Regulatory Compliance

MEPC.312(74): Electronic Record Book Guidelines

ShipORB implements every requirement of the 2020 IMO Guidelines for use of electronic record books:

• Tamper-evidence (Section 3): Append-only database with SQL triggers, SHA-256 hash chains, and ECDSA digital signatures
• Role-based access control (Section 4): Unique credentials per officer, TOTP second-factor, enforced workflow hierarchy
• Data retention (Section 5): 3+ year retention with SQLite per-voyage archives and PostgreSQL partitioned tables
• Audit trail: Every action logged with timestamp, user identity, and IP address
• Amendment traceability (Section 6): Original values preserved, corrections require reason and re-verification

FIPS 140-3 Cryptography

Go 1.24’s crypto/ecdsa module holds CAVP certificate A6650 for FIPS 140-3 validated cryptographic operations. All digital signatures use ECDSA P-256, and certificates follow X.509 per ISO/IEC 9594-8.

IACS UR E26/E27: Cyber Resilience

Mandatory since July 2024 for new builds, these unified requirements address onboard cybersecurity:

• E26 (System): Wazuh SIEM, file integrity monitoring, vulnerability scanning, incident response
• E27 (Equipment): Secure boot validation, encrypted storage, authenticated firmware updates

DNV Type Approval

ShipORB’s architecture is designed for DNV Programme certification. Documentation preparation begins in Phase 5, covering system design, risk assessment, and compliance evidence.

IEC 60945: Marine Navigation Equipment

All recommended ship-side hardware (Getac F110, Panasonic FZ-G2) meets IEC 60945 for environmental testing including vibration, temperature, humidity, and EMC requirements.