- We take responsibility - Take up complex issues - Ensure high availability - Single point of contact
We have many years of experience with transitions from organizations to Cloud solutions. If you want to know more about this, please contact us.
We have many years of experience with IT security for various companies. If you want to know more about this, please contact us.
Most companies are driven by digitalization pressure rather than a desire to take control of their own Digital Development.
We ensure end-to-end service availability by taking operational responsibility and providing dedicated service management. We guarantee your continuity in business processes;
Read more
Our top-rated consultants have extensive experience and know-how. They are ready to help you maximize the business value of your solution.
Basefarm SIRT is the Basefarm Group’s Security Incident Response Team. Basefarm SIRT is the primary contact point for IT-security within the Basefarm Group. We will also provide IT-security information (warnings, alerts, and advice) as well as proactive security work for the Basefarm Group. The full description of Basefarm SIRT can be found in RFC 2350 format.
Why?
Basefarm Group makes sure that their customers and themselves are as secure as possible before and after an attack occurs. In order to be prepared, a SIRT team has been set up to provide quick response to attacks and make sure we maintain the proactive security level that the Basefarm Group requires.
E-mail
PGP Setup
We will sign official communications with the following key: 636C 337B 32DF F865 CA39 99DE B0E7 3FAC 5269 6A6C You can also use this key to encrypt mail addressed to us
Address
Basefarm SIRT Sveavägen 159 113 46 Stockholm Sweden Phone: +46 73 526 00 46
1. Document Information
This document contains a description of Basefarm SIRT according to RFC 2350. It provides basic information about the Basefarm SIRT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of Last Update
This is version 0.3 as of 2018/03/07.
1.2 Distribution List for Notifications
There is no distribution list for notifications as of 2018/03.
1.3 Locations where this Document May Be Found
The current version of this document can always be found at https://www.basefarm.com/en/collaboration/basefarm-sirt#section2
For validation purposes, a GPG signed ASCII version of this document is located here
The key used for signing is the Basefarm SIRT key as listed under 2.8.
2. Contact Information
2.1 Name of the Team:
Basefarm SIRT.
2.2 Address
Basefarm SIRT Sveavägen 159 113 46 Stockholm Sweden
2.3 Time Zone
We are located in the central European timezone (CET) which is GMT+0100 (+0200 during day-light saving time).
2.4 Telephone Number
+46 73 526 00 46.
2.5 Facsimile Number
None.
2.6 Other Telecommunication:
2.7 Incident Reports
Please send non-encrypted incident reports to abuse@basefarm.com (24/7). Please send encrypted incident reports to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri). Non-incident related mail should be addressed to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri).
2.8 Public Keys and Encryption Information
All official communication by Basefarm SIRT will be signed by the current operations key, which is:
pub rsa4096 2013-02-06 [SCEA] [expires: 2019-01-19] 636C337B32DFF865CA3999DEB0E73FAC52696A6C uid Basefarm SIRT <sirt@basefarm.com> sub rsa4096 2013-02-06 [SEA] [expires: 2019-01-19]
Encrypted communications with Basefarm SIRT should use this operational key. All keys (including the keys of individual team members) can be found https://www.basefarm.com/sirt/pgpkeys.asc
Basefarm SIRT uses a master signing key to sign all keys used for operational purposes. This trust anchor is: pub rsa4096 2013-02-06 [SCEA] [expires: 2019-01-19] 636C337B32DFF865CA3999DEB0E73FAC52696A6C uid Basefarm SIRT <sirt@basefarm.com> sub rsa4096 2013-02-06 [SEA] [expires: 2019-01-19]
and can be found on most key-servers. Please do not use this key for communications with us.
2.9 Team Members
The SIRT team leader is Fredrik Svantes. Other team members, along with their areas of expertise and contact information, are listed at the bottom of this page.
Management, liaison and supervision are provided by Fredrik Svantes, Head of Security Operations.
