You are here: Home > Get Support > Documentation > Quarterly Planning > IT and Information Security

IT and Information Security Quarterly Planning

This page details the work we will do on the IT and Information Security areas in the coming quarter, how you can give your input on that work and our reaction to that input.

We have three objectives in publishing our quarterly planning:

  1. We want to be transparent about the work we are doing
  2. We want your input on that work and our planning, and we want to document that input, and let you know if and when we can add your suggestions to our planning
  3. We want an open dialogue with members and community on developments around the IT and Information Security areas

We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans.

We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.

Q3 2022 Plans

Last Updated: 24 June 2022

Item Activity Description Status
1 Defining the criticality of RIPE NCC services, part of the cloud strategy framework

We are in the process of engaging with four Working Groups (Database, DNS, NCC Services and Routing) on the criticality rating for a number of our services. This follows the process described in the Service Criticality Framework which was presented and discussed with the community during RIPE 84.

In progress

Work continues from Q1 2022.

2 Email infrastructure

We are upgrading our mailing list software from Mailman 2 to Mailman 3, containerising it in the process.

The work is expected to be finished at the end of Q3.

In progress

Work continues from Q1 2022.

3 Network Attached Storage (NAS)

We are revisiting our NAS infrastructure configuration and consulting with our suppliers on the best way forward regarding our storage, backup infrastructure and setup.

The work is expected to be finished in 2023-2024.

In progress

Work continues from Q2 2022.

4 Compliance with ISO/IEC 27000

Define our operations within the ISO/IEC 27000 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place.

The work is expected to be completed in 2023-2024.

In progress

Work continues from Q1 2022.

5 Bug bounty programme

To supplement our existing responsible disclosure policy, we are planning to implement a public bug bounty programme for our external facing services.

In progress

6 Cooperation with security organisations

We are supporting the development of an independent TF-CSIRT and intend on joining the Supervisory Board of the new Dutch foundation.

In progress

Community Input on Planning

We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.

We will be adding your feedback on this page as we progress with our plans.

 

Reference Input RIPE NCC Reaction
 IT-2022-#01 - -

Archived Quarterly Plans

The Q3 2022 plans will be archived once we publish the Q4 2022 planning.