Part of the MARITIME OT Playbook ← Return to Hub

Ship Cyber Resilience Checklist

Operational Compliance Framework | IACS UR E26 Section 5.3 (Rev.1)

Global Standard IACS COMPLIANT

1. Program Overview

To maintain Class Certification, the Shipowner must demonstrate the implementation of a Ship Cyber Resilience Program. This checklist serves as the central hub for the ETO and Technical Managers to verify that shipboard operations align with IACS standards.

Step 1 Explanation: This section defines the scope. An auditor will first look for a documented “Program” that links your daily actions back to the UR E26 regulations.

2. Technical Control Mapping

Use the links below to access technical instructions and record-keeping templates for each functional domain.

Operational Domain Implementation Playbook Compliance Evidence
Asset & Role Governance Roles & MOC Procedures → Cyber Role Matrix
Perimeter & Access Secure Access Playbook → Remote Access Log
Continuous Monitoring OT Monitoring Guide → Audit Review Record
Incident Response Isolation Procedures → Incident Response Log
Recovery Recovery Procedures → Backup Verification Log

Step 2 Explanation: This table links the “What” (IACS Rules) to the “How” (Tagsia Playbooks). Every item in the “Compliance Evidence” column represents a physical record that must be available during an annual survey.

3. Handover & Responsibility

Handover Requirement (Section 5.3)

The Systems Integrator must provide the completed Ship Cyber Resilience Program to the Owner upon delivery. The Owner is then responsible for demonstrating that these processes are active during the first annual survey.

Step 3 Explanation: Compliance is a relay race. The shipyard builds the security, but the shipowner must “own” it once the vessel is in service. This section reminds the team that the Integrator’s documentation must be merged into the Ship’s SMS.

4. Crew Training & Familiarization

A resilient ship requires a trained crew. Records of familiarization are mandatory under UR E26 §5.3.2.

Cyber Security Induction

Basic hygiene, password policies, and phishing awareness for all crew members.

REQUIRED ANNUALLY

OT Emergency Response

Manual override and network isolation procedures for engineers and ETOs.

REQUIRED FOR ETO / CHENG

Step 4 Explanation: Technical locks are useless if the crew leaves the door open. Surveyors will interview crew members to ensure they know how to react to a cyber alarm.

5. Continuous Verification Schedule

Cyber resilience is not a one-time event. The following maintenance tasks must be integrated into the vessel’s Planned Maintenance System (PMS).

Interval Task Requirement Reference Record
Monthly Verify Anti-Malware Signature Updates [Hardening Audit Record]
Quarterly Backup Integrity Test & Restore Simulation [Backup Verification Log]
Annually Full Asset Inventory Audit & Software List Review [Inventory Guide]

Step 5 Explanation: This schedule provides the “Heartbeat” of the program. It ensures that critical defenses like backups and malware protection are actually working, rather than just being installed and forgotten.

6. Document Control & Validity

Document ID: TAG-SCRP-V01 Version: 1.2 (Mar 2026) Status: ACTIVE

Last Review Date: 2026-03-30 | Next Review Due: 2027-03-30

Step 6 Explanation: Under IACS UR E26, all cyber security procedures must be under version control. This section ensures the crew is using the latest approved version and reminds management when the next formal review is required.

Unlock Full Compliance & Intelligence

Upgrade to the TAGSIA Pro Bundle to get all 40+ fillable documents, editable SOPs, and unlimited access to our real-time Threat Intel feed, CVE Library, and Vendor Advisories.

Upgrade to Pro Bundle
Includes Unlimited Intel Search
Instant access to IACS E26/E27 Templates
Login
Login
Scroll to Top