Use your management system smartly to handle cyber security and pandemic challenges

To ensure optimal use of management systems when dealing with cyber security challenges and the consequences of the COVID-19 pandemic for ship safety and crews’ health, working and living conditions, we expect DOC holders to assess risks and implement mitigating measures. This statutory news provides recommendations on how to use your management systems smartly for these issues.


Relevant for owners and managers as well as DOC (Document of Compliance) holders.

The scope of the statutory management systems standards – ISM (International Safety Management), ISPS (International Ship and Port Facility Security) and MLC (Maritime Labour Convention) 2006 – are broad. The focus of audits varies with the performance and the needs of individual DOC holders.

At DNV, we tailor our audits based on assessments of information on the effectiveness of individual DOC holders’ management system measures. The audit focus is normally based on this information and on our general assessments of management system needs.

With this in mind, the audit focus is tailored to the individual audits and auditees, but sometimes we have extraordinary situations which must be handled with particular attention. In 2021, we are experiencing such an extraordinary situation, and we recommend all DOC holders to put particular focus on cyber security and the consequences of the pandemic – using their management system apparatus to do so.

During the audits, we ask that the challenges be viewed and handled as per objectives and requirements in the ISM Code and the MLC 2006. In this connection, our auditors refer particularly to the ISM Code’s paragraph 1.2.2:

The safety management objectives of the company should, inter alia:

  1. provide for safe practices in ship operation and a safe working environment.
  2. assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards.
  3. continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.

The consequences of a cyber-attack and from the pandemic are severe, and it is with special concern that we are seeing reports on challenges in meeting objectives in the ISM Code and the MLC 2006. Such a situation could negatively impact the mental health and well-being of seafarers as well as the safe and effective operation of vessels. Our expectations are that management systems be robust, and objectives met, and ongoing compliance ensured also in these trying times. In this connection, we refer to the ISM Code’s paragraph 1.2.3:

The safety and management system should ensure:

  1. compliance with mandatory rules and regulations.
  2. that applicable codes, guidelines, and standards recommended by the Organization, Administrations, classification societies and maritime industry organizations are taken into account.

We also share concerns raised by the maritime industry and the IMO, ILO and WHO on risks to seafarers and to shipping. We recommend that DOC holders consider guidance provided by the UN agencies and industry organizations, and, if needed, seek expert assistance from our safety culture, cyber security, and health experts. At the same time, we want to stress that DNV, in the statutory audits, assesses the effectiveness of measures in meeting the mentioned objectives and ensuring ongoing compliance with requirements in the mentioned standards and from the flag states. In addition, we continue to support the intention that DOC and DMLC (Declaration of Maritime Labour Compliance) holders must have management systems fitting their needs.


In these extraordinary times, we recommend companies use existing management systems to develop measures needed for risk handling – cyber security and pandemic challenges in particular – and to assess and document the effectiveness of such measures. We encourage DOC holders to work in partnership with DNV auditors to ensure an effective audit focus on the pandemic and cyber security in 2021 audits.



  • For customers:
    Direct Access to Technical Experts (DATE) via My Services on Veracity.
  • Otherwise:
    Use our office locator to find the nearest DNV office.
27 July 2021

IMO update: Sub-Committee on Implementation of IMO Instruments (III 7)

The 7th session of the IMO Sub-Committee on Implementation of IMO Instruments (III 7) was held remotely from 12 to 16 July 2021. III 7 revised the procedures for port state control and survey guidelines under the harmonized system of survey and certification (HSSC). III 7 further discussed lessons learned and safety issues identified from the analysis of marine safety investigation reports and proposed to look further into accidents involving elevators.

  • Maritime
25 June 2021

New MARPOL requirement on designated fuel oil sampling points

The 0.50% global sulphur limit for fuel oil used or carried for use has been in force since 1 January 2020. Three months later the so-called carriage ban took effect which prohibits carriage of fuel exceeding the global sulphur limit in the fuel oil tanks. To follow up on the new requirement and enable PSC to take representative samples of the fuel oil being used onboard, in-use sampling points needs to be designated. This statutory news summarizes the sampling point requirement.

  • Maritime
17 June 2021

IMO update: Marine Environment Protection Committee – MEPC 76

The 76th session of the IMO’s Marine Environment Protection Committee (MEPC 76) was held remotely with a limited agenda from 10 to 17 June 2021. MEPC 76 adopted technical and operational measures to reduce carbon intensity of international shipping, taking effect from 2023. The measures include the Energy Efficiency Existing Ship Index (EEXI), the enhanced Ship Energy Efficiency Management Plan (SEEMP) and the Carbon Intensity Indicator (CII) rating scheme.

  • Maritime
View all