9 frameworks. 100+ sensors. One platform.
Maritime compliance now spans operational safety, cyber security, and classification rules simultaneously. NCoDE Command maps every sensor, every widget, and every module directly to the regulation that requires it - giving owners, operators, and inspectors a single source of auditable truth.
Most vessels manage compliance through disconnected spreadsheets, paper checklists, and manual processes. NCoDE replaces this with an integrated digital platform that generates auditable evidence automatically.
| Challenge | Without NCoDE | With NCoDE |
|---|---|---|
| Cyber compliance | Spreadsheets, paper checklists, no framework tracking | Multi-framework compliance tracker with control-level evidence |
| Vulnerability management | Manual PC audits, no centralised view | Automated Wazuh vulnerability scanning across all shipboard PCs |
| Access control evidence | Manual logs, shared passwords | LDAP authentication with role/group permissions and audit trail |
| Incident response | Paper-based plans, no workflow | Guided decision tree with auto-generated descriptions and multi-framework reporting (NRC, NIS2 Article 23, IMO SMS chain) with automated deadline tracking |
| Patch management | No visibility into patch status across shipboard systems | Full lifecycle tracking: open → scheduled → applied → verified with auto-created change requests and risk entries |
| Backup verification | Untested backup assumption — no verification until disaster | Schedule tracking, RPO/RTO targets, restore testing records, overdue alerts at 1.5× and 2× frequency thresholds |
| Training compliance | Spreadsheet with manual expiry checks | LDAP-integrated crew × certification matrix with 30/60/90-day warnings and per-role compliance percentage |
| Regulatory reporting | Manual forms, missed deadlines, no tracking | Dedicated panels for USCG NRC, NIS2 Article 23 (three-stage), and IMO SMS chain with automated deadline countdown |
| Vendor security | Email assessments, no tracking | Vendor database with remote access logging and DPA tracking |
| Document control | File shares, no version control | Document Vault with versioning, expiry alerts, access logs |
| Risk assessment | Static spreadsheet risk register | Dynamic 5×5 risk matrix with mitigation tracking |
| Change management | Informal approval process | Change Control Board: request → review → approve → implement |
| Sensor monitoring | Bridge instruments only, manual log-keeping | Near real-time telemetry from command workstation |
| Navigation compliance | Bridge gauges, no digital record | Digital instrument display with historical data |
| Tank monitoring | Manual sounding or local gauges | Real-time tank levels with visual gauges |
| Audit evidence | Paper logs, manual record keeping | Complete digital audit trail for USCG/flag state inspection |
NCoDE includes purpose-built compliance modules that map directly to USCG 33 CFR 101, IMO cyber risk guidance, and EU NIS2 requirements. Each module generates the evidence an inspector expects to see.
Multi-framework compliance tracking with controls mapping, incident response workflow, penetration test scheduling, and NRC reporting. Covers USCG, IMO, and NIS2 simultaneously.
5×5 likelihood-impact risk matrix with mitigation tracking, risk ownership, and review scheduling. Generates the formal risk assessment required by ISM Code and USCG cyber rules.
Controlled document storage with version history, expiry tracking, access logging, and role-based permissions. The ISM-compliant document management system your classification society expects.
Full change control board workflow: request, review, approve, implement, and rollback. Every modification to safety-critical systems is documented and authorised before execution.
Third-party vendor assessment with security scoring, remote access logging, Data Processing Agreement tracking, and access control. Supply chain security for every system that touches your vessel.
Wazuh-powered vulnerability scanning, patch compliance monitoring, and security alerting across every networked device aboard. Continuous monitoring that satisfies the "Detect" function.
Full state machine: open → scheduled → applied → verified. Deferred patches auto-create risk entries. Wazuh SCA integration for automated findings import across all monitored agents.
Schedule tracking with RPO/RTO targets per system. Verification records with mandatory restore testing. Overdue detection alerts before compliance gaps emerge.
Crew-by-certification grid with automatic 30/60/90-day expiry warnings. LDAP-integrated with role filtering and bulk assignment after drills. Per-role compliance percentage.
Per-agent software baseline management with global allowlist. Automated violation detection when unapproved software is found on any monitored endpoint.
When a cyber incident is created, NCoDE automatically calculates every regulatory deadline across all applicable frameworks. No manual date tracking. No spreadsheet reminders. The system tells you what is due and when.
National Response Center incident reporting with pre-populated vessel details, incident classification, and impact assessment.
Three-stage incident notification matching EU NIS2 Directive requirements with countdown timers for each stage.
Safety Management System reporting chain with visual progress tracking from vessel to flag state authority.
NCoDE doesn't just claim compliance - it maps every feature to the specific regulation section that requires it. Here's how each framework is addressed.
