ISPS code – A measure to enhance

the security of Ships and Port

facilities

Purpose
The International Maritime Organization (IMO) states that “The International Ship and Port
Facility Security Code (ISPS Code) is a comprehensive set of measures to enhance the security
of ships and port facilities, developed in response to the perceived threats to ships and port
facilities in the wake of the 9/11 attacks in the United States” (IMO).

SOLAS chapter XI-2 part A and part B relates to special measures to enhance maritime security.
In this context, the principles behind ISPS code is similar to the ISM code on board. ISPS code
emphasizes the security of the persons on board, security of the ship and security of the
environment, in that order.
ISPS code uses the word facility for the port, which means the port by itself need not be under
the ISPS umbrella. The port must define the facilities, which need protection and chart out a
security plan accordingly. For the first time, ships and ports come under the FSA (Formal Safety
Assesment) for the implementation of the ISPS code.
Companies must comply with the relevant requirements of SOLAS chapter XI-2 part A, taking
into account the guidance given in part B of the code.

Following types of ships engaged on international voyages are covered under the ISPS:

1. Passenger Ships including high-speed passenger craft;

2. Cargo Ships including high-speed craft, of 500 GRT and upwards; mobile offshore
drilling units; and
3. Port facilities serving such ships engaged in international voyages.
This code does not apply to warships, naval auxiliaries or other ships owned or operated by a CG
and used only on Government non-commercial service.

Objectives of the ISPS Code

1. to establish an international framework involving co-operation between
Contracting Governments (CG) and shipping and port industries to detect security
threats and take preventive measures;
2. to establish respective roles and responsibilities of the CG and shipping and port
industries for ensuring maritime security;
3. to ensure early and efficient collection and exchange of security-related
information;
4. to provide a methodology for security assessments so as to have plans in place
to react to changed security levels; and
5. to ensure confidence that adequate and proportionate maritime security
measures are in place.

In order to achieve the objectives, functional

requirements embodied in the code are:
1. gathering and assessment of information regarding security threats and
exchanging such information with appropriate CGs;
2. requiring the maintenance of communication protocols for ships and port
facilities; preventing unauthorized access to ships, port facilities and their
restricted areas; preventing the introduction of unauthorized weapons, incendiary
devices or explosives to ships or port facilities;
3. providing means of raising the alarm in reaction to security threats or security
incidents;
4. requiring the ship and port facility security plans based upon security incidents;
5. requiring training, drills, and exercises to ensure familiarization with security
plans and procedures.

Definitions
1. Convention means SOLAS 1974 as amended.
2. SSP or Ship Security Plan means a plan developed to ensure the application of
measures on board the ship designed to protect persons on board, cargo, cargo
transport units, ship’s stores or the ship from the risks of a security incident.
3. PFSP or Port Facility Security Plan means a plan developed to ensure the
application of measures designed to protect the port facility and ships, persons,
cargo, cargo transport units, ship’s stores within the port facility from the risks of a
security incident.
4. SSO or Ship Security Officer means the person on board the ship, accountable
to the master, designated by the company as responsible for the security of the
ship, including implementation and maintenance of the ship security plan, and for
liaison with the CSO and PFSO.
5. CSO or Company Security Officer means the person designated by the
company for ensuring that a ship security assessment is carried out, that a ship
 security plan is developed, submitted for approval and thereafter implemented and
maintained, and for liaison with the SSO and PFSO.
6. PFSO or Port Facility Security Officer means an officer designated as
responsible for the development, implementation, revision and maintenance of the
port facility security plan and for liaison with the SSO and CSO.
7. Security Level 1 means the level for which minimum appropriate protective
measures shall be maintained at all times.
8. Security Level 2 means the level for which appropriate additional protective
security measures shall be maintained for a period of time as a result of
heightened risk of a security incident.
9. Security Level 3 means the level for which further specific protective security
measures shall be maintained for a limited period of time when a security incident
is probable or imminent, although it may not be possible to identify the specific
target.

