From January 1st 2021 (and no later than the first annual verification of the company’s Document of Compliance), IMO in Resolution MSC.428(98) requires that the vessels’ risk assessment in relation to the ISM Code also includes an assessment of the cyber risks.
In order to be compliant with MSC.428(98), vessels must identify vessel cyber security objectives, make an inventory of systems and software and execute a cyber risk assessment, which involves identifying target
on-board systems, analysing the likelihood and consequence of a system compromise, determining the initial risk level of each system and suggesting measures and calculating residual risk.