2.10 Other Information
2.11 Points of Customer Contact
The preferred method for contacting Basefarm SIRT is via e-mail. Please send non-encrypted incident reports to abuse@basefarm.com (24/7). Please send encrypted incident reports to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri). Non-incident related mail should be addressed to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri). If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +46 73 526 00 46. Basefarm SIRT hours of operation are generally restricted to regular business hours.
3. Charter
3.1 Mission Statement
The purpose of Basefarm SIRT is to coordinate security efforts, security proactivity and incident response for IT-security problems in the Basefarm Group.
3.2 Constituency
The constituency is the Basefarm Group (Basefarm AS (Norway), Basefarm AB (Sweden) and Basefarm BV (Netherlands). Pro-active and educational material will be provided for SMEs and the general public as well.
3.3 Sponsorship and/or Affiliation
Basefarm SIRT is an initiative of the Basefarm Group. Funding is provided by the Basefarm Group.
3.4 Authority
Basefarm SIRT’s main purpose in incident handling is to take part handling incident response and being proactive in security work at Basefarm Group.
4. Policies
4.1 Types of Incidents and Level of Support
Basefarm SIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, in our Constituency (see 3.2) and which require cross-organizational coordination. The level of support given by Basefarm SIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and Basefarm SIRT’s resources at the time. Special attention will be given to issues affecting critical infrastructure. Note that no direct support will be given to end users; they are expected to contact Basefarm Support. Basefarm SIRT will support the latter people. Basefarm SIRT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.
4.2 Co-operation, Interaction and Disclosure of Information
Basefarm SIRT will cooperate with other Organizations in the Field of Computer Security. This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless Basefarm SIRT will protect the privacy of their customers, and therefore (under normal circumstances) pass on information in an anonymously manner unless other contractual agreements apply. Basefarm SIRT operates under the restrictions imposed by Swedish, Norwegian, German or Dutch law depending on where the incident occurs. This involves careful handling of personal data as required by the respective country’s Data Protection law, but it is also possible that – according to the law – Basefarm SIRT may be forced to disclose information due to a Court’s order.
4.3 Communication and Authentication
For normal communication not containing sensitive information, Basefarm SIRT will use conventional methods like unencrypted e-mail or fax. For secure communication, PGP-Encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST) or by other methods like call-back, mail-back, or even face-to-face meeting if necessary.
5. Services
5.1 Incident Response
Basefarm SIRT will assist the Basefarm Group in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident Triage
Determining whether an incident is authentic. Assessing and prioritizing the incident.
5.1.2. Incident Coordination
Determine the involved customers. Contact the involved customers to investigate the incident and take the appropriate steps. Facilitate contact to other parties which can help resolve the incident. Send reports to customer teams.
5.1.3. Incident Resolution
Advise customer teams on appropriate actions. Follow up on the progress of the concerned customer teams. Ask for reports. Report back. Basefarm SIRT will also collect statistics about incidents within its constituency.
5.2 Proactive Activities
Basefarm SIRT tries to raise security awareness in its constituency. Publish announcements concerning serious security threats. Observe current trends in technology and distribute relevant knowledge to the constituency. Provide for a for community building and information exchange within the constituency. Data mining early warning systems Vulnerability Scanning Penetration testing Researching new zero-day vulnerabilities and attacks, discovery and disclosure of newly identified vulnerabilities to software and hardware vendors Perform other security-related work.
6. Incident Reporting Forms
If possible, please make use of the Incident Reporting Form.
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications, and alerts, Basefarm SIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
Basefarm SIRT is authorized to address every type of computer security incident that occurs, or threatens to occur, in our Constituency (see 3.2) and which requires cross-organizational coordination.
The level of support given by Basefarm SIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and Basefarm SIRT’s resources at the time. Special attention will be given to issues affecting critical infrastructure.
