Quarterly Planning
We have three objectives in publishing our quarterly planning:
- We want to be transparent about the work we are doing
- We want your input on that work and our planning, and we want to document that input, and let you know if and when we can add your suggestions to our planning
- We want an open dialogue with members and community on developments around Information Security, Risk and Compliance
We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.
We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.
Q1 2023 Plans
Last Updated: 21 March 2023
| Item | Activity | Description | Status |
|---|---|---|---|
| 1 | Compliance with ISO/IEC 27000 |
Define our operations within the ISO/IEC 27001 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place. In Q1 2023, we completed the gap analysis against the ISO 27001 standard, which was initiated in Q4 2022. In Q2 2023, we will be focusing on designing our Information Security Management System and drafting our overarching Information Security Policy according to the ISO 27001 standard. The timeline for implementation and certification against the standard is the end of 2024. |
In progress |
| 2 | Vulnerability management framework |
In 2023 we are guiding organisation-wide efforts to streamline our patch management and vulnerability management processes. In Q1 2023, we focused on improving the infrastructure vulnerability detection accuracy and coverage. Additionally, we designed the workflows and tooling for managing the remediation lifecycle of application layer vulnerabilities. |
In progress |
| 3 | Cloud security enhancements |
In Q1 2023, we outlined the core areas where cloud security enhancements are required and engaged with relevant experts. The execution of the outlined security improvements is planned for the rest of 2023. Additionally, in Q1, further cloud configuration checks were implemented to enhance security visibility. |
In progress |
| 4 | Enterprise risk management modernisation |
In Q1 2023, we established an internal Risk & Compliance function. In Q2 2023, we will be updating our Risk Management framework and establishing the relevant internal governance structure. We expect the work for the enterprise risk management modernisation to be executed throughout 2023. |
In progress |
| 5 | Security Awareness Programme |
In Q2 2023, we will be launching our internal security awareness program. The program will encompass security awareness training for new joiners, current staff and people in high-risk roles. |
Planned for Q2 onwards |
|
Items completed in the last quarter |
|||
|
More information can be found on the archived plans page. |
|||
Community Input on Planning
We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.
When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.
| Reference | Input | RIPE NCC Reaction |
|---|---|---|
| IS-2023-#01 | - |
- |
Archived Quarterly Plans
You can find our plans from the previous quarters on this page. The Q2 2023 plans will be archived once we publish the Q3 2023 planning.