Professional Documents
Culture Documents
Marine Division
Ships in Service Management (DNS)
Date 28/04/03
TO
SHIPOWNERS
I) REGULATION OVERVIEW
I-1) General
II-1) General
III-1) General
III-2) Definitions
V-1) General
VII-1) Requirements
VII-2) Guidance
VIII-1) General
IX-1) Verifications
I) REGULATION OVERVIEW
I-1) General
A SOLAS Conference has been held at the IMO Headquarters in December 2002, with the aim to
adopt specific measures to enhance ships and port facilities security.
- Amendments to the SOLAS 1974 Convention, Chapter V, Safety of Navigation, addressing the early
implementation of the Automatic Identification System (AIS)
- Amendments to the SOLAS 1974 Convention, with the new Chapter XI-1 now providing :
arrangements for the permanent marking of the ship identification number either on the
stern or on each side of the ship.(Reg. XI/3)
arrangements for continuously keeping and maintaining on-board a ship a continuous
synopsis record providing information on the ship and the company.(Reg.XI/5)
- Amendments to the SOLAS 1974 Convention, with a new Chapter XI-2 « Special Measures to
enhance maritime security », which adopts the INTERNATIONAL SHIP AND PORT SECURITY
(ISPS) CODE.
This new Chapter XI-2 comprises 13 Regulations, as follows :
This Guidance to Shipowners is based on the requirements of the INTERNATIONAL SHIP AND
PORT FACILITY SECURITY (ISPS) CODE.
a) Application
It applies as well to port facilities serving such ships engaged on international voyages.
This guidance to shipowners deals more specifically with ship-related security matters.
The Security Alert System as required by SOLAS 74 as amended, Reg. XI-2/6, is also part of the
security equipment required under the ISPS Code (in addition to other safety-related items such as
the Automatic Identification System, the ship identification number and the continuous synopsis
record).
b) Schedule
The ISPS Code will enter into force on 1st July 2004, for both ships and port facilities.
c) Process
The ISPS Code requires a Ship Security Assessment (SSA) to be carried out by the company for each
ship of its fleet.This SSA is basically to include a so-called « on-scene security suvey » and the review
of « threat scenarios ».
Based on the conclusions of this SSA, particularly the identification of the particular features of the
ship and the potential threats and vulnerabilities, a Ship Security Plan (SSP) will have to be prepared
by the company and submitted for approval by the Flag administration or a Recognized Security
Organization (RSO).
The ISPS Code also requires relevant personnel to have sufficient knowledge to perform their
assigned duties with respect to the relevant provisions of the SSP, to receive adequate training and to
carry out drills and exercises.
Another important requirement of the ISPS Code is the provision of specific records of all security
activities, which shall be kept on-board.
As a consequence, by the 1st July 2004, each ship to which Part A of the ISPS Code applies, shall be
subject to an initial and complete verification of its security system and any associated security
equipment covered by the ISPS Code.
An International Ship Security Certificate (ISSC) shall then be issued to the ship upon satisfactory
completion of the initial verification.
Bureau Veritas has now applied to all relevant Flag States / Administrations to become a Recognized
Security Organization (RSO).
Consequently, when so authorized by the administration, Bureau Veritas will approve the Ship
Security Plans (SSP), carry out the verifications on board the ship and issue the ISSC.
II) COMPANY’S OBLIGATIONS AND RESPONSIBILITIES
II-1) General
The owners and operators have the primary responsibility for ensuring the safety and security of their
ships.
Although the companies are to comply with the relevant requirements of Part A of the ISPS Code,
taking into account the guidance given in Part B of the ISPS Code, it is not required for them to
be certified » as such by the Administration or the RSO.
The ISPS Code only addresses the ship « certification ».
It is however obvious that an efficient implementation of the security system on-board the ships of the
company strongly depends on the company’s active participation and involvement in the process.
The specific responsibilities and obligations of the Company are detailed in below paras. II-2) and II-3).
The Company must also appoint a Company Security Officer (CSO) for the company and a Ship
Security Officer (SSO) for each of its ships, the duties of which are detailed in below paragraphs II-4)
and II-5).
Although a « Company Security Manual » is not required by the ISPS Code, some guidance is given in
II-6) below for companies who wishes to establish such a plan, as part of their security system.
