IMO: Guidelines for the Use of Electronic Record Books under the BWM Convention, and draft amendments to A-1 and B-2

The International Maritime Organization published annexes 6 and 7 to the Resolution MEPC.372(80).

Annex 6 are Guidelines for the Use of Electronic Record Books under the BWM Convention, while Annex 7 is draft amendments to regulations A-1 and B-2 of the BWM Convention.

Resolution MEPC.372(80) was adopted on 7 July 2023 and is in force from the same date. These annexes were published on 7 July 2023, as well.

Annex 6: Foreword

The Marine Environment Protection Committee, recalling Article 38(a) of the Convention on the International Maritime Organization concerning the functions of the Marine Environment Protection Committee conferred upon it by international conventions for the prevention and control of marine pollution from ships,

Recalling also that the International Conference on Ballast Water Management for Ships held in February 2004 adopted the International Convention for the Control and Management of Ships' Ballast Water and Sediments, 2004 (the BWM Convention) together with four Conference resolutions,

Noting that regulation B-2 of the BWM Convention enables the use of electronic record books,

Recognizing the need to develop guidance for the use of electronic record books under the BWM Convention,

Having considered, at its eightieth session, draft Guidelines for the use of electronic record books under the BWM Convention,

Adopts the Guidelines for the use of electronic record books under the BWM Convention, the text of which is set out in the annex to this resolution;

Invites Governments to apply the Guidelines as soon as possible;

Agrees to keep the Guidelines under review in light of experience gained.

Annex: Guidelines for the Use of Electronic Record Books under the BWM Convention

1 INTRODUCTION

1.1 A key element of the International Convention for the Control and Management of Ships' Ballast Water and Sediments, 2004 (BWM Convention) regulations is the recording of ballast water operations from ships.

1.2 The format for the recording of ballast water operations under the BWM Convention is provided in appendix II to the BWM Convention.

1.3 As companies and shipowners increasingly focus on ways to operate in an environmentally responsible manner and aim to reduce the heavy burden associated with paperwork through electronic means, the concept of operational logs in an electronic format has become a popular consideration. It is considered that this approach to recording and reporting should be encouraged as it may have many benefits for the retention of records by companies, crew, and officers.

1.4 It is expected that, as companies and shipowners increasingly explore electronic record-keeping, flag State Administrations will be requested to approve electronic recording systems (henceforth referred to as an electronic record book). This guidance aims to provide standardized information on approving an electronic record book to ensure the obligations of the BWM Convention are met and that there is a consistent approach to approving such systems.

2 APPLICATION

2.1 These Guidelines are only applicable to the use of electronic record books on board to meet the requirements of the Ballast Water Record Books and recording requirements under the BWM Convention.

2.2 The use of an electronic record book to record operational logs is an alternative method to a hard copy record book. The electronic record book may allow ships to utilize their technology to reduce administrative burdens and contribute to on-board environmental initiatives, e.g. reduction of paper use.

2.3 These Guidelines do not provide information on the management of electronic access to, or electronic versions of, certificates and other documents that do not log continuous operations of a ship.

2.4 These Guidelines do not address the exchange of information from a ship to a company headquarters or other body, as this exchange is not a requirement of record books under the BWM Convention.

2.5 If a shipowner decides to use an electronic record book to record operational logs, instead of a hard copy record book, the following guidance should be taken into consideration by the Administration when approving the electronic record book for use.

3 DEFINITIONS

For the purposes of these Guidelines, the following definitions apply to the extent consistent with the BWM Convention:

1. Administration: means the Government of the State under whose authority the ship is operating. With respect to a ship entitled to fly a flag of any State, the Administration is the Government of that State. With respect to fixed or floating platforms engaged in exploration and exploitation of the seabed and subsoil thereof adjacent to the coast over which the coastal State exercises sovereign rights for the purposes of exploration and exploitation of their natural resources, the Administration is the Government of the coastal State concerned.

2. Audit logging: means logs recording user activities, exceptions and information security events, where logs are kept for an agreed period to assist in future investigations and access control monitoring (ISO/IEC 27001:2006). The time and date for the log should be in Coordinated Universal Time (UTC) and the Ship Mean Time.

3. Backup: means to make a duplicate copy of a file, program, etc., as a safeguard against loss or corruption of the original. The specific properties of the backup such as its format, frequency, storage location, retention period, are unique to each business organization and should be defined in accordance with a business continuity plan.

4. Business continuity plan: means a collection of procedures and information that is developed, compiled and maintained in readiness for use in the event of an emergency or disaster.

5. Company: means the owner of the ship or any other organization or person such as the manager or the bareboat charterer, who has assumed the responsibility for the operation of the ship from the shipowner and who on assuming such responsibility has agreed to take over all the duties and responsibility imposed.

