BASS Software Earns ISO 27001:2022 Certification for Maritime Cloud

BASS Software has received ISO/IEC 27001:2022 certification following an external audit of its information security management system by TÜV Nord Cert GmbH, a milestone the company says strengthens how it protects data across its cloud platforms.

ISO/IEC 27001:2022 certification and what it signals

BASS Software said the certification covers how it establishes, implements, and continually improves information security controls supporting its cloud software platforms, including its BASSnet SaaS and BASSnet Neo offerings. The ISO/IEC 27001:2022 standard is centered on information security management systems (ISMS), including processes for identifying risks, applying controls, and maintaining oversight.

“Information security is the backbone of resilient SaaS solutions for the maritime industry,” said Per Steinar Upsaker, CEO and managing director of BASS Software, linking the certification to the company’s focus on cybersecurity and operational performance.

Governance, access management, and ongoing oversight

The company said the certification confirms it has defined controls in place for data privacy, access management, and security oversight, positioning the audited framework as directly relevant to maritime organizations using its cloud products. In describing what ISO/IEC 27001 typically reflects, BASS Software pointed to a structured approach to managing security policies, roles and responsibilities, risk treatment, and continual improvement.

BASS Software did not publish the full audit scope in the available information, but said the certification validates its approach to managing risk and protecting sensitive data within its platforms.

Security measures highlighted for BASSnet SaaS

As part of its certification announcement, BASS Software also pointed to specific layered protection measures used to secure BASSnet SaaS, describing them as supporting resilience as threats evolve over time.

• Multi-factor authentication (MFA), which the company said is part of its access protections for cloud environments.
• Security information and event management (SIEM), referenced as part of monitoring and security operations capabilities.
• Web application firewalls (WAF), cited among the layered defenses intended to protect web-facing services.

BASS Software also described these measures as supporting 24/7 operational resilience amid a growing threat landscape.

Customer assurance focus

Wong Nyuk Lan, vice president of service and support at BASS Software, said the certification is intended to provide customers with added confidence in how data is handled within the company’s cloud environment. “Our customers can be confident that their data is protected within a certified and continuously monitored cloud environment,” Wong said.

Wong added that the certification reflects a proactive approach to managing information security risks in BASS Software’s role as a SaaS provider.

ECOS LNG selects BASSnet Neo 3.1 for FSRU operations

Separately, ECOS LNG has partnered with BASS Software to deploy BASSnet Neo 3.1 for its Floating Storage Regasification Unit (FSRU) operations after what the companies described as an extensive evaluation process. BASS Software said the deployment will replace ECOS LNG’s legacy maintenance software and integrate modules spanning maintenance, procurement, health, safety, environment, and quality (HSEQ), dry-docking, and operational analytics.

Matteo Conci, base manager and designated person ashore at ECOS LNG, said the selection aligns with the company’s wider modernization efforts. “BASSnet Neo is the right choice to align with our broader digitalization strategy and digital management tools harmonization. We are confident in its technical robustness, scalability, and ability to support operational excellence,” Conci said.

Implementation work and operational focus

BASS Software said the ECOS LNG project has moved into an implementation phase that includes data migration, employee training, and change management. Upsaker described FSRUs as among the most complex and heavily regulated vessel types in the maritime industry, and said the collaboration is aimed at strengthening operational control and compliance through digital tools. “This partnership marks a significant milestone in advancing operational control and compliance through innovative digital solutions,” Upsaker said.

BASS Software said ECOS LNG will use the platform’s functionality to streamline processes and enhance operational oversight as the rollout continues.

Frequently Asked Questions (FAQs)

What is ISO/IEC 27001:2022?

ISO/IEC 27001:2022 is an international standard for information security management systems, covering how organizations manage security risks through defined policies, controls, and continual improvement.

Who conducted the audit for BASS Software’s certification?

BASS Software said the external audit was carried out by TÜV Nord Cert GmbH.

What security controls did BASS Software specifically mention for BASSnet SaaS?

The company referenced multi-factor authentication (MFA), security information and event management (SIEM), and web application firewalls (WAF) as part of its layered security controls, and it also emphasized continuous monitoring.

How will BASSnet Neo benefit ECOS LNG’s operations?

BASS Software said BASSnet Neo 3.1 will replace ECOS LNG’s legacy maintenance software and provide modules covering maintenance, procurement, HSEQ, dry-docking, and operational analytics, as part of ECOS LNG’s broader digitalization initiative.

What features are included in BASSnet Neo’s 3.1 version?

Based on the information provided by BASS Software, BASSnet Neo 3.1 includes modules for maintenance, procurement, health, safety, environment, and quality (HSEQ), as well as dry-docking and operational analytics, with business intelligence dashboards and mobile apps also referenced as part of the platform’s capabilities.