Understanding ISPS Code

Browse By

What is ISPS code?

ISPS code is the International Ship and Port facility Security code. SOLAS chapter XI-2 part A and part B relates to special measures to enhance maritime security. In this context the principles behind ISPS code is similar to the ISM code on board. ISPS code emphasises the security of the persons on board, security of the ship and security of environment, in that order.

ISPS code uses the word facility for the port, which means the port perse need not be under the ISPS umbrella. The port must define the facilities, which need protection and chart out a security plan accordingly. For the first time ships and ports come under the FSA for the implementation of the ISPS code.

Companies must comply with the relevant requirements of SOLAS chapter XI-2 part A, taking into account the guidance given in part B of the code.

Objectives of the ISPS code

The objectives of the code are:

• to establish an international framework involving co-operation between Contracting Governments (CG) and shipping and port industries to detect security threats and take preventive measures;
• to establish respective roles and responsibilities of the CG and shipping and port industries for ensuring maritime security;
• to ensure early and efficient collection and exchange of security-related information;
• to provide methodology for security assessments so as to have plans in place to react to changed security levels; and
• to ensure confidence that adequate and proportionate maritime security measures are in place.

To achieve the objectives functional requirements are embodied in the code

The functional requirements are:

• gathering and assessment of information regarding security threats and exchanging such information with appropriate CGs;
• requiring the maintenance of communication protocols for ships and port facilities;
• preventing unauthorised access to ships, port facilities and their restricted areas;
• preventing the introduction of unauthorised weapons, incendiary devices or explosives to ships or port facilities;
• providing means of raising the alarm in reaction to security threats or security incidents;
• requiring the ship and port facility security plans based upon security incidents;
• requiring training, drills and exercises to ensure familiarisation with security plans and procedures.

Some Important Definitions

  1. Ship Security Plan (SSP) means a plan developed to ensure the application of measures on board the ship designed to protect persons on board, cargo, cargo transport units, ship’s stores or the ship from the risks of a security incident.
  2. Port Facility Security Plan (PFSP) means a plan developed to ensure the application of measures designed to protect the port facility and ships, persons, cargo, cargo transport units, ship’s stores within the port facility from the risks of a security incident.
  3. Ship Security Officer (SSO) means the person on board the ship, accountable to the master, designated by the company as responsible for the security of the ship, including implementation and maintenance of the ship security plan, and for liaison with the CSO and PFSO.
  4. Company Security Officer (CSO) means the person designated by the company for ensuring that a ship security assessment is carried out; that a ship security plan is developed, submitted for approval and there after implemented and maintained, and for liaison with the SSO and PFSO.
  5. Port Facility Security Officer (PFSO) means an officer designated as responsible for the development for the development, implementation, revision and maintenance of the port facility security plan and for liaison with the SSO and CSO.
  6. Security Level 1 means the level for which minimum appropriate protective measures shall be maintained at all times.
  7. Security Level 2 means the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a security incident.
  8. Security Level 3 means the level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.

Ships’ covered under ISPS code

Following types of ships engaged on international voyages are covered under the ISPS:

• passenger ships including high-speed passenger craft;
• cargo ships including high-speed craft, of 500 GRT and upwards;
• mobile offshore drilling units; and
• port facilities serving such ships engaged in international voyages.

This code does not apply to warships, naval auxiliaries or other ships owned or operated by a Contracting Govt and used only on Government non-commercial service.

Responsibilities of the Contracting Govt under this code

Contracting Govt will assimilate credible, corroborated, specific threat information and their potential consequences. It shall issue appropriate instructions and provide security-related information to ships and ports, which may be affected.

Contracting Govt will also:

• set the applicable security levels;
• approve a PFSA and its amendments;
• decide on the requirements of PFSO in a port;
• exercise control and compliance of the code;
• exercising the requirement of DoS (Declaration of Security);
• test the effectiveness of the SSP and PFSP and amend them as required.

DOS(Declaration of Security) and when is it required to be completed

Whenever there is an interface with ship/ship, ship/port, the ship can ask for a DoS. A ship can request the completion of a DoS when:

• the ship operates at a higher security level than the port or another ship it is interfacing with;
• there is an agreement on DoS between the CGs covering certain international voyages or specific ships on those voyages (e.g. Malacca Straits);
• there has been a security threat or security incident involving the ship or the port;
• the ship is in a port not covered by ISPS code;
• the interfacing is with another ship without ISPS code.

PFSO/ master or SSO of interfacing ships should acknowledge the DoS.
DoS should address the security requirements to be shared between ship and port. CGs should specify the minimum period of the DoS for the port and the ship.

Obligation of the company under the ISPS code

The company shall ensure the Ship Security Plan (SSP) clearly emphasises the overriding authority of the master and his responsibilities in taking decisions with respect to the safety and security of the ship.

The company shall ensure that the CSO, the master and the SSO are given the necessary support to fulfil their duties and responsibilities in accordance with ISPS code.

