Archived Plans
You can find our plans from previous quarters along with requests from the community on this page. In Q1 2023, we separated the work items of Information Technology from the Information Security, Risk and Compliance and added them to this area. We update this page at the end of each quarter.
Q4 2022 Plans and Community Input
Plans | ||
---|---|---|
Item | Activity | Description |
1 | Compliance with ISO/IEC 27000 |
This work item was migrated from the Information Security Quarterly Planning. Define our operations within the ISO/IEC 27000 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place. |
2 | Bug bounty programme |
This work item was migrated from the Information Security Quarterly Planning. To supplement our existing responsible disclosure policy, we have implemented a private bug bounty programme with the vendor Intigriti for our external facing services. Researchers are invited to participate in the RIPE NCC programme and identify security vulnerabilities for our external perimeter and services. The identified vulnerabilities are triaged internally and according to their criticality, a bug bounty is paid out. The work was completed in Q4 2022. |
Community Input | ||
Reference | Input | RIPE NCC Reaction |
IS-2022-#01 | - | - |
Q3 2022 Plans and Community Input
Plans | ||
---|---|---|
Item | Activity | Description |
1 | Compliance with ISO/IEC 27000 |
This work item was migrated from the Information Security Quarterly Planning. Define our operations within the ISO/IEC 27000 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place. |
2 | Bug bounty programme |
This work item was migrated from the Information Security Quarterly Planning. To supplement our existing responsible disclosure policy, we are planning to implement a public bug bounty programme for our external facing services. |
3 | Cooperation with security organisations |
This work item was migrated from the Information Security Quarterly Planning. We are supporting the development of an independent TF-CSIRT and intend to join the Supervisory Board of the new Dutch foundation. This work was completed in Q3 2023. |
Community Input | ||
Reference | Input | RIPE NCC Reaction |
IS-2022-#01 | - | - |
Q2 2022 Plans and Community Input
Plans | ||
---|---|---|
Item | Activity | Description |
1 | Compliance with ISO/IEC 27000 |
This work item was migrated from the Information Security Quarterly Planning. Define our operations within the ISO/IEC 27000 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place. |
Community Input | ||
Reference | Input | RIPE NCC Reaction |
IS-2022-#01 | - | - |