CIRM publishes Cyber Risk Code of Practice
On 4th February 2020, the Comité International Radio-Maritime (CIRM) released the ‘CIRM Cyber Risk Code of Practice for Vendors of Marine Electronic Equipment and Services’ (the Code), and a supporting document which provides guidance on implementing the Code.
The Code is intended to be used by Vendors of marine electronic equipment and services, including producers of shipboard Information Technology (IT) and Operational Technology (OT) equipment, system integrators, service suppliers and Communications Service Providers in the marine electronics industry (collectively referred to as ‘Vendors’). The Code will enable them to implement effective and cost-efficient cyber security best practice derived from both the marine and other industries. As such, it represents CIRM’s view of cyber security best practice.
The Code consists of six guiding principles for Vendors to establish their role in the chain of trust for a secure digital maritime environment.
CIRM’s Guideline GL-002 ‘Guideline on implementing the CIRM Cyber Risk Code of Practice for Vendors of Marine Electronic Equipment and Services’ is a companion document to the Code. It aims to explain how to implement the principles of the Code by
directing the audience to appropriate standards, guidelines and best practice, and providing additional guidance where this adds value.
CIRM’s Secretary-General, Frances Baskerville said: ‘the CIRM Cyber Risk Code of Practice is the result of two years’ work by our organization’s members. It presents CIRM’s view of the measures that can be taken by vendors of marine electronic equipment and services to reduce the risk of cyber security incidents’.
Both the Code and its supporting Guideline GL-002 are freely available on the CIRM website: http://cirm.org/publications/index.html