Activities allowed under different Security Levels, Security Level 1, Security Level 2 and Security Level 3 on ships

At Security Level 1, the following activities shall be carried out:

• ensuring the performance of all ship security duties;
• controlling ship access;
• controlling embarkation of persons and their effects;
• monitoring restricted areas to ensure that only authorised persons have access;
• monitoring deck areas and areas surrounding the ship;
• supervising the handling of cargo and ship’s stores; and
• ensuring that security communication is readily available.

At Security Level 2, additional protective measures, specified in the SSP shall be implemented.
At Security Level 3,further specific protective measure specified in the SSP shall be implemented. The ship shall acknowledge the security levels set by the Contracting Govt.

Any ship or port having a Security Level higher than a port or ship respectively must liaison with the PFSO or SSO as the case may be to co-ordinate appropriate actions.

Ship Security Assessment (SSA)

The SSA is an essential and integral part of developing and updating the Ship Security Plan (SSP). The CSO will ensure that persons of appropriate skills taking the guidelines provided in part B of ISPS code carry out the SSA.

SSA will include on-scene security survey with the following elements taken into consideration:

• identification of existing security measures, procedures and operations;
• identification and evaluation of key shipboard operations that it is important to protect;
• identification of possible threats and likelihood of their occurrence; and
• identification of weakness, including human factors, in the infrastructure, policies and procedures.

SSA shall be documented, reviewed, accepted and retained by the company.

Ship Security Plan (SSP)

The SSP has to be approved by the FSA and must cover the three security levels. A Recognised Security Organisation (RSO) may prepare, review and approve the SSP on behalf of the FSA. However if the RSO is to review and approve, it cannot prepare the plan.

SSP shall be developed as per guidelines given in part B of the code and shall be written in a working language of the ship. The language used should be in English, Spanish or French along with the working language of the ship.

The plan should address the following:

• measures to prevent weapons, dangerous devices and substances;
• identification of restricted areas and measures to prevent unauthorised access;
• measures for prevention of unauthorised access to ship;
• procedures for responding to security threats or breaches, responsibilities, instructions, evacuation, auditing, training, drills, exercises;
• procedures for interfacing with port, periodic review and updating, reporting security incident;
• identification of the CSO and his 24hours contact details;
• procedures to ensure inspections, testing, calibration and maintenance of security equipment and their frequencies;
• identification of the location of Ship Security Alert System (SSAS) and the procedure for its usage, testing, activation, deactivation and resetting.

Internal audits are to be conducted by independent auditors. Changes in SSP are to be approved by the FSA. SSP can be in an electronic format and must be protected from unauthorised access. SSP is not subject to inspections by CGs unless the inspectors have adequate reasons to believe that the vessel is not ISPS compliant e.g. no gangway check of entry.

Records required to be kept on board for the SSP

Following records are required to be kept on board with reference to the SSP:

• training, drills and exercises;
• security threats and security incidents;
• breaches of security;
• changes in security levels;
• communications between ship to ship or ship to port on security such as specific security threats;
• internal audits and review of security activities;
• periodic review of SSA and SSP;
• implementation of any changes to SSA and SSP;
• maintenance, calibration, testing of security equipment and testing of SSAS.

The records are to be kept in English, Spanish or French along with the working language of the ship. The records may be kept in an electronic format, which cannot be deleted, destroyed or amended by unauthorised personnel.

Duties and Responsibilities of a CSO

The company designates a CSO, who can act for more than one ship.

The duties and responsibilities of a CSO are:

• advising ships of the security levels to be encountered;
• ensuring that the SSA is carried out;
• ensuring the development, submission for approval, implementation and maintenance of the SSP;
• ensuring that the SSP is modified as appropriate to correct deficiencies;
• arranging internal audits and reviews security activities;
• arranging initial and subsequent inspections by FSA;
• ensuring that deficiencies and NCs are identified and promptly addressed;
• enhancing security awareness and vigilance;
• ensuring adequate training for personnel on board responsible for security;
• ensuring effective communication and co-operation between the SSO and PFSO;
• ensuring consistency between security and safety requirements;
• ensuring that all SSA and SSP are ship specific; and
• ensuring that alternative or equivalent arrangements are implemented and maintained.

Duties and Responsibilities of a SSO

Every ship must have a designated SSO.

The duties and responsibilities are:

• undertaking regular security inspections of ship to ensure adequate security measures are taken;
• maintaining the SSP and its amendments if any;
• co-ordinating security aspects of handling of cargo, ship’s stores etc. with shipboard personals and port authorities;
• proposing modifications to the SSP;
• reporting any deficiencies to CSO during audits or inspections;
• enhancing security awareness and vigilance on board;
• ensuring adequate training provided to shipboard personals;
• reporting all security incidents;
• co-ordinating implementation of the SSP with CSO and PFSO; and
• ensuring that security equipment is properly operated, tested, calibrated and maintained.

Port Facility Security Assessment (PFSA)

PFSA is an essential and integral part of developing and updating Port Facility Security Plan (PFSP).

