ISPS Code for ITIC Members - Background

Background

In December 2002 the International Maritime Organisation (IMO) adopted a number of amendments to the 1974 Safety of Life at Sea (SOLAS) Convention including The International Ship and Port Facilities Security (ISPS) Code. The ISPS Code applies a series of measures to strengthen maritime security and prevent acts of terrorism against shipping; the Code will come into force on 1st July 2004 and contains detailed security related requirements for governments, port authorities and shipping companies in a mandatory section (Part A) together with a series of guidelines about how to meet these requirements in a second, non-mandatory, section (Part B). In the United States of America, Part B will also be mandatory with effect from 1st July 2004.

Objectives of the Code

1. To detect security threats and take measures to prevent security incidents affecting ships or port facilities used in international trade.
2. To establish the respective roles and responsibilities of the Contracting Governments, Government agencies, local administrations and the shipping and port industries for ensuring maritime security. 
3. To ensure the collection and exchange of security related information.
4. To ensure plans and procedures are in place to react to changing security levels.
5. To ensure confidence that adequate and proportionate maritime security measures are in place.

To what does the Code apply?

1. The following types of ships engaged on international voyages: 

 a. passenger ships, including high speed passenger craft; 
 b. cargo ships including high speed craft of 500 gross tonnage and upwards;
 c. mobile offshore drilling units.

2. Port facilities serving ships engaged on international voyages.

In essence, the ISPS Code takes the approach that ensuring the security of ships and port facilities is basically a risk management activity and that, in order to determine what security measures are appropriate, an assessment of the risks must be made in each particular case. The purpose of the ISPS Code is to provide a standardised, consistent framework for evaluating risk, enabling governments to offset changes in threat levels with changes in vulnerability for ships and port facilities. This risk management concept will be embodied in the ISPS Code through a number of minimum functional security requirements for ships and port facilities.

Responsibilities of Contracting Governments

Under SOLAS chapter X I-2 and part A of the Code, Contracting Governments can establish designated authorities within government to undertake their security responsibilities under the Code. Governments or designated authorities may also delegate the undertaking of certain responsibilities to Recognised Security Organisations (RSOs) outside government.

The setting of the security level applicable at any particular time will be the responsibility of Contracting Governments and will apply to their ships and port facilities. The code defines three security levels for international use:

Security Level 1: normal;
Security Level 2: lasting for the period of time when there is a heightened risk of a security incident. Involves enhanced security measures;
Security Level 3: lasting for the period of time when there is a probable or imminent risk of a security incident.

Levels 2 and 3 may involve a Declaration of Security (DOS) - paragraph 5 of part B of the Code requires a DOS when the Contracting Government of the port facility or the ship deems it necessary. It is likely that a DOS will be necessary where a ship has a different security level to the port at which it intends to call. If the ship has a security level of 3 this could result in the evacuation of the ship or its movement out of the port facility. The main purpose of a DOS is to ensure agreement is reached between the ship and the port facility, or with other ships with which the ship interfaces, as to the respective security measures each will undertake in accordance with the provisions of their respective approved security plans.

Ship's Requirements

1.  Ship security officer (SSO) - a person on board the ship, accountable to the Master, and responsible for the security of the ship. It is important to note that the Master, notwithstanding the presence of the SSO, retains overriding authority and responsibility to make decisions about the safety and security of the ship.

2.  Ship security assessment (SSA) - this is the responsibility of the company security officer (CSO). Detailed guidelines for carrying out a security assessment of a ship are provided in Part B of the Code.

3.  Ship security plan (SSP) - to be drawn up pursuant to the assessment, setting out the requirements for the ship in order to maximise its security. The SSP will include security measures to be taken by the ship when not interfacing with an ISPS compliant ship or port facility. The plan itself must be kept confidential.

4.  International Ship Security Certificate - to be issued by the Administration of the flag state or a recognised security organisation acting on behalf of the Administration, once all the above procedures have taken place to its satisfaction.

Port Facilities' Requirements

1.  Port facility security officer (PFSO) - a person responsible for the development, implementation, revision and maintenance of the port facility security plan and for liaison with Ship Security Officers and Company Security Officers.

2.  Port facility security assessment - this will be carried out by the Contracting Government or a recognised security organisation acting on behalf of the Contracting Government.

3.  Port facility security plan - drawn up pursuant to the assessment, setting out the requirements for the port in order to maximise its security. The PFSP will include security measures to be taken by the port facility when not interfacing with an ISPS compliant ship. The plan itself must be kept confidential.

The Code provides clear guidelines as to the role and training of the officers, what is required to complete an assessment and what the plans must contain, including different provisions for different security levels.

Shipping Companies' Requirements

All shipping companies (which may be the owners, operators or managers of the ship) operating ships to which the Code applies must have:-

Company security officer - a person to ensure that a ship security assessment is carried out, and that the ship security plan is developed, implemented and maintained, and to liaise with ship security officers and port facility officers.