At SL1, the following activities shall be

carried out:

 ensuring the performance of all ship security duties;

 controlling ship access;
 controlling embarkation of persons and their effects;
 monitoring restricted areas to ensure that only authorized persons have access;
 monitoring deck areas and areas surrounding the ship; supervising the handling
of cargo and ship’s stores; and
 ensuring that security communication is readily available.

At SL2, additional protective measures, specified in the SSP shall be implemented.

At SL3, further specific protective measure specified in the SSP shall be implemented.
The ship shall acknowledge the security levels set by the CGs. Any ship or port having
a Security Level higher than a port or ship respectively must liaison with the PFSO or
SSO as the case may be to coordinate appropriate actions.

Declaration of Security or DoS

Declaration of Security (DoS) is defined by the Safety of Life at Sea (SOLAS)
Convention as “an agreement reached between a ship and either a port facility or
another ship with which it interfaces, specifying the security measures each will
implement”. An agreement executed between the responsible Vessel and Facility
Security Officer, or between Vessel Security Officers in the case of a vessel-to-vessel
activity, that provides a means for ensuring that all shared security concerns are
properly addressed and security will remain in place throughout the time a vessel is
moored to the facility or for the duration of the vessel-to-vessel activity, respectively.

A ship can request the completion of a DoS when:

1. the ship operates at a higher security level than the port or another ship it is
interfacing with;
2. there is an agreement on DoS between the CGs covering certain international
voyages or specific ships on those voyages (e.g. Malacca Straits);
3. there has been a security threat or security incident involving the ship or the port;
4. the ship is in a port not covered by ISPS code;
5. the interfacing is with another ship without ISPS code.

PFSO/ Master or SSO of interfacing ships should acknowledge the DoS. DoS should
address the security requirements to be shared between ship and port. CGs should
specify the minimum period of the DoS for the port and the ship. Proper use of the DoS
is important, not only as a means of coordinating security arrangements between ships
and port facilities but also as a method of documenting appropriate implementation of
the ISPS Code and related maritime security requirements.

Ship Security Assessment (SSA)

The SSA is an essential and integral part of developing and updating the Ship Security
Plan (SSP). The CSO will ensure that persons with appropriate skills taking the
guidelines provided in part B of ISPS code carry out the SSA. The Company Security
Officer (CSO) is responsible for the risk assessment and must also approve it.

SSA will include on-scene security survey with the following elements taken into
consideration:

1. identification of existing security measures, procedures, and operations;

2. identification and evaluation of key shipboard operations that it is important to
protect;
3. identification of possible threats and likelihood of their occurrence; and
4. identification of weakness, including human factors, in the infrastructure, policies,
and procedures.

SSA shall be documented, reviewed, accepted and retained by the company.

Ship Security Plan (SSP)

How is it made?
SSP shall be developed as per guidelines are given in part B of the code and shall be
written in a working language of the ship. The language used should be in English,
Spanish or French along with the working language of the ship. The SSP has to be
approved by the FSA and must cover the three security levels. A Recognised Security
Organisation (RSO) may prepare, review and approve the SSP on behalf of the FSA.
However, if the RSO is to review and approve, it cannot prepare the plan.

The plan should address the following:

1. measures to prevent weapons, dangerous devices and substances; identification
of restricted areas and measures to prevent unauthorized access;
2. measures for prevention of unauthorized access to ship;
3. procedures for responding to security threats or breaches, responsibilities,
instructions, evacuation, auditing, training, drills, exercises;
4. procedures for interfacing with port, periodic review and updating, reporting
security incident;
5. identification of the CSO and his 24hours contact details;
6. procedures to ensure inspections, testing, calibration and maintenance of
security equipment and their frequencies;
7. identification of the location of Ship Security Alert System (SSAS) and the
procedure for its usage, testing, activation, deactivation, and resetting.

Internal audits are to be conducted by independent auditors. Changes in SSP are to be

approved by the FSA. SSP can be in an electronic format and must be protected from
unauthorized access. SSP is not subject to inspections by CGs unless the inspectors
have adequate reasons to believe that the vessel is not ISPS compliant.

