Respond Phase: Summary & Audit Readiness

Part of the RESPOND Playbook ← Return to Hub

Respond Phase: Summary & Audit Readiness

Phase Objective

The Respond Phase is about Effective Containment. We ensure the ETO can move from “Alarm” to “Action” without compromising vessel safety, providing the bridge between technical isolation and regulatory reporting.

Response Capabilities Grid

To satisfy IACS UR E26 Section 4.4, the vessel must demonstrate a structured response to cyber incidents. Click each pillar to review the emergency procedures.

PILLAR A

Classification & Triage

The ability to quickly judge the severity of a threat and conduct the “First 15 Minutes” of diagnostics.

→ Incident Severity Matrix → Rapid Diagnostic Checklist

PILLAR B

Containment Strategy

Logical and physical network isolation steps to prevent the spread of malware into Category III systems.

→ Isolation Procedures → System Shutdown Rules

PILLAR C

External/Internal Comms

Crisis reporting frameworks for the Master, Company Security Officer, and Regulatory Bodies.

→ Master’s Cyber SITREP → Regulatory Notifications

Auditor Readiness Checklist

To demonstrate “Respond” maturity, the vessel must provide the following evidence during an audit:

Crisis Contact List: Is there a physical, printed list of emergency contacts (CSO, Vendor Support, SOC) in the ECR?
Isolation Awareness: Can the ETO point to the exact physical cable or switch port that air-gaps the OT network from the VSAT?
Drill Records: Is there a log of the last “Cyber Tabletop Exercise” conducted with the Master and Chief Engineer?

Phase 4: RESPOND Complete

The Fire is Out. How do we rebuild?

Response stops the bleeding, but Recovery brings the vessel back to 100% operation. In the final phase, we cover “Golden Backups,” system restoration, and forensic analysis.

Final Phase: RECOVER →