16.11.2022 Views

MASS UK Industry Conduct Principles and Code of Practice 2022 (V6)

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

“Malware” is a generic term for a variety <strong>of</strong> malicious s<strong>of</strong>tware, which can infect computer systems <strong>and</strong> impact on their<br />

performance.<br />

6 Safety Management<br />

“Operational technology (OT)” includes devices, sensors, s<strong>of</strong>tware <strong>and</strong> associated networking that monitor <strong>and</strong> control<br />

onboard systems.<br />

“Patches” are s<strong>of</strong>tware designed to update s<strong>of</strong>tware or supporting data to improve the s<strong>of</strong>tware or address security<br />

vulnerabilities <strong>and</strong> other bugs in operating systems or applications.<br />

6.1 OBJECTIVE<br />

“Phishing” refers to the process <strong>of</strong> deceiving recipients into sharing sensitive information with a third party.<br />

“Principle <strong>of</strong> least privilege” refers to the restriction <strong>of</strong> user account privileges only to those with privileges that are<br />

essential to function.<br />

“Producer” is the entity that manufactures the shipboard equipment <strong>and</strong> associated s<strong>of</strong>tware.<br />

The objective <strong>of</strong> this Chapter is to provide guidance on the requirements for Safety Management<br />

systems for <strong>MASS</strong> operations to meet the provisions <strong>of</strong> the IMO instruments.<br />

6.2 SCOPE<br />

“Recovery” refers to the activities after an incident required to restore essential services <strong>and</strong> operations in the short<br />

<strong>and</strong> medium term <strong>and</strong> fully restore all capabilities in the longer term.<br />

“Removable media” is a collective term for all methods <strong>of</strong> storing <strong>and</strong> transferring data between computers. This<br />

includes laptops, USB memory sticks, CDs, DVDs <strong>and</strong> diskettes.<br />

“Risk assessment” is the process which collects information <strong>and</strong> assigns values to risks as a base on which to make<br />

decision on priorities <strong>and</strong> developing or comparing courses <strong>of</strong> action.<br />

“Risk management” is the process <strong>of</strong> identifying, analysing, assessing <strong>and</strong> communicating risk <strong>and</strong> accepting, avoiding,<br />

transferring or controlling it to an acceptable level considering associated costs <strong>and</strong> benefits <strong>of</strong> any actions taken.<br />

6.2.1 The objectives <strong>of</strong> this <strong>Code</strong> are to ensure safety at sea, prevention <strong>of</strong> human injury or loss <strong>of</strong> life, <strong>and</strong> avoidance<br />

<strong>of</strong> damage to the environment, in particular to the marine environment <strong>and</strong> to property. This can be successfully<br />

implemented by the use <strong>of</strong> a Safety Management System (SMS) as part <strong>of</strong> the management <strong>and</strong> operation <strong>of</strong><br />

<strong>MASS</strong>.<br />

6.2.2 The purpose <strong>of</strong> this Chapter is to provide guidance on how to develop <strong>and</strong> implement an effective SMS for <strong>MASS</strong>.<br />

6.3 GENERAL<br />

6.3.1 Safety management objectives <strong>of</strong> the Operator should provide for:<br />

“S<strong>and</strong>box” is an isolated environment, in which a program may be executed without affecting the underlying system<br />

(computer or operating system) <strong>and</strong> any other applications. A s<strong>and</strong>box is <strong>of</strong>ten used when executing untrusted s<strong>of</strong>tware.<br />

“Service provider” is a company or person, who provides <strong>and</strong> performs s<strong>of</strong>tware maintenance.<br />

“Social engineering” is a method used to gain access to systems by tricking a person into revealing confidential<br />

information.<br />

n Safe practices in <strong>MASS</strong> operation <strong>and</strong> a safe working environment;<br />

n Assess all identified risks to the <strong>MASS</strong>, personnel <strong>and</strong> the environment <strong>and</strong> establish appropriate safeguards;<br />

<strong>and</strong><br />

n Continuously improve safety management skills <strong>of</strong> personnel ashore <strong>and</strong> aboard <strong>MASS</strong>, including preparing<br />

for emergencies related both to safety <strong>and</strong> environmental protection.<br />

6.3.2 The safety management system should ensure:<br />

“S<strong>of</strong>tware whitelisting” means specifying the s<strong>of</strong>tware, which is present <strong>and</strong> active on an IT or OT system.<br />

“Virtual Local Area Network (VLAN)” is the logical grouping <strong>of</strong> network nodes. A virtual LAN allows geographically<br />

dispersed network nodes to communicate as if they were physically on the same network.<br />

n Compliance with rules <strong>and</strong> regulations; <strong>and</strong><br />

n That applicable <strong>Code</strong>s, guidelines <strong>and</strong> st<strong>and</strong>ards m<strong>and</strong>ated or recommended by the International Maritime<br />

Organisation, administrations (e.g. The MCA), Classification Societies (e.g. Lloyds Register) <strong>and</strong> maritime<br />

industry organisations are taken into account..<br />

“Virtual Private Network (VPN)” enables users to send <strong>and</strong> receive data across shared or public networks as if their<br />

computing devices were directly connected to the private network, thereby benefiting from the functionality, security <strong>and</strong><br />

management policies <strong>of</strong> the private network.<br />

“Virus” is a hidden, self-replicating section <strong>of</strong> computer s<strong>of</strong>tware that maliciously infects <strong>and</strong> manipulates the operation<br />

<strong>of</strong> a computer program or system.<br />

“Wi-Fi” is all short-range communications that use some type <strong>of</strong> electromagnetic spectrum to send <strong>and</strong>/ or receive<br />

information without wires.<br />

6.3.3 Every Operator should develop, implement <strong>and</strong> maintain a safety management system, which includes the<br />

following functional requirements:<br />

n A safety <strong>and</strong> environmental-protection policy;<br />

n Instructions <strong>and</strong> procedures to ensure safe operation <strong>of</strong> <strong>MASS</strong> <strong>and</strong> protection <strong>of</strong> the environment in<br />

compliance with relevant international <strong>and</strong> Flag State legislation;<br />

n Defined levels <strong>of</strong> authority <strong>and</strong> lines <strong>of</strong> communication between, <strong>and</strong> amongst, shore <strong>and</strong> <strong>MASS</strong> personnel;<br />

n Procedures for reporting accidents <strong>and</strong> non-conformities with the provisions <strong>of</strong> this <strong>Code</strong>;<br />

n Procedures to prepare for <strong>and</strong> respond to emergency situations; <strong>and</strong><br />

54<br />

<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6<br />

<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6 55

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!