Use your management system smartly to handle cyber security and pandemic challenges

To ensure optimal use of management systems when dealing with cyber security challenges and the consequences of the COVID-19 pandemic for ship safety and crews’ health, working and living conditions, we expect DOC holders to assess risks and implement mitigating measures. This statutory news provides recommendations on how to use your management systems smartly for these issues.


Relevant for owners and managers as well as DOC (Document of Compliance) holders.

The scope of the statutory management systems standards – ISM (International Safety Management), ISPS (International Ship and Port Facility Security) and MLC (Maritime Labour Convention) 2006 – are broad. The focus of audits varies with the performance and the needs of individual DOC holders.

At DNV, we tailor our audits based on assessments of information on the effectiveness of individual DOC holders’ management system measures. The audit focus is normally based on this information and on our general assessments of management system needs.

With this in mind, the audit focus is tailored to the individual audits and auditees, but sometimes we have extraordinary situations which must be handled with particular attention. In 2021, we are experiencing such an extraordinary situation, and we recommend all DOC holders to put particular focus on cyber security and the consequences of the pandemic – using their management system apparatus to do so.

During the audits, we ask that the challenges be viewed and handled as per objectives and requirements in the ISM Code and the MLC 2006. In this connection, our auditors refer particularly to the ISM Code’s paragraph 1.2.2:

The safety management objectives of the company should, inter alia:

  1. provide for safe practices in ship operation and a safe working environment.
  2. assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards.
  3. continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.

The consequences of a cyber-attack and from the pandemic are severe, and it is with special concern that we are seeing reports on challenges in meeting objectives in the ISM Code and the MLC 2006. Such a situation could negatively impact the mental health and well-being of seafarers as well as the safe and effective operation of vessels. Our expectations are that management systems be robust, and objectives met, and ongoing compliance ensured also in these trying times. In this connection, we refer to the ISM Code’s paragraph 1.2.3:

The safety and management system should ensure:

  1. compliance with mandatory rules and regulations.
  2. that applicable codes, guidelines, and standards recommended by the Organization, Administrations, classification societies and maritime industry organizations are taken into account.

We also share concerns raised by the maritime industry and the IMO, ILO and WHO on risks to seafarers and to shipping. We recommend that DOC holders consider guidance provided by the UN agencies and industry organizations, and, if needed, seek expert assistance from our safety culture, cyber security, and health experts. At the same time, we want to stress that DNV, in the statutory audits, assesses the effectiveness of measures in meeting the mentioned objectives and ensuring ongoing compliance with requirements in the mentioned standards and from the flag states. In addition, we continue to support the intention that DOC and DMLC (Declaration of Maritime Labour Compliance) holders must have management systems fitting their needs.


In these extraordinary times, we recommend companies use existing management systems to develop measures needed for risk handling – cyber security and pandemic challenges in particular – and to assess and document the effectiveness of such measures. We encourage DOC holders to work in partnership with DNV auditors to ensure an effective audit focus on the pandemic and cyber security in 2021 audits.



  • For customers:
    Direct Access to Technical Experts (DATE) via My Services on Veracity.
  • Otherwise:
    Use our office locator to find the nearest DNV office.
10 June 2022

IMO update: Marine Environment Protection Committee (MEPC 78)

The 78th session of the IMO’s Marine Environment Protection Committee (MEPC 78) was held remotely from 6 to 10 June 2022. Highlights included the finalization of technical guidelines for the upcoming EEXI, CII and SEEMP regulations; approval of a proposal for a sulphur emission control area (SECA) in the Mediterranean Sea; and further discussions on the revision of the IMO GHG Strategy scheduled for 2023, and future technical and market-based measures.

  • Maritime
29 April 2022

IMO maritime safety committee (MSC 105)

The 105th session of the IMO’s Maritime Safety Committee (MSC) was held remotely from 20 to 29 April. A wide range of topics was on the agenda, including the safety of ships carrying industrial personnel, the safety of ships relating to the use of fuel oil, and the consideration of a regulatory framework for maritime autonomous surface ships. Requirements reflecting modern systems for maritime distress and safety communication were adopted and interim guidelines for the safety of ships using fuel cell power installations were approved. The development of interim guidelines for ships using ammonia as fuel were initiated.

  • Maritime
11 April 2022

IMO sub-committee on pollution prevention and response (PPR9)

The 9th session of the IMO’s Sub-Committee on Pollution Prevention and Response (PPR 9) was held remotely from 4 to 8 April 2022. A wide range of topics was on the agenda, including biofouling, ballast water management, black carbon, sewage treatment and marine plastic litter. PPR agreed on draft guidelines on risk and impact assessments of the discharge water from exhaust gas cleaning systems when considering local or regional regulations.

  • Maritime
View all