« The company shall ensure that the master has available on board, at all times, information
through which officers duly authorised by a Contracting Governement can establish :
- Who is responsible for appointing the members of the crew or other persons currently
employed or engaged on board the ship in any capacity on the business of that ship
- Who is responsible for deciding the employment of the ship
- In cases where the ship is employed under the terms of charter party(ies), who are the parties
to such charter party (ies) »
- « The Company shall ensure that the Ship Security Plan contains a clear statement
emphasizing the master’s authority.The company shall establish in the ship security plan
that the master has the overriding authority and responsibility to make decisions with
respect to the security of the ship and to request the assistance of the company or of any
Contracting Government as may be necessary ».
- « The Company shall ensure that the company security officer, the master and the ship
security officer are given the necessary support to fulfil their duties and responsibilities in
accordance with chapter XI-2 and this part of the Code ».
II-4) Company Security Officer (CSO)
- Ensuring sufficient attention and resources are allocated to security and advising the level of threats
likely to be encountered by the ship, using appropriate security assessments and other relevant
information
- Ensuring that the Ship Security Assessment are carried out by persons with appropriate skills to
evaluate the security of a ship
- Ensuring the development, submission for approval, implementation and maintenance of the SSP.
- Ensuring that, if sister-ship or fleet security plans are used, the plan for each ship reflects the ship-
specific information accurately
- Modifying the SSP to correct deficiencies and satisfy the security requirements of the individual ship
- Ensuring that any alternative or equivalent arrangements approved for a particular ship or group of
ships are implemented and maintained
- Ensuring adequate security training for personnel responsible for the security of the ship.
- Arranging for internal audits and reviews of security activities
- Arranging for the initial and subsequent verifications of the ship by the Flag or the RSO
- Ensuring that deficiencies and non-conformities identified are promptly addressed and dealt with.
- Promoting and enhancing security awareness and vigilance
- Ensuring effective communication, co-ordination and implementation of the Ship Security Plan with
the SSO and relevant Ports Facility Security Officers(PFSO)
- Ensuring consistency between security requirements and safety requirements
In addition, the CSO may ensure the development, implementation and maintenance of the Company
Security Manual, if any (not mandatory).
The CSO should therefore have in his possession the following documentation for each ship and/or
have a working knowledge of the following:
- Maintaining and supervising the implementation of the SSP on-board (including any amendments to
the plan)
- Proposing modifications to the SSP
- Co-ordinating the implementation of the SSP with the CSO and the relevant PFSO
- Carrying out regular security inspections of the ship to ensure appropriate security measures are
maintained
- Co-ordinating the security aspects of the handling of cargo and ship’s stores with other crew and the
relevant PFSO
- Promoting security awareness and vigilance among the crewmembers
- Reporting all security incidents
- Ensuring adequate crew training is carried out
- Ensuring that security equipment is properly operated, tested, calibrated and maintained
- Reporting to the CSO any deficiencies and non-conformities and implementing any corrective actions
on-board
In addition, the Company may appoint the SSO to review and complete the Declaration Of Security
(DOS) agreement (Refer to X below).
As a guidance, this Company Security Manual may document the following items :
III-1) General
The security level is the qualification of the degree of risk that a security incident will be attempted or
will occur.
From 1st July 2004, each ship to which Part A of the ISPS Code applies will be required to operate at a
specified security level at all times. Consequently, the SSP must address the security measures to be
taken at each security level.
The Flag States / Administrations are responsible for setting of the security level applying at any
particular time.
They shall also ensure the provision of security level information to ships flying under their Flag.
The setting of the applicable security levels cannot be delegated by the Contracting Governments or
Administrations.
Moreover, when entering a port, a ship is required to act upon the security level set by the Contracting
Government of this port.
In this case, the Ship Security Officer (SSO) and the Port Facility Security Officer (PFSO) are to liaise
and coordinate appropriate actions.
III-2) Definitions
- Security level 1 : « level for which minimum appropriate protective security measures shall be
maintained at all times. »
In other words, this is the level at which the ship normally operates and the applied security measures
are the daily ones (level of normal operating conditions).
At security level 1, the following shall be carried out , by means of appropriate measures, on-board the
ship :
- Security level 2 : « level for which appropriate additional protective security measures shall be
maintained for a period of time as a result of heightened risk of security incident. »
In other words, this is a level of heightened threat and additional protective measures may be
expected to be sustained for substantial periods of time.
- Security level 3 : « level for which further specific protective security measures shall be maintained
for a limited period of time when a security incident is probable or imminent, although it may not be
possible to identify the specific target. »
In other words, this is a level of probable or imminent threat and additional protective measures are
not intended to be sustained for substantial periods of time.
On-board a ship, it is of the utmost importance that the security levels are clearly defined for all
personnel.
IV) SHIP SECURITY ASSESSMENT (SSA)
The SSA (Ship Security Assessment) is to be carried out before developing the Ship Security Plan
(SSP) and is a major element in the process of developing or updating the SSP.
It is the responsibility of the CSO to ensure that the SSA is carried out by persons with appropriate
skills, for each ship in the Company fleet.
The SSA may be carried out by Bureau Veritas, acting as an RSO. In that case, Bureau Veritas shall
not be the RSO undertaking the review and approval of the SSP.
Although you will find further development of the SSA, it shall include the following steps :
For further information, please refer to the separate document « Ship Security Assessment »
V-1) General
Each ship shall carry on-board a SSP which must have been approved by the Administration or the
RSO (Bureau Veritas) acting on behalf of the Administration.
This SSP shall be developed by the company, or by Bureau Veritas (in that case, the approval of the
SSP cannot be carried out by Bureau Veritas), mainly based on the conclusions of the SSA.
It is to be noted that the SSP is generally not subject to inspection by Port State Control (PSC)
officers. However, if there are grounds to believe that the ship is not in compliance with the applicable
security regulations, limited access to the specific sections of the plan relating to the specific non-
compliances raised by the PSC, may be carried out with the agreement of the ship’s master or of the
Flag State.
The details of this SSP will be developed in the separate document « Ship Security Plan »
The SSP shall include a clear statement emphasizing the Master’s overriding authority and
responsibility with respect to the security of the ship.
V-3) Security measures/procedures based on Security levels
The plan shall include a list of security measures based on each security level (1, 2 and 3).
The security measures shall cover, as an example, the following items (but are not limited to) :
- General requirements for security of the ship (ensuring the performance of all ship security duties)
- Monitoring of restricted areas to ensure that only authorized persons have access
- Controlling access to the ship
- Monitoring of deck areas and areas surrounding the ship
- Controlling the embarkation of persons and their effects
- Supervising the handling of cargo and ship’s stores
- Ensuring that port-specific security communication is readily available
The SSP shall also, in addition, include contingency procedures, which have to be followed in unusual
circumstances that present a threat to the security of the ship.
VI-1) General
It is a requirement that the CSO, the SSO and relevant shore-based personnel shall have knowledge
and have received training on the relevant security matters.
It is a requirement that the relevant shipboard personnel engaged on specific security tasks shall have
sufficient knwoledge to carry out these specific security duties.
It may include :
- Security administration
- Relevant international conventions, codes and recommendations
- Relevant Government legislation and regulations
- Responsibilities and functions of other security organisations
- Methodology of ship security assessment
- Methods of ship security surveys and inspections
- Ship and port operations and conditions
- Ship and port facility security measures
- Emergency preparedness and response and contingency planning
- Instruction techniques for security training and education, including security measures and
procedures
- Handling sensitive security related information and security related communications
- Knowledge of current security threats and patterns
- Recognition and detection of weapons, dangerous substances and devices
- Recognition, on a non-discriminatory basis, of characteristics and behavioural patterns of persons
who are likely to threaten securiy
- Techniques used to circumvent security measures
- Security equipment and systems and their operational limitations
- Methods of conducting audits, inspection, control and monitoring
- Methods of physical searches and non-intrusive inspections
- Security drills and exercises, including drills and exercises with port facilities
- Assessment of security drills and exercises
It may include :
It may include :
It may include :
- The meaning and the consequential requirements of the different security levels
- Knowledge of the emergency procedures and contingency plans
- Recognition and detection of weapons, dangerous substances and devices
- Recognition, on a non-discriminatory basis, of characteristics and behavioural patterns of persons
who are likely to threaten securiy
- Techniques used to circumvent security measures
VII-1) Requirements
The CSO and the SSO shall ensure that internal audits of the security system and reviews of
the approved SSP are duly carried out.
The personnel conducting the internal audits must be specified in the SSP.It shall also be independent
of the activities being audited, unless this is impracticable.
VII-2) Guidance
The company may develop internal procedures and « Shipboard Security Inspection » checklists,
although this is not required by the Code.
As an example, the company may require, in its internal procedures that an audit of the security
system is carried out on-board each ship of the company’s fleet, and duly reported, with any non-
conformities and corrective or preventive action in an « audit report ».
If the company has developed a Company Security Manual (not mandatory), then this manual may
include a company audit program as well.
VIII-1) General
Records of security activities shall be kept on-board and are subject to Port State Control.
The records may be kept in any format, including electronic format, but are obviously, in any case, to
be protected from unauthorized access or disclosure.
VIII-2) Required records
a) The following records are required to be kept on-board under the ISPS Code :
b) In addition, the information as required by SOLAS XI-2, Reg.5 (ref : paragraph II-2) above) is also to
be available on-board.
c) The following additional information may also have to be made available to the Port State Control,
when a ship is intending to enter a port of that State :
- The ship possesses a valid certificate and the name of its issuing authority
- The security level at which the ship is currently operating
- The security level at which the ship operated in any previous port where it has conducted a ship/port
interface for the last 10 calls at port facilities
- Any special or additional security measures that were taken by the ship in any previous port where it
has conducted a ship/port interface, for the last 10 calls at port facilities
- The appropriate ship security procedures were maintained during any ship to ship activity for the last
10 calls at port facilities
- Other practical security related information (but not details of the Ship Security Plan)
As the Port State Control has limited access to the SSP, inspection of the above mentioned records is
a means for the Port State to verify the compliance of the ship with the ISPS Code.
As a consequence, it is of utmost importance that all records and information as mentioned in
paragraphs a), b) and c) above are duly kept on-board the ship.
Note : it is also reminded here that, as required by SOLAS Reg.XI/5 and with respect to the Safety of
the ship, a continuous synopsis record providing information on the ship and the company shall be
issued by the Administration to every ship to which SOLAS Chapter I applies.
IX) VERIFICATION AND CERTIFICATION OF SHIPS
IX-1) Verifications
The following verifications can be carried out by Bureau Veritas, when acting as a RSO :
- Initial verification :
This is the first verification to be carried out on-board, in order to verify that the implemented security
system on-board the ship, and any associated security equipment, fully complies with the
requirements of the ISPS Code and SOLAS Chapter XI-2 , is in satisfactory condition and fit for the
service for which the ship is intended.
This initial verification is to be requested by the company to Bureau Veritas, when the SSP has been
implemented on-board the ship for a certain period.
The aim of the initial verification is consequently to verify that the security system implemented on-
board the ship is also in accordance with the SSP.
After satisfactory completion of the initial verification, an International Ship Security Certificate is then
issued by Bureau Veritas.
- Renewal Verification :
It shall be carried out at invervals not exceeding five years, as prescribed by the Administration.
The aim is to ensure that the implemented security system on-board the ship, and any associated
security equipment, fully complies with the requirements of the ISPS Code and SOLAS Chapter XI-2,
is in satisfactory condition and fit for the service for which the ship is intended.
After satisfactory completion of the initial verification, a new International Ship Security Certificate is
then issued by Bureau Veritas.
- Intermediate verification :
This verification shall be carried out between the second and third anniversary date of the ISSC.
Its aim is to ensure that the implemented security system on-board the ship, and any associated
security equipment remains satisfactory for the service for which the ship is intended.
After satisfactory completion of the intermediate verification, the International Ship Security Certificate
is endorsed by Bureau Veritas.
- Additional verification :
These are determined by the Administration, or by Bureau Veritas when acting as a RSO on behalf of
the Administration.
As an example, additional verifications may be carried out to verify the implementation, on-board the
ship, of approved changes to the SSP.
IX-2) Certification/International Ship Security Certificate (ISSC)
A certificate of compliance with ISPS Code requirements (ISSC) may be issued by Bureau Veritas.
An Interim (Provisional) International Ship Security Certificate may also be issued by Bureau Veritas in
such cases as detailed in ISPS Code, Part A, paragraph 19.4.
The DOS means an agreement reached between a ship and either a port facility or another ship with
which it interfaces, specifying the security measures each will implement.
The different reasons leading to the decision, by a ship or by an Administration, to complete a DOS
are detailed in the ISPS Code, Part A, paragraph 5, with a guidance given in Part B of the ISPS Code,
paragraph 5.
The DOS is completed by either the Master or the SSO, as appointed by the company, and by the
appointed representative of the port facility.
The DOS, when completed , is to be dated and signed by both representaives of the port facility and of
the ship.