Internal Auditing of Cyber Risk Management

Training to support the internal audit team with this new requirement to manage cyber risks in the maritime field

Since January 1st 2021 DOC audits also now include cyber risk management on a global level. This course will support the internal audit team called upon to undertake this additional requirement. 

Please note: This training is not suitable for those without ISO auditor experience.

Participants will learn how to effectively audit a safety management system in terms of cyber risk management. The scope of the audit is aligned towards the ISM code and takes other best practices (ISO 27001) into consideration. This includes practical instructions and exercises to audit your own organization regarding:

• roles and responsibilities through interviews with DPA, administrators or cyber security officers and users,
• relevant documentation such as the cyber risk assessment, software change management, cyber incident response plan or cyber awareness training.    

This course will teach you how to roll out an effective cyber risk management audit of your organization and how to utilize the audit to contribute beyond regulatory compliance to improve continually over time.  It addresses the ISM Code, IMO Resolution MSC.428 (98) as well as MSC-FAL.1-Circ.3 and takes other best practices, such as ISO 27001, into consideration, as applicable to the maritime industry.  

This training was developed to further complement DNV’s Maritime Cyber Security Services

Focus Points:

• Cyber and information security regulations and relevant management system standards (e.g. ISM code, ISO 27001) 
• Cyber risk management defense-in-depth principles: Identify, Protect, Detect, Respond and Recover 
• Auditing of safety management systems in terms of cyber risk management
• Typical cyber and information security audit findings 
• Continuous improvements and maturity finalization 
• Benefit from DNV’s experience with other customer projects