IT and Information Security Quarterly Planning
We have three objectives in publishing our quarterly planning:
- We want to be transparent about the work we are doing
- We want your input on that work and our planning, and we want to document that input, and let you know if and when we can add your suggestions to our planning
- We want an open dialogue with members and community on developments around the IT and Information Security areas
We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans.
We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.
Q3 2022 Plans
Last Updated: 24 June 2022
| Item | Activity | Description | Status |
|---|---|---|---|
| 1 | Defining the criticality of RIPE NCC services, part of the cloud strategy framework |
We are in the process of engaging with four Working Groups (Database, DNS, NCC Services and Routing) on the criticality rating for a number of our services. This follows the process described in the Service Criticality Framework which was presented and discussed with the community during RIPE 84. |
In progress Work continues from Q1 2022. |
| 2 | Email infrastructure |
We are upgrading our mailing list software from Mailman 2 to Mailman 3, containerising it in the process. |
In progress Work continues from Q1 2022. |
| 3 | Network Attached Storage (NAS) |
We are revisiting our NAS infrastructure configuration and consulting with our suppliers on the best way forward regarding our storage, backup infrastructure and setup. |
In progress Work continues from Q2 2022. |
| 4 | Compliance with ISO/IEC 27000 |
Define our operations within the ISO/IEC 27000 framework and ensure that we are at the level of ISO 27001 certification, with the Plan/Do/Check/Act cycle fully in place. |
In progress Work continues from Q1 2022. |
| 5 | Bug bounty programme |
To supplement our existing responsible disclosure policy, we are planning to implement a public bug bounty programme for our external facing services. |
In progress |
| 6 | Cooperation with security organisations |
We are supporting the development of an independent TF-CSIRT and intend on joining the Supervisory Board of the new Dutch foundation. |
In progress |
Community Input on Planning
We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. And we'll be monitoring all the other channels where people talk about these services.
We will be adding your feedback on this page as we progress with our plans.
| Reference | Input | RIPE NCC Reaction |
|---|---|---|
| IT-2022-#01 | - | - |
Archived Quarterly Plans
The Q3 2022 plans will be archived once we publish the Q4 2022 planning.