The US Coast Guard's maritime cyber security rule. 15 specific requirements mapped to NCoDE features, covering cybersecurity plans, risk assessment, access control, vulnerability management, incident response, and training.
| Requirement | Section | NCoDE Feature | Module |
|---|---|---|---|
| Cybersecurity plan | §101.640 | Plan sections with completion tracking | Cyber Compliance |
| CySO designation | §101.640 | Key personnel management | Cyber Compliance |
| Cyber risk assessment | §101.645 | 5×5 risk matrix with mitigation | Risk Register |
| Access control | §101.650 | LDAP authentication, RBAC, certifications | LDAP Admin |
| Logging & monitoring | §101.650 | Audit logs, Wazuh integration | Audit Logs PC Security |
| Supply chain security | §101.650 | Vendor assessment, remote access logs | Vendor Tracker |
| Vulnerability management | §101.650 | Wazuh scanning, patch compliance | PC Security |
| Incident response | §101.655 | Workflow with severity & NRC reporting | Cyber Compliance |
| Change management | §101.650 | Approval workflow with rollback | Change Mgmt |
| Training & drills | §101.665 | Drill records with compliance scoring | Cyber Compliance |
The IMO's five-function framework for maritime cyber risk management: Identify, Protect, Detect, Respond, and Recover.
| Function | NCoDE Feature | Module |
|---|---|---|
| Identify | Systems inventory with network topology | Cyber Compliance |
| Protect | LDAP access control, certification tracking | LDAP Admin |
| Detect | Wazuh monitoring, vulnerability scanning | PC Security |
| Respond | Incident workflow with NRC reporting | Cyber Compliance |
| Recover | Post-incident recovery and lessons learned | Cyber Compliance |
The EU's network and information security directive. Maritime is classified as an essential entity. 9 article requirements mapped.
| Requirement | Article | NCoDE Feature | Module |
|---|---|---|---|
| Risk management | Art. 21 | Risk Register, technical controls | Risk Register |
| Incident handling | Art. 21(2)(b) | Incident response workflow | Cyber Compliance |
| Supply chain security | Art. 21(2)(d) | Vendor assessment, DPA tracking | Vendor Tracker |
| Vulnerability disclosure | Art. 21(2)(e) | Wazuh vulnerability scanning | PC Security |
| Access control | Art. 21(2)(i) | RBAC with group permissions | LDAP Admin |
| Incident reporting | Art. 23 | 24h/72h reporting timeline | Cyber Compliance |
The foundational maritime safety convention. NCoDE monitors 12 specific SOLAS regulations through its sensor telemetry, navigation, video, network, and power systems.
| Regulation | Requirement | NCoDE Feature | Widget |
|---|---|---|---|
| Ch. II-1, Reg. 25-26 | Electrical power for safety | Battery voltage monitoring | Battery Monitor |
| Ch. II-2, Reg. 7 | Fire detection — visual monitoring of machinery spaces & cargo holds | CCTV with recording for early fire/smoke detection | Video |
| Ch. IV, Reg. 6-7 | Radiocommunications equipment availability (GMDSS) | Network & equipment health monitoring | Network |
| Ch. V, Reg. 19 | Navigation equipment | GPS, SOG, heading, depth, ROT | Data Grid Map View |
| Ch. V, Reg. 19.2.1 | Magnetic compass | Compass heading gauge | Data Grid |
| Ch. V, Reg. 19.2.3 | Echo sounder | Water depth | Data Grid |
| Ch. V, Reg. 19.2.7 | Radar | Radar display with AIS | Radar |
| Ch. V, Reg. 19.2.9 | Rate of turn indicator | ROT in degrees/second | Data Grid |
| Ch. V, Reg. 19.2.12 | Electronic inclinometer (mandatory for containerships & bulk carriers from Jan 2026) | Heel, pitch & roll angle monitoring | Data Grid |
| Ch. V, Reg. 20 | Voyage data recording | Continuous telemetry archive with audit trail | Data Grid Audit Logs |
| Ch. V, Reg. 34 | Voyage planning | Wind, pressure, temp, fuel | Data Grid Tanks |
| Ch. XI-2 / ISPS Code | Ship security — surveillance of restricted areas, deck & access points | CCTV & IP camera integration with recording | Video |
8 ISM Code sections addressed through risk assessment, maintenance monitoring, documentation, certification tracking, and audit logs.
