Maritime Cyber Advisory

Maritime cyber compliance, priced like a product.

Fixed-fee advisory for UR E26 and UR E27 conformance. Delivered in weeks, not quarters, by specialists who've sat on the classification society side of the table.

For OEMs, shipyards, and investors who need regulatory clarity — not a consulting retainer.

Book a 30-minute discovery call Request pricing
Who this is for

Three audiences. One regulatory picture.

If you're an OEM. Your shipyard customers are asking when your products will be E27-ready. You need to know which compliance pathway fits — direct E27 § 4, IEC 61162-460 equivalence, or hybrid — before you commit engineering resources. You need a document package your class society will accept.

If you're a shipyard. You're integrating dozens of CBS from dozens of suppliers into new vessels contracted after 1 July 2024. Some suppliers are ready. Some aren't. You need a clear readiness picture across your bill of materials before hull numbers slip.

If you're an investor or acquirer. You're evaluating a maritime technology target. Cyber compliance exposure is rarely well-documented in a CIM. You need independent due diligence on whether the product portfolio will carry through E26/E27 transition — and what it'll cost if it won't.

Engagements

Three tiers. Fixed fees.

Pathway Assessment

Request a quote

For a single product, a single question answered conclusively.

You give us a product and its current documentation. We return a 20–30 page technical outline covering regulatory scope, applicable compliance pathways with trade-offs, the required document package mapped to specific UR clauses, a class society engagement plan, and a prioritised list of engineering actions.

Delivered in one to two weeks. Fixed fee.

What you get

  • Regulatory scope determination (E22, E26, E27 applicability with citation)
  • Compliance pathway analysis — Route A (sector-equivalent standards), Route B (direct E27), Route C (hybrid), with defensible recommendations
  • Document package outline — every document you need to produce, mapped to the UR clause that requires it
  • Class society interaction model — who to lead with, what to submit, in what sequence
  • Outstanding technical questions your engineering team needs to resolve
  • One 60-minute review call with the engagement lead
Fixed fee · 1–2 weeks

Example deliverable available on request.

Readiness Audit

Request a quote

For a product line. Gap analysis, roadmap, and class society strategy.

We assess three to eight products against the full UR E27 requirement set — all 41 security requirements across both tables — identify where your current architecture conforms, where it doesn't, and where compensating countermeasures can close the gap. Output is a prioritised engineering roadmap with indicative effort estimates and class society engagement sequencing.

The audit applies analytical frameworks the team has built up over years of regulatory and product work, cross-mapped against NIST CSF 2.0, IEC 62443-4-2, and the IACS UR family. Every finding traces back to a requirement clause and the evidence that satisfies it.

What you get

  • Product-by-product gap analysis against UR E27 § 4
  • Compensating countermeasure options where direct compliance is impractical
  • Cross-framework mapping (CSF 2.0, ISO 27002, IEC 62443 family as relevant)
  • Engineering effort estimates, ranked by priority and dependency
  • Class society strategy — lead society recommendation, documentation sequencing, expected assessment timeline
  • Type approval reuse strategy across your product line
  • Two structured workshops with your engineering and compliance leads
Scoped fixed fee · 2–4 weeks

Scope scales with product count and complexity. Priced transparently on a structured scope call.

Compliance Due Diligence

From US$20,000

For investors and acquirers evaluating a maritime technology target.

Independent assessment of a target company's exposure to UR E26/E27 and adjacent cyber obligations. Built for transaction timelines — we integrate with your legal and commercial DD workstreams and deliver a report suitable for investment committee review.

Coverage includes the target's existing certifications (class society type approvals, regulatory approvals, standards-body conformance), product-portfolio scope against the UR regime, identified gaps and remediation cost envelopes, supplier cyber posture in the target's upstream chain, and post-close compliance obligations.

What you get

  • Executive summary for investment committee (5–7 pages)
  • Technical annex with product-level findings
  • Remediation cost envelope with Low / Central / High scenarios
  • Red flag register — items that materially affect enterprise value
  • Upstream supplier cyber posture snapshot
  • Post-close compliance roadmap (first 100 days, first year)
  • Direct support during management presentations and Q&A
Transaction-timeline fee · from 2 weeks

Under NDA before any target-identifying information is shared. We do not accept instructions where we have a prior advisory relationship with the target.

How we work

Three principles.

Fixed fee, fixed scope, fixed timeline.

