IMO under the ISM code has included a resolution addressing cyber risk as of the 1st of January. Does this affect us and what do I need to do?
As of next January any commercial operated vessel of over 500GT is supposed to comply with the code. In some cases it may also include yachts under 500GT that are operating a mini-ISM system. The actual implication depends on the guidance given by the various Flag States.
An AV & IT Technology blog by Teletechnics. Every week we cover topics concerning Technology in the Superyacht & Luxury home domain. Looking at subjects such as High end Audio & Video equipment, IPTV & Satellite TV, Streaming services and the IT support services like onboard WiFi, internet connection via VSAT, cellular and other IoT developments. We give you the insider info on Smart Hospitality services and tips and tricks to maintain systems in their prime state. Subscribe below for updates!
What does this mean? The management of the vessel are “required to take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code”. well, in laymans term one has to
- Make a risk assessment of the vessels IT system including any systems used to operate the vessel.
- Create procedures to manage all cyber security risks.
- Train any personnel involved in the operation of the vessel on the cause and effects, and the created procedures.
It includes also any shoreside infrastructure that the operation of the vessel has, from management companies to suppliers, customers, port operations, agents, regulators, etc.
What systems need to be covered again?
Well it includes (and it includes a but…) it is not limited to:
- Bridge Systems
- Cargo handling and management systems
- Propulsion and machinery management and power control systems
- Access control systems
- Passenger servicing and management systems
- Passenger facing public networks
- Administrative and crew welfare systems
- Communication systems
And finally who/when will this be checked? Expect the Flag State auditors will include this at the companies DOC audit in 2021 and there is an expectation from IMO that the Port State Control will ask for evidence of compliance.
The IMO has created this webpage to give more information.
This article was written by Tim Gorter, Virtual AVIT ETO, www.teletechnics.com. I provide support and training to crew assigned to look after their AV & IT system onboard. Making sure you understand how it works, and that you get the best out of it. Call for an AV & IT health check, more on teletechnics.com