| Section | Requirement | NCoDE Feature | Module |
|---|---|---|---|
| 1.2.2 | Risk assessment | 5×5 matrix with mitigation | Risk Register |
| 6 | Resources & personnel | Certification tracking | LDAP Admin |
| 7 | Shipboard operations | Pre-departure checklists | Checklist |
| 10.1 | Maintenance | Engine condition monitoring | Data Grid |
| 10.3 | Critical equipment | Battery, network monitoring | Battery Network |
| 11 | Documentation | Controlled versioning & expiry | Document Vault |
| 12 | Verification & audit | Complete event trail | Audit Logs |
Tank monitoring and engine condition data to support oil pollution prevention, sewage management, and air emission compliance.
| Annex | Requirement | NCoDE Feature | Widget |
|---|---|---|---|
| Annex I | Oil pollution prevention | Oil pressure & temperature | Data Grid |
| Annex IV, Reg. 11 | Sewage holding | Black water tank level | Tanks |
| Annex IV | Grey water management | Grey water tank level | Tanks |
| Annex VI | Air pollution / engine efficiency | Exhaust temp, RPM monitoring | Data Grid |
Proper lookout, safe speed assessment, collision risk evaluation, and avoidance action - all supported by sensor, AIS, radar, and video data.
| Rule | Requirement | NCoDE Feature | Widgets |
|---|---|---|---|
| Rule 5 | Proper lookout | Instruments, video, radar | Data Grid Video Radar |
| Rule 6 | Safe speed | SOG, depth, weather data | Data Grid |
| Rule 7 | Risk of collision | AIS tracking, GPS, heading, radar | Map View Radar |
| Rule 8 | Avoidance action | ROT, heading, speed display | Data Grid |
Crew welfare monitoring (temperature, humidity), structural health (heel, pitch, G-force), engine condition, personnel certification, and vendor management.
| Framework | Requirement | NCoDE Feature | Module |
|---|---|---|---|
| MLC Reg. 3.1 | Accommodation conditions | Air temp, humidity | Data Grid |
| MLC Reg. 4.3 | Hazard identification | G-force, weather data | Data Grid |
| Classification | Engine condition | RPM, oil, coolant, exhaust | Data Grid |
| Classification | Stability monitoring | Heel, pitch, G-force | Data Grid |
| Classification | Personnel certification | Cert tracking, expiry alerts | LDAP Admin |
| Classification | Vendor management | Security assessment, access logs | Vendor Tracker |
NCoDE's dashboard widgets aren't just convenient - each one maps directly to a regulatory requirement. Here's why every widget exists.
Real-time sensor telemetry - navigation, engine, environmental, and tank data from NMEA 2000. Continuous monitoring replaces manual log-keeping.
CCTV and camera monitoring for bridge visibility and security surveillance. Proper lookout extends to electronic means.
AIS vessel tracking, chart display, and position plotting. Electronic chart display with AIS overlay for collision risk assessment.
Canvas-rendered radar with AIS contacts. Primary tool for collision risk assessment, especially in restricted visibility.
Battery bank voltage, state of charge, and health status. Emergency power availability is a SOLAS requirement.
Fuel, fresh water, grey water, and black water levels with visual gauges. Sewage discharge monitoring is mandatory.
3D vessel model with AIS overlay and bridge communications. Comprehensive situational awareness combining vessel geometry with live traffic.
Pre-departure and operational checklists with crew certification tracking. Documented operational procedures required by ISM Code.
User access control with roles, permissions, groups, and certification tracking. Access control to safety-critical systems is an ISM and ISPS requirement.
Every sensor monitored by NCoDE exists because a regulation requires it. From GPS position to exhaust temperature, each data point serves a compliance purpose.
NCoDE connects to the vessel's existing systems and aggregates their data into a single auditable platform. No rip-and-replace - it works with what you have.
Navigation, engine, environmental, and tank sensor telemetry for operational safety compliance
Crew identity, roles, permissions, and certification tracking for access control compliance
Vulnerability scanning, security alerts, and agent monitoring for cyber security compliance
Video surveillance streams for lookout requirements and ISPS security monitoring
Persistent compliance records, audit logs, and configurations for inspection readiness
NCoDE serves every role in the maritime compliance chain - from the master on the bridge to the DPA in the shore office.
Single platform for operational safety, cyber compliance, and crew management
Complete cyber risk management with vulnerability scanning and incident response
ISM compliance evidence, audit logs, and document control from one system
Audit-ready evidence for every regulatory framework in a structured, exportable format
Compliance management does not require physical presence on the vessel. NCoDE allows the DPA and shore-based compliance team to submit regulatory reports, approve patches and changes, review vendor access logs, manage crew training certificates, and prepare for audits — all from the shore office. The crew focuses on safe vessel operations while compliance is managed remotely.
NCoDE Command maps every sensor, every widget, and every module to the regulation that requires it. One platform. Nine frameworks. Complete compliance evidence.