6. Credentials: means data that is transferred to establish the claimed identity of an entity (ISO 7498-2). Examples of credentials include a unique code/password, electronic key, digital certificate, hardware key, biometric data (e.g. fingerprint).

7. Cryptography: means the discipline which embodies principles, means and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorized use (ISO 7498-2).

8. Data: means a re-interpretable representation of information in a formalized manner suitable for communication, interpretation or processing (ISO/IEC 2382-1).

9. Digital certificate: means a cryptographic transformation (see "cryptography") of a data unit in an asymmetric (public key) cryptosystem, using a digital signature to unite an identity with a public key.

10. Digital signature: means data appended to, or a cryptographic transformation (see "cryptography") of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient (ISO 7498-2).

11. Document: means books, manuals, plans, instructions and similar media that are not certificates and are used to convey a ship's information.

12. Electronic record book: means a device or system used to electronically record the entries for discharges, transfers and other operations as required under the BWM Convention.

13. Functional unit: means an entity of hardware, software, or both, capable of accomplishing a specified purpose (ISO/IEC 2382-1:1993 Information technology – Vocabulary - Part 1: Fundamental terms, definition 10.01.40).

14. Graphic character: means a character, other than a control character, that has a visual representation and is normally produced by writing, printing or displaying (ISO 2382-4).

15. IEC 60092 (series): means standards published by the International Electrotechnical Commission (IEC) on Electrical Installations on Ships.

16. IEC 60533: means standard published by the International Electrotechnical Commission (IEC) on Electrical and Electronic Installations on Ships – Electromagnetic Compatibility.

17. Offline: means usage #1. Pertaining to the operation of a functional unit when not under the direct control of the system with which it is associated. Offline units are not available for immediate use on demand by the system. Offline units may be independently operated. Usage #2. Pertaining to equipment that is disconnected from a system, is not in operation, and usually has its main power source disconnected or turned off.

18. Portable Document Format (PDF): means a digital form for representing documents that enables users to exchange and view electronic documents easily and reliably, independent of the environment in which they were created and the environment in which they are viewed or printed (ISO 32000).

19. Port: means any port, terminal, offshore terminal, ship and repair yard or roadstead which is normally used for the loading, unloading, repair and anchoring of ships, or any other place at which a ship can call.

20. Key: means a sequence of symbols that controls the operation of encipherment and decipherment (see "cryptography").

21. Private key: means (in a public key cryptosystem) that key of a user's key pair which is known only by that user (ISO/IEC 9594-8).

22. Public key: means (in a public key cryptosystem) that key of a user's key pair which is publicly known (ISO/IEC 9594-8).

23. Role-based access control (RBAC): means a control mechanism that provides different access levels to guarantee that individuals and devices can only gain access to and perform operations on network elements, stored information, and information flows for which they are authorized (ISO/IEC 27033-2:2012).

24. Shipowner: means one who owns or operates a ship, whether a person, a corporation or other legal entity, and any person acting on behalf of the owner or operator.

25. Signature: means the handwritten means of identifying the signer of a document or an electronic equivalent which is uniquely and securely linked to an individual.

26. Standardized: means the prescription of an authoritative rule, principle, means of judgement or estimation, criterion, measure of correctness, measure of perfection or some definite degree of any quality that determines what is adequate for a purpose.

27. Storage (device): means a functional unit into which data can be placed, in which they can be retained, and from which they can be retrieved (ISO/IEC 2382-1:1993 Information technology – Vocabulary – Part 1: Fundamental terms).

4 SYSTEM SPECIFICATIONS

4.1 Ability of the electronic record book to meet regulations under the BWM Convention

4.1.1 The use and output presentation of any electronic record book approved by an Administration should satisfy the requirements of all relevant regulations under the BWM Convention.

4.1.2 As the BWM Convention specifies the recording of a range of information for specific circumstances, an approved system should only allow a complete entry to be saved for verification by the master. For example, when ballast water is discharged into the sea, the entry should not be able to be saved without the entry of the latitude and longitude of the discharge. It is suggested that, where possible, technology which can automatically input required data be installed to ensure accuracy. In the case of equipment failure, manual input should be allowed and the change of the source of data recorded. The automatic data value inputs should be protected by measures aimed at preventing attempts at manipulation or falsification. The system should automatically record any attempts to manipulate or falsify any data.

4.1.3 To assist with consistent recording of data such as dates and positions, the system should be developed to display entry fields and request data formats that are as consistent as possible with other electronic reporting required by IMO and other shipboard systems. Electronic record books should be presented in the form as specified in the BWM Convention in order to assist the smooth transition from hard copy record books to electronic ones.

