Ships and marine technology — Ship software logging system for operational technology

This document defines a ship software logging system (SSLS) for logging and retrieving software version information and current operational status. The system facilitates software maintenance for ship operational technology equipment and associated integrated systems, including but not limited to: — control and alarm systems; — fire and water mist systems; — navigation and communication systems; — steering control systems; — propulsion systems; — power generation systems; — performance monitoring systems; — auxiliary systems. This document sets requirements for the design and usability of a ship software logging system (SSLS) software that: — records software versions for equipment with updateable software (hereinafter “equipment”); — sets an initial log entry when equipment is first installed or detected by the SSLS; — includes a repository of electronic service reports associated with log entries; — automatically logs reports sent by the equipment.

Titre manque

General Information

Status
Published
Publication Date
29-Jul-2021
Current Stage
6060 - International Standard published
Start Date
30-Jul-2021
Due Date
09-Apr-2022
Completion Date
30-Jul-2021
Ref Project

Buy Standard

Standard
ISO 24060:2021 - Ships and marine technology -- Ship software logging system for operational technology
English language
8 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/PRF 24060:Version 12-jun-2021 - Ships and marine technology -- Ship software logging system for operational technology
English language
8 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 24060
First edition
2021-07
Ships and marine technology —
Ship software logging system for
operational technology
Reference number
ISO 24060:2021(E)
©
ISO 2021

---------------------- Page: 1 ----------------------
ISO 24060:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 24060:2021(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Technology design. 3
4.1 Updateable equipment inventory . 3
4.1.1 General. 3
4.1.2 Equipment details . 4
4.2 SSLS software and hardware requirements . 4
4.2.1 General requirements . 4
4.2.2 SSLS Connected equipment automatic logging requirements . 5
4.2.3 Log entry data requirements. 5
4.2.4 SSLS host computer requirements . 6
4.2.5 Cybersecurity requirements for SSLS . 6
4.2.6 Functionality requirements for SSLS user interface . 7
4.2.7 Connected equipment monitoring requirements . 7
Bibliography . 8
© ISO 2021 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 24060:2021(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 8, Ships and marine technology,
Subcommittee SC 11, Intermodal and Short Sea Shipping.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 24060:2021(E)

Introduction
Ships have more and more equipment with updateable software on-board. Current requirements
for on-board use of computer-based systems require a software registry for such equipment (IACS
URE22rev2), but these registries are not defined, can be difficult to understand and use, and are often
not updated. This is partly caused by the increasing quantity of computer equipment and applicable
regulations creating additional work for crew, shipping companies and other stakeholders. This
situation makes staying current on software updates more difficult, which also introduces increased
risks of equipment problems. This document began its development based on a 2017 CIRM-BIMCO
industry standard for software maintenance procedures.
This document defines a ship software logging system (SSLS) for shipboard equipment software.
Recognizing that maintenance of shipboard software is a major undertaking, this first edition initially
sets base characteristics. The SSLS can be used by various users and log data from various types of
equipment. It is expected that this document will evolve over time together with related regulations
and as experience on the use of the introduced concept accumulates.
This document considers the following:
— cyber risk management is incorporated into the design and use of the SSLS;
— equipment messages pass from the equipment to the SSLS automatically when possible;
— the equipment sends standard version messages with software version information on appropriate
time intervals.
© ISO 2021 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 24060:2021(E)
Ships and marine technology — Ship software logging
system for operational technology
1 Scope
This document defines a ship software logging system (SSLS) for logging and retrieving software
version information and current operational status. The system facilitates software maintenance for
ship operational technology equipment and associated integrated systems, including but not limited to:
— control and alarm systems;
— fire and water mist systems;
— navigation and communication systems;
— steering control systems;
— propulsion systems;
— power generation systems;
— performance monitoring systems;
— auxiliary systems.
This document sets requirements for the design and usability of a ship software logging system (SSLS)
software that:
— records software versions for equipment with updateable software (hereinafter “equipment”);
— sets an initial log entry when equipment is first installed or detected by the SSLS;
— includes a repository of electronic service reports associated with log entries;
— automatically logs reports sent by the equipment.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
category of update
classification assigned to a software update based upon the reason for undertaking the update, which
can be any one of the below or some combination:
— initial state;
© ISO 2021 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 24060:2021(E)