The company shall ensure the Ship Security Plan (SSP) clearly emphasizes the
overriding authority of the Master and his responsibilities in taking decisions with
respect to the safety and security of the ship. The company shall ensure that the CSO,
the Master, and the SSO are given the necessary support to fulfill their duties and
responsibilities in accordance with ISPS code.

Company Security Officer

The company designates a CSO, who can act for more than one ship is the person who
ensures that a ship security assessment is carried out, that a ship security plan is
developed, submitted for approval and thereafter implemented and maintained, and for
liaison with the SSO and PFSO.

The duties and responsibilities of a CSO are:

1. advising ships of the security levels to be encountered;
2. ensuring that the SSA is carried out;
3. ensuring the development, submission for approval, implementation, and
maintenance of the SSP;
4. ensuring that the SSP is modified as appropriate to correct deficiencies;
arranging internal audits and reviews security activities;
5. arranging initial and subsequent inspections by FSA;
6. ensuring that deficiencies and NCs are identified and promptly addressed;
7. enhancing security awareness and vigilance;
 8. ensuring adequate training for personnel onboard responsible for security;
9. ensuring effective communication and co-operation between the SSO and PFSO;
10. ensuring consistency between security and safety requirements;
11. ensuring that all SSA and SSP are ship specific; and
12. ensuring that alternative or equivalent arrangements are implemented and
maintained.

Ship Security Officer

SSO is the person on board the ship, accountable to the master, designated by the
company as responsible for the security of the ship, including implementation and
maintenance of the ship security plan, and for liaison with the CSO and PFSO. Every
ship must have a designated SSO.

The duties and responsibilities of an SSO are:

1. undertaking regular security inspections of the ship to ensure adequate security
measures are taken;
2. maintaining the SSP and its amendments if any;
3. co-ordinating security aspects of the handling of cargo, ship’s stores etc. with
shipboard personals and port authorities;
4. proposing modifications to the SSP;
5. reporting any deficiencies to CSO during audits or inspections;
6. enhancing security awareness and vigilance on board;
7. ensuring adequate training provided to shipboard personals;
8. reporting all security incidents;
9. co-ordinating the implementation of the SSP with CSO and PFSO; and
10. ensuring that security equipment is properly operated, tested, calibrated and
maintained.

Port Facility Security Assessment (PFSA)

PFSA is an essential and integral part of developing and updating Port Facility Security
Plan (PFSP). The CG or the RSO, who must have appropriate skills, carries out PFSA.
It must be periodically reviewed and updated taking into account any fresh security
threats or changes in the port facilities.

The PFSA shall include the following:

1. identification and evaluation of important assets and infrastructures which need
protection;
2. identification of possible threats and the frequency of occurrence to the assets
and infrastructure;
3. identification of procedural changes in reducing vulnerability; and
4. identification of weaknesses including human factors in the infrastructures,
policies, and procedures.

PFSA can be applicable to more than one port if accepted by the CG. The methodology
used to make the PFSA should be recorded. The Port facility Security assessment and
plan meets the international requirements in the ISPS code and local national
authorities.

Port Facility Security Plan (PFSP)

PFSP is developed and maintained based on the PFSA for each port facility. The port
facility security assessment (PFSA), within the framework of ISPS, are an essential and
integral part of the process of developing and/or updating the port facility security plan.
An RSO (Recognised Security Organization) may be asked to prepare the PFSP, which
needs to be approved by the FSA.

The PFSP will address the following:

1. measures designed to prevent weapons, dangerous substances and devices into

the port;
2. measures designed to prevent unauthorized access to port facilities, ships, and
restricted areas;
3. procedures to respond to various security levels and maintaining critical port
operations;
4. procedures to implement security instructions from CG on SL3;
5. procedures for evacuation, interfacing, periodical review of plans and updating,
reporting security incidents and breaches;
6. assignment of a PFSO (Port Facility Security Officer), his duties and his 24 hours
contact details;
7. ensure the security of the PFSP, effective cargo security and port facilities; and
procedures for auditing of the PFSP, responding to security alert of a ship in port,
facilitate shore leave of ship’s personals and visitors.
8. procedures for auditing of the PFSP, responding to security alert of a ship in port,
facilitate shore leave of ship’s personals and visitors.

The plan may be kept in an electronic format and must be protected from deletion,
destruction or amendments. The plan must be protected from unauthorized access or
disclosure. Changes in the plan must be approved by the CG.

The certificate issued to a port facility under the ISPS code is a ” Statement of
Compliance of a Port Facility “.

Port Facility Security Officer

PFSO is a designated officer for the port facilities responsible for the development,
implementation, revision and maintenance of the port facility security plan and for liaison
with the SSO and CSO.

Duties and Responsibilities of s PFSO include:

1. conducting an initial comprehensive port security survey of all port facilities;

2. developing and maintenance of PFSP;
3. implementation and exercise the PFSP;
 4. undertaking regular security inspections to continue with appropriate security
measures;
5. recommending and modifying PFSP to correct deficiencies and incorporate
changes;
6. ensuring security awareness among port personals, training them, reporting to
relevant authorities and maintaining records of security occurrences;
7. co-ordinating the implementation of PFSP with CSO, SSO, security services;
ensuring standards of security are met;
8. ensuring the security equipment are operated, tested, calibrated and maintained;
and assisting the SSO in confirming the identity of those seeking to board the
ship.

The PFSO must be given the necessary support to fulfill his duties as per the ISPS
code.

What led to the development of the ISPS

Code?
In November 2001, two months after the “9/11” attacks, IMO’s 22nd Assembly adopted
resolution A.924(22) Review of measures and procedures to prevent acts of terrorism
which threaten the security of passengers and crews and the safety of ships, which
called for a thorough review of all existing measures already adopted by IMO to combat
acts of violence and crime at sea.

The Assembly agreed to hold a diplomatic conference on maritime security in

December 2002, to adopt any new regulations that might be deemed necessary to
enhance ship and port security and prevent shipping from becoming a target of
international terrorism and it also agreed to a significant boost to the Organization’s
technical cooperation programme of £1.5 million, to help developing countries address
maritime security issues.

The ISPS Code and other maritime security measures were developed by IMO’s
Maritime Safety Committee (MSC) and its Maritime Security Working Group before
being adopted by a Conference n Maritime Security in December 2002, with entry into
force set for 1 July 2004.

Amendments were brought about in the

SOLAS 1974 for the purpose of ISPS Code
Under the SOLAS conference in December 2002, chapters V and XI were amended.
Chapter V makes it mandatory for all ships of 300 GRT and upwards but less than
50,000 GRT to have AIS fitted not later than the first safety equipment survey after 1st
July 2004 or by 31st December 2004, whichever is earlier. AIS shall be in operation at
all times except where international agreements provide otherwise.

Chapter XI is divided into two parts XI-1 and XI-2.

Chapter XI-1 deals with Ship Identification Number (SIN), which must be permanently
marked in a visible place either on the stern of the ship or on the port and starboard side
along with the end transverse bulkhead of machinery space or the hold main beam,
which are easily accessible. The permanent markings should be plainly visible clear of
any other markings on the hull and shall be painted in a contrasting colour. The height
of the markings should be not less than 100mm and of proportionate length. These
must be raised or centre-punching method. SIN is a seven digit number unique number
for the ship painted after the letters IMO. It must be with the ship till it is scrapped.

Chapter XI-1 also deals with each vessel having a Continuous Synopsis Record
(CSR).
CSR is issued by the FSA in the format developed by IMO and contains the following
information:

1. name of the State flag the ship flies;

2. date of registry, identification number, the name of the ship, port of registry,
name and full style address of the registered owner, bareboat charterer(s),
company which carries out the safety management services;
3. name of all classification societies, the ship is classed;
4. name of the FSA and CG, who issued the DOC;
5. name of the RSO, who audited the ship for ISM;
6. name of the FSA, CG or the RSO, who issued the International Ship Security
Certificate (ISSC);
7. the date on which the ship ceases to be registered with that state.

CSR should incorporate any changes in the above information. CSR must be in English,
French or Spanish along with a translation in the working language of the ship and to be
kept on board available for inspections at all times. CGs will co-operate in passing all
the information in case of change of CG or FSA.