12 November 2019
Applicability: Shipowners, ship operators, ship managers, ship masters, shipbuilders and flag Administrations.
While ships may carry both electronically signed and paper certificates, the International Maritime Organisation (IMO) has recognised the need for a set of standards regarding the use of electronic certificates.
LR will start issuing electronic certificates in accordance with the IMO Facilitation Committee (FAL) and its approved “Guidelines for the Use of Electronic Certificates” (IMO Circular FAL.5/Circ.39/Rev.2).
From 1 November 2019 LR began issuing electronic certificates for newly issued and re-issued certificates for Panama flag Administration. The issuance of LR electronic certificates will extend to all certificate types and across all other flag authorities which have authorised their use by LR, from early 2020.
1. Validity and consistency with the format and content required by the relevant international convention or instrument as applicable:
- Electronic certificates issued by Lloyd’s Register are processed according to the same procedures and systems as paper certificates. The format and the content of the certificate are consistent with the requirements in the conventions and are identical with the paper-based certificates except for the electronic signature. It is not necessary to print and sign the electronic certificate.
2. Protected from edits, modifications or revisions other than those authorised by the issuer or the Administration:
- The solution chosen by Lloyd’s Register has inherent features securing the integrity, authenticity and the non-repudiation of the certificate, meaning that the certificate will stay intact and signed. If tampered with, a statement will clearly say that the certificate is no longer signed and valid (as shown in the supporting document).
3. A unique tracking number used for verification:
- A unique tracking number (UTN) will be generated per certificate. The tracking number is generated by the system and has no contextual logic (it cannot be deduced from the information in the certificate) and will be visible on the certificate (as shown in the supporting document).
4. A printable and visible symbol that confirms the source of the issuance.
- The Lloyd’s Register stamp is visible in the signature section of the certificate instead of a hand-written signature, as shown in the supporting document.
5. The administrators that use the website for online viewing of, or verifying electronic certificates should ensure that these sites are constructed and managed in accordance with established information security standards for access control, fraud prevention, resistance to cyberattacks and resilience to man-made and natural disasters:
Access control and fraud prevention is achieved by means of the unique tracking number printed on each certificate, allowing authentication and verification online.
Protection against cyberattacks is implemented by means of:
- Website protection: all website visits are automatically monitored blocking hacking attempts and preventing cross-site scripting
- Email spam and virus protection is provided in Office 365 Cloud
- Intrusion detection is installed in all Lloyd’s Register computers
- A managed security service: logs from firewalls, antivirus software, web server protection
,and other sources are reviewed, and incident anomalies reported to Lloyd’s Register’s Security Incident Manager
- Regular vulnerability scans of the operating system, software and configurations
- The secure connection between a client browser and the Lloyd’s Register web server is established by a https-connection.
Resilience to man-made and natural disasters is documented and followed
-up through Business Continuity Plans.
6. Shipowners, operators and crews on ships that carry and use electronic certificates should ensure that these certificates are controlled through the safety management system, as described in section 11 of the International Safety Management Code (please note that on ships not subject to the ISM Code, similar control processes are to be adopted):
- This is the responsibility of the owner/manager. Lloyd’s Register will ensure that shipowners/managers are provided with information explaining how to authenticate and check the validity of the certificates.
7. Electronic signatures applied to electronic certificates should meet authentication standards, as adopted by the Administration:
- The Lloyd’s Register solution supports authentication and validation of every certificate issued.
- Marine eCertificates issued by Lloyd's Register are cryptographically signed by Lloyd's Register Group Services Ltd to guarantee authenticity. This results in the "Blue Ribbon" you see at the top of a document when viewing in Acrobat Reader.
- At the time of writing Lloyd's Register obtain their digital signing keys from Digital Sign CA and you will see their name in the Blue Ribbon attesting to this.
- The digital signature is authenticated via third party authentication provided by Ascertia, the supplier of SigningHub.