: MDISS promotes its mission and goals in a variety of ways, including:

 Advocacy 

o MDISS National Cyber Safety Network
o This is a new initiative based on the CDC’s National Health Safety Network (NHSN); it aims to leverage public/private partnerships with federal agencies, state and local public health officials, academics and researchers, and the rest of the stakeholder community to create better patient outcomes. This is complex and long term, but closely mirrors the mission of MDISS overall. If you’re interested in joining the discussion, send a note to our Executive Director, Dale Nordenberg at dale.nordenberg@mdiss.org.
o MDISS Indemnification initiative works directly with State and Local governments to advance medical device security initiatives leveraging existing, traditional public health best practices they already understand – and fund.

 Medicalizing Standards

o IEC 62443-4 is the international security best practices standard for vendors of industrial control systems with clear utility for medical device networks. The ISA99 Committee named MDISS as the official liaison to IEC 62443-4 responsible for “medicalizing” the standard.

 University Alliances

o MDISS partners with major Universities and academicians around the country to connect researchers to their counterparts on the front lines of business and healthcare. University faculty and students get special discounts on MDISS programs and memberships, and MDISS member companies benefit from personal introductions to relevant scientists and researchers.

Question:What is MDRAP™?

Answer: MDRAP ( Medical Device Risk Assessment Platform) is MDISS’s cyber risk assessment and data sharing platform. Results are dynamic and easy to collate. Crowdsourced from vetted Healthcare Technology professionals, MDRAP™ generates a new kind of medical device security profile – one that is easy to complete, clear, concise, and – most importantly – actionable.

The MDRAP assessment tool is anchored in the MDS2, which is a good starting point for understanding the controls that are available for or applicable to the technology of interest. MDRAP provides functionality to compare devices from a control feature basis on the procurement side and helps identify control gaps and prioritize remediation for existing inventory. By maximizing the implemented controls as new equipment is brought into the healthcare delivery environment, and applying the available controls to the existing inventories, healthcare systems can systematically reduce the vulnerability footprint created by integrated medical devices.

MDRAP™ assessments are deeper, more flexible and more contextual than MDS2’s. MDRAP is transparent, actionable and fast – and the network effects of “crowdsourcing” mean that your teams will spend less time entering data and more time addressing controls.

MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world.

 

Question: Who has access to MDRAP™?

Answer: Access to MDRAP is available to Healthcare Delivery Organization and Medical Device Manufacturers staff. MDRAP is also available to independent service and consulting engaged by and HDO or MDM.

Question: What is WHISTL?

Answer: MDISS World Health Information Security Testing Lab (WHISTL™) facilities are located all over the world. This network of labs not only enables healthcare providers to verify and validate the control claims of medical device manufacturers, but to identify, validate and share control practices across the community. (WHISTL™) facilities are federated network of medical device security testing labs, independently owned and operated by MDISS-member organizations. The goal is to help organizations work together to more effectively address the public health challenges arising from cyber security issues emergent in complex, multi-vendor networks of medical devices.

Question: How can I find out more about MDISS, membership, and services offered?

Answer: Please contact us directly to find out more about MDISS, membership, and the benefits we offer to the Medical Device community.

• For detailed information about becoming an MDISS member or for more information about MDRAP, contact Phil Englert at  phil.englert@mdiss.org.
• 
For an overview of MDISS, explore our website, starting here: https://www.mdiss.org.

STILL HAVE QUESTIONS?

Drop us a line at info@mdiss.org

As a grass-roots) organization, MDISS is really about YOU. We'd love to hear from you.


HDO/GPO SENATE MEMBERSHIP

Subtotal $0.00

MDRAP AND MDISS
TERMS OF SERVICE

This website, domain and the products and services delivered through it are operated by the Foundation for Innovation, Translation and Safety Science, Inc. doing business as the Medical Device Innovation, Safety and Security Consortium (“MDISS”). Throughout the site, the terms “we”, “us” and “our” refer to MDISS. “You”, “Member”, “Your” “User” refers to you, the customer. “The parties” refers to both MDISS and you, the customer. MDISS offers this website, including all information, tools and software delivered as a service (e.g. MDRAP) available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here. The MDISS store and e-commerce platform is hosted by Shopify, Inc.; they provide us with the online e-commerce platform that allows us to sell our products and services to you. By visiting our site and/or downloading or purchasing something from us, you engage in our “Service” and agree to be bound by the following terms and conditions (“Terms of Service”, “Terms”), including those additional terms, conditions and policies referenced herein and/or made available via hyperlink. Inclusively, these Terms of Service apply to all users of the site, including without limitation to users who are browsers, shoppers, vendors, customers, merchants, and/ or contributors of content. Please read these Terms of Service carefully before logging in, using our website or participating in any MDISS organized event. By accessing or using any part of the site, you agree to be bound by these Terms of Service. If you do not agree to all the terms and conditions of this agreement, then you may not access the website nor use any MDISS software or services. If these Terms of Service are considered an “offer”, then “acceptance” is expressly limited to these Terms of Service.

