Respond Phase: Summary & Audit Readiness

Part of the RESPOND Playbook ← Return to Hub

Respond Phase: Summary & Audit Readiness

Phase Objective

The Respond Phase is about Effective Containment. We ensure the ETO can move from “Alarm” to “Action” without compromising vessel safety, bridging the gap between technical isolation and regulatory reporting.

Response Capabilities

To satisfy IACS UR E26 Section 4.4, the vessel must demonstrate a structured response. Review these pillars to ensure emergency procedures are understood.

PILLAR A

Classification & Triage

The ability to quickly judge threat severity and execute the “First 15 Minutes” diagnostic protocols.

→ Incident Severity Matrix → Rapid Diagnostic Checklist

PILLAR B

Containment Strategy

Logical and physical network isolation steps to protect Category III “Must-Run” systems from infection.

→ Isolation Procedures → System Shutdown Rules

PILLAR C

Crisis Reporting

Structured SITREPs for the Master and reporting frameworks for shore-side authorities and SOCs.

→ Master’s Cyber SITREP → Regulatory Notifications

Auditor Readiness Checklist

During a PSC or Class inspection, the vessel must provide the following evidence of “Respond” maturity:

Crisis Contact List A physical, printed list of emergency contacts (CSO, Vendor Support, SOC) must be available in the ECR.

Isolation Awareness The ETO can point to the exact physical cable or switch port that air-gaps the OT network from the VSAT.

Drill Records Logs of the latest “Cyber Tabletop Exercise” conducted with the Master and Chief Engineer.

Phase 4: RESPOND Complete

The Fire is Out. How do we rebuild?

Response stops the bleeding, but Recovery brings the vessel back to 100% operation. In the final phase, we cover “Golden Backups,” system restoration, and forensic analysis.

Final Phase: RECOVER →