IT and Information Security Quarterly Planning
We have three objectives in publishing our quarterly planning:
- We want to be transparent about the work we are doing
- We want your input on that work and our planning, and we want to document that input, and let you know if and when we can add your suggestions to our planning
- We want an open dialogue with members and community on developments around the IT and Information Security areas
We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans.
We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.
Q4 2022 Plans
Last Updated: 26 September 2022
| Item | Activity | Description | Status |
|---|---|---|---|
| 1 | Defining the criticality of RIPE NCC services, part of the cloud strategy framework |
We are in the process of engaging with four Working Groups (Database, DNS, NCC Services and Routing) on the criticality rating for a number of our services. This follows the process described in the Service Criticality Framework which was presented and discussed with the community during RIPE 84. |
In progress Work continues from Q1 2022. |
| 2 | Email infrastructure |
We are upgrading our mailing list software from Mailman 2 to Mailman 3, containerising it in the process. |
In progress Work continues from Q1 2022. |
| 3 | Network Attached Storage (NAS) |
We are revisiting our NAS infrastructure configuration and consulting with our suppliers on the best way forward regarding our storage, backup infrastructure and setup. |
In progress Work continues from Q2 2022. |
| 4 | Compliance with ISO/IEC 27000 |
Define our operations within the ISO/IEC 27000 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place. In Q4 2022, we are executing a gap analysis against the ISO 27001 framework. The analysis will provide us with the necessary insights to plan appropriately, from a people, process and technology perspective, the implementation of ISO 27001 throughout 2023. |
In progress Work continues from Q1 2022. |
| 5 | Bug bounty programme |
To supplement our existing responsible disclosure policy, we have implemented a private bug bounty programme with the vendor Intigriti for our external facing services. In Q4 2022, we will investigate the possibility of switching to a public bounty programme. |
In progress Work continues from Q3 2022. |
| 6 | Cooperation with security organisations |
We are supporting the development of an independent TF-CSIRT. The Managing Director has joined the Supervisory Board of the new Dutch foundation. |
In progress Work continues from Q3 2022. |
Community Input on Planning
We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.
We will be adding your feedback on this page as we progress with our plans.
| Reference | Input | RIPE NCC Reaction |
|---|---|---|
| IT-2022-#01 | - | - |
Archived Quarterly Plans
You can find our plans from the previous quarters on this page. The Q4 2022 plans will be archived once we publish the Q1 2023 planning.