You are here: Home > Get Support > Documentation > Quarterly Planning > Information Security, Risk and Compliance

Quarterly Planning

This page details the work we'll do in the Information Security, Risk and Compliance area in the coming quarter, how you can give your input on that work and our reaction to that input.

We have three objectives in publishing our quarterly planning:

  1. We want to be transparent about the work we are doing
  2. We want your input on that work and our planning, and we want to document that input, and let you know if and when we can add your suggestions to our planning
  3. We want an open dialogue with members and community on developments around Information Security, Risk and Compliance

We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.

We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.

Q1 2023 Plans

Last Updated: 3 January 2022

Item Activity Description Status
1 Compliance with ISO/IEC 27000

Define our operations within the ISO/IEC 27001 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place.

In Q1 2023, we are completing the gap analysis against the ISO 27001 standard, which was initiated in Q4 2022. The analysis will provide us with the necessary insights to plan appropriately, from a people, process and technology perspective, the implementation of ISO 27001 throughout 2023 and 2024.

In progress

Work continues from Q4 2022.

2 Vulnerability management framework

In 2023 we are guiding organisation-wide efforts to streamline our patch management and vulnerability management processes. 

In Q1 2023 we will be focusing on drafting the relevant policies and procedures.

Planned for Q1 2023

3 Cloud security enhancements

In Q1 2023, we will be enhancing the design of our cloud security controls for services migrating to the cloud as well as our cloud security monitoring capabilities.

Planned for Q1 2023

 4 Enterprise risk management modernisation

In Q1 2023, we are establishing an internal Risk & Compliance function. One of the first focus areas for the new function will be the modernisation of the risk management methodology in order to assess risk using an agile and collaborative approach. 

We expect the work for the enterprise risk management modernisation to be executed throughout 2023.

Planned for Q1 2023

Items completed in the last quarter

  1. Cooperation with security organisations

More information can be found on the archived plans page.

Community Input on Planning

We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.

When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.

Reference Input RIPE NCC Reaction
IS-2023-#01 -

-

Archived Quarterly Plans

You can find our plans from the previous quarters on this page. The Q1 2023 plans will be archived once we publish the Q2 2023 planning.