Skip to main content

Quarterly Planning

We have three objectives in publishing our quarterly planning:

  1. We want to be transparent about the work we are doing
  2. We want your input on that work and our planning, and we want to document that input and let you know if and when we can add your suggestions to our planning
  3. We want an open dialogue with members and community on developments around Information Security, Risk and Compliance

We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.

We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.

Q2 2024 Plans

Last updated: 22 March 2024

Item 1: Embed compliance frameworks and standards in the organisation

We are working on certifying the RPKI service against a tailored ISAE 3000 / SOC2 Type I framework and establishing compliance with the ISO 27001 standard.

We have completed 90% of the relevant documentation, control implementation and evidence gathering for the first ISAE 3000 / SOC2 Type I certification audit for RPKI. In Q2 2024, the certification audit will be executed by a known international audit firm. In Q1 2024, we progressed further in the required documentation for ISO 27001 and updated/drafted supporting security policies and procedures. Throughout 2024, we will continue with the control implementation of the ISO 27001 standard, following a risk-based approach.

Status: In progress

Item 2: Secure the end to end the deployment process/platform

In Q2 2024, we are further optimising our vulnerability management lifecycle from a tooling and reporting perspective.

Building further on our cloud security control framework, we will continue integrating security detection capabilities from our cloud environment to our central security tools and systems to centralise cloud security monitoring.

Status: In progress

Item 3: Enhance the incident detection and response capability

In Q2 2024, we are expanding our network monitoring capabilities and enhancing our detection capabilities for the identification of potentially compromised RIPE NCC Access accounts.

Status: In progress

Item 4: Gain maturity in Risk Management

In 2023, we redesigned our Enterprise Risk Management Framework, following industry standards and executed an organisation-wide risk assessment. Throughout 2024, we are operationalising the framework.

In Q2 2024, we will finalise the risk treatment plans to address relevant risks for organisational areas in Information Security, Finance, HR, Facilities, Information Technology and RPKI.

Status: In progress

Community Input on Planning

We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. We'll also be monitoring all the other channels where people talk about these services.

When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.

Archived Quarterly Plans

You can find our plans from the previous quarters on this page. The Q2 2024 plans will be archived once we publish the Q3 2024 planning.