1. Document Information 1.1. Date of Last Update Version 1.0, March 30, 2026 1.2. Distribution List for Notifications There is currently no distribution list for notifications regarding changes to this document. 1.3. Location where the document is available The current version of the document is available on the SOC360 website at: https://soc360.io/uploads/RFC2350.txt 2. Contact information 2.1. Team name Full name: SOC360 Abbreviated name: SOC360 2.2. Address SOC360 Sp. z o.o. Al. Jerozolimskie 146C 02-305 Warsaw Poland 2.3. Time zone Poland (Europe/Warsaw): Winter: CET (UTC+1) Summer: CEST (UTC+2) 2.4. Phone number +48 22 162 19 85 2.5. Fax number None. 2.6. Other communication channels None. 2.7. Email address kontakt@soc360.io 2.8. Contact Persons SOC360 Team Leader. Contact via the team’s main email address. 2.9. Additional information None. 2.11. Customer contact points The primary contact point is the email address kontakt@soc360.io. The team operates 24/7/365. 3. Charter 3.1. Mission The mission of SOC360 is to ensure the protection of clients’ information assets by detecting, analyzing, and coordinating responses to incidents that compromise the security of ICT systems. 3.2. Constituency The constituency consists of clients using the Security Operations Center services provided by SOC360 Sp. z o.o. and the company’s own infrastructure. 3.3. Sponsorship and Affiliation SOC360 Sp. z o.o. is part of the 4prime group 3.4. Authorities The team operates within the scope of powers granted by the Management Board of SOC360 Sp. z o.o. and based on the provisions of agreements with clients. SOC360 is authorized to monitor traffic, analyze threats, and take mitigation actions within the agreed scope. 4. Policies 4.1. Types of Incidents and Support Levels SOC360 handles all reported computer security incidents. The level of support depends on the terms of the agreement with the client. 4.2. Cooperation, Interaction, and Disclosure of Information All information provided to SOC360 is treated as confidential. When exchanging information with third parties (other CSIRT teams, law enforcement agencies), the Traffic Light Protocol (TLP) is used. 4.3. Communication and Authorization PGP encryption is required when transmitting sensitive information. Authorization of reports is based on established communication channels and verification of the reporters’ identities. 5. Services 5.1. Incident Response Triage: Classification and assessment of incident severity. Coordination: Management of information flow between involved parties. Incident Handling: Technical analysis, mitigation of impacts, and assistance in restoring systems to operation. 5.2. Proactive Measures Continuous security monitoring (24/7). Vulnerability management. Threat hunting activities. Distribution of advisories on new threats. 6. Incident Reporting Forms Incident reports should be sent to kontakt@soc360.io and include: The reporter’s contact information. A description of the event and the time it occurred. A list of systems/hosts affected by the incident. Logs, screenshots, or malware samples (in the form of secure archives). 7. Disclaimer Although every effort is made to ensure the accuracy of the information provided, SOC360 assumes no liability for the consequences of actions taken by third parties based on such information.