VPOL-SOC RFC 2350 Version: 1.03 Date: 01.12.2021 1. Document information This document contains a description of Veolia Poland Security Operations Center according to RFC 2350. It provides basic information about the VPOL-SOC, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of last update Version 1.01 published in 01.10.2021 1.2 Distribution list for notifications Currently, VPOL-SOC does not use any distribution list to notify about changes to this document. 1.3 Locations where this document may be found The current version of this document can always be found at https://www.veolia.pl/operacyjne-centrum-cyberbezpieczenstwa 2. Contact information 2.1 Name of the team Veolia Poland Security Operations Center Acronym used (short name):VPOL-SOC 2.2 Address Veolia Energia Polska S.A. ul. J. Andrzejewskiej 5, 92-550 Łódź Poland 2.3 Time zone Central European Time zone (CET) which is GMT+01.00 (+02.00 during summer time). 2.4 Telephone number Phone number: +48725755632 2.5 Facsimile number None 2.6 Other telecommunication Emergency phone number: +48725755632 2.7 Electronic mail address All incidents reports should be sent to vpol(dot)soc(at)veolia(dot)com Use of phone and fax for reporting incidents should be avoided as much as possible. 2.8 Public keys and encryption information Team PGP fingerprint: 62FA A682 C157 7E84 C65E EA75 865B AE01 0BFD 731C PGP Public Key can be downloaded from https://www.veolia.pl/operacyjne-centrum-cyberbezpieczenstwa 2.9 Team members The VPOL-SOC team leaders are Michał Bolanowski and Tomasz Pietrzykowski. The team is made up of IT security experts from the companies being parts of Veolia Group. 2.10 Other information Basic information about the Veolia Polska Group can be found at: https://www.veolia.pl/ 2.11 Points of customer contact VPOL-SOC prefers to receive information about incidents via email using cryptographic keys to ensure integrity and confidentiality. The working hours of the VPOL-SOC are limited to the regular working hours (08:00 - 16:00 Monday to Friday, excluding holidays). 3. Charter 3.1 Mission statement The mission of VPOL-SOC is to build competences and capabilities in preventing, identifying and minimizing cybersecurity threats in the Veolia Group in Poland and supporting the Group in dealing with these threats. 3.2 Constituency VPOL-SOC constituency includes all IT and OT systems owned and managed by entities of Veolia Group in Poland. 3.3 Sponsorship and/or affiliation VPOL-SOC is an internal unit, affiliated with Veolia Energia Polska S.A. 3.4 Authority VPOL-SOC handles and coordinates incidents on behalf and with the authorization of the management of the Veolia Group in Poland. In addition, VPOL-SOC may issue recommendations during incident handling where the interested parties are not customers of the VPOL-SOC. 4. Policies 4.1 Types of incidents and level of support VPOL-SOC handles all types of cybersecurity incidents and notifications in the Veolia Group in Poland. 4.2 Co-operation, interaction and disclosure of information VPOL-SOC recognizes the importance of operational collaboration and information sharing between computer incident response teams, as well as with other organizations that use VPOL-SOC services. As far as possible, on the "best effort" basis, it participates in the processes of active information exchange with other entities, especially with entities operating in the same industry sector. VPOL-SOC only exchanges the necessary information about threats with other CSIRT / SOC teams and only if the disclosure of this information does not harm the interests of the Veolia Group in Poland. Personal data are not subject to communication / exchange, unless explicitly authorized. All sensitive data (e.g. personal data, system configurations, security gaps with their locations) sent in this type of communication are encrypted. 4.3 Communication and authentication VPOL-SOC complies with all regulations in force in Poland and in the EU. Due to the types of information that VPOL-SOC processes internally, it is considered sufficient to use the telephone to maintain confidentiality. Unencrypted e-mail may be used when communicating low-sensitivity information. If it is necessary to send sensitive data by e-mail, a PGP-encrypted e-mail or an encrypted archive must be used, to which the password is transmitted via a communication channel other than the archive itself. When exchanging information, VPOL-SOC uses TLP (Traffic Light Protocol). Incoming e-mails from entities involved in activities related to security incidents should be authenticated by verifying the sender in person or by digital means, e.g. signatures (PGP is in particular supported). 5. Services 5.1 Incident response: VPOL-SOC services cover the full incident response cycle: Monitoring and detection Event analysis Acceptance of reports on cybersecurity incidents Analysis of cybersecurity incidents - Hold back and restore - Coordination of cybersecurity incidents 5.2 Proactive: VPOL-SOC makes every effort to increase its constituency immunity to security incidents and reduce their consequences. 6. Incident reporting forms There are no special incident reporting forms to the VPOL-SOC. Security incidents should be reported via mail to vpol(dot)soc(at)veolia(dot)com 7. Disclaimers Every precaution will be taken in the preparation of all information, notifications and alerts. VPOL-SOC (and the Veolia Group in Poland) shall not be liable for errors or omissions or for damages resulting from the use of the information contained in this document.