SECTION 1 – CHANGES TO OUR OFFERINGS
Any new features or tools which are added to the current MDISS website, MDRAP portal or any other MDISS offering, service or event shall also be subject to the Terms of Service. You can review the most current version of the Terms of Service at any time on this page. We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes. Finally, the headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms.

SECTION 2 - ONLINE STORE TERMS
By agreeing to these Terms of Service, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site. You may not use our products for any illegal or unauthorized purpose nor may you, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright laws). You must not transmit any worms or viruses or any code of a destructive nature. A breach or violation of any of the Terms will result in an immediate termination of all of your Services.

SECTION 3 - GENERAL CONDITIONS
We reserve the right to refuse service to anyone for any reason at any time. You understand that your content that may be deemed by a reasonable professional to be “non-sensitive” (except for payment information, medical data tied to an individual and other personally identifiable information) may occasionally be transmitted “in the clear” and may involve (a) transmissions over OEM networks; and/or (b) data structure changes to adapt to the technical requirements of a connecting network or device. That being said, as a nonprofit focused on security, please be assured that we will use reasonable and thoughtful efforts to make sure information that needs protection gets protection. You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service or any contact on the website through which the service is provided, without express written permission from us. Your submission of personal information through the store is governed by our Privacy Policy, posted at www.midiss.org.

SECTION 4 - ACCURACY, COMPLETENESS AND TIMELINESS OF INFORMATION
Any reliance on the material on this site is at your own risk. Operating as a moderator of what is essentially a crowdsourced/community website, we cannot guarantee that all information posted by members, device assessors, commentators, visitors or staff members will be totally accurate, complete or current. Thought we strive for these things, we are not responsible for errors, omissions nor delays. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making medical, patient safety, purchasing or public-health decisions without consulting corroboratory materials and your own expert staff. This site may contain certain historical information. Historical information is necessarily “not current” and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on the site. You agree that it is your responsibility to monitor changes to our site.

SECTION 5 - MODIFICATIONS TO THE SERVICE AND PRICES
Prices for our products, membership fees and service pricing are subject to change without notice. We reserve the right to modify or discontinue any of our products or services, including those provided to our members through the MDRAP and MDISS web portals, without notice at any time. We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of any of the Services.

SECTION 6 - PRODUCTS OR SERVICES (if applicable)
Certain products or services may be available exclusively online through the website. These products or services may have limited quantities and are subject to return or exchange only according to our Return Policy. We have made every effort to portray as accurately as possible the features and benefits of the initiatives and offerings that appear on the store. All descriptions of products or product pricing are subject to change at anytime without notice, at our sole discretion. As our software and services are under continuous “agile” development, we cannot guarantee that said descriptions will precisely match the software or service you receive. We do not warrant that the quality of any products, services, information, or other material purchased or obtained by you will meet your expectations, or that any errors in the Service will be corrected.

We reserve the right to limit sales of our products or Services to any particular person, geographic region or jurisdiction, and we reserve the right to limit the quantities of any products or services that we offer to any person, organization or region. If an offer is prohibited in certain geographic regions or organizational contexts, any offer made shall be considered VOID.

Occasionally there may be information on our site or in the Service that contains typographical errors, or inaccuracies or omissions that may relate to any number of product characteristics. We reserve the right to correct any errors, inaccuracies or omissions without prior notice, and to change or update information or even cancel orders if any information in the Service or on any related website is inaccurate at any time of order, at any time, even after you’ve placed your order.

We undertake no obligation to update, amend or clarify information in the Service or on any related website, including without limitation, pricing information, except as required by law. No specified update or refresh date applied in the Service or on any related website, should be taken to indicate that all information in the Service or on any related website has been modified or updated.

SECTION 7 - ACCURACY OF BILLING AND ACCOUNT INFORMATION
We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household, per business unit or per order. In the event that we make a change to, or cancel an order, we may attempt to notify you by contacting the e-mail and/or billing address/phone number provided during the placement of the original order. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers or distributors that have not previously reached a revenue-sharing agreement with us.

You agree to provide current, complete and accurate purchase and account information for all purchases made at our store. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed.

