maritime cyber baseline logo

The Maritime Cyber Baseline scheme provides an affordable and practical way for shipping operators and vessel owners to improve their cyber security to reduce the likelihood of a cyber-attack disrupting their day-to-day operations. The scheme is supported by RINA, the Royal Institution of Naval Architects and enables a path to compliance with the IMO Maritime Cyber Risk Management guidelines. The scheme is open to vessels of all sizes and classifications, including yachts, commercial, passenger ships and merchant vessels.

RINA

“The Royal Institution of Naval Architects are delighted to be supporting IASME’s new maritime cyber security scheme… We encourage all those involved in the sector to look at IASME Maritime Cyber Baseline as a practical way to reduce the disruptive impact of cyber-attacks.”

Chris Boyd, Chief Executive of The Royal Institution of Naval Architects.

Maritime Cyber Baseline certification will

Reassure your supply chain partners, passengers, flag and port authorities that a vessel has the suitable cyber security controls and processes in place.

Demonstrate your commitment to best-practice security for sea faring vessels as you take steps to align with the IMO Maritime Cyber Risk Management guidelines.

Allow you to demonstrate your compliance through a Maritime Cyber Baseline digital certificate that can be displayed on your vessel and business communications.

How does the scheme work?

The scheme has been developed with maritime experts Infosec Partners and is designed with two stages of assurance:

  • Verified self-assessment = basic level of assurance
  • Audited = higher level of assurance

The controls that must be put in place onboard a vessel and the requirements to be met are the same for both levels of assurance. But the depth of testing, and therefore the level of assurance provided by certification, is higher for the audited level.

Verified Self-Assessment

The verified self-assessment requires ship owners/operators to answer a series of questions about their vessel using the IASME secure online portal. The owner is required to sign a declaration attesting that the answers to the questions are accurate and the answers to the questions are marked by an IASME Maritime Cyber assessor. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.

Smaller vessels under 500 GRT are required to complete the verified self-assessment stage only to achieve certification. The cost is £750 +VAT.

Audited

The audited stage involves an assessor operating on behalf of one of IASME’s Certification Bodies visiting your vessel to review systems, processes and to verify the answers provided in the self-assessment. This level must be completed by all vessels 500 GRT or over to achieve certification.

The audit follows a strict schedule to ensure that all vessels are certified to the same criteria and the assessor will make a recommendation to IASME on whether the vessel should pass or fail the certification. IASME’s moderators will review the audit and either agree with the recommendation or request more information to make their decision.

If the vessel passes, it is awarded Maritime Cyber Baseline certification which lasts for three years. To maintain certification, the vessel owner/operator must complete and pass an annual verified self-assessment on the first and second anniversary of the audit to demonstrate their continued compliance.

All vessels of 500 GRT or over are required to complete both the verified self-assessment stage and the audited stage to achieve certification. The cost is £1950 +VAT.

Get Support with your assessment

If you require any further assistance, you can get advice from a specialist maritime cyber security expert who is able to help you make the required changes to systems and processes to ensure they meet compliance. Please complete the form below and we will put you in touch with one of our experts.