Currently Intelligent Logistic Solutions Sp. z o.o. profile Established according to RFC-2350. 1. Document Information 1.1. Date of Last Update This is version 1.0 of August 1st 2019. 1.2. Distribution List for Notifications This profile is kept up-to-date on the location specified in 1.3 . 1.3. Location of this document The current version of this profile is always available on https://ils-it.pl/rfc2350.txt . 2. Contact Information 2.1. Name of the Team Full name: Intelligent Logistic Solutions Sp. z o.o. Short name: ILS ILS is the CERT or CSIRT team for the Polska Grupa Farmaceutyczna S.A. (short name - PGF) 2.2. Address Intelligent Logistic Solutions Sp. z o.o. ul. Zbaszynska 3, 31-342 Lodz, Poland 2.3. Time Zone Central European Time (GMT+0100, GMT+0200 from April to October) 2.4. Telephone Number +42 688 61 08 attended 24 hours a day. 2.5. Facsimile Number Not available. 2.6. Other Telecommunication Not available. 2.7. Electronic Mail Address cert@ils-it.pl 2.8. Public Keys and Encryption Information CERT-UvA uses PGP for secure communication. We generate a new key at the beginning of each year, valid for that year, for the e-mail address cert@ils-it.pl and sign it with the ILS master key. For more information about the ILS PGP public key see: http://pgp.surfnet.nl/pks/lookup?op=vindex&search=UvA+CERT+key&fingerpr%20int=on 2.8a. Private Keys and Encryption Information For more information about the ILS PGP private key see: https://ils-it.pl/1C942A161959BA8953982445563B787DDE59FAC9.asc 2.9. Team Members ILS team members are drawn from the ranks of IT professionals. Further details to be found at https://ils-it.pl 2.10. Other Information • See the ILS webpage https://ils-it.pl 2.11. Points of Customer Contact Regular cases: Use ILS e-mail address. Business hours response only: 0800-1600 local time on Monday-Friday save public holidays in Poland. Emergency cases: Use ILS phonenumber with back-up of mailaddress for all detail (putting EMERGENCY in subject line is recommended). The ILS phonenumber is available at all times. 3. Charter 3.1. Mission Statement The mission of ILS is to co-ordinate the resolution of IT security incidents related to the PGF and to help prevent such incidents from occurring. 3.2. Constituency PGF, with all related employees. 3.3. Sponsorship and/or Affiliation ILS is part of the Pelion S.A. . 3.4. Authority The team coordinates security incidents on behalf of their constituency and has no authority reaching further than that. The team is however expected to make operational recommendations in the course of their work. Such recommendations can include but are not limited to blocking addresses or networks. The implementation of such recommendations is not a responsibility of the team, but solely of those to whom the recommendations were made. 4. Policies 4.1. Types of Incidents and Level of Support All incidents are considered normal priority unless they are labeled EMERGENCY. ILS itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to ILS as EMERGENCY, but it is up to ILS to decide whether or not to uphold that status. 4.2. Co-operation, Interaction and Disclosure of Information ALL incoming information is handled confidentially by ILS, regardless of its priority. Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well. ILS will use the information you provide to help solve security incidents, as all CERTs do. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymised fashion. If you object to this default behavior of ILS please make explicit what ILS can do with the information you provide. ILS will adhere to your policy, but will also point out to you if that means that ILS cannot act on the information provided. Requests or orders by law enforcement will be channeled via the legal department of the Pelion S.A. . ILS will only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that ILS cooperates in an investigation. When a court order is absent, ILS will only provide information on a need-to-know base. ILS does not report incidents to law enforcement, unless national law requires so. 4.3. Communication and Authentication See 2.8 above. Usage of PGP/GnuPG in all cases where highly sensitive information is involved is highly recommended. 5. Services 5.1. Incident Response (Triage, Coordination and Resolution) ILS is responsible for the coordination of security incidents somehow involving their constituency (as defined in 3.2). ILS therefore handles both the triage and coordination aspects. Incident resolution is left to the responsible administrators within the constituency – however ILS will offer support and advice on request. 5.2. Proactive Activities ILS pro-actively advises their constituency in regard to recent vulnerabilities and trends in hacking/cracking. ILS advises their constituency on matters of computer and network security. It can do so proactively in urgent cases, or on request. Both roles are roles of consultancy: ILS is not responsible for implementation. 6. Incident reporting Forms An incident report form is available on http://portal.pgf.com.pl/zgloszenie-incydentu . 7. Disclaimers While every precaution will be taken in the preparation of information, noti_cations and alerts, ILS assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.