Skip to main content

Quarterly Planning

We have three objectives in publishing our quarterly planning:

  1. We want to be transparent about the work we are doing
  2. We want your input on that work and our planning, and we want to document that input, and let you know if and when we can add your suggestions to our planning
  3. We want an open dialogue with members and community on developments around Information Security, Risk and Compliance

We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.

We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.

Q1 2024 Plans

Last Updated: 20 December 2023

Item Activity Description Status
1 Compliance with ISO/IEC 27000

Define our operations within the ISO/IEC 27001 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place.

In Q4 2023, we rolled out our Information Security Management System in the organisation and drafted an Information Security Policy. We progressed further in the documentation and/or updated supporting policies and processes within the project scope.

Throughout 2024, we will continue with the control implementation of the ISO 27001 standard.

In progress

2 Vulnerability management framework

In 2023, we executed organisation-wide efforts to establish our patch management and vulnerability management processes.

In Q3 2023, we finalised our Vulnerability and Patch Management policy and in Q4 we drafted vulnerability management processes. We also updated our Responsible Disclosure Policy and transitioned our private bug bounty program to the public.

In Q1 2024, we will be rolling out dedicated application and infrastructure vulnerability management processes.

In progress

3 Cloud security enhancements

In Q4 2023, we updated our cloud security control framework following the service criticality framework release. In Q1 2024, we will continue integrating security detection capabilities from our cloud environment to our central security tools & systems to centralise cloud security monitoring.

In progress

 4 Enterprise risk management modernisation

In 2023, we redesigned our Enterprise Risk Management Framework, following industry standards and executed an organisation-wide risk assessment. In Q1 and Q2 2024, we will be focusing on defining risk treatment plans.

Planned in 2024
5 Security Awareness Programme

In Q2 2023, we designed the yearly cycle of our security awareness program and the training party/learning platform that will be utilised. In Q3, we onboarded the organisation to the security awareness learning platform. In Q4, we are launching interactive training sessions for new staff, high-risk roles, and digital learning for the whole organisation.

In progress
6 Embed compliance control testing in the organisation

In 2024, we plan to implement a comprehensive compliance control testing and monitoring program to identify and address potential gaps continuously.

Planned in 2024

Items completed in the last quarter

More information can be found on the archived plans page.

Community Input on Planning

We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.

When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.

Reference Input RIPE NCC Reaction
IS-2024-#01 -

-

Archived Quarterly Plans

You can find our plans from the previous quarters on this page. The Q1 2024 plans will be archived once we publish the Q2 2024 planning.