Korean Register's maritime cyber certification service is to safely protect customers' organizations and assets from cyber threats in all business areas of the maritime industry such as companies, ships, products, etc.
As technology advances such as digitalization, integration and automation of the ship's cyber system are accelerating, the importance of cyber risk management not only for the systems and ships installed on the ship, but also for the company (shipping company) is emerging. In particular, the International Maritime Organization (IMO) Maritime Safety Committee (MSC) adopted the resolution MSC428 (98) on maritime cyber risk management in the safety management system (SMS) in 2017. It is recommended to check cyber risk management at the first ISM audit after work.
KR cyber security certification services are not only internationally widely used cyber security international standards (ISO 27001, NIST, IEC 62443, etc.) to assist customers in implementing recommendations on IMO cyber risk management, as well as international IMO, BIMCO, DCSA, etc. It was designed based on the cyber risk management framework recommended by the maritime industry, and identifies cyber threats in customer business and supports cyber risk management.
In addition, cyber security type approval and software conformity certification services are provided for computer-based systems, products, and software to be installed on ships.
KR's cyber security type approval guidance is a service that certifies products (or systems) to be installed on ships in terms of integrity, availability, and confidentiality, which are basic elements of cyber security, and is designed based on international standards IEC 62443, 61162.
Software conformity certification guidance is a service that verifies potential defects in functional and non-functional elements of a product (software) to be mounted on a ship, and is designed based on international standards IEC25051, 61508, and IEE 830.
In addition, KR provides cyber security awareness training services and technical services (cyber security risk assessment, penetration test, vulnerability diagnosis, etc.) to support customers improve cyber resilience.