The scheme is open to vessels of all sizes and classifications, including yachts, commercial, passenger ships and merchant vessels. It provides an affordable and practical way for operators and owners to improve their cyber security to counter emerging threats and to reduce the likelihood of a cyber-attack disrupting their day-to-day operations. The scheme has been developed in partnership with maritime experts Infosec Partners.
The IASME Maritime Cyber Baseline scheme enables shipping operators and vessel owners to reassure supply chain partners, passengers, flag and port authorities that a vessel has the suitable cyber security controls and processes in place. They can demonstrate compliance through an IASME Maritime Cyber Baseline digital certificate that can be displayed onboard a vessel and in any business communications.
How does the scheme work?
The scheme is focussed on a set of core security controls that have maximum impact on cyber security and give the best return on the effort and investment in their implementation. It has two stages of assurance:
- Verified self-assessment = basic level of assurance
- Audited = higher level of assurance
The controls that must be put in place onboard are the same for both levels of assurance.
The verified self-assessment requires ship owners/operators to answer a series of questions about their vessel using the IASME secure online portal. The owner is required to sign a declaration attesting that the answers to the questions are accurate. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.
The audited stage involves a review of systems, processes and to verify the answers provided in the self-assessment. This level must be completed by all vessels 500 gwt or over to achieve certification.
If the vessel passes the assessment, it is awarded Maritime Cyber Baseline certification. To maintain certification, an annual verified self-assessment must be completed on the first and second anniversary of the audit to demonstrate continued compliance.
Smaller vessels under 500 gwt are required to complete the verified self-assessment stage only to achieve certification. The cost is GBP 750 + VAT.
All vessels of 500 gwt or over are required to complete both the verified self-assessment stage and the audited stage to achieve certification. The cost is GBP 1950 +VAT.
Chris Boyd, chief executive of The Royal Institution of Naval Architects, said: “The Royal Institution of Naval Architects are delighted to be supporting IASME’s new maritime cyber security scheme and recognise it as an effective way for operators and owners to improve the security of their vessels. The maritime sector is a vital part of the global economy; RINA and its members play a key part in ensuring the vessels are secure throughout their lifecycle. We encourage all those involved in the sector to look at IASME Maritime Cyber Baseline as a practical way to reduce the disruptive impact of cyber-attacks.”
Dr Emma Philpott MBE, CEO of IASME said: “We are really excited to be tackling the difficult issue of cyber security within shipping with our new Maritime Cyber Baseline scheme. IASME has revolutionised the approach to cyber security within businesses through our IASME Governance certification and most recently has worked with the Civil Aviation Authority to deliver their cyber security audit scheme for the aviation sector. We look forward to getting directly involved with shipping operators and owners to improve their security and get them certified to the new scheme.”