You know what you're paying and when you're getting it before we start. No hourly billing. No scope creep. No surprises on the invoice.

Independent of class societies.

We have working relationships across DNV, Lloyd's Register, Bureau Veritas, ClassNK, ABS, and RINA — but we don't represent any of them. That means you get a recommendation shaped by your commercial and technical reality, not by which society writes our checks.

Backed by two decades of practice, not whiteboard opinion.

Our work draws on 20 years across the IACS UR family, NIST CSF 2.0, IEC 62443, and ISO 27001/27002 — matured through classification society review and vendor-side product delivery. Every finding maps to an authoritative source clause. The analytical method behind it was refined inside the team over years, not invented at the whiteboard. No "in my experience" hand-waving.

Who you're working with

Who you're working with.

Integral's maritime cyber practice is led by Sam Singh, formerly a classification society professional at RINA (one of twelve IACS members) and commercially responsible for multi-million-dollar APAC operations at AST Networks and Forum Energy Technologies.

Twenty years in the APAC maritime market — offshore survey, subsea hardware and SaaS, classification, satellite connectivity. Working network across DNV, Lloyd's Register, Bureau Veritas, ClassNK, ABS, RINA, and the principal Asian classification societies.

The practice is based in Singapore and works globally. Engagement calendars are held in the client's preferred time zone.

Where Advisory sits

The Integral ecosystem.

Advisory is one of four pillars. The others reach the same compliance problem from different angles — a classifier, a platform, a registry.

Advisory

Fixed-fee maritime & energy security advisory. UR E26/E27 pathway, evidence, readiness.

You are here

Tobira (Toby)

AI gateway. Classifies your question and points to the right pathway — Advisory, Kaiban, Kizuna, or none.

Ask · Classify

Kaiban

Compliance platform. Tracks 41 UR E27 requirements through design, evidence, and audit.

41 / 41

Kizuna

Public registry of verified suppliers. Seal of conformance for buyers and class societies.

印可 · INKA
Frequently asked

Questions we hear often.

How do you price so precisely when every engagement is different?

Because we've standardised the analytical process. Years of repeated compliance work have given the team a consistent way to decompose regulatory questions into units we can estimate against. Pricing reflects the work, not a consultant's hourly rate. Genuinely complex engagements — multi-national portfolios, M&A under tight timelines — get scoped individually, but always to a fixed fee before commencement.

How are you different from a maritime law firm?

Law firms give regulatory opinions. We give engineering-grade compliance analysis. A regulatory opinion tells you whether a clause applies; we tell you what that means for your product architecture, your documentation, and your class society relationship — and what to do next week.

How are you different from class society advisory arms?

Class society advisory is excellent, but it comes with a natural bias toward that society's own notation and type approval programme. We're independent. We'll recommend DNV if DNV is right for you, or ClassNK, or ABS, or any other IACS member — based on the commercial and technical fit, not the advisor's affiliation.

Can you issue a compliance certificate?

No. Only a class society can issue a type approval or vessel-specific certificate. Our role is to prepare you for that process — to ensure your submission to the class society is correctly scoped, correctly documented, and correctly sequenced. We often work alongside class society engagement rather than in competition with it.

What happens after the engagement ends?

We hand over fully. All source data, all analysis, all mappings — yours. If you want ongoing compliance monitoring as your product line evolves, we offer a structured subscription under our Kaiban platform. But you are never required to continue working with us.

Do you sign NDAs?

Yes, mutually, before any product-identifying information is exchanged. Our template NDA is available on request, or we'll sign yours with minimal redlines.

Which jurisdictions do you work in?

Globally. The IACS UR regime applies to SOLAS vessels worldwide, which means our work is jurisdictionally neutral by design. Engagement contracts are governed by Singapore law unless otherwise negotiated.

What if my product turns out to be out of scope?

That's a valid outcome of a Pathway Assessment. If scope determination concludes your product is not subject to UR E26/E27 — for example, because it's covered by SOLAS Chapter IV exclusions — we document that conclusion with full regulatory citation and explain what obligations, if any, remain. You pay the fixed fee. You also walk away with evidence defensible to your shipyard customers when they ask.

Next step

Start with a conversation.

A discovery call takes thirty minutes. We'll listen to your compliance question, tell you honestly whether we're the right fit, and if we are, quote a fixed fee on the call. If we're not, we'll point you to someone who is.

Book a 30-minute discovery call