Part of the IDENTIFY Playbook ← Return to Hub
Phase 1: Identify All vessels
Satisfies: E26 §4.1 E22 Impact Cat. IMO MSC-FAL.1 BIMCO v4 All vessels

System Criticality Mapping

Depending on your Class Society and Cybersecurity Notation, you may follow the IACS UR E22 Impact Categories or the DNV Functional SuC approach. Both aim to identify computer-based systems (CBS) in scope for cyber resilience.

Method A: IACS UR E22 Impact Levels

High Impact Category III: Essential

Systems whose failure leads to loss of life, ship, or severe environmental damage.

Medium Impact Category II: Important

Systems whose failure could eventually to loss of life, ship, or severe environmental damage.

Low Impact Category I: Support

Systems with no safety impact (e.g., Crew Wi-Fi, Entertainment).

Category Decision Matrix (Logic Gate)

Use this logical flow to determine the impact category. Note that per UR E26 4.4.2, local controls must be tested for total independence from remote networks.

Criteria CAT I (Support) CAT II (Important) CAT III (Essential)
Failure Impact Inconvenience or loss of administrative data. Degraded operations; safety systems compromised but stable. Immediate danger to life, ship, or environment.
Response Time Days/Weeks (Non-urgent). Minutes/Hours (Can be managed temporarily). Seconds/Instant (Uncontrolled situation).
Mandated Backups No Class/SOLAS requirement for backup. Requirement: Local/manual means must compensate for remote loss. Requirement: Independent, redundant local HMI and automatic failover.
Reference Benchmarks
Typical Examples Crew PC, Entertainment, CCTV (Non-sec). Ballast control, Bilge alarm, Fuel pumps. Steering gear, ECDIS, Main Engine Control.

Rule of Precedence: Categories are based on Inherent Risk. Per UR E22 and E26, the existence of manual procedures or backups is a mandatory regulatory response to a high-impact function—it is not a justification to lower the category. If a system requires an independent local control (SOLAS II-1 Reg 31), it is inherently a high-tier cyber system.

Regulatory Mapping: SOLAS Chapter II to IACS UR E22

This table provides the specific SOLAS Functional Requirements and the mandated manual/independent redundancies that dictate the IACS Cyber Category.

SOLAS Reg. Functional Requirement Mandated Backup / Redundancy Category
II-1 / 31 Machinery Control: Remote control of propulsion machinery from the navigation bridge. Must have local/manual control independent of the remote control system (SOLAS II-1/31.2.5). CAT III
II-1 / 29 Steering Gear: Ability to steer the ship and reach auxiliary steering limits. Redundant power units and local manual steering at the rudder stock (Steering Gear Room). CAT III
II-1 / 41 Main Source of Power: Propulsion, steering, and safety systems must remain powered. Load shedding and automatic start/synchronization of standby generators. CAT III
II-1 / 13 Watertight Doors: Remote closing of doors from the bridge and local stations. Local manual mechanical override for each door to operate regardless of control failure. CAT III
II-2 / 7 Fire Detection: Fixed fire detection and fire alarm systems. System must remain functional even with a single loop failure; fault-tolerant wiring. CAT III
II-1 / 35-1 Bilge Pumping: Ability to pump from any compartment under all conditions. Direct suction and local valve operation independent of the automation system. CAT II
II-1 / 21 Ballast Systems: Control of pumping for stability and trim. Manual operation of ballast valves/pumps at the local manifold. CAT II
II-1 / 42 Emergency Power: Emergency generator and lighting. Automatic connection within 45 seconds of main power loss; independent starting. CAT III
II-2 / 10 Fire Pumps: Remote and local start of fire pumps. Isolation valves and local manual starting capability. CAT II

Note: Classification as CAT II or III implies that while manual intervention is required for safety, the primary Computer-Based System (CBS) must meet the specific technical resilience requirements of IACS UR E26 and E22 Rev.3 (2025).

Preferred Option

Method B: DNV Default System under Consideration (SuC)

DNV identifies scope based on Mandatory Functions required for vessel operation.

Efficiency Gain: Minimizes administrative burden by utilizing pre-defined Class benchmarks, bypassing the need for exhaustive manual scoping.

Vessel Function Mandatory Systems in Scope
Propulsion & Steering Engine speed, thrusters, rudders, pitch control, and steering gear.
Safety & Integrity Fire detection, ESD, gas detection, watertight doors, and machinery protection.
Navigation & Comms Radar, ECDIS, AIS, GNSS, GMDSS, and Internal Comms (PA/GA).
Electrical Power Generators, switchboards, battery systems, and power management.

A comprehensive list of all computer-based systems in the default SuC can be found in DNV-CG-0325 (Appendix A).

DNV Negligible Risk Exclusions

To exclude a system from security requirements, a risk assessment must prove negligible cyber risk by meeting these specific criteria.

  • Isolation: No IP-network communication or remote access solutions.
  • Physical Security: Located in restricted and controlled areas.
  • Port Lockdown: No accessible physical interface ports; unused ports logically disabled.
  • No External Media: Hardened against USB/External media mounting.
  • Criticality Check: Not an integrated control system or required for propulsion/steering.
Need to document an exclusion for Class?

Surveyor Tip: DNV requires risk assessments (Document F011/F021) to be submitted if you intend to exclude systems or components based on negligible risk.

Unlock Full Compliance & Intelligence

Upgrade to the TAGSIA Pro Bundle to get all 40+ fillable documents, editable SOPs, and unlimited access to our real-time Threat Intel feed, CVE Library, and Vendor Advisories.

Upgrade to Pro Bundle
Includes Unlimited Intel Search
Instant access to IACS E26/E27 Templates

Next Section

Software & Firmware Tracking

Phase 1: Identify All vessels Satisfies: E26 §4.1.1.3.2 E26 §4.1.1.4.4 E27 §5 IMO MSC-FAL.1 BIMCO v4 All vessels Soft...

Login
Login
Scroll to Top