Supplier Security WebApp
Terms of Use

This Agreement is applicable solely between the Information Security Forum Ltd (hereafter the ISF) and organisations with whom the ISF does not have a pre-existing contractual relationship (hereafter a Non-Member).

As a Non-Member, you have been invited to use this application (hereafter the WebApp) by an organisation who has a pre-existing contractual relationship with the ISF (hereafter a Member). No part of this Agreement is intended to form an agreement, relationship or otherwise between a Non-Member and the Member, and/or modify, terminate or supersede any pre-existing agreement, relationship of otherwise that exists between a Non-Member and the Member.

If you are a Member of the ISF, please refer to your existing Membership agreement and the Membership Code of Conduct (which can be found on ISF Live) for more information on how to use the Supplier Security WebApp. The remainder of this Agreement is solely intended for Non-Members.

The Supplier Security WebApp

The Supplier Security WebApp has been designed to help ISF Members conduct security assessments on their suppliers. If you (a Non-Member) have received an email asking you to log in and complete a security assessment, a Member has designated you as one of their suppliers.

The contents of this assessment have been chosen by the Member organisation from amongst a bank of material provided by the ISF. This bank of questions can be modified by Members and may include questions specifically written and tailored for the Non-Member that are not drawn from the ISF question bank. The ISF can take no responsibility for the content or accuracy of these questions, or for any associated materials provided to a Non-Member.

While responding to questions, information will be provided by a Non-Member) to the Member by providing answers (whether by clicking a dialogue box or providing a written response), as well as providing evidence to demonstrate the validity of the answer (by providing written comments or uploading supporting documents).

Your use of the WebApp

While utilising the WebApp, Non-Members shall not:

i. knowingly introduce any materials that may be technically harmful to the WebApp (i.e. viruses, worms, malware)

ii. attack the WebApp in any way

iii. use any material in a manner that infringes on the intellectual property of the ISF, including building a competing service

iv. conduct or facilitate any illegal activities using the WebApp

v. use the WebApp in any way to bring the ISF into disrepute.

Liability exclusions and limitations

The Non-Member acknowledges that complex software and web applications are never wholly free from defects, errors and bugs; and subject to the other provisions of this Agreement, ISF gives no warranty or representation that the WebApp (including upgrades) will be wholly free from defects, errors and bugs.

The Non-Member acknowledges that complex software and web applications are never entirely free from security vulnerabilities; and subject to the other provisions of this Agreement, ISF gives no warranty or representation that the WebApp (including upgrades) will be entirely secure or that it will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs.

Nothing in this Agreement will:

i. limit or exclude any liability for death or personal injury resulting from negligence

ii. limit or exclude any liability for fraud or fraudulent misrepresentation

iii. limit any liabilities in any way that is not permitted under applicable law; or

iv. exclude any liabilities that may not be excluded under applicable law.

The limitations and exclusions of liability set out here and elsewhere in this Agreement govern all liabilities arising under this Agreement or relating to the subject matter of this Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in this Agreement.

Neither party shall be liable to the other party: in respect of any losses arising out of a Force Majeure Event; for any loss of profits or anticipated savings; for any loss of revenue or income; for any loss of use or production; for any loss of business, contracts or opportunities; for any loss or corruption of any data, database or software; or for any special, indirect or consequential loss or damage.

The liability of the ISF to the Non-Member for any event or series of related events shall not exceed £100.

Confidentiality of data

When a Non-Member responds to a question in any manner, the response, including associated comments and files, are stored for the Member to review. This information may include sensitive and/or confidential materials. The ISF acts purely as the data processor during these transactions and has no control or visibility over the data in the system, but may anonymise data for the purposes of reporting and analytics.

Should a Member request ISF support relating to issue resolution within the WebApp, authorised ISF employees may temporarily be granted access to a Member’s portal, which may include information submitted by Non-Members. The information will be handled in the strictest of confidence by the ISF under the terms of the Membership agreement with the Member, and access revoked as soon as possible following the resolution of the Member’s support request.

For further information relating to the confidentiality of your data, please see our Privacy Policy.

The ISF reserves the right to update these Terms of Use at any time; Non-Members are advised to check this Agreement regularly.