Version 1

Effective Date: January 2022

Maritime Cyber Assessor Criteria

IASME requires that anyone who applies to become a Maritime Cyber Assessor must have a suitable level of skills in cyber security in the Maritime sector and to be proficient in the security aspects of Operational Technology (OT) environments. They must also attend the appropriate Assessor Training Course for the category of Assessor they wish to attain.

Maritime Cyber Assessors must meet all the requirements below:

1. Hold one of the following qualifications:

a.      ISO 27001 Lead Auditor,

b.     ISACA – Certified Information Security Manager (CISM)

c.      ICS2 Certified Information Security Systems Professional (CISSP).

1. Be a member of a Maritime Professional body, e.g. Royal Institution of Naval Architects (RINA) or similar.

1. Hold a current certification in the security of Operational Technology (OT) environments (Fortinet, Cisco, SANS, etc or similar) or be able to demonstrate suitable experience of OT to the satisfaction of IASME

IASME may at its sole discretion accept alternative qualifications and certifications to those listed above. This will be decided on a case-by-case basis by IASME’s Head of Technical Strategy taking into account the skills requirements of the scheme.

Maritime Cyber Baseline Assessors must also attend and pass the Maritime Cyber Assessor Training course

Assessors must maintain any certifications that they rely on above (if those certifications require ongoing maintenance).

Assessors must attend at least one IASME Maritime Cyber Assessor Certification Body (CB) meeting each year, either in person or virtually.

Assessors will retain their status if they leave their CB and start work with another organisation - they do not have to attend the training a second time, but they cannot offer certification unless they are working on behalf of an authorised Maritime Cyber CB.

© The IASME Consortium Ltd 2020 All rights reserved