Part of the IDENTIFY Playbook ← Return to Hub

System Criticality Mapping

Computer-based systems are categorized in accordance with IACS UR E22 (Cat I–III). UR E26 references this categorization and uses it to scope and apply cyber-resilience requirements across onboard systems.

High Impact Category III: Essential

Systems whose failure could lead to loss of life, ship, or severe environmental damage. (e.g., Propulsion, Steering, Navigation).

Medium Impact Category II: Important

Systems whose failure could affect safety of the ship but allow for manual intervention. (e.g., Fuel, Cargo, Ballast, Alarms).

Low Impact Category I: Support

Systems with no safety impact. Usually administrative or crew-related. (e.g., Crew Wi-Fi, CCTV, Entertainment).

Decision Matrix: Which Cat is it?

Assessment Question Yes No
Can compromise lead to immediate loss of maneuverability? Cat III Go to next question
Is the system required by SOLAS/MARPOL for safety? Cat II Go to next question
Is there a manual fallback that prevents an immediate hazard? Cat II Cat I

Surveyor Tip: In your Asset Inventory (Excel/Database), you must justify why a system is Category I. If you can’t prove it has no safety impact, Class will default it to Category II or III.

Next Security Phase

Software & Firmware Tracking

Software & Firmware Tracking UR E26 §4.1.1.1 & §4.1.1.3.2: The vessel asset inventory shall identify the software name and version (including application programs, operating systems, and firmware). Additionally, per §4.1.1.3.2 and §4.1.1.4.4, a '...

Continue to Software & Firmware Tracking →

Scroll to Top