— bug fix (resolving software bugs);
— compliance update (maintaining conformity with regulations);
— critical update [critical to restoring proper performance of the shipboard equipment (3.10)];
— feature release (adding additional functionality);
— obsolescence update (addressing software and/or hardware that is no longer supported);
— security update (protecting against cyber threats);
— other (requires explanation).
3.2
controlled network
shipboard network designed to operate such that it does not pose any unacceptable safety and security
risks to any connected network nodes
3.3
critical update
software update identified as critical to restoring proper performance of the shipboard equipment (3.10)
3.4
data
quantities, characters, or symbols on which operations are performed by computers of shipboard
equipment (3.10)
3.5
equipment
devices involved in the operation of a ship
Note 1 to entry: See also shipboard equipment (3.10) and operational technology (3.7).
3.6
integrated system
interconnected system combining a number of different shipboard equipment (3.10)
3.7
operational technology
OT
devices, sensors, software and associated networking that monitor and control onboard systems
3.8
removable external data source
REDS
user removable non-network data source, including, but not limited to, compact discs, memory sticks
1)
and Bluetooth™ devices
3.9
ship software logging system
SSLS
software maintenance logging system for onboard equipment software
TM
1) Bluetooth is an example of a suitable product available commercially. This information is given for the
convenience of users of this document and does not constitute an endorsement by ISO or IEC of this product.
2 © ISO 2021 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 24060:2021(E)

3.10
shipboard equipment
system comprising a combination of hardware, software and data (3.4), performing a specific function
on board a ship
Note 1 to entry: See also operational technology (3.7).
3.11
shipowner
shipping company
owner of the ship or any other organization or person such as the manager, or the bareboat charterer
who has assumed responsibility for operation of the ship and who is responsible for initiating software
maintenance (3.14) of the shipboard equipment (3.10)
3.12
software
programs and operating instructions used in shipboard operational technology equipment, including
any updatable firmware and configuration
3.14
software maintenance
checking, updating, re-configuring, or upgrading the software of shipboard equipment (3.10) in order to
prevent or correct faults, maintain regulatory compliance, and/or improve performance
3.15
system integrator
stakeholder that combines shipboard equipment (3.10) into an integrated system (3.6)
3.16
uncontrolled network
shipboard data network other than controlled network (3.2)
3.17
version message
message automatically sent by connected equipment containing an indication of the current device
software version, including operating system (if operating system is updatable) and configuration (if
configuration is an updatable part of the device’s software)
Note 1 to entry: An example of one way to provide compliant information from equipment to an SSLS is a data
sentence message structure defined as the VER specified in IEC 61162-1 and sent by equipment implementing
this standard (encapsulated in 450 protocols with UDP datagrams).
4 Technology design
4.1 Updateable equipment inventory
4.1.1 General
For any given ship, an SSLS shall apply to any on board equipment that contains software which can
be updated. An inventory of equipment should have the ability to be automatically generated from
connected equipment, or manually entered. Some targeted systems for the SSLS to track include, for
example, control and alarm systems; fire and water mist systems; navigation and communication
systems; steering control systems; propulsion systems; power generation systems; performance
monitoring systems; and auxiliary systems.
© ISO 2021 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 24060:2021(E)

4.1.2 Equipment details
Where equipment as listed in 4.1.1 has been identified, the SSLS shall enable an initial log entry
containing the following equipment details for each piece of equipment:
a) device type;
b) manufacturer;
c) unique identifier, which is any specific equipment identifier;
d) serial number;
e) manufacture date;
f) model number, which can be a model code set by a manufac
...

INTERNATIONAL ISO
STANDARD 24060
First edition
Ships and marine technology —
Ship software logging system for
operational technology
PROOF/ÉPREUVE
Reference number
ISO 24060:2021(E)
©
ISO 2021

---------------------- Page: 1 ----------------------
ISO 24060:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 24060:2021(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Technology design. 3
4.1 Updateable equipment inventory . 3
4.1.1 General. 3
4.1.2 Equipment details . 4
4.2 SSLS software and hardware requirements . 4
4.2.1 General requirements . 4
4.2.2 SSLS Connected equipment automatic logging requirements . 5
4.2.3 Log entry data requirements. 5
4.2.4 SSLS host computer requirements . 6
4.2.5 Cybersecurity requirements for SSLS . 6
4.2.6 Functionality requirements for SSLS user interface . 7
4.2.7 Connected equipment monitoring requirements . 7
Bibliography . 8
© ISO 2021 – All rights reserved PROOF/ÉPREUVE iii

---------------------- Page: 3 ----------------------
ISO 24060:2021(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 8, Ships and marine technology,
Subcommittee SC 11, Intermodal and Short Sea Shipping.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 24060:2021(E)

