Audit Evidence Templates
The Surveyor’s View: During a Cyber Secure (Tier 1 or 2) audit, the inspector won’t just look at the equipment; they will look for the Paper Trail. These templates ensure your evidence meets IACS standards.
1. The Evidence Checklist
Evidence for the Identify phase must prove that you have analyzed the vessel’s cyber-topology. You should have the following documents ready for review:
A formal list of Computer Based Systems including owner, location, and criticality category (I, II, or III).
A summary of your 72-hour baseline, signed off by the Chief Engineer or ETO.
2. Critical Data Requirements
| Artifact Name | Key Requirement | Reference |
|---|---|---|
| Network Diagram | Must show Zone boundaries & conduits. | UR E26 §4.2 |
| Software Version List | Include PLC firmware and HMI OS. | IEC 62443-2-4 |
| Data Flow Matrix | Source, Destination, Port, Protocol. | UR E26 §3.2 |
Next Security Phase
Identify Phase: Summary & Audit Readiness
Identify Phase: Summary & Audit Readiness Phase Objective The Identify Phase is about Visibility. You cannot protect what you cannot see. By this stage, the vessel must have a verified asset register and a clear map of digital risks. Core Compliance ...