IACS Guidelines for Cyber Risk Management

Dear Customers,

 

Thank you very much for your continuous support.

 

A guideline document about Cyber Risk Management has been released by IACS.

 

This document provides a detailed description of the policies for security risks in the SMS manuals that each shipping company has.

 

For the full document text, please refer to the following URL.

 

 

The following three points are particularly important regarding it.

 

1) As well as external attacks, so-called cyber-attacks, the system down risk due to equipment failure, age deterioration, or human error is specified.

 

2) Not only important equipment defined by ISM code, but also business PCs, Crew Internet, and mail systems, etc. are mentioned.

 

3) So-called information security like leakage, loss or falsification of information is also mentioned.

 

With regard to responses to cyber security, certainly in the beginning, many mentions were limited to "external cyber-attacks" only.

 

However, IACS has now clearly stated that external attacks are not the only risk.

 

In addition, there have been more and more cases that above mentioned contents are pointed out in PSC and various audit situations.

 

Please confirm whether your cyber security manual has prepared contains the above information.

 

ORCA provides the support required for each company's ship IT management.

If you have such concerns like the above, please kindly consult with us in advance.

 

Thanks & best regards.