5 options to becoming MSC428 (98) compliant. Option 1. ISO/IEC 27001

MSC 428(98) from January 1st has taken effect. Depending on the anniversary date of your Document of Compliance (DOC) you may have some months before you are required to demonstrate compliance. Each day this week we will highlight ways in which you can easily show the auditor that your Company complies.

1. ISO/IEC 27001

What is it?

ISO27001 is the international standard that sets out the specification for an information security management system (ISMS). Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.

Independently accredited certification to the Standard is recognised around the world as an indication that your ISMS is aligned with information security best practice.


Compliance with ISO 27001 is far in excess of the requirements of MSC 428(98) and a shipping company holding valid ISO 27001 certification will have no problem demonstrating compliance to a Flag auditor.


It is expensive to obtain and keep. It also requires significant management overhead in setting up and maintaining records that show all detailed procedures are being followed.


Depending on company size and vessel complexity, the costs of obtaining and maintaining certification run into many thousands of dollars. A typical medium sized ship owner can expect total compliance costs to be in the region of USD $50k per annum

Time frame to compliance

This also depends upon company size and vessel complexity but expect 6 to 12 months from starting to obtain certification.

If you wish to know more about Eazi Security and their world leading cyber security software solutions please contact David Clayden
Email David.clayden@eazisecurity.com Tel +44 (0)7711 351463