This clause is intended to address situations in which a party is affected by a cybersecurity incident and the incident affects the party`s ability to meet its contractual obligations. As part of the 6-step article procedure for managing supplier safety under ISO 27001, we provided an overview of an ISO 27001 process for vendor safety management. This article now contains detailed information on certain safeguard clauses that you need to take seriously in supplier contracts to ensure adequate protection of aspects of your business that are under the control of suppliers. This sub-clause requires parties to make reasonable efforts to ensure that third parties who provide services on their behalf have appropriate cybersecurity, i.e., that they meet the requirements set out in point (a) (i) -iii). For example, brokers and ship agents provide digital services and information to owners and charterers, so their systems must also be protected from cyber risks. While including all of these clauses in all your supplier contracts may seem like a good idea, avoid this. What for? Because treating all suppliers the same makes no sense. Each of them has a different relationship with you, and imposing all these clauses on any supplier can make your contracts too expensive or severely limit your supplier options that they can meet. Right to review: clause guaranteeing that the organization has the right to monitor and test security checks on a regular basis or in the event of a significant change in the relationship. According to the concept, the clause does not deal with payment fraud. Although this type of internet fraud is becoming more common, the subcommittee believes that a contractual clause does not significantly reduce the risk. Fraud is successful, in part because of poor audit and authorisation procedures for companies, and can be prevented by strengthening internal procedures.

In short, security must be considered a delivery, just like any other product or service an organization expects from its supplier. The following explanations are intended to provide a context for reflection behind the BIMCO Cyber Security Clause. If you have any questions about the clause that we did not respond to in the comments, please contact us at contracts@bimco.org and we would be happy to help.