Should you wish to cancel and return your membership assets, software and logins, please review our Returns Policy.

SECTION 8 – OPTIONAL OEM TOOLS
We may provide you with access to third-party tools over which we neither monitor nor have any control nor input. You acknowledge and agree that we provide access to such tools ”as is” , without any warranties, representations or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from, or relating to, your use of optional third-party tools. Any use by you of said optional tools is entirely at your own risk and discretion. You should ensure that you are familiar with and approve of the terms on which those tools are provided by the relevant third-party provider(s).

SECTION 9 - THIRD-PARTY LINKS
Certain content, products and services available via our Service may include materials from third-parties. Also, links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating these third-party websites, nor are we responsible for the accuracy of content on those sites. We do not warrant and will not have any liability for any third-party materials or websites, or for any other materials, products, or services of third-parties encountered as a direct or indirect result of this Agreement. Likewise, we are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party's policies and practices and make sure you understand them before you engage in any transaction with them. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.

SECTION 10 - USER COMMENTS, FEEDBACK AND OTHER SUBMISSIONS
If, at our request you send certain specific submissions (for example contest entries) or without a request from us you send creative ideas, suggestions, proposals, plans, or other materials, whether online, by email, by postal mail, or otherwise (collectively, 'comments'), you agree that we may, at any time, without restriction, edit, copy, publish, distribute, translate and otherwise use in any medium any comments that you forward to us. We are and shall be under no obligation (1) to maintain any comments in confidence; (2) to pay compensation for any comments; or (3) to respond to any comments.

We may, but have no obligation to, monitor, edit or remove content that we determine (in our sole discretion) is unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene, objectionable or in violation of any party’s intellectual property, or these Terms of Service.

You agree that your comments will not violate any right of any third-party, including copyright, trademark, privacy, personality or other personal or proprietary right. You further agree that your comments will not contain libelous or otherwise unlawful, abusive or obscene material, or contain any computer virus or other malware that could in any way affect the operation of the Service or any related website. You may not use a false e-mail address, pretend to be someone other than yourself, or otherwise mislead us or third-parties as to the origin of any comments. You are solely responsible for any comments you make and their accuracy. We take no responsibility and assume no liability for any comments posted by you or any third-party.

SECTION 11 - PROHIBITED USES
In addition to other prohibitions as set forth in the Terms of Service, you are prohibited from using the site, its services, members or content: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Service or of any related website, other websites, or the Internet; (h) to collect or track the personal information of others; (i) to spam, phish, pharm, pretext, spider, crawl, or scrape; (j) for any obscene or immoral purpose; or (k) to interfere with or circumvent the security features of the Service or any related website, other websites, or the Internet. We reserve the right to terminate your use of the Service or any related website for violating any of the prohibited uses.

SECTION 12 - DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY
As mentioned above, we do not guarantee, represent or warrant that your use of our service will be uninterrupted, timely, secure or error-free. We do not warrant that the results that may be obtained from the use of the service will be accurate or reliable. You agree that from time to time we may remove the service for indefinite periods of time or cancel the service at any time, without notice to you.

You expressly agree that your use of, or inability to use, the service is at your sole risk. The service and all products and services delivered to you through the service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representation, warranties or conditions of any kind, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.

In no case shall join MDISS, our directors, officers, employees, affiliates, agents, contractors, interns, suppliers, service providers or licensors be liable for any injury, loss, claim, or any direct, indirect, incidental, punitive, special, or consequential damages of any kind, including, without limitation lost profits, lost revenue, lost savings, loss of data, replacement costs, or any similar damages, whether based in contract, tort (including negligence), strict liability or otherwise, arising from your use of any of the service or any products procured using the service, or for any other claim related in any way to your use of the service or any product, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of the service or any content (or product) posted, transmitted, or otherwise made available via the service, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, our liability shall be limited to the maximum extent permitted by law.

SECTION 13 – INDEMNIFICATION
Subject to Exhibit B and any other agreement entered into between the parties that separately addresses indemnification, each party is solely responsible for his/her actions and omissions, and Member is solely responsible for the actions and omissions of its Member Representative(s). Member shall indemnify, defend, and hold harmless MDISS, its directors, officers, employees and agents from any third-party claims, liabilities, losses, fines, penalties, charges, judgments, damages or expenses (including reasonable attorneys’ fees) (each, a “Claim”) resulting or arising from Member’s participating in the activities of MDISS including, but not limited to, accessing, using, or distributing information provided by MDISS, Member’s employees or agents or resulting or arising from other information provided by Member hereunder. The indemnification obligations under this section shall survive the termination or expiration of this Agreement with regard to any Claim resulting or arising from actions or omissions that occur prior to the termination or expiration of this Agreement. In the event of any such Claim, MDISS shall promptly provide notice of such Claim to Member. Member shall then have the sole right to control the conduct of the claim or suit and MDISS shall reasonably cooperate in the conduct of such Claim at the expense of Member. In no event, however, may there be a settlement of any such Claim without the written consent of MDISS which consent shall not be unreasonably conditioned, delayed or withheld

