The purpose of this Cyber Security Statement is to provide our clients, partners, suppliers
and vendors, with information about our security practices and the way we manage
information, data and cargo according to industry best practices and what can be expected.
The Spliethoff Group is one of the largest shipping companies in the Netherlands. With over
a century of maritime expertise, the Amsterdam-headquartered Group operates a large and
modern fleet of more than 100 vessels ranging in size from 2,100 to 23,000 tons.
The Group has a broad portfolio of specialized services in the sectors dry cargo, breakbulk &
project cargoes – Spliethoff –, project & heavy lifts – BigLift Shipping –, container & Ro-Ro
cargo and door-to-door services – Transfennica & Transfennica Logistics –, shortsea –
Wijnne Barends –, yacht transport – Sevenstar Yacht Transport – and RoRo- tonnage
Safety and security are important to Spliethoff to protect its fleet, the cargo and the
customer information that is managed by Spliethoff Group. Therefore, Spliethoff Group has
chosen to use ISO 27000 as a guiding standard on how information security is managed.
Furthermore, we follow and apply controls from the NIST Cybersecurity Framework, IMO
regulations and industry guidelines, where applicable.
Information Security Policy
Spliethoff Group’s security policies and procedures define how the different areas of
information security are managed within the company and its subsidiaries.
The security policy is periodically reviewed, audited and updated where necessary. The
policies and procedures cover a wide array of security topics, ranging from general
standards – which all employees must read, understand and comply with, such as account,
equipment, data and physical security – to more specialized security and maritime
standards covering the internal systems and applications as well as maritime operational
systems used on the vessels in the fleet.
Information security roles and responsibilities are documented and defined so that our
personnel and crew know their responsibilities. An appointed Cyber Security Group that
manages information security, auditing and compliance and also defines the security
controls for the protection of the Spliethoff Group infrastructure on land and sea. The Cyber
Security Group is responsible for the managing of information security notifications from
external parties, customers, vendors and suppliers, and distributes security alerts and
advisory information to the organization on a regular basis after having assessed risk and
impact as appropriate.