Introduction
Ships have more and more equipment with updateable software on-board. Current requirements
for on-board use of computer-based systems require a software registry for such equipment (IACS
URE22rev2), but these registries are not defined, can be difficult to understand and use, and are often
not updated. This is partly caused by the increasing quantity of computer equipment and applicable
regulations creating additional work for crew, shipping companies and other stakeholders. This
situation makes staying current on software updates more difficult, which also introduces increased
risks of equipment problems. This document began its development based on a 2017 CIRM-BIMCO
industry standard for software maintenance procedures.
This document defines a ship software logging system (SSLS) for shipboard equipment software.
Recognizing that maintenance of shipboard software is a major undertaking, this first edition initially
sets base characteristics. The SSLS can be used by various users and log data from various types of
equipment. It is expected that this document will evolve over time together with related regulations
and as experience on the use of the introduced concept accumulates.
This document considers the following:
— cyber risk management is incorporated into the design and use of the SSLS;
— equipment messages pass from the equipment to the SSLS automatically when possible;
— the equipment sends standard version messages with software version information on appropriate
time intervals.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 24060:2021(E)
Ships and marine technology — Ship software logging
system for operational technology
1 Scope
This document defines a ship software logging system (SSLS) for logging and retrieving software
version information and current operational status. The system facilitates software maintenance for
ship operational technology equipment and associated integrated systems, including but not limited to:
— control and alarm systems;
— fire and water mist systems;
— navigation and communication systems;
— steering control systems;
— propulsion systems;
— power generation systems;
— performance monitoring systems;
— auxiliary systems.
This document sets requirements for the design and usability of a ship software logging system (SSLS)
software that:
— records software versions for equipment with updateable software (hereinafter “equipment”);
— sets an initial log entry when equipment is first installed or detected by the SSLS;
— includes a repository of electronic service reports associated with log entries;
— automatically logs reports sent by the equipment.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
category of update
classification assigned to a software update based upon the reason for undertaking the update, which
can be any one of the below or some combination:
— initial state;
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 1

---------------------- Page: 6 ----------------------
ISO 24060:2021(E)

— bug fix (resolving software bugs);
— compliance update (maintaining conformity with regulations);
— critical update [critical to restoring proper performance of the shipboard equipment (3.10)];
— feature release (adding additional functionality);
— obsolescence update (addressing software and/or hardware that is no longer supported);
— security update (protecting against cyber threats);
— other (requires explanation)
3.2
controlled network
shipboard network designed to operate such that it does not pose any unacceptable safety and security
risks to any connected network nodes
3.3
critical update
software update identified as critical to restoring proper performance of the shipboard equipment (3.10)
3.4
data
quantities, characters, or symbols on which operations are performed by computers of shipboard
equipment (3.10)
3.5
equipment
devices involved in the operation of a ship
Note 1 to entry: See also shipboard equipment (3.10) and operational technology (3.7).
3.6
integrated system
interconnected system combining a number of different shipboard equipment (3.10)
3.7
operational technology
OT
devices, sensors, software and associated networking that monitor and control onboard systems
3.8
removable external data source
REDS
user removable non-network data source, including, but not limited to, compact discs, memory sticks
1)
and Bluetooth™ devices
3.9
ship software logging system
SSLS
software maintenance logging system for onboard equipment software
TM
1) Bluetooth is an example of a suitable product available commercially. This information is given for the
convenience of users of this document and does not constitute an endorsement by ISO or IEC of this product.
2 PROOF/ÉPREUVE © ISO 2021 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 24060:2021(E)

3.10
shipboard equipment
system comprising a combination of hardware, software and data (3.4), performing a specific function
on board a ship
Note 1 to entry: See also operational technology (3.7).
3.11
shipowner
shipping company
owner of the ship or any other organization or person such as the manager, or the bareboat charterer
who has assumed responsibility for operation of the ship and who is responsible for initiating software
maintenance (3.14) of the shipboard equipment (3.10)
3.12
software
programs and operating instructions used in shipboard operational technology equipment, including
any updatable firmware and configuration
3.14
software maintenance
checking, updating, re-configuring, or upgrading the software of shipboard equipment (3.10) in order to
prevent or correct faults, maintain regulatory compliance, and/or improve performance
3.15
system integrator
stakeholder that combines shipboard equipment (3.10) into an integrated system (3.6)
3.16
uncontrolled network
shipboard data network other than controlled network (3.2)
3.17
version message
message automatically sent by connected equipment containing an indication of the current device
software version, including operating system (if operating system is updatable) and configuration (if
configuration is an updatable part of the device’s software)
Note 1 to entry: An example of one way to provide compliant information from equipment to an SSLS is a data
sentence message structure defined as the VER specified in IEC 61162-1 and sent by equipment implementing
this standard (encapsulated in 450 protocols with UDP datagrams).
4 Technology design
4.1 Updateable equipment inventory
4.1.1 General
For any given ship, an SSLS shall apply to any on board equipment that contains software which can
be updated. An inventory of equipment should have the ability to be automatically generated from
connected equipment, or manually entered. Some targeted systems for the SSLS to track include, for
example, control and alarm systems; fire and water mist systems; navigation and communication
systems; steering control systems; propulsion systems; power generation systems; performance
monitoring systems; and auxiliary systems.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 3

---------------------- Page: 8 ----------------------
ISO 24060:2021(E)

4.1.2 Equipment details
Where equipment as listed in 4.1.1 has been identified, the SSLS shall enable an initial log entry
containing the following equipment details for each piece of equipment:
a) device type;
b) manufacturer;
c) unique identifier, which is any specific equipment identifier;
d) serial number;
e) manufacture date;
f) model number, which can be a model code set by
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.