SECTION 14 – SEVERABILITY
In the event that any provision of these Terms of Service is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from these Terms of Service, such determination shall not affect the validity and enforceability of any other remaining provisions. The indemnification obligations under this section shall survive the termination or expiration of this Agreement with regard to any Claim resulting or arising from actions or omissions that occur prior to the termination or expiration of this Agreement. In the event of any such Claim, MDISS shall promptly provide notice of such Claim to Member. Member shall then have the sole right to control the conduct of the claim or suit and MDISS shall reasonably cooperate in the conduct of such Claim at the expense of Member. In no event, however, may there be a settlement of any such Claim without the written consent of MDISS which consent shall not be unreasonably conditioned, delayed or withheld.

SECTION 15 – TERMINATION
The obligations and liabilities of the parties incurred prior to the termination date shall survive the termination of this agreement for all purposes. These Terms of Service are effective unless and until terminated by either you or us. You may terminate these Terms of Service at any time by notifying us that you no longer wish to use our Services, or when you cease using our site. If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we also may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services (or any part thereof).

SECTION 16 - ENTIRE AGREEMENT
The failure of us to exercise or enforce any right or provision of these Terms of Service shall NOT constitute a waiver of such right or provision. These Terms of Service and any policies or operating rules posted by us on this site or in respect to The Service constitutes the entire agreement and understanding between you and us and govern your use of the Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms of Service). Any ambiguities in the interpretation of these Terms of Service shall not be construed against the drafting party.
SECTION 16 - GOVERNING LAW These Terms of Service and any separate agreements whereby we provide you services shall be governed by and construed in accordance with the laws of New York.

SECTION 17 – MDISS MEMBERSHIP
WHEREAS, MDISS’ mission is to protect public health and well-being by advancing computer risk management practices to ensure wide availability of innovative and safe medical devices through collaborative innovation activities with providers, payers, manufacturers, universities, government agencies, technology companies, individuals, patients, patient advocates and associations; and WHEREAS, Member is interested in being a user of MDISS services and software, and an MDISS member so it can participate in MDISS’ activities; NOW, THEREFORE, for and in consideration of the premises and the mutual covenants contained herein and other good and valuable consideration, the receipt, adequacy and sufficiency of which are hereby acknowledged, the parties hereto covenant and agree as follows:

