CIRM Cyber Risk Code of Practice
The intended audience of the CIRM Cyber Risk Code of Practice is vendors of marine electronic equipment and services; this includes producers of shipboard Information Technology (IT) and Operational Technology (OT) equipment, system integrators, service suppliers and Communications Service Providers in the marine electronics industry.
The foundation of Cyber Risk Management is a chain of trust. The role of vendors in this chain of trust is to understand the nature of cyber-attack threats to, and vulnerabilities of, their products and services; to build in risk reduction measures; and to help shipowners, operators, crews and service personnel that buy and use their products to make good security decisions.
The CIRM Cyber Risk Code of Practice sets out cyber security best practice for vendors of marine electronic equipment and services. This best practice is derived from both the marine and other industries. The Code presents a set of guiding principles that vendors may use towards the establishment of a provable chain of trust for a secure digital maritime environment.
Guidance on implementing the Code is provided in a companion document: CIRM Guideline GL-002.
Adopters of the Code of Practice
This section lists those companies declaring that they have adopted and will abide by the CIRM Cyber Risk Code of Practice.
Adoption of the Code of Practice by any user is done on an entirely voluntary basis and is subject to the user self-certifying that it complies with the Code.
Code of Practice logo
The CIRM Cyber Risk Code of Practice logo can be used on promotional materials by those companies that have adopted the Code.
Before using the logo please refer to the following document: Guidelines on using the logo
A zipped folder containing the logo in both designs and various formats (PNG, JPG, TIFF) can be downloaded from here: Logo folder (zipped)