Note that no direct support will be given to end users; they are expected to contact Basefarm Support. Basefarm SIRT is committed to keeping its customers informed of potential vulnerabilities and, when possible, will inform this community of such vulnerabilities before they are actively exploited.
Basefarm SIRT will cooperate with other Organizations in the Field of Computer Security. This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless, Basefarm SIRT will protect the privacy of their customers and (under normal circumstances) pass on information anonomously, unless other contractual agreements apply.
Depending on where the incident has occured, Basefarm SIRT operates under the restrictions imposed by Norwegian, Swedish, or Dutch law. This involves careful handling of personal data as required by the respective country’s Data Protection laws. However, it is also possible that – according to the law – Basefarm SIRT may be forced to disclose information due to a Court’s order.
For normal communication that does not contain sensitive information, Basefarm SIRT will use conventional methods like unencrypted e-mail or fax. PGP-Encrypted e-mail or telephone will be used for secure communication. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST) or by other methods such as call-back, mail-back, or even face-to-face if necessary.
Fredrik Svantes GPG ID: 6522A8A5
Hans-Petter Fjeld GPG ID: 526BBF7B
Trond Hagen GPG ID: 32C05E77
Fredrik Vogel GPG ID: 29ED1DA6
Abel De Kat Angelino GPG ID: 595C1855
Kim Weckström GPG ID: 8FB47A29
Richard Westhof GPG ID: 0B3B3754
Sebastiaan Wildenboer GPG ID: 667CED64
Raymond Aarseth GPG ID: 2824FBF2
Iryna Yuzhyna GPG ID: 0C704039
Sjir Bagmeijer GPG ID: 8B8B8481
PayEx needed to design, build and run their state of the art Nordic payment solution catering robustness, flexibility and cost efficiency. The platform needed to be PCI DSS compliant as it exchanges, processes and stores huge amounts of card data and financial information. The solution is mission critical and margins and reputation are built over time, by delivering payment services with high quality, competence and value. They needed a secure and stable environment and a partner with solid systems for operations and interaction, as well as an “advisor” regarding technology.
Basefarm designed the platform in close collaboration with PayEx. Since the PCI solution went live in the summer of 2011, it has now passed 300 million transactions with excellent performance, peaking at around 1.3 million transactions per day. PayEx use Basefarm actively and proactively in decision-making regarding the environment and other challenges related to technology.
Speak to one of our specialists to find out how the Basefarm’s Perfectly Balanced Solutions can benefit your business.
www.basefarm.nl | +31 20 4066 466
Let’s get social:
We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visist to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds:
1. What are cookies?
By using the website you consent to that Basefarm stores cookies on your computer. Cookies are small text files that are placed on your computer while you are browsing a website.
1.2 Basefarm’s use of cookies
Basefarm uses cookies to facilitate your use of our website. This includes using the information collected by the cookies to confirm your login and to remember personalised details and to facilitate the availability of the services on the website.
Cookies are also used to collect information on how the website is used. In addition, with our cooperation partners we collect anonymous information of which browsers that visit the website to show relevant advertising (interest based advertising).
1.3 Manage your cookies
Most browsers are set up to automatically accept cookies. By changing your browser’s settings you can choose between accepting cookies, receiving information when a cookie is placed, or blocking cookies. The way to manage cookies may differ between browsers, but normally the menu is reached through tools or alternatives. If you decide to block Basefarm’s cookies, this may limit the functionality of the website.
You can find more information about cookies and how to delete or block cookies on the website www.allaboutcookies.org.
1.4 More detailed information
SESSxxxxxxxxxxxxxxxxxxx
basefarm.com
Google Analytics
Pardot, visitor_id128211, lpv128211
pi.pardot.com
pe99dd216ea3
tr.prospecteye.com
1. Introduction Basefarm is committed to protect and respect your privacy. With this privacy policy Basefarm describes how it ensures that your personal data and other data is processed in accordance with applicable data protection laws and cookie legislation.