Membership. Upon payment of the dues set forth in Section 2, Member shall become a member of MDISS and shall be able to send representatives who are employed by Member (“Member Representative(s)”) to participate in MDISS’ activities. Member Benefits. Each Member shall have the benefits listed on Exhibit A in addition to access to the Medical Device Risk Assessment Platform (“MDRAP”) in accordance with the terms and conditions attached hereto as Exhibit B. Dues. Membership dues are described in Exhibit C. Membership dues are subject to change. Member will be given a minimum 30 days written notice ahead of any change in dues or fees. Except as provided in Section 12, dues for the initial term of this agreement are non-refundable in the event of early termination.
Term. This Agreement shall have an initial term of twelve (12) months which is effective from the Initiation Date specified in Exhibit C, and shall continue (if renewed) for successive twelve (12) month periods on the Renewal date, also specified in Exhibit C. Either party must give notice of its intent not to renew at least thirty (30) days prior to the expiration of the then current membership term.
Termination. Notwithstanding anything to the contrary contained herein, Member may terminate its participation in MDISS at any time upon MDISS’s receipt of notice thereof. In addition, this Agreement shall terminate automatically, if: (a) Member is no longer a member in good standing of the MDISS (including via material breach of this Agreement); (b) Member no longer satisfies all of the eligibility criteria for MDISS membership; (c) Member is dissolved or liquidated; or (d) MDISS is dissolved. Termination of membership shall not relieve the Member of any obligations that arose prior to such termination (including, without limitation, the payment of any dues that accrued prior to such termination), or limit any liability that Member may otherwise have to MDISS. Use and Disclosure of Information. General discussions and information exchanged by Members at meetings of MDISS are non‐confidential. Member grants MDISS the right to use any and all data entered into MDISS systems by the Member in furtherance of MDISS’ public health mission provided such data and its use in any papers or reports in support of MDISS’ public health mission is de-identified, de-tagged and aggregated such that none of the data is attributable to the Member unless the Member provides written consent. MDISS Work Product. All intellectual property of the Member contributed to MDISS by the Member shall remain the intellectual property of the Member. However, MDISS owns the compilation of collective work of all participants in MDISS’ activities (“MDISS Work Product”) and has the non-exclusive, irrevocable, royalty-free, worldwide rights (i.e., a license) to use the contribution in connection with the development of the Work Product for which the contribution was made. Members are solely responsible for determining whether disclosure of any contributions that they submit to MDISS requires prior consent of other parties, and if so, to obtain it. Member agrees to execute any document or instrument MDISS deems reasonably necessary to enable MDISS to apply for, prosecute, and obtain copyrights, patents, or other proprietary rights in order to transfer to MDISS all rights, title, and interest in said Work Product. Co-Marketing Allowed. MDISS may identify Member publicly in marketing materials as a member of MDISS on the MDISS website or otherwise. Each party may use the other’s name and logo (collectively, “Marks”) of the other on a non-exclusive basis during the Term, in connection with (a) MDISS membership drives, events or work product, and Member’s status as a Member, and (b) identifying joint projects and/or information shared according to the terms of this Agreement. No other use of either party’s Marks is permitted except with such party’s prior written permission.
Limitations. A Member’s participation in MDISS and a Member’s use/submittal of intellectual property from/to MDISS is on an “as is” basis, without warranties or conditions of any kind, either express or implied including, without limitation, any warranties or conditions of title, non‐infringement, merchantability or fitness for a particular purpose. IN NO EVENT SHALL EITHER PARTY BE LIABLE TO EACH OTHER OR TO ANY MEMBER FOR INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS) ARISING FROM ACTS UNDER THIS AGREEMENT EVEN IF SUCH PARTY OR MEMBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING THE FOREGOING, NO LIMITATION OF EITHER PARTY’S OR ANY MEMBER’S LIABILITY SHALL APPLY WITH RESPECT TO ANY CLAIMS BASED ON SUCH PARTY’S WILLFUL MISCONDUCT OR GROSS NEGLIGENCE.

Member Organizations in Competition. The Members are committed to fostering open competition, and MDISS does not intend to hinder such competition in any way. Each Member acknowledges that it may find competitors among the larger MDISS membership. Members that may be perceived to be competitors shall treat each other with respect in a most professional manner. All members agree to act in compliance with state, federal and international antitrust laws and regulations. Thereto: Member agrees not to communicate with the “competing” Member(s) in a manner that may violate such laws (which may include communicating prices, costs, production levels or other similar information).

SECTION 18 -- Amendment. Member agrees that MDISS is authorized to amend this Agreement subject however to the following provisions and further provided that such amendment does not impose any material obligations upon Member. Member will be given notice in accordance with Section 12 of this Agreement of any changes to this Agreement (except that only electronic mail notice shall be required). In the event that Member objects to any amendment to this Agreement, Member’s sole remedy shall be to terminate this Agreement within 10 business days after Member’s being advised of the amendment. Members will receive a pro rata refund of any fee paid by Member to MDISS that applies to the period after termination for amendments to this Agreement found to be unacceptable to Member. With respect to the subject matter hereof, this Agreement shall supersede any other prior agreement between you and any other MDISS member. MDISS members shall not enter into “side agreements” with other members regarding MDISS technologies, tools, services or practices without first obtaining written permission from MDISS. Except with respect to policies, guidelines, and procedures that may be adopted by MDISS, you and every Member agrees to comply with all applicable laws and regulations while participating in MDISS.

EXHIBIT A:
TERMS & CONDITIONS – MEMBERSHIP TIERS, PRICES AND BENEFITS

MDISS offers several tiers of membership; each tier is priced higher or lower in accordance with the number of benefits the Member receives. What follows is a list of all possible membership tiers. Match the membership tier you purchased to the chart here to determine the benefits to which you are entitled. All of the following lists are an enumeration of suggested partnership activities, and they do not represent a commitment to provide programs or services. MDISS programs and benefits are subject to change, and global standards initiatives are seasonal. That means some programs or benefits might not be active during the specific period of your membership. If a listed benefit is unavailable for any reason, MDISS will make commercially reasonable efforts to provide replacement benefits of similar value.

AA. If you purchased an MDISS “LEADERSHIP COUNCIL” Membership, your annual dues are $96,000 (in advance), and your benefits are listed below.

Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world.
Early Access to MDISS EMBASSY (beta Q1’18): the "linked-in" networking site for MDISS members to connect, collaborate and build relationships. Members have complete control over the level of sharing of their contact information and research interests. Access to the online MDISS ADVISOR, a growing collection of best-practices, training materials and acronym decoders collected from our most successful MDISS members. Subscription to MDISS ALERT, a private-distribution newsletter that delivers expert insider insights into the medical device market and medical device security issues.
Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices.
Admission to regular MDISS working group sessions AND to sensitive (CLOSED) sessions.
Admission to CLOSED MDISS steering group strategy sessions.
On-Demand DEEP DIVE WORKSHOPS with MDISS experts and your critical infrastructure teams targeting your most intractable device security and interop issues.
Speaking slots at MDISS-hosted events. EIGHT Comped Tickets (annually) to any MDISS event requiring a registration fee. Access to the MDISS membership database (subject to the level of opt-in by each individual).
“Most-Favored-Partner” Access to MDISS WHISTL (World Health Information Security Testing Labs) facilities around the world: our advanced connectivity and security testing environments specially designed for multi-medical device vetting and stress-testing. (Please note, WHISTL labs are independently owned and operated, and “members’ hours” and terms may vary from place to place). Promotion on MDISS Website as a LEADERSHIP organization, MDISS quotes for your press releases, and support for a joint press release announcing your Leadership stake in MDISS. MDISS will syndicate your blog posts and whitepapers as desired in MDISS blogs and social media. MDISS will provide expert Speakers for your Events at no charge, and you may propose panels with our expert speakers to supercharge your proposals for OEM conferences like RSA and BlackHat). You only need to cover coach-level travel expenses (if we’re not already going to be there anyway). AB. If you purchased an MDISS “HDO SENATE” Membership, your annual dues are $0 (Hospitals Join FREE), and your benefits are listed below.

Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world.
Early Access to MDISS EMBASSY (beta Q1’18): the "linked-in" networking site for MDISS members to connect, collaborate and build relationships. Members have complete control over the level of sharing of their contact information and research interests. Access to the online MDISS ADVISOR, a growing collection of best-practices, training materials and acronym decoders collected from our most successful MDISS members. Subscription to MDISS ALERT, a private-distribution newsletter that delivers expert insider insights into the medical device market and medical device security issues.
Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices.
Admission to regular MDISS working group sessions AND to sensitive (CLOSED) sessions.
Admission to CLOSED MDISS steering group strategy sessions.
On-Demand DEEP DIVE WORKSHOPS with MDISS experts and your critical infrastructure teams targeting your most intractable device security and interop issues.
Speaking slots at MDISS-hosted events. EIGHT Comped Tickets (annually) to any MDISS event requiring a registration fee. Access to the MDISS membership database (subject to the level of opt-in by each individual).
“Most-Favored-Partner” Access to MDISS WHISTL (World Health Information Security Testing Labs) facilities around the world: our advanced connectivity and security testing environments specially designed for multi-medical device vetting and stress-testing. (Please note, WHISTL labs are independently owned and operated, and “members’ hours” and terms may vary from place to place). Promotion on MDISS Website as a LEADERSHIP organization, MDISS quotes for your press releases, and support for a joint press release announcing your Leadership stake in MDISS. MDISS will syndicate your blog posts and whitepapers as desired in MDISS blogs and social media. MDISS will provide expert Speakers for your Events at no charge, and you may propose panels with our expert speakers to supercharge your proposals for OEM conferences like RSA and BlackHat). You only need to cover coach-level travel expenses (if we’re not already going to be there anyway).

AC. If you purchased an MDISS “WORKING GROUP COUNCIL”
Membership, your annual dues are $42,000 (in advance), and your benefits are listed below.

Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world.
Early Access to MDISS EMBASSY (beta Q1’18): the "linked-in" networking site for MDISS members to connect, collaborate and build relationships. Members have complete control over the level of sharing of their contact information and research interests. Access to the online MDISS ADVISOR, a growing collection of best-practices, training materials and acronym decoders collected from our most successful MDISS members. Subscription to MDISS ALERT, a private-distribution newsletter that delivers expert insider insights into the medical device market and medical device security issues.
Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices.
Admission to regular MDISS working group sessions AND to sensitive (CLOSED) sessions.
Discounted, $7500/day DEEP DIVE WORKSHOP pricing with MDISS experts and your critical infrastructure teams targeting your most intractable device security and interop issues.
THREE Comped Tickets (annually) to any MDISS event requiring a registration fee.
Discounted $500/day Access to MDISS WHISTL (World Health Information Security Testing Labs) facilities around the world: our advanced connectivity and security testing environments specially designed for multi-medical device vetting and stress-testing. (Please note, WHISTL labs are independently owned and operated, and “members’ hours” and terms may vary from place to place).

