Roles & Change Management
UR E26 Compliance Summary: To maintain the vessel’s resilience profile, owners must define key cybersecurity roles and implement a Management of Change (MoC) process (per §5.3.1). This ensures the asset inventory and Cyber Security Design Description (CSDD) remain accurate throughout the ship’s operational life.
1. Cybersecurity Roles
Compliance requires specific individuals to be tasked with maintaining the “Identify” database. Assign these duties within your Ship Cyber Security and Resilience Program (SCSRP).
2. Management of Change (MoC) Lifecycle
Per UR E26 §5.3.1, any modification to a Computer Based System (CBS) must be documented. A “Change” includes firmware patches, new firewall rules, or sensor replacements.
- Identify the Category (I, II, III) of the system.
- Verify component is on the Approved Type list.
- Consult the Interdependency Matrix for “downstream” risks.
- MAC Address Check: Required for firewall ACLs.
- Software Hash/Version: Ensure it matches vendor security release.
- CSDD Update: Align “As-Built” drawings with reality.
3. Audit Readiness: The MoC Paper Trail
During a survey, an auditor may select a random asset (e.g., an AIS unit) and request its change history. Ensure the following is available:
Governance Toolkit
Use our standardized templates to ensure all service interventions are documented in compliance with UR E26 §5.3.1.
Next Section
CSDD & Exclusion Assessment
CSDD & Exclusion Assessment UR E26 §5.1.1 & §6: The Cyber System Definition Document (CSDD) is the mandatory technical...