Phase 11: Documentation Control & Class Liaison - Training Guide

Mission Briefing

Greetings, Cyber Surveyor. Your previous missions have established governance, identified risks, cataloged assets, designed network security architecture, created comprehensive documentation, verified supplier compliance, implemented change management processes, ensured security during construction, developed a thorough test program, and executed rigorous testing. Now, your mission at Tachyon Heavy Industries' Mars Shipyard advances to a critical certification phase: Documentation Control & Class Liaison.

Throughout the previous phases, you've generated vast amounts of documentation—designs, policies, procedures, test results, and more. This documentation is not merely a record of work completed; it is the evidence that will convince the Astronomical Bureau of Shipping (ABS) that the vessel meets the stringent requirements of IACS UR E26. Without proper organization, management, and presentation of this documentation, even the most secure vessel may fail to achieve certification.

Your task is to organize all cybersecurity documentation into a coherent package that clearly demonstrates compliance with every aspect of UR E26, and to work closely with ABS surveyors to address any questions or concerns they may have during the certification process.

E26 Regulatory Context

IACS UR E26 requires comprehensive documentation of cybersecurity measures. Key requirements include:

• Documentation of all cybersecurity controls and their implementation
• Evidence of compliance with all UR E26 requirements
• Records of security testing and verification
• Documentation of risk assessments and mitigations
• Procedures for maintaining security throughout the vessel lifecycle
• Clear traceability between requirements and implementation

The Astronomical Bureau of Shipping (ABS) will review this documentation as the primary basis for certification decisions.

Your Mission Objectives

As an ABSC Cyber Integrator, you must:

1. Organize all cybersecurity documentation into a structured package
2. Create traceability matrices linking documentation to UR E26 requirements
3. Prepare executive summaries and compliance narratives
4. Coordinate with ABS surveyors during document review
5. Address any documentation gaps or clarification requests
6. Finalize documentation package for certification approval

The Challenges You Face

Managing documentation and working with classification society surveyors presents several challenges:

• Vast amounts of technical documentation from multiple phases
• Complex relationships between different documentation elements
• Varying levels of detail required for different audiences
• Potential gaps or inconsistencies in existing documentation
• Tight timelines for addressing surveyor questions
• Balancing technical accuracy with clarity for non-technical reviewers

Quest Path: Documentation Control & Class Liaison

Step 1: Documentation Inventory and Organization

Your first task is to inventory and organize all existing cybersecurity documentation.

Procedural Guide:

1. Inventory all documentation from previous phases:
   • Governance documents
   • Risk assessments
   • Asset inventories
   • Network architecture designs
   • Security control specifications
   • Test plans and results
   • Supplier compliance documentation
   • Change management records
2. Develop a documentation structure and organization scheme
3. Create a documentation management system
4. Establish version control procedures
5. Identify any missing or incomplete documentation
6. Develop a plan for addressing documentation gaps

Interactive Challenge: While inventorying documentation for the Quantum Harvester, you discover that several key documents from the system integration phase are missing or incomplete. The integration team claims they followed all procedures but didn't document every step due to time constraints. The ABS document review is scheduled to begin in one week. How do you address this documentation gap?

Options:

• Delay the ABS review until all documentation can be completed
• Work with the integration team to recreate the missing documentation
• Document the gap and develop compensating evidence
• Proceed with the review using only the available documentation

Optimal Approach: Work intensively with the integration team to recreate the essential documentation based on system logs, interviews, and other available evidence. For any processes that cannot be fully reconstructed, develop a gap analysis document that acknowledges the missing documentation, explains the circumstances, provides alternative evidence of compliance, and outlines process improvements to prevent similar issues in the future. Communicate proactively with the ABS surveyor about the situation before the formal review begins.

Deliverable: Organized Documentation Repository

Step 2: Compliance Traceability Matrix Development

Develop matrices that clearly link documentation to specific UR E26 requirements.

Procedural Guide:

1. Break down UR E26 into discrete, verifiable requirements
2. Map each requirement to specific documentation elements
3. Identify the evidence that demonstrates compliance with each requirement
4. Create cross-reference tables for complex requirements
5. Identify any requirements with insufficient documentation
6. Develop strategies for addressing compliance gaps

Interactive Challenge: While developing the compliance matrix for the Nebula Skimmer, you discover that the documentation for network monitoring implementation doesn't clearly address several specific requirements in UR E26 Section 4.3. The system is implemented correctly, but the documentation doesn't use the same terminology or structure as the requirements. How do you address this traceability gap?