AD. If you purchased an MDISS “STARTUP MEMBERSHIP”, your annual dues are $20,100 (in advance), and your benefits are listed below.
Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world. Early Access to MDISS EMBASSY (beta Q1’18): the "linked-in" networking site for MDISS members to connect, collaborate and build relationships. Members have complete control over the level of sharing of their contact information and research interests. Access to the online MDISS ADVISOR, a growing collection of best-practices, training materials and acronym decoders collected from our most successful MDISS members. Subscription to MDISS ALERT, a private-distribution newsletter that delivers expert insider insights into the medical device market and medical device security issues. Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices. Discounted, $7500/day DEEP DIVE WORKSHOP pricing with MDISS experts and your critical infrastructure teams targeting your most intractable device security and interop issues. ONE Comped Tickets (annually) to any MDISS event requiring a registration fee. Discounted $500/day Access to MDISS WHISTL (World Health Information Security Testing Labs) facilities around the world: our advanced connectivity and security testing environments specially designed for multi-medical device vetting and stress-testing. (Please note, WHISTL labs are independently owned and operated, and “members’ hours” and terms may vary from place to place). AE. If you purchased an MDISS “ACADEMIC/GOVERNMENT MEMBERSHIP” your annual dues are $4,800 (in advance), and your benefits are listed below. Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world. Early Access to MDISS EMBASSY (beta Q1’18): the "linked-in" networking site for MDISS members to connect, collaborate and build relationships. Members have complete control over the level of sharing of their contact information and research interests. Access to the online MDISS ADVISOR, a growing collection of best-practices, training materials and acronym decoders collected from our most successful MDISS members. Subscription to MDISS ALERT, a private-distribution newsletter that delivers expert insider insights into the medical device market and medical device security issues. Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices. Discounted, $7500/day DEEP DIVE WORKSHOP pricing with MDISS experts and your critical infrastructure teams targeting your most intractable device security and interop issues. ONE Comped Tickets (annually) to any MDISS event requiring a registration fee. Discounted $250/day Access to MDISS WHISTL (World Health Information Security Testing Labs) facilities around the world: our advanced connectivity and security testing environments specially designed for multi-medical device vetting and stress-testing. (Please note, WHISTL labs are independently owned and operated, and “members’ hours” and terms may vary from place to place). AF. If you purchased an MDISS “PERSONAL MEMBERSHIP” your annual dues are $1,188 (in advance), and your benefits are listed below. Access to MDRAP, the crowdsourced and expert-vetted medical device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices around the world. Early Access to MDISS EMBASSY (beta Q1’18): the "linked-in" networking site for MDISS members to connect, collaborate and build relationships. Members have complete control over the level of sharing of their contact information and research interests. Access to the online MDISS ADVISOR, a growing collection of best-practices, training materials and acronym decoders collected from our most successful MDISS members. Subscription to MDISS ALERT, a private-distribution newsletter that delivers expert insider insights into the medical device market and medical device security issues. Access to the MDISS DATA COMMONS, our growing database of medical devices, vulnerabilities, mitigations and best practices. Discounted, $7500/day DEEP DIVE WORKSHOP pricing with MDISS experts and your critical infrastructure teams targeting your most intractable device security and interop issues. ONE Comped Tickets (annually) to any MDISS event requiring a registration fee. Discounted $250/day Access to MDISS WHISTL (World Health Information Security Testing Labs) facilities around the world: our advanced connectivity and security testing environments specially designed for multi-medical device vetting and stress-testing. (Please note, WHISTL labs are independently owned and operated, and “members’ hours” and terms may vary from place to place). EXHIBIT B: TERMS & CONDITIONS – MDRAP SOFTWARE LICENSE TERMS AND CONDITIONS B1. Member shall have the right to access MDRAP in accordance with MDISS terms and conditions for so long as Member’s membership is in good standing. B2. Use of MDRAP is wholly voluntary. In recognition of the fact that MDISS is providing Member with access to MDRAP without charge, to the maximum extent permitted by applicable law, MDISS will not be liable to Member for any personal injury, property or other damage, of any nature whatsoever, whether special, indirect, consequential, or compensatory (including, but not limited to business interruption, loss of use or loss of profits), directly or indirectly resulting from the publication, use of, or reliance upon MDRAP, even if advised of the possibility of such damages or if such possibility was reasonably foreseeable. B3. Member grants MDISS the right to use data entered into MDRAP by Member in furtherance of MDISS’ public health mission. MDISS will anonymize and aggregate any information