Blog article

UR E26 and E27 Requirements In Practice

Under IACS UR E26, the shipbuilder will be responsible for creating reference material including a Zones and Conduit Diagram, Vessel Asset Inventory, Ship Cyber Resilience Test Procedure and a Cyber Security Design Description.

During the vessel’s operational phase, the shipowner will be responsible for maintaining a Ship Cyber Security and Resilience Program.

UR E27 aims to support manufacturers and OEMs of onboard operational systems and equipment in evaluating and improving their cyber resilience. It offers comprehensive instructions relating to security philosophy, documentation, system requirements, secure development lifecycle requirements, and plan approval.

Marlink’s position as provider of hybrid network solutions to the largest share of the shipping fleet makes us uniquely positioned to support the UR E27 audit and data collection process. Our XChange network management and IoT data collection tools have received Type Approval from classification society Bureau Veritas to enable the simplified collection of data.

Under UR E26/E27, the shipbuilder will generate a system asset inventory and description of security capabilities in the construction and commissioning phase. The shipbuilder must also provide system topology diagrams and system configuration guidelines.

The shipowner is responsible for generating a System Maintenance Plan prior to commissioning. During the vessel’s operational life the owner must maintain a system document to support incident response and recovery.

Compliance with UR E26 and E27 will be audited annually. For the first annual survey, the shipowner will present to the inspecting authority records or other documented evidence demonstrating implementation of the Ship cyber security and resilience program, including

  • Any anti-malware software has been maintained and updated.
  • Procedures for use of portable, mobile or removable devices have been followed.
  • Policies and procedures for access control have been followed.
  • Physical safeguards are maintained.

For subsequent annual surveys, the inspecting classification society can ask the shipowner to demonstrate implementation of the Ship cyber security and resilience program by presenting records or other documented evidence as specified for the first annual survey.

The same requirements of the ship cyber resilience test procedure will be required at the vessel’s special survey. Marlink enjoys close collaboration with all class societies to support clients during the implementation phase of the regulation and during the vessel’s operational life.

GET IN TOUCH

Talk to a Marlink specialist.

Whether you're evaluating solutions, planning a fleet upgrade or dealing with an urgent connectivity challenge, our team is ready to help.

Specialists covering maritime, cruise, yachting, energy, enterprise, telco, humanitarian,  government and defence sectors

Your data is handled in line with our GDPR-compliant privacy policy


PREFER TO REACH US DIRECTLY

Tell us about your operation

Fill in the details below and the right specialist will be in touch.

Your data is necessary for processing your inquiry and will be used only for this purpose.
Please tick this box to confirm you'd like to receive occasional marketing updates from Marlink. We respect your privacy — your information will never be shared with third parties, and you can unsubscribe at any time. Read our Privacy Policy here.

Insights

Read about our latest insights and explore the forefront of digital protection through our curated selection of news, articles, and expert blogs.

Find more news for you