Deliverable: UR E26 Compliance Traceability Matrices

Step 3: Executive Summary and Compliance Narrative

Develop high-level documentation that explains the vessel's approach to cybersecurity.

Procedural Guide:

1. Create executive summaries for:
   • Overall cybersecurity approach
   • Risk management strategy
   • Defense-in-depth implementation
   • Security testing and verification
   • Ongoing security management
2. Develop compliance narratives that explain how requirements are met
3. Create visual representations of security architecture and controls
4. Prepare presentation materials for ABS surveyors
5. Develop talking points for technical discussions
6. Create documentation navigation guides

Interactive Challenge: The ABS lead surveyor for the Comet Chaser certification has a background in traditional marine systems but limited experience with advanced cybersecurity concepts. Your technical compliance narrative uses terminology and concepts that the surveyor is struggling to understand. How do you adapt your approach to ensure effective communication?

Deliverable: Executive Summaries and Compliance Narratives

Step 4: ABS Liaison and Communication

Establish effective communication channels and processes with ABS surveyors.

Procedural Guide:

1. Establish communication protocols with ABS team
2. Schedule preliminary document review meetings
3. Prepare for common surveyor questions and concerns
4. Develop processes for tracking and addressing surveyor requests
5. Create escalation procedures for complex issues
6. Establish documentation update procedures during review

Interactive Challenge: During the initial document review for the Gravity Well, an ABS surveyor raises concerns about the vessel's approach to remote access security, questioning whether it fully meets UR E26 requirements. The THI Project Manager becomes defensive and begins arguing with the surveyor, creating tension in the meeting. How do you handle this situation to maintain a productive relationship with ABS?

Deliverable: ABS Communication Plan

Step 5: Documentation Gap Resolution

Address any gaps or issues identified in the documentation.

Procedural Guide:

1. Prioritize documentation gaps based on criticality
2. Develop action plans for addressing each gap
3. Coordinate with technical teams to gather additional information
4. Create supplementary documentation as needed
5. Update existing documentation to address concerns
6. Verify that gap resolution fully addresses the issues

Interactive Challenge: The ABS surveyor reviewing the Void Hauler's documentation has identified ten areas where additional evidence or clarification is needed. The vessel delivery deadline is approaching rapidly, and the technical teams are already stretched thin with final preparations. How do you efficiently address these documentation gaps without delaying certification or delivery?

Deliverable: Documentation Gap Resolution Plan

Step 6: Final Documentation Package

Prepare the final documentation package for certification approval.

Procedural Guide:

1. Compile all updated and finalized documentation
2. Perform quality control review of the complete package
3. Create a final compliance statement
4. Develop an executive briefing for ABS and THI leadership
5. Prepare for the final certification meeting
6. Create a documentation handover package for vessel operations

Interactive Challenge: During the final review of the Quantum Harvester's documentation package, you discover a discrepancy between the as-built network diagram and the security test results. The discrepancy is minor but could raise questions during the final certification meeting scheduled for tomorrow. How do you address this last-minute issue?

Deliverable: Final Certification Documentation Package

Mission Completion Criteria

Your mission will be considered complete when:

1. All cybersecurity documentation is organized and accessible
2. Compliance traceability matrices are complete for all requirements
3. Executive summaries and compliance narratives are approved
4. All ABS questions and concerns have been addressed
5. Documentation gaps have been resolved
6. The final documentation package has been accepted by ABS

Rewards and Advancement

Successful completion of this mission will:

• Demonstrate clear compliance with all UR E26 requirements
• Establish a strong foundation for certification approval
• Unlock access to Phase 12: Crew & Yard Team Awareness & Handover
• Earn you the "Documentation Master" achievement in your surveyor profile

Knowledge Resources

• IACS UR E26: "Cyber Resilience of Ships"
• ABS CyberSafety® Volume 2: "Requirements for the ABS CyberSafety® Notation"
• ISO/IEC 27001: "Information Security Management Systems"
• NIST SP 800-53: "Security and Privacy Controls for Information Systems and Organizations"
• ISA/IEC 62443: "Industrial Automation and Control Systems Security"

Remember, Surveyor: in the realm of certification, what isn't documented might as well not exist. Your meticulous attention to documentation now will not only secure certification but will also provide the foundation for maintaining the vessel's security throughout its operational life. The documentation you prepare will be the legacy that guides future crews in protecting the vessel against evolving threats in the void.

Good luck on your mission. The certification of the fleet depends on your documentation skills.