Maritime Cyber Baseline
IMO MSC.428(98) Compliance
The scheme aims to put vessel owners and operators on the path to compliance in accordance with the IMO Maritime Cyber Risk Management guidelines.
IASME is famous for helping organisations meet compliance requirements and the Maritime Cyber Baseline is no exception – the scheme is affordable and accessible for all sizes of operators.
The Maritime Cyber Baseline Certification Scheme has been designed to assist vessel operators and owners to improve their cyber security, prepare for attacks and to ensure that cyber security plans meet the IMO Maritime Cyber Risk Management Guidelines.
The scheme is operated by IASME and delivered by certified maritime security experts who can provide guidance and support to vessel owners and operators to improve the security of their vessels through implementing good cyber security controls.
Certification is available to vessels of all sizes. Smaller vessels under 500 gwt complete the assessment solely using the online portal. Larger vessels 500gwt and over are audited by an assessor either in-person or via a remote video link to verify that all the required security controls have been put into place. Certification is renewed annually, with the in-person assessment taking place every three years. This provides a balance between the cost of the assessment and the level of assurance provided, ensuring that the scheme remains affordable and accessible to all vessel owners and operators.
Maritime Cyber Security
Maritime cyber security risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
New technology, automation and digitisation means that vessels are more connected than ever, bringing a higher risk of cyber attacks. In fact over the past 3 years cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900%, and with an increase in smart technology within the sector, this trend will only continue.
Therefore securing OT and the complex networks and connected environments is critical for cyber resilience. However, a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey reported that despite the majority of respondents viewing cyber-attacks as a high/medium risk, few appeared to be prepared for attacks.
The Maritime Cyber Baseline Certification Scheme is designed to assist vessel operators and owners to continually improve their cyber security to counter emerging threats and remain cyber resilient. It provides a process of identifying, analysing, assessing cyber-related risks and mitigating them to an acceptable level.
The scheme is accessible to owners and operators of vessels of all sizes across the globe, including:
- Passenger vessels
- Cargo vessels
- Specialised craft
MEETING THE BASELINE
To achieve certification for a vessel, applicants follow a practical pathway:
Answer a series of easy-to-understand questions and complete the verified self-assessment using the IASME online platform.
An IASME assessor undertakes a review of your systems, processes and collates evidence to verify the answers provided in stage 1. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.
Once your self-assessment has been verified, you will be officially awarded vessel certification for 3 years.
In order to maintain certification, the vessel owner/operator must complete and pass an annual verified self-assessment on the first and second anniversary of the audit to demonstrate their continued compliance.
- Provides reassurance for your business, your crew, passengers, customers and other operators that your vessel has the correct security controls and processes in place.
- Aligns with the IMO Maritime Cyber Risk Management guidelines and makes evident your true commitment to best security practices.
- Indicates that you have a baseline level of cyber assurance.
- Provides the ability to demonstrate your compliance by displaying a Maritime Cyber Baseline certificate on your vessel and on any business communications.