Description of the SOC Team of Apius Technologies S.A. (English version) ================================================================== 1. Document Information The document contains a description of the Apius SmartSOC team according to RFC 2350. The document provides basic information about Apius SmartSOC such as ways to contact it, description of responsibilities and services offered. 1.1 Date of Last Update This is version 1.0, published 2024-05-13. 1.2 Distribution List for Notifications Notifications of updates are provided to Trusted Introducer via e-mail: . 1.3 Locations where this Document May Be Found The current and signed version of this description is available on the Apius Technologies website: URL: https://apius.pl/rfc-2350/ 2. Contact Information 2.1 Name of the Team Apius SmartSOC 2.2 Address Apius Technologies S.A. ul. Moniuszki 50 31-523 Krakow Poland 2.3 Time Zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 123576040 2.5 Facsimile Number None available 2.6 Other Telecommunication None available 2.7 Electronic Mail Address All incident reports please submit to: soc[at]apius[dot]pl 2.8 Public Keys and Encryption Information PGP Apius SmartSOC: Key ID: 273EB567 Fingerprint: A7D1F1F646DB57F2F9BAEE4D216189B4273EB567 The public key can be found on Apius website https://apius.pl/rfc-2350 2.11 Points of Customer Contact The preferred method of contact is by email. If confidentiality and data integrity is required, please use our PGP key. Please direct communications to: soc[at]apius[dot]pl We work continuously 24/7/365 3. Charter 3.1 Mission Statement Building the competence and capacity of Apius and our clients to avoid, identify and mitigate cyber threats and support in dealing with cyber incidents. 3.2 Constituency The activities of the SOC Team cover all IT systems owned by Apius Technologies S.A., as well as systems managed by private, public and government entities with which we have contracts related to SOC support. 3.3 Sponsorship and/or Affiliation Apius SmartSOC is financially sponsored by Apius Technologies S.A. 3.4 Authority 4. Policies 4.1 Types of Incidents and Level of Support Apius SmartSOC is authorized to handle all types of computer and network security events and incidents that may occur within the Apius Technologies S.A. user group. Apius SmartSOC sets the default priority for all incidents to "normal." Based on their severity, scope and subject matter, or if explicitly based on the contract with the customer for whom services are provided, the priority may change during the analysis of the incident. An event may also be classified as an incident. Incidents are handled according to the assigned priority. The level of support provided by Apius SmartSOC will vary depending on the severity and type of the request, as well as other relevant circumstances of the case including the scope of service explicitly resulting from the contract with the customer. 4.2 Co-operation, Interaction and Disclosure of Information Apius SmartSOC exchanges all necessary information for cooperation with other CSIRTs, SOCs, CERTs, as well as with administrators of entities with which we have cooperation agreements. All event and incident information is treated as sensitive data. Sensitive data is processed in a secure environment and is exchanged only in encrypted form by a mechanism previously agreed upon by both parties to the communication. We respect the Information Sharing Traffic Light Protocol (ISTLP, https://www.trusted-introducer.org/ISTLPv11.pdf) standard. Information sent and marked in accordance with ISTLP will be processed accordingly. 4.3 Communication and Authentication Apius SmartSOC is committed to complying with the laws and rules of Poland and the European Union in matters concerning sensitive information. Apius SmartSOC uses email along with PGP encryption and signature for secure communication. We use the key from section 2.8 of this document for this purpose We respect the Information Sharing Traffic Light Protocol (ISTLP, https://www.trusted-introducer.org/ISTLPv11.pdf) standard. Information sent and marked in accordance with ISTLP will be processed accordingly. 5. Services 5.1 Incident Response SmartSOC provides services to Apius Technologies S.A. and its customers in handling information security incidents at the technical and organizational levels. Services cover the full cycle of incident response: handling, management, resolution, mitigation. 5.1.1. Incident Triage The service includes determining the authenticity and scope of an event and then prioritizing or reprioritizing it. 5.1.2. Incident Coordination Coordination of incident handling is carried out for the internal infrastructure of Apius Technologies S.A. and for customers with whom we have agreements related to SOC support. 5.1.3. Incident Resolution Includes: - technical support for the investigation, including analysis of the compromised system - support in eliminating the cause of the incident and the consequences of the incident - support in the collection of evidence to initiate an investigation (if required) - recommendation of security improvements for administrators and security units of the entities we work with - preparation of reports 5.2 Proactive Activities Apius SmartSOC conducts activities to increase the resilience of our own IT environment as well as that of our customers, with whom we have relevant contracts, against security incidents and to limit the potential impact of these incidents. 6. Incident Reporting Forms Inside Apius Technologies S.A. there are dedicated mechanisms and communication channels for communicating with Apius SmartSOC. For clients with dedicated access to the ITSM system, we suggest using this very form at https://apiustech.atlassian.net/. For external users, the minimum set of information to allow us to start working on an incident in an emergency or crisis situation is to provide at least the following information by phone or email: Contact and organizational information: name and organization name, email address, phone number, IP addresses, FQDN domain name, and any other relevant technical items and observations; Sensitive information such as scan results (if any) and/or system log statement showing the problem we suggest you always send in a secured manner and flagged in the appropriate TLP manner. 7. Disclaimers We take precautions in the preparation of all information, notifications and alerts, but Apius SmartSOC is not responsible for errors or omissions or damages resulting from the use of the information contained in this document.