We have three objectives in publishing our quarterly planning:
We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.
We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.
Last Updated: 20 December 2023
|Compliance with ISO/IEC 27000
Define our operations within the ISO/IEC 27001 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place.
In Q4 2023, we rolled out our Information Security Management System in the organisation and drafted an Information Security Policy. We progressed further in the documentation and/or updated supporting policies and processes within the project scope.
Throughout 2024, we will continue with the control implementation of the ISO 27001 standard.
|Vulnerability management framework
In 2023, we executed organisation-wide efforts to establish our patch management and vulnerability management processes.
In Q1 2024, we will be rolling out dedicated application and infrastructure vulnerability management processes.
|Cloud security enhancements
In Q4 2023, we updated our cloud security control framework following the service criticality framework release. In Q1 2024, we will continue integrating security detection capabilities from our cloud environment to our central security tools & systems to centralise cloud security monitoring.
|Enterprise risk management modernisation
In 2023, we redesigned our Enterprise Risk Management Framework, following industry standards and executed an organisation-wide risk assessment. In Q1 and Q2 2024, we will be focusing on defining risk treatment plans.
|Planned in 2024
|Security Awareness Programme
In Q2 2023, we designed the yearly cycle of our security awareness program and the training party/learning platform that will be utilised. In Q3, we onboarded the organisation to the security awareness learning platform. In Q4, we are launching interactive training sessions for new staff, high-risk roles, and digital learning for the whole organisation.
|Embed compliance control testing in the organisation
In 2024, we plan to implement a comprehensive compliance control testing and monitoring program to identify and address potential gaps continuously.
|Planned in 2024
Items completed in the last quarter
More information can be found on the archived plans page.
We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.
When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.
|RIPE NCC Reaction
You can find our plans from the previous quarters on this page. The Q1 2024 plans will be archived once we publish the Q2 2024 planning.