4.1.4 In order to comply with the BWM Convention's requirements, an electronic record book should have the capability to retain all records made for the minimum period as specified in the BWM Convention. The capability to produce a hard copy of verified records for the master to certify as a true copy, upon request from relevant authorities, should also be provided.

4.2 Updates to the electronic record book

As the BWM Convention continues to evolve, it is essential that all approved electronic record books are reviewed and appropriately updated to ensure relevant BWM Convention amendments are incorporated in the electronic record book. Any updates should not cause loss of existing records, nor make them unreadable, and the system should continue to present all records in the form specified by the BWM Convention. Updates to the system should be completed prior to the entry into force of the relevant BWM Convention amendments.

4.3 Security and accountability of the electronic record book

4.3.1 To ensure the security of an electronic record book, it is critical that the system implements role-based access control. At a minimum, all access to the application should use a unique personal login identifier and password for each user. This level of security ensures that the user making entries into the application is accountable for any false entries or omissions.

4.3.2 The BWM Convention requires the signature of the relevant officer entering a record. As such, the electronic record book should implement audit logging. Audit logging should record a user code, identifying symbol, such as a graphic character, or an equivalent identifier against each entry to uniquely identify the user and whether the user provided, accessed or amended an entry.

4.3.3 Electronic signatures applied to an electronic record book should meet authentication standards, as adopted by the Administration.

4.3.4 Records and entries should be protected by measures aimed at preventing and detecting attempts at unauthorized deletion, destruction or amendment. After an entry is saved by the user, the system should secure the information against unauthorized or untraceable changes. Any change(s) to the entry by the same user or a different user should be automatically recorded and made visible both in the system and in any output presentation or printed versions of the electronic record book. The entry should appear in the list of entries in a format that makes it clear that the entry has been amended. To create transparency of changes to saved or verified entries, it is essential that the system is designed to retain both the original entry and the amendment(s).

4.3.5 If an entry requires amendment, it is recommended that the reason and user identifier, for the officer making the amendment, be recorded for verification by the master. The original entries and all amendments should be retained and visible.

4.3.6 The BWM Convention also requires that information in the record book be verified (e.g. regulation B-2.5 of the BWM Convention requires that each page of the Ballast Water Record Book be signed by the master of the ship). For verification of a single or series of saved entries by the master, the electronic record book should have an additional authentication factor to allow verification. This additional authentication factor should be in the form of additional credentials supplied by the master at the time of verification.

4.3.7 The electronic record book should also be able to log and identify the entries made, amended or verified by time. This will assist in identifying those situations where actions requiring an entry are undertaken over days or weeks and all entered at one time, where such an approach to making entries is consistent with the BWM Convention (e.g. regulation B-2.5 requires that each operation concerning ballast water shall be fully recorded without delay in the Ballast Water Record Book).

4.3.8 To provide for different stages of the data entry and approval process, the electronic record book should provide a status field for each entry that clearly determines the verification stage of the entry. For example, when an entry has been saved in the system by the user, the entry should reflect a term such as "pending" or "awaiting verification". Once the master has verified an entry, a term such as "verified" should be automatically reflected.

4.3.9 If an entry is amended after the master has verified it, the electronic record book should automatically return the entry to "pending" or "re-verification" notifying the master that the entry requires re-verification.

4.3.10 To ensure that entries are verified in a timely manner, the system should provide a reminder that verification by the master is required. Verifications should occur weekly or prior to arrival in-port (as appropriate). Entries not verified should be accompanied by comments advising of the reason for non-verification.

4.3.11 If a recorded entry correlates with a receipt for services (such as a receipt received when ballast water is discharged to a reception facility), or the endorsement provided during regulatory surveys or inspections (such as endorsement of the Cargo Record Book), the electronic record book should allow this receipt or endorsement to be identified or attached to the relevant entry in the system. This receipt can be referenced in the system with a hard copy receipt or endorsement made available upon request. Alternatively, the receipt or endorsement can be attached to the entry in any form deemed acceptable by the Administration (such as a scanned copy of the original in PDF), and the original retained.

4.4 Storage of data recorded in the electronic record book

4.4.1 To create the same level of confidence as a hard copy record book, any electronic record book should form part of the Information Technology Business Continuity Plan. This includes having an appropriate method for backing up data and data recovery if the system were to fail or not be available from the ships' network. Consideration should also be given to alternate power supplies to ensure consistent access to the system. Both data recovery and power sources are essential to allow ongoing entries to be made and facilitate port State control (PSC) inspections.

4.4.2 The electronic record book should have the capability to allow automatic backup of data in the system to offline storage. Backups should ensure the offline record is updated automatically every time changes are made to entries to ensure the backing up process is not forgotten by the user.

