Skip to main content

Information Security, Risk and Compliance Quarterly Planning

We have three objectives in publishing our quarterly planning:

  1. We want to be transparent about the work we are doing
  2. We want your input on that work and our planning, and we want to document that input and let you know if and when we can add your suggestions to our planning
  3. We want an open dialogue with members and community on developments around Information Security, Risk and Compliance

We launched this initiative in Q2 2022, and we are open to improving what we publish here and how we do that. So let us know if there are ways we can better present our plans. In Q1 2023, we separated the work items of Information Security, Risk and Compliance from the Information Technology and added them to this area.

We will update this page as our activities progress and continue to share updates on RIPE Labs, on the RIPE NCC Membership Discussion and RIPE NCC Services Working Group (WG) mailing lists, and at RIPE Meetings and other events.

Q1 2026 Plans

Last updated: 16 December 2025

Item 1: Ensure Adherence to Regulatory and Security Industry Standards

In 2025, we completed the ISAE 3000 / SOC2 Type II RPKI audit and received the final assurance report. In Q1 2026, we will focus on improvements identified during the audit and start the annual control testing for the SOC 2 control framework.

We are continuing with the ongoing initiatives to achieve compliance with the ISO 27001 standard. In Q1 2026, we will kick off the internal audit to assess readiness against the ISO 27001 standard and streamline the implementation of any additional improvements potentially required.

Status: In progress

Item 2: Secure System Security and Resiliency

In Q1/Q2 2026, we will further mature our Vulnerability Management procedures, from identification to reporting. Additionally, we will focus on securing the container lifecycle across teams.

Status: In progress

Item 3: Strengthen Detection and Response

In 2025 we renewed our approach to network security monitoring. In Q1/Q2 2026, we will expand the coverage of network detection and response capabilities.

In 2025, we also designed an operating model to implement 24/7 security alert monitoring. In Q1/Q2 2026, we will initiate the onboarding of managed security services in that area.

Status: In progress

Item 4: Elevate Organisational Risk Resilience

In Q1 2026, we will put into practice the newly refined Risk Management framework. We will also initiate the onboarding of the preferred Governance, Risk & Compliance platform.

Status: In progress

Community Input on Planning

We want the community to contribute to our plans and suggest additional work items. Please share your comments with us or post them on the RIPE NCC Membership Discussion and RIPE NCC Services WG mailing lists. We'll also be monitoring all the other channels where people talk about these services.

When we receive feedback that can significantly impact our planning or that needs a further response, we will add it to the table below.

Archived Quarterly Plans

You can find our plans from the previous quarters on this page. The Q4 2025 plans will be archived once we publish the Q1 2026 planning.