IMO Understand Service.

There are numerous stages to delivering cyber compliancy against the IMO (International Maritime Organisation) ISM (International Safety Management) Code on Maritime Cyber-Risk being introduced in January 2021.

CSS Platinum are advisors to the maritime community, including the flagging states, helping them design the assessment criteria for the implementation of Cyber Risk Management programs.

CSS Platinum’s IMO Understand Service provides a complete 360 assessment and report to assess the cyber-risk to your vessel, people, processes or technology against the IMO ISM Code.

Knowing your vulnerabilities & associated cyber risks are the first steps to achieving cyber compliance

Our IMO Understand Service will provide risk assessments, gap analysis and technical penetration testing by our team of IMO cyber-specialists to deliver a detailed report demonstrating commitment to Maritime Cyber Risk Management and engagement with the requirement.

CSS Platinum IMO Understand Service provides:

IMO Risk Assessment
IMO Gap Analysis
Asset Register
Penetration Testing
Training Review
Review Back-Up Plans
IMO Understand

A complete report of you maritime cyber risk resilience based against IMO Guidelines, including:

Bespoke Risk Register for your vessel

Technical Penetration Testing certification

Gap Analysis against the IMO Cyber Compliance advised standards

Roadmap for implementing governance and protections to meet the advised IMO Cyber Compliance standard

IMO Understand Package

£7495 + VAT

Want to learn more about our IMO Understand package?

Submit this form to schedule a call to discuss your or your clients requirements today!

    The IMO Understand Service demonstrates a tangible commitment to Maritime Cyber Risk Management.

    What does the IMO Understand Service include?

    IMO Risk Assessment.

    To demonstrate maritime cyber risk management, you need a register from which to manage your risks. To build a risk register your need to conduct maritime cyber risk identification. Read More >>

    As a specialist cyber security provider, we recognise that risk identification is rarely conducted correctly or thoroughly. To be successful, you need to invest in this analysis. We have many years of specific maritime cyber risk experience to help you understand where you are likely to be holding risk. Maritime cyber risk manifests itself in many different ways:

    Breakdown of Risk Assessments provided:

    • Operational technology risk.
    • Information technology risk
    • Device & Internet of Things (IoT) risk.
    • Crew risk
    • Supplier risk
    • Visitor risk
    • Cyber-attack response risk
    • Cyber-attack recovery risk
    • Disaster management risk
    • Business continuity risk
    • Governance risk

    IMO Gap Analysis.

    To achieve IMO cyber compliance, you need to address the advised IMO maritime cyber risk management recommendations. To achieve this, you need to understand whether, if at all, your current cyber resilience governance, protections and processes and systems meet the advised standards. Read More >>
    Our gap analysis will enable you to understand whether your cyber risk management addresses the specific risk your vessels face to the gap analysis. The gap analysis will build a complete picture of the specific cyber risks that your vessel faces and analyses the risk mitigation and remediation work required.

    Policy and Asset Review.

    Being able to demonstrate due diligence and governance is key to a cyber-risk management plan. Read More >>
    What gets managed gets done. By failing to plan, you are planning to fail. Just like operationally critical equipment is subject to a rigidly planned maintenance regime, so must your cyber resilience. If you do not, cyber vulnerabilities will occur, get missed, forgotten or simply ignored which can lead to a cyber-attack.

    Training Review.

    Your crew are your biggest strength but also an area of significant vulnerability. Cyber-criminals are known to target owners, their vessels and their families through their crew. Read More >>
    A possible lack cyber-awareness can have significant consequences. Whether it’s a lack of diligence, discipline or naivety or bribing (with money) and/or coercing (through the release of embarrassing information. Crews will have multiple devices in their possession that have trusted access to your digital networks. You need to protect against their errors, accidents and sadly occasionally their malicious acts. Crews and teams will have multiple devices in their possession that have trusted access to your digital networks. You need to protect against their errors, accidents and sadly occasionally their malicious acts. This is mitigated by selecting the right crew in the first place and training crew how to recognise threats, attacks and how to use their electronic devices appropriately.

    Penetration Testing.

    A penetration test provide digital tools to identify whether any “digital” windows and doors are unlocked and open to access. Read More >>
    Consider penetration testing in terms of your home. A penetration test is the equivalent of a robber checking all your doors and windows to establish whether they are open, unlock and openable or poorly maintained and can be broken into easily. Penetration tests are conducted by our ethical hackers. In the cyber world, there are angel and demon hackers. Demon hackers are criminals. Angel (ethical) hackers have integrity and morals and protect against demon hackers.

    Review Back Up Plan/Policy.

    Planning contingency, back up and DR of your most valuable information and data is vital for a cyber-risk management program. Read More >>
    Regretfully, no security policy is infallible. If a criminal has sufficient time, energy, resource and money, they will achieve a successful attack. As we know, the trick is to be #hardtohack, so criminals go elsewhere. So, understanding that sometimes attacks are successful, you need to ensure that you have a robust contingency plan to get you back up to normal operating speed as quickly as possible and with the minimum of impact. This is achieved through the careful planning of backing up your information and data.

    Want to get started?

    Download our FREE IMO Quick-Start PDF for the questions you will need to answer on your cyber-policies for IMO compliance.
    Download the IMO Quick-Start Assessment today! Fill in the form to request your free download

      About CSS Platinum

      CSS Platinum cybersecurity framework delivers against IMO cyber risk guidelines. Our specialist team work with the leading maritime associations and intermediaries to deliver a robust compliancy plan to meet IMO guidelines. Our dedicated IMO team can assess the vulnerabilities, liabilities and how to build a comprehensive cybersecurity plan to address them and future proof against all cybersecurity risks.
      british marine
      international superyacht society
      isle of man maritime
      international yacht brokers association
      cyber essentials
      armed forces covenant