Audit Evidence Templates
The Surveyor’s View: During a Cyber Secure (Tier 1 or 2) audit, the inspector won’t just look at the equipment; they will look for the Paper Trail. These templates ensure your evidence meets IACS standards.
1. The Evidence Checklist
Evidence for the Identify phase must prove that you have analyzed the vessel’s cyber-topology. You should have the following documents ready for review:
A formal list of Computer Based Systems including owner, location, and criticality category (I, II, or III).
A summary of your 72-hour baseline, signed off by the Chief Engineer or ETO.
2. Critical Data Requirements
| Artifact Name | Key Requirement | Reference |
|---|---|---|
| Network Diagram | Must show Zone boundaries & conduits. | UR E26 §4.2 |
| Software Version List | Include PLC firmware and HMI OS. | IEC 62443-2-4 |
| Data Flow Matrix | Source, Destination, Port, Protocol. | UR E26 §3.2 |
Ready to Secure the Perimeter?
You have successfully documented what is on the ship. Now, we must implement the technical safeguards to protect it. The next phase covers Network Segmentation, Firewall Configuration, and Access Controls.
Begin Phase 2: PROTECT →