Use your management system smartly to handle cyber security and pandemic challenges

To ensure optimal use of management systems when dealing with cyber security challenges and the consequences of the COVID-19 pandemic for ship safety and crews’ health, working and living conditions, we expect DOC holders to assess risks and implement mitigating measures. This statutory news provides recommendations on how to use your management systems smartly for these issues.


The scope of the statutory management systems standards – ISM (International Safety Management), ISPS (International Ship and Port Facility Security) and MLC (Maritime Labour Convention) 2006 – are broad. The focus of audits varies with the performance and the needs of individual DOC holders.

At DNV, we tailor our audits based on assessments of information on the effectiveness of individual DOC holders’ management system measures. The audit focus is normally based on this information and on our general assessments of management system needs.

With this in mind, the audit focus is tailored to the individual audits and auditees, but sometimes we have extraordinary situations which must be handled with particular attention. In 2021, we are experiencing such an extraordinary situation, and we recommend all DOC holders to put particular focus on cyber security and the consequences of the pandemic – using their management system apparatus to do so.

During the audits, we ask that the challenges be viewed and handled as per objectives and requirements in the ISM Code and the MLC 2006. In this connection, our auditors refer particularly to the ISM Code’s paragraph 1.2.2:

The safety management objectives of the company should, inter alia:

  1. provide for safe practices in ship operation and a safe working environment.
  2. assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards.
  3. continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.

The consequences of a cyber-attack and from the pandemic are severe, and it is with special concern that we are seeing reports on challenges in meeting objectives in the ISM Code and the MLC 2006. Such a situation could negatively impact the mental health and well-being of seafarers as well as the safe and effective operation of vessels. Our expectations are that management systems be robust, and objectives met, and ongoing compliance ensured also in these trying times. In this connection, we refer to the ISM Code’s paragraph 1.2.3:

The safety and management system should ensure:

  1. compliance with mandatory rules and regulations.
  2. that applicable codes, guidelines, and standards recommended by the Organization, Administrations, classification societies and maritime industry organizations are taken into account.

We also share concerns raised by the maritime industry and the IMO, ILO and WHO on risks to seafarers and to shipping. We recommend that DOC holders consider guidance provided by the UN agencies and industry organizations, and, if needed, seek expert assistance from our safety culture, cyber security, and health experts. At the same time, we want to stress that DNV, in the statutory audits, assesses the effectiveness of measures in meeting the mentioned objectives and ensuring ongoing compliance with requirements in the mentioned standards and from the flag states. In addition, we continue to support the intention that DOC and DMLC (Declaration of Maritime Labour Compliance) holders must have management systems fitting their needs.


In these extraordinary times, we recommend companies use existing management systems to develop measures needed for risk handling – cyber security and pandemic challenges in particular – and to assess and document the effectiveness of such measures. We encourage DOC holders to work in partnership with DNV auditors to ensure an effective audit focus on the pandemic and cyber security in 2021 audits.



  • For customers:
    Direct Access to Technical Experts (DATE) via My Services on Veracity.
  • Otherwise:
    Use our office locator to find the nearest DNV office.
27 April 2021

IMO Sub-Committee on Navigation, Communications, Search & Rescue

The 8th session of the IMO’s Sub-Committee on Navigation, Communications and Search and Rescue (NCSR) was held remotely from 19 to 23 April 2021. The session finalized the work on the modernization of the requirements for the global maritime distress and safety system, with the aim to adapt to modern communication systems and remove carriage requirements for obsolete systems. It was also decided to recommend recognition of the Japanese Quasi-Zenith Satellite System as a component of the worldwide radio navigation system.

  • Maritime
23 February 2021

IMO DCS reporting deadline on 31 March 2021 – be prepared

Now with the second DCS reporting year recently ended, it is again time for reporting data on fuel oil consumption to your DCS verifier. To ensure a Statement of Compliance (SoC) is issued in due time before 31 May 2021 as required, the deadline in MARPOL for reporting 2020 data for verification is 31 March 2021. This statutory news is a reminder on how to stay compliant with regulation 22A of MARPOL Annex VI.

  • Maritime
View all