Cyber Risk Management Plan

A cyber risk management plan is the documented set of policies, controls, and response procedures a shipping company maintains to manage maritime cyber risk inside its safety management system. IMO Resolution MSC.428(98), adopted 16 June 2017, requires cyber risks to be addressed in the ISM-Code SMS no later than the first annual Document of Compliance verification after 1 January 2021. The plan typically follows the five functions of MSC-FAL.1/Circ.3: identify, protect, detect, respond, recover, mapped onto the ship’s IT and OT systems.