The Comité International Radio-Maritime (CIRM) has released the ‘CIRM Cyber Risk Code of Practice for Vendors of Marine Electronic Equipment and Services’, and a supporting document which provides guidance on implementing the Code.
The Code is intended to be used by Vendors of marine electronic equipment and services, including producers of shipboard Information Technology (IT) and Operational Technology (OT) equipment, system integrators, service suppliers and Communications Service Providers in the marine electronics industry (collectively referred to as ‘Vendors’). The Code will enable them to implement effective and cost-efficient cyber security best practice derived from both the marine and other industries. As such, it represents CIRM’s view of cyber security best practice.
The Code consists of six guiding principles for Vendors to establish their role in the chain of trust for a secure digital maritime environment.
CIRM’s Guideline GL-002 ‘Guideline on implementing the CIRM Cyber Risk Code of Practice for Vendors of Marine Electronic Equipment and Services’ is a companion document to the Code. It aims to explain how to implement the principles of the Code by directing the audience to appropriate standards, guidelines and best practice, and providing additional guidance where this adds value.
By Jake Frith