Part of the IDENTIFY Playbook ← Return to Hub

System Criticality Mapping

Computer-based systems are categorized in accordance with IACS UR E22 (Cat I–III). UR E26 references this categorization and uses it to scope and apply cyber-resilience requirements across onboard systems.

High Impact Category III: Essential

Systems whose failure could lead to loss of life, ship, or severe environmental damage. (e.g., Propulsion, Steering, Navigation).

Medium Impact Category II: Important

Systems whose failure could affect safety of the ship but allow for manual intervention. (e.g., Fuel, Cargo, Ballast, Alarms).

Low Impact Category I: Support

Systems with no safety impact. Usually administrative or crew-related. (e.g., Crew Wi-Fi, CCTV, Entertainment).

Decision Matrix: Which Cat is it?

Assessment Question Yes No
Immediate Impact: Could failure/compromise lead immediately to loss of propulsion, steering, or a catastrophic safety event? Cat III Go to next question
Operational Safety: Is the system necessary to maintain normal, habitable, or safe conditions (Alarms, Fire Detection, Power)? Cat II Go to next question
Connectivity Risk: Is this system connected to a Cat II or III system via IP? In Scope Cat I
cat logic e22 e26

Surveyor Tip: In your Asset Inventory (Excel/Database), you must justify why a system is Category I. If you can’t prove it has no safety impact, Class will default it to Category II or III.

Criticality Defined?

System importance is set. Now, complete your digital inventory by logging the specific software versions and firmware levels for these assets.

Track Software & FW →

Next Section

Software & Firmware Tracking

Software & Firmware Tracking UR E26 §4.1.1.1 & §4.1.1.3.2: The vessel asset inventory shall identify the software name...

Scroll to Top