To ensure that all retailers would be able to afford the opportunity to participate in the R-CISC, the fee schedule based on corporate revenue was applied. Retailers joining at the Core level have the opportunity to participate in sharing best practices for information security and risk management, as well as sharing the latest threat intelligence. Retailers with the capability to absorb automated feeds and with more sophisticated enterprises have the opportunity to buy up to Core+ levels. R-CISC members may join at the Core or Core+ levels. Fees are based on annual corporate revenue. All organizations are eligible to purchase a Core+ membership upgrade that includes access to exclusive benefits. If you would like to be emailed a membership application or learn more information, please email us at firstname.lastname@example.org
Organizations connected with the following retail and consumer products, goods and services industries are eligible to become Core/Core+ Members of the R-CISC:
- Traditional business to consumer retail, whether physical or internet based
- Non-traditional retail, such as businesses that support consumer to consumer retail services, including various marketplaces of goods and services, ride sharing, short term rentals
- Restaurant and food service
- Grocer and convenience stores
- Entertainment and media, including film studios, broadcast media, gaming, advertising, publishing and social networks
- Travel, lodging and hospitality, including hotels, motels, casinos, and conference centers as well as theme park and amusement parks, cruise lines and vacation sales
- Transportation, such as automotive sales, parts and repairs, as well as travel services including gas stations and truck stops
- Sporting leagues and entertainment venues
- Aspects of the supply chain supporting retail and consumer service industries, including product manufacturing, wholesale, delivery and distribution
Other organizations may become Associate Members of the R-CISC, including:
- Organizations that provide technology solutions that support R-CISC Core Members, including hardware and software solutions, as well as risk management and cybersecurity products and services, intelligence offerings, insights and expertise relevant to research efforts, and training/education
- Aspects of the financial transaction ecosystem including payment processors and banks that issue branded payment cards on behalf of retailers
Organizations must NOT:
- Be wholly or partially state-owned; must be privately owned or publicly owned at the ultimate parent company level without any ownership or control, directly or indirectly, by any instrumentality of any government.
- Have its head office or primary business in a country that is subject to U.S. economic sanctions as indicated by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), or itself be identified or designated as sanctioned by OFAC.
- Have its head office or have its primary business in a country that does not have laws targeting cybercrime or does not actively prosecute cyber-criminals in that country.
- Have its head office or its primary business in a country that supports terrorist activities or corporate espionage against the United States.
Consideration for membership will be evaluated and considered subject to the R-CISC’s approval.