2. Data controller Basefarm AS, reg. no. 982 211 743, Nydalen Allé 37a, 0484 Oslo, Norway, is the data controller in relation to personal data being processed on the Norwegian and English versions of the website. Basefarm AB, reg. no. 556638-0639, Sveavägen 159, 113 46 Stockholm, Sweden, is the data controller in relation to personal data being processed on the Swedish version of the website. Basefarm BV reg. no. [•], Beechavenue 106, 1119 PP Schiphol-Rijk, Netherlands, is the data controller in relation to personal data being processed on the Dutch version of the website. The aforementioned Basefarm entities are collectively referred to as “Basefarm” in the following. You will find Basefarm’s contact information under section 10.
3. When does basefarm collect personal data? When you or your employer sets up an account or signs up for Basefarm’s newsletter; When you apply for a job at Basefarm or otherwise send a job application to Basefarm; In the event you turn to Basefarm with inquiries or requests via e-mail or telephone; and If you have accepted the use of cookies, Basefarm may also collect your IP address. For more information about Basefarm’s use of cookies, please see section 12.
4. What data may Basefarm collect? The personal data Basefarm may collect includes information about your name and contact details such as address, telephone number and e-mail address, company and any other information you provide. If you apply for a job at Basefarm, Basefarm will process your CV as well as any other information you attach with your application.
5. How does Basefarm process personal data? The personal data collected by Basefarm is used to manage customer relations, assess potential employees and assist customers and website visitors with any requests or inquiries made on the website. The information may also be used for monitoring and development of Basefarm’s business and website, for example by analyzing statistics of website visitors, and to protect Basefarm’s rights. If you apply for a job, Basefarm only uses your personal data for the purposes for which you provided the information. However, Basefarm may save interesting applications even after the recruitment period is over. Such applications may also be transferred to other entities within the Basefarm group.
6. To whom may Basefarm disclose the information? Basefarm will not sell, lease or otherwise transfer any personal data collected to a third party. Basefarm may however transfer the personal data to other companies within the Basefarm group or to business partners if it is necessary to fulfil its obligations towards you.
Personal data may be disclosed if it is necessary to: a) Comply with applicable law, regulation or similar or to comply with a legal process, request or order from an executive authority; b) Defend Basefarm’s legal interests; or to c) Detect, prevent, or otherwise avoid fraud, security breaches or technical issues.
7. Links to external websites Basefarm’s website may contain links to third-party websites. Basefarm is not responsible for the processing of your personal data on such websites.
8. Amendments If this policy is amended, Basefarm will publish the amended policy at www.basefarm.com with information about when the amendments will enter into force. If Basefarm carry out any significant changes to the policy, Basefarm may choose to inform by e-mail or by publishing a message on the website.
9. The right to information and recifications You have the right to require information about what personal data Basefarm is processing about you and for what purposes. You are also entitled to have any incomplete or inaccurate data rectified, erased or blocked. Please see the contact information in section 10 should you have any questions about how Basefarm processes your personal data.
10. Basefarm’s contact information If you have any questions relating to Basefarm’s processing of personal data, or if you want to invoke your right to access data, please contact relevant Basefarm entity on the address set out below: Norway/Global: Basefarm AS PO Box 4488 Nydalen 0403 Oslo Sweden: Basefarm AB Sveavägen 159 113 46 Stockholm Netherlands: Basefarm BV Beechavenue 106 1119 PP Schiphol-Rijk
11. Security measures Basefarm has taken the organizational and technical security measures required to protect personal data against unauthorized access, modification and deletion.
Keep in touch with us - we’re aware that your inbox is a sacred place, and we’ve, built this page to put you in control.
With your email registration you are accepting that Basefarm is storing your personal data information and is using it to administrate your registration. We would like to send you personal emails with company news, content, invitation to events, webinars, reports, offerings, product and service information. Please check the boxes below what kind of personal information you would like to receive from us.
I am hereby giving consent that Basefarm is sending me emails on following topics:
