Niestety twoja wersja przeglądarki jest bardzo stara i nie potrafi poprawnie wyświetlić naszej strony.

Chcesz się szybko skontaktować? 801 801 913
Principles of responding to computer security incidents | Netia SOC
Top menu

About the document

This document contains information about the Netia SOC Computer Security Incident Response Team (CSIRT) in a format compliant with RFC 2350.

Last update date

Version: 1.0 of 9 June 2022.

Locations where you can find this document

The current version of the document is published at:


Contact information

Team name

Netia SOC


Netia S.A.
Netia SOC
13 Poleczki St.
02-822 Warsaw

Time zone

Central European Time UTC+1
Central European Summer Time UTC+2 (from the last Sunday in March to the last Sunday in October)


Telephone number

+48 22 352 25 55


Email address

Notifications, incident reports and operational issues should be sent to
Questions regarding the offer, the scope of services provided and business issues should be sent to


Public keys and other encryption information

In order to protect sensitive information, we use PGP encryption.
Key fingerprint: 2777 F603 4CCF 1596 A22A FBFF DE20 21B7 2A76 31D1
The public key is published at

Team members

The Netia SOC team consists of people strongly involved in the idea of promoting awareness in the area of cybersecurity. We constantly monitor activity in the digital space, observe the market of ICT security solutions and technologies, and improve competences.

Other information

Additional information can be found at

Customer Contact Points

The preferred method of contacting Netia SOC is email. We recommend using PGP to ensure integrity and confidentiality.
Standard ticket processing hours are 9:00 am – 5:00 pm Monday through Friday excluding holidays. However, the Netia SOC team works around the clock and in urgent matters it is possible to contact us outside the above indicated hours.



The mission of Netia SOC is to support both entities from the Netia Group and Netia business customers in responding to and handling computer security incidents.
Netia SOC provides cybersecurity services to private customers and public entities.

Area of activity

The area of Netia SOC's activity includes the following Netia Group companies:
  • Netia S.A.
  • TK Telekom Sp. z o.o.
and customers from the private and public sectors, with whom Netia S.A. has concluded an agreement in the field of support in responding to computer security incidents.

Sponsorship and affiliation

Netia SOC operates within Netia S.A.


Netia SOC operates under the auspices and authorization of the management of Netia S.A.
In addition, Netia SOC operates on the basis of agreements with business customers of Netia S.A. and on the terms resulting therefrom.


Incident types and level of support

The default priority for all reported incidents is normal priority. A different classification may apply on the basis of the provisions of agreements. The possible change of priority is decided by the Netia SOC team.

Collaboration, interaction and disclosure of information

All incident handling information is treated as confidential. When reporting incidents and providing confidential information, we recommend using PGP encryption or possibly establishing another secure communication channel with Netia SOC.
Netia SOC declares full support for Information Sharing Traffic Light Protocol (FIRST TLP v1.0, Information sent and marked in accordance with the ISTLP will be processed in an appropriate manner.
The information provided to Netia SOC may be forwarded to interested parties, such as other CSIRTs/CERTs, owners or administrators of the resources affected by the incident, on a “necessary knowledge” basis, exclusion for incident handling (to the extent necessary to identify and mitigate the threat).
Netia SOC does not independently report incidents to law enforcement agencies, unless it results from legal provisions. However, in the case of proceedings conducted by authorized authorities, we may provide information at their request.

Communication and authentication

Netia SOC secures sensitive information in accordance with relevant legal provisions and internal rules.
In particular, we respect the confidentiality flags defined by the authors of the information provided to Netia SOC.
For low-sensitivity information, it is possible to contact Netia SOC via unencrypted email or by phone, but in order to ensure the confidentiality and integrity of the communication, we recommend using PGP/GPG (see section 2.8). All sensitive information that is transmitted should be encrypted.
In order to verify the authenticity of the information received or its source, or to authenticate the contact person, it is possible to use publicly available sources of information such as the WHOIS database, social networking sites or registers. In justified cases, this can be done through a telephone confirmation or a meeting.


Netia offers its customer, among others, Security Operations Center (SOC), services in the as-a-service model, including incident response services. In addition, we provide a number of professional services in the area of cybersecurity. Detailed information can be found at

Incident response

  • analysis of events in SIEM systems
  • analysis and qualification of suspected incidents
  • incident handling
  • vulnerability handling
  • IoC (Indication of Compromise) analysis

Proactive activities

  • support in creating a security development strategy
  • implementation of security solutions
  • maintenance and development of security solutions
  • warnings about new vulnerabilities and threats
  • susceptibility tests
  • building security awareness

Incident reporting forms

Incidents should be reported via email sent to, preferably encrypted with our public PGP key.
When contacting Netia SOC, please provide the following information:
  1. Contact and organizational information — person's name, organization name and address, email address, phone number,
  2. Type and brief summary of the incident/event,
  3. Event/incident source – in which system it was observed, public source and destination IP addresses, etc.,
  4. Affected entities or systems,
  5. Estimated impact, e.g., loss of availability of services),
  6. Additional information and observations that led to the detection of the incident — scan results (if any), log extract showing the problem, etc.
If you forward a suspicious email, please make sure that all headers, content and attachments are included.


Although we take every precaution to prepare information, notifications and warnings, Netia SOC is not responsible for errors or omissions, nor for damages resulting from the use of the information contained therein.

Choose your language ×