HomeKPN-CERTRFC-2350
Nederlandse versie

RFC-2350

The KPN Computer Emergency Response Team (KPN-CERT) follows the international RFC-2350 standard. This guideline explains how a security team operates. On this page you can read what we do, when to contact us, and how to reach us.

Information about this document

Date of last update

This is version 4.0, published on September 24, 2025.

Distribution List for Notifications

KPN-CERT does not provide a mailing list for notifications and updates.

Here you'll Find the Original Document

This page contains the current version of the RFC-2350 document . Make sure you are using the most recent version.

Contact Information

Team Name

KPN-CERT: The KPN Computer Emergency Response Team.

Address

Koninklijke KPN N.V.Attn: KPN-CERTWitte Kruislaan 47a1217AM Hilversum

Time Zone

KPN-CERT uses Central European Time (CET), including Daylight Saving Time (DST). As such, it is GMT +0100 in the winter and GMT +0200 in the summer.

Telephone Number

KPN-CERT can only be reached by phone for KPN employees.

General contact information of KPN (Dutch)

Email Address

The KPN-CERT can be reached via cert@kpn-cert.nl (primary email address) and info@kpn-cert.nl (for general inquiries only).

In addition to the email addresses listed above, each team member has a personal email address within the @kpn-cert.nl domain. However, for all communication regarding incidents, inquiries, and similar matters, only the above-mentioned email addresses should be used.

General contact information of KPN (Dutch)

Fax Number

None

Other Communication

None

Responsible Disclosure

Responsible disclosure reports can be made via cert@kpn-cert.nl. If applicable, the email can be sent encrypted using our PGP key. For more information and our terms regarding responsible disclosure reports, please consult our responsible disclosure policy.

PGP key

Do you want to send us information about a potential security vulnerability in an encrypted form? Please use our PGP key.

KPN-CERT Team Members

The following people make up KPN-CERT:

Anand GroenewegenPGP Fingerprint: 8893c00818dbb7a1c4144066edcf556579605851

Andre Oosterwijk PGP Fingerprint: f3d882a64413b83e1b33e2caf6ac4a17abf8ee07

Coen de Jong PGP Fingerprint: fbd522c7a1fb95a697cff425dc97e6a992cdc335

Ewoud Smit PGP Fingerprint: 7a50893899745d419cd727c5081d0e53596b9fae

Freek Bax PGP Fingerprint: 61d09f81ceb9e8e1fdece4bb81ce9aa2c526cfa5

Johan Storm PGP Fingerprint: 6df6b32f784b0e94d684f3c7bc12ce9ba96b2bfa

Mandy Mak PGP Fingerprint: 75bb22c54ec52866ea11398db94d22d3e6a3cb33

Peter Habets PGP Fingerprint: 05c9edb2b78d0cacd132797fd55f1a60fd92c261

Raul Mercelina PGP Fingerprint: a06e74febd34687f86b6ef59938a376772f0b740

Roland Vergeer PGP Fingerprint: 47be56aec7445a27afb5b1e7432bc4a9bfced095

Ted Kruijff PGP Fingerprint: 58db9483e778be65a345b9dfb9fbd09fba10dff8

Siep van der WaalPGP Fingerprint: 92caa6f4e46a7dea32305a489e110092876b0df6

Privileges

Mission

KPN-CERT responds to security incidents, enforces mitigation, conducts forensic investigations, collects and analyzes threats, and functions as an advisory body in security-related matters.

Constituency

KPN-CERT is appointed to improve the digital security of KPN and its services.

Sponsorship and/or Affiliation

KPN-CERT is part of and funded by KPN.

Authority

KPN-CERT is part of CISO and reports directly to the KPN Board of Directors. KPN-CERT operates with the authority of CISO.

Policy

Incident Types and Support Level

KPN-CERT is authorized to address all types of security incidents that occur or threaten to occur at KPN.

Collaboration, Communication, and Information Publication

KPN-CERT is a member of various intelligence-sharing communities and works closely with other CERT/CSIRT teams worldwide.

There are legal restrictions and KPN policies on the sharing of information by KPN-CERT. All appropriate measures are taken to respect the confidentiality of team members, KPN systems, and groups of people and organizations. We do not provide personal or technical information about customers in compliance with the law.

Communication and Authentication

Communication takes place through various means, such as phone, email, and in-person. The identity of the communicating party will be verified using the resources available to the CERT.

Services

Incident Response

All reported incidents are triaged by the Security Operations Center, which is staffed 24/7. In an emergency, the Security Operations Center will contact the KPN-CERT on-call service. All reported incidents are assessed based on risk, impact, and priority and are handled accordingly.

Incident Coordination

During the resolution of an incident, various steps can be taken, including:

  • Determining the initial cause of the incident (exploited vulnerability).
  • Facilitating contact with other involved parties.
  • Facilitating contact with government authorities.
  • Notifying other CERT/CSIRT teams.
  • Composing announcements to users.
  • Escalation and/or crisis management.

Incident Resolution

KPN-CERT is the point of contact for coordinating the resolution of security incidents. This includes enforcing mitigation strategies and leading forensic investigations.

Proactive Activities

KPN-CERT proactively gathers risk intelligence and distributes it where necessary, both within and outside the organization.

Disclaimer

KPN-CERT is not able to guarantee the availability and accuracy of all information on this site. Under no circumstances will KPN-CERT be responsible for damage caused by the absence or inaccuracy of information on this site.

More about KPN-CERT