4.4.3 The recorded data stored in the offline space should be:

• .1 developed using cryptography so that unauthorized access to the information is not possible, and so that once the data has been saved it is in a read-only format with no amendments able to be made to the record (unless done so through the application or by a user with the appropriate level of authorization);
• .2 in a format that can be transferred from the point of record to another storage location. Examples include a local (removable) storage peripheral device, local and remote network storage;
• .3 maintained in a format that ensures the longevity and integrity of the record; and
• .4 in a format that allows output presentation and printing of the record.

4.4.4 This offline record may be provided in any format deemed appropriate by the Administration and should be digitally signed by the master. The properties of the digital signature need to appear on the offline record, including the title; full name of the signer; and date and time of signing. It is recommended that the document be presented in PDF; however, an alternative format may be used. Alternative formats should allow the exchange and view of electronic documents independent of the environment in which they were created and the environment in which they are viewed or printed, in a simple way and with fidelity.

4.4.5 An electronic record book and infrastructure related to the system, including computers and peripherals, should be installed in compliance with IEC 60092 and IEC 60533, where applicable.

5 DECLARATION

5.1 Any electronic system deemed to meet the above criteria should be provided with written confirmation by the Administration and carried on board the ship for the purpose of regulatory surveys or inspections. An example of a declaration can be seen in the appendix.

5.2 Delegating the assessment of the electronic record book against these Guidelines and the issuing of a declaration on behalf of the Administration by recognized organizations (ROs) is at the discretion of the Administration.

6 BWM CONVENTION INSPECTION AND ENFORCEMENT

6.1 Inspection

6.1.1 An electronic record book should have the ability to meet the company verification/audit requirements (such as integration with the ship's safety management system (International Safety Management Code)). The record book should also have the ability to meet all flag State and survey requirements. In addition, an electronic record book should meet all control provisions as set out in the BWM Convention. Such a system should also meet any general requirements set out in the Procedures for port State control, 2021 (resolution A.1155(32))), as amended, as well as support the detection of violations and enforcement of the Convention as outlined in article 10 of the BWM Convention.

6.1.2 The use of and reliance upon electronic record books in no way relieves shipowners of their existing duty to accurately maintain and produce records during an inspection, as required by the BWM Convention. It is recommended that, if a ship cannot produce the electronic record book or a declaration provided by the Administration during the PSC inspection, the PSC officer should request to view an alternative verified copy of the records or a hard copy record book for verification.

6.2 Equipment requirements during an inspection

As the electronic record book will be presented using the ships' onboard equipment, it should not be necessary for officers to carry additional equipment (e.g. electronic devices to view the records) during inspections. Officers may choose to carry additional equipment on board to aid in the verification process if the ships' onboard equipment is unavailable.

6.3 Prosecution

To accommodate current procedures when investigating illegal discharges under the BWM Convention, the electronic record book should allow for the specific entry, relevant page, pages or the entirety of the electronic record book to be printed at the time of an investigation and each printed page physically signed by the master to certify it as a "true copy". All printed pages should provide the following details in addition to those required under the BWM Convention for record books:

• .1 the title and full name of the person that entered the record (in addition to the person's unique username and/or ID in the electronic record book);
• .2 any changes that were made to the entries;
• .3 the date and time of printing;
• .4 the name and version number of the electronic record book from which the true copy was produced; and
• .5 page numbering and number of pages to ensure the report is complete.

Annex 7: Draft amendments to regulations A-1 and B-2 of the BWM Convention

1 In regulation A-1, a new paragraph 9 in inserted after paragraph 8, as follows:

"9 Electronic record book means a device or system, approved by the Administration, used to electronically record the entries for each ballast water operation as required under this Convention in lieu of a hard copy record book."

2 Regulation B-2.1 is amended as follows:

"1 Each ship shall have on board a Ballast Water Record Book, which may be an electronic record system book, or which may be integrated into another record book or system, and which shall at least contain the information specified in Appendix II. Electronic record books shall be approved by the Administration taking into account the guidelines to be developed by the Organization*."

*Refer to the Guidelines for the use of electronic record books under the BWM Convention (resolution MEPC.372(80), as may be amended).

3 Regulation B-2.5 is amended as follows:

"5 Each operation concerning ballast water shall be fully recorded without delay in the Ballast Water Record Book. Each entry shall be signed by the officer in charge of the operation concerned and each completed page shall be signed by the master or in the case of a group of electronic entries shall be verified by the master in a timely manner. The entries in the Ballast Water Record Book shall be in a working language of the ship. If that language is not English, French or Spanish the entries shall contain a translation into one of those languages. When entries in an official national language of the State whose flag the ship is entitled to fly are also used, these shall prevail in case of a dispute or discrepancy."

For more information, please see the document below (available only to subscribers):

Guidelines for the Use of Electronic Record Books under the BWM Convention