Organisational Security

We limit access to data strictly to personnel who require it to perform their job responsibilities. Controls are implemented to ensure access is promptly revoked when roles change or employment is terminated. Policies and procedures are in place to request, review, provision, and de-provision access to business applications.

We utilise Single Sign On (SSO) technology to simplify and secure the authentication process for internal business applications and to reduce the attack surface associated with multiple passwords and login credentials.

We have established processes for tracking, managing, and maintaining assets throughout their lifecycle, from acquisition to disposal.

We require all of our employees to agree to a code of conduct. Employees who violate the code of conduct are subject to disciplinary actions in accordance with a disciplinary policy.

We perform background checks on all new employees. Employment is contingent on having a clean background. These checks also verify secondary education and documents from government or law enforcement agencies in countries the candidate previously lived in.

We maintain an Incident Response Plan with an established approach for identifying and managing incidents. The plan includes detailed procedures for preparation, severity-based triage, escalation protocols, communication timelines, and defined roles and responsibilities throughout the incident lifecycle. The plan is reviewed and formally approved by security leadership on an annual basis.

All of our employees receive comprehensive security awareness training during their onboarding phase and at least annually thereafter. The topics of the training include data protection, phishing prevention, secure password management, and compliance with company security policies to mitigate cybersecurity risks, among others.

We perform security monitoring with the support of a Security Information and Event Management (SIEM) system to maintain visibility across the RIPE NCC ecosystem. The SIEM ingests and analyses logs and events from various sources, allowing our Security Team to detect and respond to suspicious activity.