Maritime Cyber Security

In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The resolution stated that an approved SMS should consider cyber risk management in accordance with the objectives and functional requirements of the (International Safety Management) ISM Code. 

It further encourages administrations to ensure that cyber risks are appropriately addressed in SMS no later than the first annual verification of the company’s Document of Compliance (DoC) after 1 January 2021. We help companies at all levels of Cyber Security readiness in line with MSC.429 (98) and fully support with DOC audit and approval from Classification Society . Please reach out at

IMO Guidelines 

As per IMO guidelines, effective cyber risk management should start at the senior management level. Senior management should embed a culture of cyber risk management into all levels and departments of an organisation and ensure a holistic and flexible cyber risk governance regime, which is in continuous operation and constantly evaluated through effective feedback mechanisms.

                                                                        Figure : Above is BIMCO guide on Cyber risk management approach.

US National Institute of Standards and Technology (NIST) 

In addition to the IMO resolution, the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework Version 1.1 is also used as reference. The NIST Cybersecurity Framework assists companies with their approach to risk assessments by helping them understand an effective approach to manage potential cyber risks both internally and externally. 

As a result of applying the Framework, a “profile” is developed, which can help to identify and prioritise actions for reducing cyber risks. The profile can also be used as a tool for aligning policy, business and technological decisions to manage the risks.  

 International Association of Classification Societies (IACS) 

The International Association for Classification Societies (IACS) has issued a “Recommendation on Cyber Resilience (No. 166)”. This recommendation consolidates IACS’ previous 12 recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems, which provide control, alarm, monitoring, safety or internal communication functions that are subject to the requirements of a classification society. 

Our fully managed cyber security solution comes with owners dashboard as shown above. The dash board captures all cyber security related KPIs and ensures compliance at all times. Our team of Cyber Security experts will carry out annual and biannual soft and hard audit to ensure a full test of readiness against any external cyber attack. 

Close Menu