UR E26 and E27 Requirements In Practice
Under IACS UR E26, the shipbuilder will be responsible for creating reference material including a Zones and Conduit Diagram, Vessel Asset Inventory, Ship Cyber Resilience Test Procedure and a Cyber Security Design Description.
During the vessel’s operational phase, the shipowner will be responsible for maintaining a Ship Cyber Security and Resilience Program.
UR E27 aims to support manufacturers and OEMs of onboard operational systems and equipment in evaluating and improving their cyber resilience. It offers comprehensive instructions relating to security philosophy, documentation, system requirements, secure development lifecycle requirements, and plan approval.
Marlink’s position as provider of hybrid network solutions to the largest share of the shipping fleet makes us uniquely positioned to support the UR E27 audit and data collection process. Our XChange network management and IoT data collection tools have received Type Approval from classification society Bureau Veritas to enable the simplified collection of data.
Under UR E27, the shipbuilder will generate a system asset inventory and description of security capabilities in the construction and commissioning phase. The shipbuilder must also provide system topology diagrams and system configuration guidelines.
The shipowner is responsible for generating a System Maintenance Plan prior to commissioning. During the vessel’s operational life the owner must maintain a system document to support incident response and recovery.
Compliance with UR E26 and E27 will be audited annually. For the first annual survey, the shipowner will present to the inspecting authority records or other documented evidence demonstrating implementation of the Ship cyber security and resilience program, including
- Any anti-malware software has been maintained and updated.
- Procedures for use of portable, mobile or removable devices have been followed.
- Policies and procedures for access control have been followed.
- Physical safeguards are maintained.
For subsequent annual surveys, the inspecting classification society can ask the shipowner to demonstrate implementation of the Ship cyber security and resilience program by presenting records or other documented evidence as specified for the first annual survey.
The same requirements of the ship cyber resilience test procedure will be required at the vessel’s special survey. Marlink enjoys close collaboration with all class societies to support clients during the implementation phase of the regulation and during the vessel’s operational life.
How can we help you?
Get in touch
Contact us to find out how we can help you create new possibilities for your operations.
Insights
Read about our latest insights and explore the forefront of digital protection through our curated selection of news, articles, and expert blogs.
