MASS UK Industry Conduct Principles and Code of Practice 2022 (V6)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
“Malware” is a generic term for a variety <strong>of</strong> malicious s<strong>of</strong>tware, which can infect computer systems <strong>and</strong> impact on their<br />
performance.<br />
6 Safety Management<br />
“Operational technology (OT)” includes devices, sensors, s<strong>of</strong>tware <strong>and</strong> associated networking that monitor <strong>and</strong> control<br />
onboard systems.<br />
“Patches” are s<strong>of</strong>tware designed to update s<strong>of</strong>tware or supporting data to improve the s<strong>of</strong>tware or address security<br />
vulnerabilities <strong>and</strong> other bugs in operating systems or applications.<br />
6.1 OBJECTIVE<br />
“Phishing” refers to the process <strong>of</strong> deceiving recipients into sharing sensitive information with a third party.<br />
“Principle <strong>of</strong> least privilege” refers to the restriction <strong>of</strong> user account privileges only to those with privileges that are<br />
essential to function.<br />
“Producer” is the entity that manufactures the shipboard equipment <strong>and</strong> associated s<strong>of</strong>tware.<br />
The objective <strong>of</strong> this Chapter is to provide guidance on the requirements for Safety Management<br />
systems for <strong>MASS</strong> operations to meet the provisions <strong>of</strong> the IMO instruments.<br />
6.2 SCOPE<br />
“Recovery” refers to the activities after an incident required to restore essential services <strong>and</strong> operations in the short<br />
<strong>and</strong> medium term <strong>and</strong> fully restore all capabilities in the longer term.<br />
“Removable media” is a collective term for all methods <strong>of</strong> storing <strong>and</strong> transferring data between computers. This<br />
includes laptops, USB memory sticks, CDs, DVDs <strong>and</strong> diskettes.<br />
“Risk assessment” is the process which collects information <strong>and</strong> assigns values to risks as a base on which to make<br />
decision on priorities <strong>and</strong> developing or comparing courses <strong>of</strong> action.<br />
“Risk management” is the process <strong>of</strong> identifying, analysing, assessing <strong>and</strong> communicating risk <strong>and</strong> accepting, avoiding,<br />
transferring or controlling it to an acceptable level considering associated costs <strong>and</strong> benefits <strong>of</strong> any actions taken.<br />
6.2.1 The objectives <strong>of</strong> this <strong>Code</strong> are to ensure safety at sea, prevention <strong>of</strong> human injury or loss <strong>of</strong> life, <strong>and</strong> avoidance<br />
<strong>of</strong> damage to the environment, in particular to the marine environment <strong>and</strong> to property. This can be successfully<br />
implemented by the use <strong>of</strong> a Safety Management System (SMS) as part <strong>of</strong> the management <strong>and</strong> operation <strong>of</strong><br />
<strong>MASS</strong>.<br />
6.2.2 The purpose <strong>of</strong> this Chapter is to provide guidance on how to develop <strong>and</strong> implement an effective SMS for <strong>MASS</strong>.<br />
6.3 GENERAL<br />
6.3.1 Safety management objectives <strong>of</strong> the Operator should provide for:<br />
“S<strong>and</strong>box” is an isolated environment, in which a program may be executed without affecting the underlying system<br />
(computer or operating system) <strong>and</strong> any other applications. A s<strong>and</strong>box is <strong>of</strong>ten used when executing untrusted s<strong>of</strong>tware.<br />
“Service provider” is a company or person, who provides <strong>and</strong> performs s<strong>of</strong>tware maintenance.<br />
“Social engineering” is a method used to gain access to systems by tricking a person into revealing confidential<br />
information.<br />
n Safe practices in <strong>MASS</strong> operation <strong>and</strong> a safe working environment;<br />
n Assess all identified risks to the <strong>MASS</strong>, personnel <strong>and</strong> the environment <strong>and</strong> establish appropriate safeguards;<br />
<strong>and</strong><br />
n Continuously improve safety management skills <strong>of</strong> personnel ashore <strong>and</strong> aboard <strong>MASS</strong>, including preparing<br />
for emergencies related both to safety <strong>and</strong> environmental protection.<br />
6.3.2 The safety management system should ensure:<br />
“S<strong>of</strong>tware whitelisting” means specifying the s<strong>of</strong>tware, which is present <strong>and</strong> active on an IT or OT system.<br />
“Virtual Local Area Network (VLAN)” is the logical grouping <strong>of</strong> network nodes. A virtual LAN allows geographically<br />
dispersed network nodes to communicate as if they were physically on the same network.<br />
n Compliance with rules <strong>and</strong> regulations; <strong>and</strong><br />
n That applicable <strong>Code</strong>s, guidelines <strong>and</strong> st<strong>and</strong>ards m<strong>and</strong>ated or recommended by the International Maritime<br />
Organisation, administrations (e.g. The MCA), Classification Societies (e.g. Lloyds Register) <strong>and</strong> maritime<br />
industry organisations are taken into account..<br />
“Virtual Private Network (VPN)” enables users to send <strong>and</strong> receive data across shared or public networks as if their<br />
computing devices were directly connected to the private network, thereby benefiting from the functionality, security <strong>and</strong><br />
management policies <strong>of</strong> the private network.<br />
“Virus” is a hidden, self-replicating section <strong>of</strong> computer s<strong>of</strong>tware that maliciously infects <strong>and</strong> manipulates the operation<br />
<strong>of</strong> a computer program or system.<br />
“Wi-Fi” is all short-range communications that use some type <strong>of</strong> electromagnetic spectrum to send <strong>and</strong>/ or receive<br />
information without wires.<br />
6.3.3 Every Operator should develop, implement <strong>and</strong> maintain a safety management system, which includes the<br />
following functional requirements:<br />
n A safety <strong>and</strong> environmental-protection policy;<br />
n Instructions <strong>and</strong> procedures to ensure safe operation <strong>of</strong> <strong>MASS</strong> <strong>and</strong> protection <strong>of</strong> the environment in<br />
compliance with relevant international <strong>and</strong> Flag State legislation;<br />
n Defined levels <strong>of</strong> authority <strong>and</strong> lines <strong>of</strong> communication between, <strong>and</strong> amongst, shore <strong>and</strong> <strong>MASS</strong> personnel;<br />
n Procedures for reporting accidents <strong>and</strong> non-conformities with the provisions <strong>of</strong> this <strong>Code</strong>;<br />
n Procedures to prepare for <strong>and</strong> respond to emergency situations; <strong>and</strong><br />
54<br />
<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6<br />
<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6 55