Part of the IDENTIFY Playbook ← Return to Hub

Identify Phase: Summary & Audit Readiness

Phase Objective

The Identify Phase is about Visibility. You cannot protect what you cannot see. By this stage, the vessel must have a verified asset register and a clear map of digital risks.

Core Compliance Deliverables

To pass an IACS UR E26 audit, the following documents must be available for inspection. Click the links to access the specific playbooks and templates for each.

UR E26 §4.1.1

OT Asset Inventory

A verified list of all Category I, II, and III assets including MAC addresses and firmware versions.

View Playbook →
UR E26 §3.3

Cyber Risk Assessment

A formal evaluation of threats to navigation, propulsion, and life-safety systems.

View Playbook →
UR E26 §5.1.2

CSDD (Design Description)

The technical blueprint showing how the ship’s network zones and conduits are designed.

View Playbook →

Auditor “Cheat Sheet”

When the Class Surveyor (DNV, ABS, Lloyd’s) comes onboard, they will likely ask the ETO or Master these questions. Use the linked playbooks to prepare your answers.

Question: “How do you track new equipment added to the OT network?”

Evidence Needed: The Change Management log and the updated Asset Inventory list showing the date of addition.

Question: “Which systems are classified as Category III (Critical) on this vessel?”

Evidence Needed: The CSDD Network Diagram highlighting the high-integrity zones.

Question: “What is the procedure for a vendor bringing a service laptop onboard?”

Evidence Needed: The Supply Chain/Vendor Security playbook and the USB scanning log.

Phase 1: IDENTIFY Complete

Ready to Secure the Perimeter?

You have successfully documented what is on the ship. Now, we must implement the technical safeguards to protect it. The next phase covers Network Segmentation, Firewall Configuration, and Access Controls.

Begin Phase 2: PROTECT →
Scroll to Top