IACS: Developing an inventory list of computer-based systems

An inventory list of all the vessel’s computer based systems should be created during the vessel’s design and construction and updated during the life of the ship. The inventory list shall contain:

• equipment list
• physical map of the computer based systems
• logical map of networks

Physical map of the computer based systems

-Physical Inventories

The list of communicating devices should be included in inventory list or included in each supplier’s drawings/documents, for example: PLCs, remote I/O, sensors, actuators, variable speed drives, meters, circuit breakers, switches, physical servers, desktops and storage units. For each element, the following should be specified:

• name;
• brand;
• model or reference (some devices (e.g. modular PLCs) contain several references;
• the version of the embedded firmware (software version) and the product version if appropriate;
• physical characteristics, if appropriate; – physical location (Accommodation space/Engine room, room, cabinet, bay);
• list of switches connected;

The list of network communication devices should be included in inventory list or included in each supplier’s drawings/documents, for example, switches, routers and protocol gateways. For each device, the following should be specified:

• name
• brand;
• model and reference;
• embedded firmware version; –
• physical location (Accommodation space/Engine room, room, cabinet, bay).

For Ethernet switches, also the VLAN numbers for each port should be specified.

-Diagram

This is a representation of the various geographical locations, showing:

• switches, associated VLAN numbers;
• links between devices;
• interconnection identifiers (MPLS, VPLS, …);
• devices

Logical map of networks

The logical topology of networks (e.g. IP and non-IP addressing scheme, subnet names, logical links, principal devices in operation) should be recorded. This map can be organized in the form of inventories and a diagram, and may be included in each supplier’s drawings/documents.

-Logical Inventories

List of IP address ranges with, for each one:

• the list of switches concerned;
• the functional description of the IP range;
• interconnections with other ranges.

List of non-IP networks with, for each network:

• the list of MAC addresses or addresses specific to the industrial protocols on the network;
• the list of switches concerned;
• functional description of the network;
• devices connected to other networks (connectors).

List of non-Ethernet access points with, for each one:

• the list of access ports;
• addressing, if there is a special protocol;
• the list of connected devices.

List of logical servers and desktops with, for each one, if applicable:

• IP addressing (network, mask, gateway);
• operating system version;
• underlying physical server;
• applications and their versions;
• services and versions.

List of connectors and communicating field devices (remote I/O, smart sensors, smart actuators, etc.) with, for each one:

• IP addressing (network, mask, gateway), the associated MAC addressing and network or the specific addressing, if appropriate;
• applications.

-Diagram

This diagram is a representation of the IP ranges (networks and sub-networks) and their interconnections, showing:

• the functional description of the IP range;
• interconnections with other ranges;
• routers, switches and firewalls;
• IT security devices (e.g. filtering gateways, sensors, intrusion detection sensors).

In particular, this map should show interconnection points with ”external” entities (e.g.partners, service providers) and all interconnections with the Internet.

Software Inventories

-List of desktop software structured per equipment:

Desktop applications are software editors’ applications used on the equipment. Desktop applications may be reserved to a local usage (e.g. notepad) but Desktop applications may also connect to remote computers (e.g. FTP client). But desktop applications cannot accept connections. Application using entering connections are called “Network Services”. The following information is to be delivered regarding desktop applications:

• software name and publisher;
• installation date, version number and motivations;
• local and remote roles;
• generic accounts;
• dedicated accounts;
• access control list with read, write and execution rights;
• when existing, outgoing connections shall be considered (IP/Ports destination). If unknown, information shall be identified as “missing”
• license number.

-List of network services structured per equipment:

Network services are application using entering connections through listening interface (e.g. called ports for TCP/IP) over the network or any serial connection. In addition to the list of information listed in [2.4.1.1] the following information is to be delivered. For IP based Services:

• protocol name and version;
• listening ports and motivation.

For non-IP based Services:

• listening interface and motivation.

-Change Management:

When software is being maintained, the inventory list should include a record of the previous and current software versions installed, including a repository of related electronic service report documents.

-Integration Documentation:

The latest editions of the documentation required to be provided to classification societies following integration testing for CAT II and III systems required by 3.1.3 of UR E22 is to be provided with the ship on delivery.

Physical Support

-Nature of the physical support

The information required by this recommendation should be made available upon request in a paper document or a digital application. If the second option is chosen, a clear status of the ship configuration should be able to be determined at a fixed date on request.

-Access to the physical support

Access to information required by this recommendation should be limited to the strictly necessary persons and organizations.

Responsibilities

The system integrator should be in charge of creating and updating the Inventory List, with the help of the suppliers and under the responsibility of the owner, at any moment of the ship life cycle. The system integrator may change during the ship life cycle. If no entity is assuming this role, the owner should be able to provide an updated Inventory List.

Explore more herebelow: