ISPS code – A measure to enhance the security of Ships and Port facilities

Purpose

The International Maritime Organization (IMO) states that “The International Ship and Port Facility Security Code (ISPS Code) is a comprehensive set of measures to enhance the security of ships and port facilities, developed in response to the perceived threats to ships and port facilities in the wake of the 9/11 attacks in the United States” (IMO).

SOLAS chapter XI-2 part A and part B relates to special measures to enhance maritime security. In this context, the principles behind ISPS code is similar to the ISM code on board. ISPS code emphasizes the security of the persons on board, security of the ship and security of the environment, in that order.
ISPS code uses the word facility for the port, which means the port by itself need not be under the ISPS umbrella. The port must define the facilities, which need protection and chart out a security plan accordingly. For the first time, ships and ports come under the FSA (Formal Safety Assesment) for the implementation of the ISPS code.
Companies must comply with the relevant requirements of SOLAS chapter XI-2 part A, taking into account the guidance given in part B of the code.

Following types of ships engaged on international voyages are covered under the ISPS:

1. Passenger Ships including high-speed passenger craft;
2. Cargo Ships including high-speed craft, of 500 GRT and upwards; mobile offshore drilling units; and
3. Port facilities serving such ships engaged in international voyages.

This code does not apply to warships, naval auxiliaries or other ships owned or operated by a CG and used only on Government non-commercial service.

Objectives of the ISPS Code

1. to establish an international framework involving co-operation between Contracting Governments (CG) and shipping and port industries to detect security threats and take preventive measures;
2. to establish respective roles and responsibilities of the CG and shipping and port industries for ensuring maritime security;
3. to ensure early and efficient collection and exchange of security-related information;
4. to provide a methodology for security assessments so as to have plans in place to react to changed security levels; and
5. to ensure confidence that adequate and proportionate maritime security measures are in place.

In order to achieve the objectives, functional requirements embodied in the code are:

1. gathering and assessment of information regarding security threats and exchanging such information with appropriate CGs;
2. requiring the maintenance of communication protocols for ships and port facilities; preventing unauthorized access to ships, port facilities and their restricted areas; preventing the introduction of unauthorized weapons, incendiary devices or explosives to ships or port facilities;
3. providing means of raising the alarm in reaction to security threats or security incidents;
4. requiring the ship and port facility security plans based upon security incidents;
5. requiring training, drills, and exercises to ensure familiarization with security plans and procedures.

Definitions

1. Convention means SOLAS 1974 as amended.
2. SSP or Ship Security Plan means a plan developed to ensure the application of measures on board the ship designed to protect persons on board, cargo, cargo transport units, ship’s stores or the ship from the risks of a security incident.
3. PFSP or Port Facility Security Plan means a plan developed to ensure the application of measures designed to protect the port facility and ships, persons, cargo, cargo transport units, ship’s stores within the port facility from the risks of a security incident.
4. SSO or Ship Security Officer means the person on board the ship, accountable to the master, designated by the company as responsible for the security of the ship, including implementation and maintenance of the ship security plan, and for liaison with the CSO and PFSO.
5. CSO or Company Security Officer means the person designated by the company for ensuring that a ship security assessment is carried out, that a ship security plan is developed, submitted for approval and thereafter implemented and maintained, and for liaison with the SSO and PFSO.
6. PFSO or Port Facility Security Officer means an officer designated as responsible for the development, implementation, revision and maintenance of the port facility security plan and for liaison with the SSO and CSO.
7. Security Level 1 means the level for which minimum appropriate protective measures shall be maintained at all times.
8. Security Level 2 means the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a security incident.
9. Security Level 3 means the level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.

At SL1, the following activities shall be carried out:

• ensuring the performance of all ship security duties;
• controlling ship access;
• controlling embarkation of persons and their effects;
• monitoring restricted areas to ensure that only authorized persons have access;
• monitoring deck areas and areas surrounding the ship; supervising the handling of cargo and ship’s stores; and
• ensuring that security communication is readily available.

At SL2, additional protective measures, specified in the SSP shall be implemented. At SL3, further specific protective measure specified in the SSP shall be implemented. The ship shall acknowledge the security levels set by the CGs. Any ship or port having a Security Level higher than a port or ship respectively must liaison with the PFSO or SSO as the case may be to coordinate appropriate actions.

Declaration of Security or DoS

Declaration of Security (DoS) is defined by the Safety of Life at Sea (SOLAS) Convention as “an agreement reached between a ship and either a port facility or another ship with which it interfaces, specifying the security measures each will implement”. An agreement executed between the responsible Vessel and Facility Security Officer, or between Vessel Security Officers in the case of a vessel-to-vessel activity, that provides a means for ensuring that all shared security concerns are properly addressed and security will remain in place throughout the time a vessel is moored to the facility or for the duration of the vessel-to-vessel activity, respectively.

A ship can request the completion of a DoS when:

1. the ship operates at a higher security level than the port or another ship it is interfacing with;
2. there is an agreement on DoS between the CGs covering certain international voyages or specific ships on those voyages (e.g. Malacca Straits);
3. there has been a security threat or security incident involving the ship or the port;
4. the ship is in a port not covered by ISPS code;
5. the interfacing is with another ship without ISPS code.

PFSO/ Master or SSO of interfacing ships should acknowledge the DoS. DoS should address the security requirements to be shared between ship and port. CGs should specify the minimum period of the DoS for the port and the ship. Proper use of the DoS is important, not only as a means of coordinating security arrangements between ships and port facilities but also as a method of documenting appropriate implementation of the ISPS Code and related maritime security requirements.

Ship Security Assessment (SSA)

The SSA is an essential and integral part of developing and updating the Ship Security Plan (SSP). The CSO will ensure that persons with appropriate skills taking the guidelines provided in part B of ISPS code carry out the SSA. The Company Security Officer (CSO) is responsible for the risk assessment and must also approve it.

SSA will include on-scene security survey with the following elements taken into consideration:

1. identification of existing security measures, procedures, and operations;
2. identification and evaluation of key shipboard operations that it is important to protect;
3. identification of possible threats and likelihood of their occurrence; and
4. identification of weakness, including human factors, in the infrastructure, policies, and procedures.

SSA shall be documented, reviewed, accepted and retained by the company.

Ship Security Plan (SSP)

How is it made?

SSP shall be developed as per guidelines are given in part B of the code and shall be written in a working language of the ship. The language used should be in English, Spanish or French along with the working language of the ship. The SSP has to be approved by the FSA and must cover the three security levels. A Recognised Security Organisation (RSO) may prepare, review and approve the SSP on behalf of the FSA. However, if the RSO is to review and approve, it cannot prepare the plan.

The plan should address the following:

1. measures to prevent weapons, dangerous devices and substances; identification of restricted areas and measures to prevent unauthorized access;
2. measures for prevention of unauthorized access to ship;
3. procedures for responding to security threats or breaches, responsibilities, instructions, evacuation, auditing, training, drills, exercises;
4. procedures for interfacing with port, periodic review and updating, reporting security incident;
5. identification of the CSO and his 24hours contact details;
6. procedures to ensure inspections, testing, calibration and maintenance of security equipment and their frequencies;
7. identification of the location of Ship Security Alert System (SSAS) and the procedure for its usage, testing, activation, deactivation, and resetting.

Internal audits are to be conducted by independent auditors. Changes in SSP are to be approved by the FSA. SSP can be in an electronic format and must be protected from unauthorized access. SSP is not subject to inspections by CGs unless the inspectors have adequate reasons to believe that the vessel is not ISPS compliant.

The company shall ensure the Ship Security Plan (SSP) clearly emphasizes the overriding authority of the Master and his responsibilities in taking decisions with respect to the safety and security of the ship. The company shall ensure that the CSO, the Master, and the SSO are given the necessary support to fulfill their duties and responsibilities in accordance with ISPS code.

Company Security Officer

The company designates a CSO, who can act for more than one ship is the person who ensures that a ship security assessment is carried out, that a ship security plan is developed, submitted for approval and thereafter implemented and maintained, and for liaison with the SSO and PFSO.

The duties and responsibilities of a CSO are:

1. advising ships of the security levels to be encountered;
2. ensuring that the SSA is carried out;
3. ensuring the development, submission for approval, implementation, and maintenance of the SSP;
4. ensuring that the SSP is modified as appropriate to correct deficiencies; arranging internal audits and reviews security activities;
5. arranging initial and subsequent inspections by FSA;
6. ensuring that deficiencies and NCs are identified and promptly addressed;
7. enhancing security awareness and vigilance;
8. ensuring adequate training for personnel onboard responsible for security;
9. ensuring effective communication and co-operation between the SSO and PFSO;
10. ensuring consistency between security and safety requirements;
11. ensuring that all SSA and SSP are ship specific; and
12. ensuring that alternative or equivalent arrangements are implemented and maintained.

Ship Security Officer

SSO is the person on board the ship, accountable to the master, designated by the company as responsible for the security of the ship, including implementation and maintenance of the ship security plan, and for liaison with the CSO and PFSO. Every ship must have a designated SSO.

The duties and responsibilities of an SSO are:

1. undertaking regular security inspections of the ship to ensure adequate security measures are taken;
2. maintaining the SSP and its amendments if any;
3. co-ordinating security aspects of the handling of cargo, ship’s stores etc. with shipboard personals and port authorities;
4. proposing modifications to the SSP;
5. reporting any deficiencies to CSO during audits or inspections;
6. enhancing security awareness and vigilance on board;
7. ensuring adequate training provided to shipboard personals;
8. reporting all security incidents;
9. co-ordinating the implementation of the SSP with CSO and PFSO; and
10. ensuring that security equipment is properly operated, tested, calibrated and maintained.

Port Facility Security Assessment (PFSA)

PFSA is an essential and integral part of developing and updating Port Facility Security Plan (PFSP). The CG or the RSO, who must have appropriate skills, carries out PFSA. It must be periodically reviewed and updated taking into account any fresh security threats or changes in the port facilities.

The PFSA shall include the following:

1. identification and evaluation of important assets and infrastructures which need protection;
2. identification of possible threats and the frequency of occurrence to the assets and infrastructure;
3. identification of procedural changes in reducing vulnerability; and
4. identification of weaknesses including human factors in the infrastructures, policies, and procedures.

PFSA can be applicable to more than one port if accepted by the CG. The methodology used to make the PFSA should be recorded. The Port facility Security assessment and plan meets the international requirements in the ISPS code and local national authorities.

Port Facility Security Plan (PFSP)

PFSP is developed and maintained based on the PFSA for each port facility. The port facility security assessment (PFSA), within the framework of ISPS, are an essential and integral part of the process of developing and/or updating the port facility security plan. An RSO (Recognised Security Organization) may be asked to prepare the PFSP, which needs to be approved by the FSA.

The PFSP will address the following:

1. measures designed to prevent weapons, dangerous substances and devices into the port;
2. measures designed to prevent unauthorized access to port facilities, ships, and restricted areas;
3. procedures to respond to various security levels and maintaining critical port operations;
4. procedures to implement security instructions from CG on SL3;
5. procedures for evacuation, interfacing, periodical review of plans and updating, reporting security incidents and breaches;
6. assignment of a PFSO (Port Facility Security Officer), his duties and his 24 hours contact details;
7. ensure the security of the PFSP, effective cargo security and port facilities; and procedures for auditing of the PFSP, responding to security alert of a ship in port, facilitate shore leave of ship’s personals and visitors.
8. procedures for auditing of the PFSP, responding to security alert of a ship in port, facilitate shore leave of ship’s personals and visitors.

