-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 RFC 2350 1. About this document This document describes the incident response coordination service from the EDP Ð Energias de Portugal, S.A. group and all its subsidiaries, according to the RFC2350. 1.1 Date of Last Update This is version 1.1 published 2021/04/12. 1.2 Distribution List for Notifications There is no existing distribution channel for notifications of updates. 1.3 Locations where this Document May Be Found This document is not publicly available 1.4 Authenticating this Document This document is signed with CSIRT EDP PGP key. 2.Contact Information 2.1 Name of the Team CSIRT EDP 2.2 Address CSIRT EDP Ð Energias de Portugal, S.A. Rua Camilo Castelo Branco, 45 Ð 5¼ 1069-227 Lisboa Portugal 2.3 Time Zone Portugal/WEST (GMT+0, GMT+1 in Summertime) 2.4 Telephone Number +351 210 021 187 (24h) 2.5 Facsimile Number Not available 2.6 Other Telecommunication Nonexistent 2.7 Electronic Mail Address csirt@edp.pt 2.8 Public Keys and Other Encryption Information PGP Key ID: 72BC9DC1 PGP Fingerprint: E13C C436 5D44 F6CC 70E2 2D37 184D 5118 72BC 9DC1 The PGP Key may be retrieved in: hkps://pgp.mit.edu 2.9 Team Members This information is classified 2.10 Other Information General information about CSIRT EDP can be found at https://edp.com. 2.11 Points of Customer Contact CSIRT EDP can be contacted by the means specified on section 2.2 and 2.4 to 2.7. 3. Charter 3.1 Mission Statement To protect Information Security in the EDP Group, considering all stakeholders, while also cooperating towards an increasing cybersecurity resilience in the geographies where the EDP Group is present, through its role as an Essential Service operator. 3.2 Constituency CSIRT EDP manages security incident response concerning employee and client information processed or archived in its IT infrastructure or on external stakeholdersÕ IT systems, in this case subject to contractual clauses in place. External networks within AS201523. 3.3 Sponsorship and/or Affiliation CSIRT EDP is part of EDPÕs Security Operations Center, an organizational unit of EDP Ð Energias de Portugal, S.A. 3.4 Authority CSIRT EDPÕs attributions are defined by the CISO of EDP Ð Energias de Portugal, S.A. 4. Policies 4.1 Types of Incidents and Level of Support CSIRT EDP handles every type of Information Security Incident 4.2 Co-operation, Interaction and Disclosure of Information The privacy and data protection policies of CSIRT EDP ensure that sensitive data is only shared with third parties on a need-to-know basis. 4.3 Communication and Authentication Information might be shared through telephone and clear text email with appropriate precautions. CSIRT EDP recognizes and adopts TLP (Traffic Light Protocol) for sharing and dissemination of information. 5. Services 5.1 Incident Response Coordination To the whole Constituency. 5.2 On-Site Support To the whole Constituency. 5.3 CSIRT Capability Building CSIRT EDP promotes Information Security awareness for EDP employees and external suppliers that have access to EDPÕs systems or information. This is done through: 1) Training sessions, both using e-learning and physical Cyber Range sessions; 2) Participation in internal and external cybersecurity exercises. 5.4 Security Alerts To the whole Constituency. 6. Disclaimers Although all precautions are taken in the preparation of information, CSIRT EDP does not take any responsibility for errors, omissions, or damage resulting from the use of this information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE4TzENl1E9sxw4i03GE1RGHK8ncEFAmB0Gf0ACgkQGE1RGHK8 ncEHjQgAkr2oE10Eqe2pR3pcdk0jfBsny468/2HFP77MU68swq5NXlJ1VgbyfCIB fvDQr3o1dVRDZF2QW9YBonOJFEecoVZnB+woPzJImtGvQS6+2qzYRciz2/mE3xIQ BT7CVF8m1W30YKnb6gUkaWSukks0lqAyJWx7C1wPWPD6d8ZaWqJn6FCORmR4g4PG 0L8gffkRdF2qlgRBXys77IGrz8RiEt03hfmcWFnd3X9I33zNc83+7uaRZTlx454S eQTQZ2U5jiABdf62EjoYvlad7lc5wEPd5hEhTNXu8UL9TKHLpigLF/inuax4gDpf q+TME8IJ8w3a6wpmSSJANOzcXCeTtg== =6OjE -----END PGP SIGNATURE-----