Skip to main content

Information Security, Risk and Complience Quarterly Planning

We have three objectives in publishing our quarterly planning:

  1. We want to be transparent about the work we are doing
  2. We want your input on that work and our planning, and we want to document that input and let you know if and when we can add your suggestions to our planning
  3. We want an open dialogue with members and community on developments around Information Security, Risk and Compliance

We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.

We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.

Q4 2025 Plans

Last updated: 23 September 2025

Item 1: Ensure Adherence to Regulatory and Security Industry Standards

In 2024, we completed the ISAE 3000 / SOC2 Type I RPKI audit and received the final assurance report. In Q2 2025, we completed our preparation efforts for the RPKI ISAE 3000 / SOC2 Type II audit and initiated the audit activities. The audit activities are currently ongoing and will be completed in Q4 2025.

In Q4, we are ramping up our efforts to achieve compliance with the ISO 27001 standard. Next to the continuous focus on our business continuity readiness, we will be working on several aspects of the ISO 27001 framework, such as identity and access management, secure software development, security in project management, etc.

In Q2 2025, we launched the RIPE NCC Trust Portal at trust.ripe.net to provide greater transparency into our operations and to help members and stakeholders better understand how we manage our security, compliance, and governance. The portal provides a comprehensive overview of how we protect the confidentiality, integrity, and availability of the services we operate on behalf of our members and the RIPE community. For law enforcement and other competent authorities, the Trust Portal also provides guidance on how to request information from the RIPE NCC, and links to other useful supporting information.

Status: In progress

Item 2: Secure System Security and Resiliency

In Q3, we identified and documented security best practices for container management and container orchestration platforms. In Q4, we will begin operationalising the security best practices for container management, while continuing our efforts to manage the lifecycle of vulnerabilities in existing systems.

Status: In progress

Item 3: Elevate Organisational Risk Resilience

In Q3, we initiated our enterprise risk assessment, which will continue into Q4. During Q4, we also plan to finalise the refinement of our Risk Management framework, while the procurement process for a Governance, Risk, and Compliance tool remains in progress.

Status: In progress

Item 4: Strengthen Detection and Response

We continue enhancing the scope and coverage of our security monitoring capabilities. Furthermore, we will evaluate various approaches to implementing 24/7 security alert monitoring to ensure comprehensive and continuous protection.

Status: In progress

Item 5: Enhance Team Efficiency and Capabilities

In Q3 we initiated specialised training for the Information Security Team, which will continue in Q4 2025. The standardisation of our documentation and processes is an ongoing effort.

Status: In progress

Community Input on Planning

We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. We'll also be monitoring all the other channels where people talk about these services.

When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.

Archived Quarterly Plans

You can find our plans from the previous quarters on this page. The Q4 2025 plans will be archived once we publish the Q1 2026 planning.