Frequently Asked Questions
What are the benefits of this certification?
The certification aims to educate and support maritime organisations to reach a minimum level of cyber security, which in turn demonstrates to their clients, partners, passengers, and supply chain that they have taken cyber security seriously and implemented controls that will help reduce the risk of a cyber attack occurring onboard a vessel.
What is the difference between Maritime Cyber Baseline Level One and Level Two?
Level one is a verified self-assessment and provides a basic level of assurance. Level two is audited and therefore provides a higher level of assurance. The controls that must be put in place onboard a vessel, and the requirements to be met, are the same for both levels. But the depth of testing, and therefore the level of assurance provided by certification is higher for the audited level.
On average how long does certification take to complete ?
It is a good idea to download the question set in advance (available for free from the website here) and prepare the answers before applying. By doing this, you can ensure that there are no unexpected aspects that may take a significant amount of time to comply with. As soon as you have paid, we will send you login details for your online assessment portal. You will have 6 months to complete your assessment before your account is deleted and unfortunately, we cannot issue a refund if this happens.
If you have prepared your answers in advance, filling out the assessment might only take about an hour.
Do I have to pay for the assessment before I know what questions I will be asked?
No, you can download the full question set from the website free of charge which allows you to do a ‘gap analysis’ on your organisation before committing to completing the verified assessment.
How long do I have to complete the assessment after I have paid?
When your payment is received, we will send you login details to access the on-line assessment platform to enable you to begin your certification, you will then have 6 months to complete the assessment.
Do I have to pay for Level Two at the same time as Level One?
If you opt for level one verified assessment only, this lasts for one year from its completion date and then must be retaken at the cost of £750 + VAT if you wish to renew. If you opt for Level Two audited, this lasts for three years from its completion date, and then you must go through the audit process if you wish to renew at a cost of £1950. Please note that on the 1st and 2nd anniversaries, you will need to complete the Level One verified self-assessment to show that you are still compliant, this is at a cost of £750 + VAT per year.
For how long does the certification last?
If you opt for Level One verified self-assessment only, this lasts for one year from its completion date and then must be retaken at the cost of £750 + VAT if you wish to renew. If you opt for Level Two audited, this lasts for three years from its completion date, and then you must go through the audit process if you wish to renew at a cost of £1950. Please note that on the 1st and 2nd anniversaries, you will need to complete the Level One verified self-assessment to show that you are still compliant, this is at a cost of £750 + VAT per year.
What if I take Level One only and then decide I want to take Level Two?
If you decide to complete Level One Maritime Cyber Baseline at the cost of £750 + VAT as your first option, but then decide that you require Level Two Maritime Cyber Baseline, as long as it is within 30 days of completing your Level One verified self-assessment, you will only be charged the cost of Level Two Maritime Cyber Baseline (£1200 + VAT). If you decide to upgrade to Level Two after the 30 day grace period, you will be charged for both Level one and Level Two Maritime Cyber Baseline at the full cost of £1950 + VAT.
If I don’t pass on the first attempt do I have another chance?
Yes, if you fail on your first attempt you are allowed a free submission but this must be completed within 30 days.
If I fail will I get feedback about why I failed?
All clients get feedback on any aspect of the assessment which is not fully compliant. You will get a report including all the answers you gave and comments from the Assessor against any that were considered non-compliant. If you fail the assessment, this feedback should help you improve your security so you can pass in the future.
What is a Certification Body?
IASME Maritime Certification Bodies or CBs, are specially trained cyber security companies located in the UK and internationally. Many of the CBs are micro or small organisations and all are licensed and assured by IASME to offer assessment and certification to cyber security standards such as Maritime Cyber baseline.
Is the Maritime Cyber Baseline (MCB) scheme only for commercial vessels?
No, the MCB scheme is designed for all types of vessels, regardless of classification. This includes passenger ships, ferries, yachts, tankers, and dry bulk carriers.
What types of vessels typically undergo assessment?
We have assessed a diverse range of vessels, including Roll On-Roll Off (Ro-Ro) cargo ships, LNG carriers, cable-laying ships, and tankers.
I have several ships that I would like to have assessed to achieve Level Two certification, but I'm concerned about the cost of doing this all at once. What should I do?
For organisations in a similar situation, we recommend initially obtaining Level One certification for all of your ships for at least the first year. After that, you can consider having a percentage of these ships achieve Level Two certification over an agreed period of time within your organisation. For example, if you have six ships, you could assess the first three in the second year and the remaining three in the third year. This staggered approach helps manage costs more effectively.
I have seven ships that are all the same classification and type. Can I get one certification to cover the entire fleet?
Unfortunately, no. The scheme is designed to cover each vessel individually. While ships may be built to the same specifications, once they are in commercial use, various IT and OT products may be added or removed by captains, crew members, operators, and owners. These changes can make each vessel unique, necessitating individual assessments and certifications.
I applied through IASME directly for Level One assessments on our fleet of ships. We were allocated an MCB Certification Body and Assessor who did an excellent job. Do I have to reapply through IASME for our second-year renewals?
If you are satisfied with the relationship you have built with your initial Assessor, we will inform the Assessor that you wish to continue working with them. As a result, you will become the Assessor’s client, meaning that for your Level One assessment renewals, you will apply directly through the Assessor or Certification Body (CB) rather than through IASME. However, if you are not happy with your current Assessor or CB, it is your prerogative to request a different Assessor.
What happens if I decide to progress to Level Two certification for all of my ships next year? Do I need a new Assessor to complete the Level Two audit?
No, you will not need a separate Assessor for the Level Two audit. The Assessor who completed your Level One assessments will also be allocated to conduct your Level Two audits. We believe that the Assessor who handled your Level One assessments will have a better working knowledge of your fleet, enabling them to carry out a more comprehensive and effective audit.
Can I get help with completing my assessment and if so, how do I do that?
Please call us on 03300 882 752 or email us on [email protected]
How can I become an Assessor for Maritime Cyber Baseline?
To become an IASME Certification Body and Assessor, someone from your organisation will need to attend and pass the relevant Assessor courses. More details about requirements can be seen here. We work with organisations of all sizes: Micro companies and sole traders are welcome partners.
Get Maritime Cyber Baseline today
If you have any other questions and would like to chat with a member of our customer services team, please contact us today on 03300 882 752 or email us on [email protected].