Use your management system smartly to handle cyber security and pandemic challenges

To ensure optimal use of management systems when dealing with cyber security challenges and the consequences of the COVID-19 pandemic for ship safety and crews’ health, working and living conditions, we expect DOC holders to assess risks and implement mitigating measures. This statutory news provides recommendations on how to use your management systems smartly for these issues.


Relevant for owners and managers as well as DOC (Document of Compliance) holders.

The scope of the statutory management systems standards – ISM (International Safety Management), ISPS (International Ship and Port Facility Security) and MLC (Maritime Labour Convention) 2006 – are broad. The focus of audits varies with the performance and the needs of individual DOC holders.

At DNV, we tailor our audits based on assessments of information on the effectiveness of individual DOC holders’ management system measures. The audit focus is normally based on this information and on our general assessments of management system needs.

With this in mind, the audit focus is tailored to the individual audits and auditees, but sometimes we have extraordinary situations which must be handled with particular attention. In 2021, we are experiencing such an extraordinary situation, and we recommend all DOC holders to put particular focus on cyber security and the consequences of the pandemic – using their management system apparatus to do so.

During the audits, we ask that the challenges be viewed and handled as per objectives and requirements in the ISM Code and the MLC 2006. In this connection, our auditors refer particularly to the ISM Code’s paragraph 1.2.2:

The safety management objectives of the company should, inter alia:

  1. provide for safe practices in ship operation and a safe working environment.
  2. assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards.
  3. continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.

The consequences of a cyber-attack and from the pandemic are severe, and it is with special concern that we are seeing reports on challenges in meeting objectives in the ISM Code and the MLC 2006. Such a situation could negatively impact the mental health and well-being of seafarers as well as the safe and effective operation of vessels. Our expectations are that management systems be robust, and objectives met, and ongoing compliance ensured also in these trying times. In this connection, we refer to the ISM Code’s paragraph 1.2.3:

The safety and management system should ensure:

  1. compliance with mandatory rules and regulations.
  2. that applicable codes, guidelines, and standards recommended by the Organization, Administrations, classification societies and maritime industry organizations are taken into account.

We also share concerns raised by the maritime industry and the IMO, ILO and WHO on risks to seafarers and to shipping. We recommend that DOC holders consider guidance provided by the UN agencies and industry organizations, and, if needed, seek expert assistance from our safety culture, cyber security, and health experts. At the same time, we want to stress that DNV, in the statutory audits, assesses the effectiveness of measures in meeting the mentioned objectives and ensuring ongoing compliance with requirements in the mentioned standards and from the flag states. In addition, we continue to support the intention that DOC and DMLC (Declaration of Maritime Labour Compliance) holders must have management systems fitting their needs.


In these extraordinary times, we recommend companies use existing management systems to develop measures needed for risk handling – cyber security and pandemic challenges in particular – and to assess and document the effectiveness of such measures. We encourage DOC holders to work in partnership with DNV auditors to ensure an effective audit focus on the pandemic and cyber security in 2021 audits.



  • For customers:
    Direct Access to Technical Experts (DATE) via My Services on Veracity.
  • Otherwise:
    Use our office locator to find the nearest DNV office.
21 January 2022

IMO Sub-Committee on ship design and construction (SDC 8)

The 8th session of the IMO’s Sub-Committee on Ship Design and Construction (SDC) was held remotely from 17 to 21 January. Triggered by the expansion of offshore renewable projects and the demand for ships transporting and accommodating personnel offshore, SDC 8 finalized a draft new SOLAS Chapter XV and a related mandatory draft new IP Code to ensure the safe carriage of more than 12 industrial personnel on cargo ships and highspeed cargo craft.

  • Maritime
29 November 2021

IMO update: Marine Environment Protection Committee – MEPC 77

The 77th session of the IMO’s Marine Environment Protection Committee (MEPC 77) was held remotely from 22 to 26 November 2021. Highlights include recognition of the need to strengthen the ambitions in the IMO GHG Strategy, adoption of a resolution urging for the use of distillates or other cleaner fuels or technologies to reduce emission of black carbon in or near the Arctic, and revised guidelines on exhaust gas cleaning systems.

  • Maritime
08 November 2021

Anchor losses are on a negative trend – How to improve

There has been a negative trend in the loss of anchors and chains in recent years. The safety, environmental and financial consequences can be severe, and port authorities may hold a vessel responsible for all costs caused by a lost anchor for an unlimited period of time. This technical news focuses on operational challenges, current rules and practices, awareness, lesson learned, and recommendations related to anchor equipment damages/losses.

  • Maritime
View all