Cyber risk management to be incorporated into Safety Management Systems by 1 January 2021
With the implementation and ever growing dependence on digital systems, the maritime industry has become more vulnerable to possible cyber attacks and threats.
The ISM Code, supported by the IMO Resolution MSC.428(98), requires administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.This includes all commercially operated vessels over 500GT.
Companies operating approved safety management systems are required to consider cyber risk management in accordance with the objectives and functional requirements of the ISM Code. In practice this means that the company must risk assess their IT systems – including systems used to operate the vessel – and issue procedures to manage all cyber security risks.
All risk assessments, procedures and training need to be completed by the company no later than the first annual verification of the company’s Document of Compliance after 1st January 2021.
From this date, the shipowner’s guidelines on cyber security will be surveyed as part of the regular ISM verifications of shipowners and vessels.
The Faroese Maritime Authority hereby encourages all Faroese shipowners to make themselves familiar with IMO “Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems” and implement necessary measures in order to meet the requirements.
IMO has issued some overall guidelines “MSC-FAL.1/Circ.3 Guidelines on Maritime Cyber Risk Management” on cyber security and safety management systems. The guidelines provide recommendations on how cyber security can be incorporated into the existing safety management systems (ISM). See guidelines here
For further inquiries, please contact the Faroese Maritime Authority on tel. +298 355600 or by email firstname.lastname@example.org
Faroese Maritime Authority, 25-06-2020