Standard Conditions for commissions

Purchase Conditions

Software Conditions

Course Conditions

ISO-certifications: ISO 9001, 14001 and 45001

Deltares is certified according to the ISO 9001 and ISO 14001 standards and has the ARBO (Occupational Health and Safety Management System) certificate 45001.

Chamber of Commerce no. 41146461

VAT no: NL800097476B01


The following profile of Deltares-CSIRT has been established in adherence to RFC-2350.

1. Document Information

1.1 Date of Last: Update This is version 2 of Oktober 10, 2018.

1.2 Distribution List for Notifications: Changes to this document are not distributed by a mailing list. Any specific questions or remarks please address to the Deltares-CSIRT mail address.

1.3 Locations where this Document May Be Found: The current version of this profile is always available on this page.

2. Contact Information

2.1 Name of the Team: Deltares Computer Security Incident Respons Team (CSIRT)

2.2 Address: Deltares-CSIRT, PO Box 177, 2600 MH, Delft, The Netherlands

2.3 Time Zone

  • CET, Central European Time (UTC+1, between last Sunday in October and last Sunday in March)
  • CEST (also CET DST), Central European Summer Time (UTC+2, between last Sunday in March and last Sunday in October)

2.4 Telephone Number: +31 (0)88 335 7666

2.5 Other Telecommunication: None

2.6 Electronic Mail Address:

2.7 Public keys and encryption: not available

2.8 Team Members: A full list of team members of Deltares-CSIRT is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.

2.9 Points of Customer Contact: Please use the Deltares-CSIRT mail address, or telephone +31 (0)88 335 7666. Our regular response hours (local time) are everyday of the week from 08:00 – 17.30. Outside these hours the CSIRT can only be reached by email.

3. Charter

3.1 Mission Statement: The goal of Deltares-CSIRT is to collect information, knowledge and expertise which will help improve understanding of developments, threats, and trends and help Deltares deal with incidents and make decisions in crises.

The main tasks include:

  • Coordination in case of ICT related incidents such as data leakage, computer viruses, hacking and vulnerabilities in applications and hardware;
  • Proactive action to prevent ICT related incidents or to prepare for such incidents and reduce the impact.

3.2 Constituency: Stichting Deltares with all the internal departments and employees.

3.3 Sponsorship and/or Affiliation: Deltares-CSIRT is a part of Deltares, an independent institute for applied research in the field of water and subsurface.

3.4 Authority: Deltares-CSIRT coordinates security incidents on behalf of Deltares and has no authority reaching further than that. Deltares-CSIRT is however expected to make operational recommendations in the course of its work. The implementation of such recommendations is not a responsibility of Deltares-CSIRT however, but solely of those to whom the recommendations were made. Deltares-CSIRT has the authority to block addresses or networks.

3.5 Policies

3.5.1 Types of Incidents and Level of Support. All incidents are considered normal priority unless they are labeled EMERGENCY Deltares-CSIRT itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to Deltares-CSIRT as EMERGENCY, but it is up to Deltares-CSIRT to decide whether or not to uphold that status.

3.5.2 Co-operation, Interaction and Disclosure of Information. ALL incoming information is handled confidentially by Deltares-CSIRT, regardless of its priority. Deltares-CSIRT works closely together with SURFnet SCIRT and MOTIV-SOC.
Information that is evidently very sensitive in nature is only communicated in an encrypted fashion. When reporting an incident of very sensitive nature, please state so explicitly (e.g. by using the label VERY SENSITIVE in the subject field of e-mail) and use encryption as well.

Deltares-CSIRT will use the information you provide to help solve security incidents, as all CSIRTs do or should do. This means explicitly that the information will be distributed further only on a need-to-know base, and in an anonymized fashion.

If you object to this default behaviour of Deltares-CSIRT, please make explicit what Deltares-CSIRT can do with the information you provide. Deltares-CSIRT will adhere to your policy but will also point out to you if that means that Deltares-CSIRT cannot act on the information provided.

Deltares-CSIRT does not report incidents to law enforcement, unless Dutch law requires so – as in the case of first-degree crime. Likewise, Deltares-CSIRT cooperates with law enforcement in the course of an official investigation only, meaning a court order is present, AND in case a Deltares-CSIRT constituent requests that Deltares-CSIRT cooperates in an investigation. In the latter case, when a court order is absent, Deltares-CSIRT will only provide information on a need-to-know base.

3.5.3 Services: Incident response

  • Incident Triage
  • Incident Coordination
  • Incident reporting forms

Share this page.