The plan may be kept in an electronic format and must be protected from deletion, destruction or amendments. The plan must be protected from unauthorized access or disclosure. Changes in the plan must be approved by the CG.

The certificate issued to a port facility under the ISPS code is a ” Statement of Compliance of a Port Facility “.

Port Facility Security Officer

PFSO is a designated officer for the port facilities responsible for the development, implementation, revision and maintenance of the port facility security plan and for liaison with the SSO and CSO.

Duties and Responsibilities of s PFSO include:

1. conducting an initial comprehensive port security survey of all port facilities;
2. developing and maintenance of PFSP;
3. implementation and exercise the PFSP;
4. undertaking regular security inspections to continue with appropriate security measures;
5. recommending and modifying PFSP to correct deficiencies and incorporate changes;
6. ensuring security awareness among port personals, training them, reporting to relevant authorities and maintaining records of security occurrences;
7. co-ordinating the implementation of PFSP with CSO, SSO, security services; ensuring standards of security are met;
8. ensuring the security equipment are operated, tested, calibrated and maintained; and assisting the SSO in confirming the identity of those seeking to board the ship.

The PFSO must be given the necessary support to fulfill his duties as per the ISPS code.

What led to the development of the ISPS Code?

In November 2001, two months after the “9/11” attacks, IMO’s 22nd Assembly adopted resolution A.924(22) Review of measures and procedures to prevent acts of terrorism which threaten the security of passengers and crews and the safety of ships, which called for a thorough review of all existing measures already adopted by IMO to combat acts of violence and crime at sea.

The Assembly agreed to hold a diplomatic conference on maritime security in December 2002, to adopt any new regulations that might be deemed necessary to enhance ship and port security and prevent shipping from becoming a target of international terrorism and it also agreed to a significant boost to the Organization’s technical cooperation programme of £1.5 million, to help developing countries address maritime security issues.

The ISPS Code and other maritime security measures were developed by IMO’s Maritime Safety Committee (MSC) and its Maritime Security Working Group before being adopted by a Conference n Maritime Security in December 2002, with entry into force set for 1 July 2004.

Amendments were brought about in the SOLAS 1974 for the purpose of ISPS Code

Under the SOLAS conference in December 2002, chapters V and XI were amended. Chapter V makes it mandatory for all ships of 300 GRT and upwards but less than 50,000 GRT to have AIS fitted not later than the first safety equipment survey after 1st July 2004 or by 31st December 2004, whichever is earlier. AIS shall be in operation at all times except where international agreements provide otherwise.

Chapter XI is divided into two parts XI-1 and XI-2.

Chapter XI-1 deals with Ship Identification Number (SIN), which must be permanently marked in a visible place either on the stern of the ship or on the port and starboard side along with the end transverse bulkhead of machinery space or the hold main beam, which are easily accessible. The permanent markings should be plainly visible clear of any other markings on the hull and shall be painted in a contrasting colour. The height of the markings should be not less than 100mm and of proportionate length. These must be raised or centre-punching method. SIN is a seven digit number unique number for the ship painted after the letters IMO. It must be with the ship till it is scrapped.

Chapter XI-1 also deals with each vessel having a Continuous Synopsis Record (CSR).
CSR is issued by the FSA in the format developed by IMO and contains the following information:

1. name of the State flag the ship flies;
2. date of registry, identification number, the name of the ship, port of registry, name and full style address of the registered owner, bareboat charterer(s), company which carries out the safety management services;
3. name of all classification societies, the ship is classed;
4. name of the FSA and CG, who issued the DOC;
5. name of the RSO, who audited the ship for ISM;
6. name of the FSA, CG or the RSO, who issued the International Ship Security Certificate (ISSC);
7. the date on which the ship ceases to be registered with that state.

CSR should incorporate any changes in the above information. CSR must be in English, French or Spanish along with a translation in the working language of the ship and to be kept on board available for inspections at all times. CGs will co-operate in passing all the information in case of change of CG or FSA.