Quarterly Planning
We have three objectives in publishing our quarterly planning:
- We want to be transparent about the work we are doing
- We want your input on that work and our planning, and we want to document that input and let you know if and when we can add your suggestions to our planning
- We want an open dialogue with members and community on developments around Information Security, Risk and Compliance
We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.
We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.
Q4 2024 Plans
Last updated: 27 September 2024
Item 1: Embed compliance frameworks and standards in the organisation
We completed the ISAE 3000 / SOC2 Type I RPKI audit and received the final assurance report. We continue to work on establishing compliance with the ISO 27001 standard.
In Q4 2024, we will continue executing against the control implementation for achieving ISO 27001 compliance as well as start executing on it. We are also ramping up the RPKI ISAE 3000 / SOC2 Type II audit, a continuation of the effort put in during the Type I audit and public proof of our continuous focus on information security, risk, and compliance.
Status: In progress
Item 2: Secure the infrastructure across the organisation
In Q3 2024, we strengthened our vulnerability management procedures with data-driven reporting in order to timely notify relevant parties to start the mitigation activities. In Q4 2024, we will continue to expand our reporting capabilities.
Status: In progress
Item 3: Gain maturity in Risk Management
In 2023, we redesigned our Enterprise Risk Management Framework, following industry standards and executed an organisation-wide risk assessment. Throughout 2024, we are operationalising the framework. We have established a Governance Committee and conducted the first meeting in Q2 2024. The Governance Committee, composed of executive team members and the risk manager, is central to the efforts of risk management, alongside other duties like policy review and approval.
In Q4 2024, we will finalise the risk assessments and treatment plans to address relevant risks. We will continue to conduct risk assessments for all areas of the organisation, updating the risk register, the definitions of enterprise risks and their risk level.
Status: In progress
Item 4: Build a trust portal
In Q4 2024, we will work on building a trust portal website. The portal will focus on creating a secure, user-friendly interface where interested parties can easily access high-level information about the information security posture of the RIPE NCC.
Community Input on Planning
We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. We'll also be monitoring all the other channels where people talk about these services.
When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.
Archived Quarterly Plans
You can find our plans from the previous quarters on this page. The Q3 2024 plans will be archived once we publish the Q4 2024 planning.