Schedule 9 - Maritime Cyber Certification Body Criteria

Owned by Aadam Yasin, created
Last updated: Aug 22, 2024 by Kate McKenzie
2 min read

Revisions:

 

Date:

Author:

Description:

January 2022

Jamie Randall

First Version Published

Download PDF Here

Certification Body Criteria

IASME Certification Bodies are companies that are authorised to offer assessment to Cyber Security standards including Maritime Cyber Baseline.

In order to be a Certification Body, candidate companies must be able to demonstrate to IASME’s satisfaction that they:

  •    Have good cyber security and can keep client data secure

  • Are committed to achieving an excellent and consistent client experience by using a quality management system

These two aims set the requirements which are the basis for the Certification Body Criteria. The requirements are detailed below.

In addition, all Maritime Cyber Baseline Certification Bodies must retain at least one Maritime Cyber assessor at all times in order to retain their status as a Certification Body.

1. Certification Body Security Requirements

All IASME Certification Bodies must provide independently verified evidence that they have achieved and maintain the objectives of the NCSC 10 Steps to Cyber Security.

This can be demonstrated through:

  • Achieving and maintaining independently verified ISO 27001 certification

  • Achieving and maintaining IASME Cyber Assurance - Level 2 certification

The scope of the above certifications must cover all areas of the business that will be involved in certification or that will hold data that relates to certifications. 

ISO 27001 certification must be through a UKAS Accredited Certification Body or an International Accreditation Forum (IAF) recognised equivalent.

Verification of the requirements 

All Certification Bodies must demonstrate they meet the security requirements before signing the Certification Body contract with IASME unless agreed otherwise with IASME.

2. Certification Body Quality Requirements

All Certification Bodies must commit to achieving and maintaining a good quality management system.

This can be demonstrated through:

  • Achieving and maintaining independently verified ISO 9001 certification

  • Achieving and maintaining a compliant mark on all of the IASME Cyber Assurance Quality Principles as part of a successful IASME Cyber Assurance - Level 2 certification

  • Achieving and maintaining the QG Quality Fundamentals+ certification

  • Achieving and maintaining appropriate ISO 17000 series certification through UKAS assessment

The scope of the above certifications must cover all areas of the business that will be involved in certification or that will hold data that relates to certifications. 

ISO 9001 certification must be through a UKAS Accredited Certification Body or an International Accreditation Forum (IAF) recognised equivalent.

 Verification of the requirements 

All Certification Bodies must demonstrate they meet the security requirements before signing the Certification Body contract with IASME unless agreed otherwise with IASME.

 

© The IASME Consortium Ltd 2022 All rights reserved