To ensure optimal use of management systems when dealing with cyber security challenges and the consequences of the COVID-19 pandemic for ship safety and crews’ health, working and living conditions, we expect DOC holders to assess risks and implement mitigating measures. This statutory news provides recommendations on how to use your management systems smartly for these issues.
Relevant for owners and managers as well as DOC (Document of Compliance) holders.
The scope of the statutory management systems standards – ISM (International Safety Management), ISPS (International Ship and Port Facility Security) and MLC (Maritime Labour Convention) 2006 – are broad. The focus of audits varies with the performance and the needs of individual DOC holders.
At DNV, we tailor our audits based on assessments of information on the effectiveness of individual DOC holders’ management system measures. The audit focus is normally based on this information and on our general assessments of management system needs.
With this in mind, the audit focus is tailored to the individual audits and auditees, but sometimes we have extraordinary situations which must be handled with particular attention. In 2021, we are experiencing such an extraordinary situation, and we recommend all DOC holders to put particular focus on cyber security and the consequences of the pandemic – using their management system apparatus to do so.
During the audits, we ask that the challenges be viewed and handled as per objectives and requirements in the ISM Code and the MLC 2006. In this connection, our auditors refer particularly to the ISM Code’s paragraph 1.2.2:
The safety management objectives of the company should, inter alia:
- provide for safe practices in ship operation and a safe working environment.
- assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards.
- continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.
The consequences of a cyber-attack and from the pandemic are severe, and it is with special concern that we are seeing reports on challenges in meeting objectives in the ISM Code and the MLC 2006. Such a situation could negatively impact the mental health and well-being of seafarers as well as the safe and effective operation of vessels. Our expectations are that management systems be robust, and objectives met, and ongoing compliance ensured also in these trying times. In this connection, we refer to the ISM Code’s paragraph 1.2.3:
The safety and management system should ensure:
- compliance with mandatory rules and regulations.
- that applicable codes, guidelines, and standards recommended by the Organization, Administrations, classification societies and maritime industry organizations are taken into account.
We also share concerns raised by the maritime industry and the IMO, ILO and WHO on risks to seafarers and to shipping. We recommend that DOC holders consider guidance provided by the UN agencies and industry organizations, and, if needed, seek expert assistance from our safety culture, cyber security, and health experts. At the same time, we want to stress that DNV, in the statutory audits, assesses the effectiveness of measures in meeting the mentioned objectives and ensuring ongoing compliance with requirements in the mentioned standards and from the flag states. In addition, we continue to support the intention that DOC and DMLC (Declaration of Maritime Labour Compliance) holders must have management systems fitting their needs.
In these extraordinary times, we recommend companies use existing management systems to develop measures needed for risk handling – cyber security and pandemic challenges in particular – and to assess and document the effectiveness of such measures. We encourage DOC holders to work in partnership with DNV auditors to ensure an effective audit focus on the pandemic and cyber security in 2021 audits.
- DNV's Statutory and Flag State Services
- Paris MoU on Port State Control - PSC COVID Guidance
- ILO on Mental Health
- ILO on MLC and the pandemic
- WHO - COVID19 and Shipping
- IMO on Cyber Security