The Contracting Govt or the Recognized Security Organization, who must have appropriate skills, carries out PFSA. It must be periodically reviewed and updated taking into account any fresh security threats or changes in the port facilities.

The PFSA shall include the following:

• identification and evaluation of important assets and infrastructures which need protection;
• identification of possible threats and the frequency of occurrence;
• identification of procedural changes in reducing vulnerability; and
• identification of weaknesses including human factors in the infrastructures, policies and procedures.

Port Facility Security Plan can be applicable to more than one port if accepted by the Contracting Govt. The methodology used to make the PFSA should be recorded.

Port Facility Security Plan (PFSP)

Port Facility Security Plan is developed and maintained based on the Port Facility Security Plan for each port facility. The plan provides for Security Level 1, Security Level 2 and Security Level 3. A RSO may be asked to prepare the PFSP, which needs to be approved by the Flag State Authority.

The Port Facility Security Plan (PFSP) will address the following:

• measures designed to prevent weapons, dangerous substances and devices into the port;
• measures designed to prevent unauthorised access to port facilities, ships and restricted areas;
• procedures to respond to various security levels and maintaining critical port operations;
• procedures to implement security instructions from Contracting Govt on Security Level 3;
• procedures for evacuation, interfacing, periodical review of plans and updating, reporting security incidents and breaches;
• assignment of a PFSO, his duties and his 24 hours contact details;
• ensure security of the PFSP, effective cargo security and port facilities; and
• procedures for auditing of the PFSP, responding to security alert of a ship in port,facilitate shore leave of ship’s personals and visitors.

The auditors must be independent. The Port Facility Security Plan (PFSP) may be combined with other ports. Changes in the plan must be approved by the Contracting Govt. The plan may be kept in an electronic format and must be protected from deletion, destruction or amendments. The plan must be protected from unauthorised access or disclosure.

Duties and responsibilities of a Port Facility Security Officer

Port Facility Security Officer is a designated officer for the port facilities.

His duties and responsibilities include:

• conducting an initial comprehensive port security survey of all port facilities;
• developing and maintenance of Port Facility Security Plan (PFSP) ;
• implementation and exercise the Port Facility Security Plan (PFSP) ;
• undertaking regular security inspections to continue with appropriate security measures;
• recommending and modifying PFSP to correct deficiencies and incorporate changes;
• ensuring security awareness among port personals, training them, reporting to relevant authorities and maintaining records of security occurrences;
• co-ordinating implementation of PFSP with CSO, SSO, security services;
• ensuring standards of security are met;
• ensuring the security equipment are operated, tested, calibrated and maintained; and
• assisting the SSO in confirming the identity of those seeking to board the ship.

The Port Facility Security Officer must be given the necessary support to fulfil his duties as per the ISPS code.

Certificate issued to a port under the ISPS code

The certificate issued to a port facility under the ISPS code is a ” Statement of Compliance of a Port Facility “.

Continuous Synopsis Record (CSR).


Continuous Synopsis Record is issued by the FSA in the format developed by IMO and contains the following information:

• name of the State flag the ship flies;
• date of registry, identification number, name of the ship, port of registry, name and full style address of the registered owner, bareboat charterer(s), company which carries out the safety management services;
• name of all classification societies, the ship is classed;
• name of the Flag State Authority and Contracting Govt, who issued the Document of compliance;
• name of the Recognized Security Organization, who audited the ship for ISM;
• name of the Flag State Authority, Contracting Govt or the Recognized Security Organization, who issued the International Ship Security Certificate (ISSC);
• the date on which the ship ceases to be registered with that state.

Continuous Synopsis Record should incorporate any changes in the above information. Continuous Synopsis Record must be in English, French or Spanish along with a translation in the working language of the ship and to be kept on board available for inspections at all times. Contracting Govt will co-operate in passing all the information in case of change of Contracting Govt or Flag state Authority.

Functional requirements of a Ship Security Alert System (SSAS)?

What happens when the SSAS is alerted on board?

SSAS, when activated, shall:

• initiate and transmit a ship-to-shore security alert to a competent authority as designated by the Flag State Authority
• It also alerts the CSO. SSAS gives the identity of the ship and her exact
location indicating that the security of the ship is under threat or compromised;
• not send security alert to other ships or raise audio or visual alarm on board; and
• continue the ship security alert until deactivated or reset.

SSAS should be activated from the bridge and one more location on the ship. It should be so designed to prevent inadvertent activation.

Whenever a Flag State Authority receives SSAS signal, it must activate the Contracting Govt close to the ship to seek help on breach of security on a ship.

Protocol of communication under the ISPS code

Protocol of communication under the ISPS code means that Communications must follow a certain order

i.e. SSO – Master – CSO – FSA – CG and viceversa and similarly
PFSO – FSA – CG and viceversa.

One thought on “Understanding ISPS Code”

Leave a Reply

Your email address will not be published. Required fields are marked *