Ports and port systems: cyber security code of practice

Port cyber security code of practice for operators and staff members.


Cyber security for ports and port systems code of practice

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email Please tell us what format you need. It will help us if you say what assistive technology you use.


Code of practice, commissioned by the Department for Transport, for use by those with responsibility for protecting port facilities and vessels docked into ports.

The code provides actionable advice on areas of:

  • developing a cyber security assessment and plan for important assets, processes and potential vulnerabilities
  • devising the most appropriate mitigation measures
  • having the correct governance structures, roles, responsibilities and processes
  • handling security breaches and incidents
  • highlighting national and international standards used and the relationship to existing regulation

The code is to be used as an integral part of an organisation’s overall risk management system and subsequent business planning.

This guidance is used with the ‘Code of practice: cyber security for ships’.

In conjunction with the Department for Transport, the guidance was produced by the Institution of Engineering and Technology (IET) who provide expert advice on information security and transport technology.

Published 16 August 2016