EN FR Home

About the Author

Richard Demongeot — who writes these NTP time-compliance analyses, and why they are grounded in operated infrastructure

Richard Demongeot · Systems & Networks Architect · Pontoise (95), France · Founder of RDEM Systems

Why trust the compliance guides on this site

The time-compliance analyses published here — PCI-DSS Requirement 10.6, ISO 27001 control 8.17, NIS 2, DORA and MiFID II RTS 25 — are not written from the outside. They come from someone who operates traceable, authenticated time infrastructure in production: a GNSS-disciplined Stratum 1 layer, NTS (RFC 8915) for the authenticated channel, on an autonomous network (AS206014).

That matters for a compliance reader, because the hard part of every time-sync requirement is the same: not "is NTP configured?", but can you demonstrate metrological traceability to UTC, prove the divergence, and authenticate the source? Those are operational questions, answered here from operational experience.

Track record in NTP

  • 20+ years in NTP — NTP Pool participant since 2005 (ntppool.org/a/rdem-systems).
  • Traceable time source — GNSS-disciplined Stratum 1 servers, with the GNSS-to-UTC offset documented and removed.
  • Authenticated distribution — public servers supporting NTS (Network Time Security, RFC 8915) with TLS — the control that turns "time received" into "time you can prove came from your reference".
  • Compliance mapping — author of the cross-framework NTP audit checklist covering ISO 27001, NIS 2, PCI-DSS, DORA and MiFID II.

Systems & networks background (mini-CV)

  • 18 years across software development, databases, UNIX/Linux administration, networks and VoIP.
  • Independent consultant since 2007; founded RDEM Systems (SASU) in 2016.
  • Operates AS206014 — an autonomous network with infrastructure in Equinix Paris, based in Pontoise (95).
  • Proxmox VE virtualization, externalised immutable backup (Nimbus Backup) and 24/7 managed services.