This document contains a description of ARCOTEL’s Incident Response Center, hereinafter referred to as “EcuCERT,” in accordance with RFC 2350 (Request for Comments developed by the IETF: Internet Engineering Task Force community, commonly used as reference standards in the industry).

At the same time, it provides basic information about EcuCERT, the ways to contact it, its constituency, and the services offered.

1.1 Date of Last Update: This is the latest version 1.2, dated May 21, 2026.

1.2 Distribution Lists: There is no distribution channel to notify changes to this document. Changes are announced at http://www.ecucert.gob.ec/rfc2350es

1.3 Document Location: The latest version of this document is published at:
Spanish: http://www.ecucert.gob.ec/rfc2350es

2.1 Team Name: “ECUCERT”, ARCOTEL’s Incident Response Center.

2.2 Address
EcuCERT
9 de octubre N27-75 y Berlín
170518
Distrito Metropolitano de San Francisco de Quito
Quito – Ecuador

2.3 Time Zone: GMT / UTC -5 hours

2.4 Phone Number: Published on the web portal https://www.ecucert.gob.ec.

2.5 Fax Number: None.

2.6 Other Communications: The preferred method of communication is via email, telephone, videoconference, and other telecommunications options that can be coordinated upon request.

2.7 Email Addresses:
Incident-related information exchange: incidente@ecucert.gob.ec
General inquiries: incidente@ecucert.gob.ec
Other contact email addresses are published at http://www.ecucert.gob.ec/contacto

2.8 Public Keys and Information Encryption: Contact emails and associated PGP keys are published at http://www.ecucert.gob.ec

2.9 Team Members: The names and information of the members comprising ECUCERT are not publicly disclosed. In the event that a report is made, staff will identify themselves by their full name through formal communication.

2.10 More Information: General information about the services provided by ECUCERT is published on the web portal http://www.ecucert.gob.ec

2.11 Office Hours: The Center is available during the following hours:
Service provision during office hours (08:15 to 17:00 hours).

2.12 Points of Contact for the Community: Communication between the ECUCERT team and the general community is conducted through the following means:

3.1 Mission: ECUCERT is the Computer Incident Response Center of the Telecommunications Regulation and Control Agency, created in July 2014 through resolution ST-2014-0247. Its purpose is to «Provide its Constituency with support in the prevention and resolution of computer security incidents, through coordination, training, and technical support.»
By using this tool, the objective is to: «Massify the use of the internet, information technologies, and telecommunications systems through national and international coordination of actions aimed at achieving safer uses that meet the confidence of the community that utilizes them.»

3.2 Constituency:
EcuCERT’s Constituency comprises: The Telecommunications Regulation and Control Agency, telecommunications service providers, and, upon prior authorization from the highest authority, public and private sector institutions that request its services.

3.3 Sponsorship, Affiliation, and Authority: ECUCERT is part of ARCOTEL.

4.1 Types of Incidents and Level of Support: ECUCERT offers cybersecurity status information to its Constituency to reduce technical vulnerabilities (hardware and software) as well as human and organizational ones.

4.2 Cooperation, Interaction, and Disclosure of Information: Information handled by ECUCERT is treated with absolute confidentiality in accordance with information security policies and procedures. It will only be distributed to other teams and members on a need-to-know basis and preferably anonymously.
ECUCERT will cooperate with other organizations in the field of security. This cooperation also includes and often requires the exchange of information regarding security incidents and vulnerabilities.

ECUCERT uses the TLP (Traffic Light Protocol) for information exchange.

4.3 Communication and Authentication: The available means for communication with ECUCERT are:

Incident notification can be performed via:

The ECUCERT Team is not responsible for any misuse of the information contained herein.