D14FDE60-68E6-4E5C-9123-C224226E51B8 Created with sketchtool.


Cyber security management

Applicability: shipowners, ship operators, ship managers and ship masters.

Customers are reminded that IMO Resolution MSC.428(98) encourages Administrations to ensure that cyber risks are appropriately addressed in safety management systems (SMS) no later than the first annual verification of the customer’s Document of Compliance (DOC) after 1 January 2021.

Many Administrations have already issued their own requirements in this regard.

ISM-audited compliance

Customers should note that compliance with MSC.428(98) will be verified by International Safety Management (ISM) auditors at ship and shore-based ISM audits from 1 January 2021 onwards.

If cyber risks and management have not been addressed within the SMS, this will be recorded in the audit report. The grading of any finding will be dependent on whether or not the first annual verification of the customer’s DOC after 1 January 2021 has taken place.

Port State Control verification

Customers should also be aware that Port State Control officers may seek to verify effective implementation of cyber risk management controls. 

Customers, shipowners and managers need to ensure they have properly assessed the cyber risks to their operations and have implemented necessary procedures to manage such risks before 1 January 2021.