used, unless Member provides written consent otherwise. Notwithstanding the foregoing, MDISS will not use any data designated as “Protected Health information” under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). B4. Member recognizes that MDRAP was developed through a consensus process which brings together volunteers representing varied viewpoints and interests to achieve a final product. While MDISS administers the process, and establishes rules to promote fairness in consensus development, MDISS does not independently evaluate, test, or verify the accuracy of any of the information or the soundness of any judgments contained in MDRAP. Any information provided by MDRAP to MDISS is provided on an “as is” basis without any warranty of any kind, expressed or implied. B5. The existence of MDRAP does not imply that there are no other ways to perform a risk assessment of medical devices. Furthermore, the viewpoint expressed at the time MDRAP was approved and issued is subject to change brought about through developments in the state of the art and comments received from users of MDRAP. B6. In publishing and making MDRAP available, MDISS is not rendering professional or other services for, or on behalf of, any person or entity, nor is MDISS undertaking to perform any duty owed by any other person or entity to another. Any person utilizing MDRAP, should rely upon his or her own independent judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek the advice of a competent professional in determining the appropriateness of MDRAP’s assessments. B7. MDISS DISCLAIMS AND EXCLUDES ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY OF DATA, QUALITY, SYSTEM INTEGRATION, SUITABILITY, OR THE ABSENCE OF ANY DEFECTS THEREIN, AND WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE AND USAGE OF TRADE. MDISS DOES NOT WARRANT THAT ACCESS TO, OR OPERATION OF, MDRAP WILL BE UNINTERRUPTED, SECURE OR ERROR-FREE, THAT ERRORS WILL BE CORRECTED, OR THAT MDRAP WILL SATISFY MEMBER’S OR ANY THIRD PARTY’S REQUIREMENTS. MDISS DOES NOT WARRANT OR REPRESENT THE ACCURACY OR CONTENT OF THE MATERIAL CONTAINED IN MDRAP. MDRAP IS SUPPLIED "AS IS.” B8. CONFIDENTIALITY. MDISS will maintain as confidential all Confidential Information (as defined below) of Member or its Members obtained under or in connection with this Agreement and will not divulge such information to any person (except to its own trustees, officers, employees and agents and then only to those such persons who need to know same in connection with performing under this Agreement) without Member’s prior written consent. This clause will not extend to information which was rightfully in the possession of MDISS prior to the commencement of the negotiations that led to this Agreement, which was already in the public domain or becomes so at a future date (otherwise than as a result of a breach of this clause or any other confidentiality agreement signed by MDISS), or which was independently developed by MDISS without use of Member’s Confidential Information. MDISS will ensure that its directors, officers, employees and agents are aware of and comply with the requirements of this clause. If requested, MDISS or its directors, officers, employees and agents will sign a confidentiality agreement in a reasonable form specified and provided by Member. These obligations of confidentiality will survive the termination or expiration of this Agreement. Member will maintain as confidential all Confidential Information (as defined below) of MDISS obtained under or in connection with this Agreement, and will not divulge such information to any person (except to its own employees or agents and then only to those employees or agents who need to know same in connection with performing under this Agreement) without MDISS's prior written consent. This clause will not extend to information which was rightfully in the possession of Member prior to the commencement of the negotiations that led to this Agreement, which was already in the public domain or becomes so at a future date (otherwise than as a result of a breach of this clause or any other confidentiality agreement signed by Member), or which was independently developed by Member without use of MDISS’s Confidential Information. Member will ensure that its employees or agents are aware of and comply with the requirements of this clause. If requested, Member or its employees or agents will sign a confidentiality agreement in a reasonable form specified and provided by MDISS. These obligations of confidentiality will survive the termination or expiration of this Agreement. In each case, the term “Confidential Information” shall mean any and all technical and non-technical information disclosed by a Party which may include without limitation: (a) patent and patent applications, (b) trade secrets, and (c) proprietary and confidential information, ideas, samples, media, techniques, sketches, drawings, works of authorship, models, inventions, know-how, processes, apparatuses, equipment, algorithms, software programs, software source documents, and formulae related to the current, future, and proposed products and services of each of the Party, such as information concerning research, experimental work, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, investors, employees, business and contractual relationships, business forecasts, sales and merchandising, and marketing plans.

Create your own free form with HubSpot

* Got questions before you Agree? Click here to set up a call at your earliest convenient