This is the RFC 2350 for the S Group Computer Security Incident Response Team (CSIRT).

S Group is a customer-owned Finnish network of companies in the retail and service sectors, with more than 1,900 outlets in Finland. S Group consists of cooperatives and SOK with its subsidiaries, which engage in Estonia's travel and hospitality business, among other operations.

3.1: Obtaining the Document

Date of the last update:
2023-19-04

Locations where this Document May Be Found:
https://www.s-kanava.fi/rfc-2350/

3.2: Contact Information

Full Name:
SOK Computer Security Incident Response Team
Short Name:
SOK CSIRT

Mailing address:
CSIRT / SOK Kyberturvallisuus
Suomen Osuuskauppojen Keskuskunta
Fleminginkatu 34
P.O. Box 1, 00088 S-RYHMÄ

Timezone:

SOK CSIRT operates in Helsinki, Finland, in the Eastern European Time Zone (EET, UTC+2h).
Finland observes summertime arrangements as indicated in the EU directive 2000/84/EC.

The DST offsets in Finland are applied as follows.

UTC+3h (EEST) summertime between the last Sunday of March and the last Sunday of October
UTC+2h (EET) otherwise.

Telephone Number:

SOK CSIRT Duty Officer has a direct, 24/7 phone number, available by request only.

S Group switchboard: Tel. 010 76 8011 (EUR 0.0835 per call + EUR 0.1209 per minute), Mon–Fri from 8 a.m. to 5 p.m.

SOK CSIRT has access to video and teleconferencing systems.

Facsimile Number:

None available.

Electronic Mail Address:
csirt [AT] sok.fi

Operating Hours:
Emails are monitored Monday to Friday, 8.00 to 17.00

SOK CSIRT Duty Officer has a direct 24/7 phone number, available by request only.

3.3: Charter

3.3.1: Mission Statement

The main areas of responsibility of SOK CSIRT are:
Maintain situational awareness of S Group’s cybersecurity landscape.
Responding to IT security incidents.
Coordinating the response to significant IT security incidents, where required, in the S Group.
Coordinating with NCSC-FI, FIN-CERT, and other external organizations.

3.3.2: Constituency

SOK CSIRT constituency is composed of all the elements of S Group’s information systems: its users, its systems, its applications, and its networks.

3.3.3: Sponsoring Organization / Affiliation

SOK CSIRT is a service within the SOK IT department. We act as the SPOC for matters relating to cybersecurity for the whole S Group.

3.3.4: Authority

CSIRT has the authority to act on all incidents that cause or could cause detriment to the confidentiality, integrity, and availability of S Group's IT assets.

3.4: Policies

SOK CSIRT is authorized to handle all types of cyberattacks targeting S Group.

All incidents are considered normal priority unless they are labeled EMERGENCY.

SOK CSIRT works closely with Finnish institutions & law enforcement agencies. All relevant Finnish Data Protection Laws apply. In the case of criminal action, these will be reported to the appropriate authorities.

3.5: Services

Incident Response
Incident Triage
Incident Co-ordination

3.6: Incident Reporting Forms

Incident reporting forms are not used. External contacts via email.

3.7 Co-operation, Interaction, and Disclosure of Information

SOK CSIRT is committed to open and transparent collaboration with our trusted partners, including the international CERT community, in accordance with S Group policies.

For this reason, all worldwide CERT teams are welcome to contact SOK CSIRT (csirt [at] sok.fi) to establish cooperation agreements, questions, or information-sharing initiatives as appropriate.

3.8: Disclaimers

This document is provided on an "as is" basis and does not imply any guarantee of the service supplied by the SOK CSIRT.