The world changed forever after the tragic events of September 11, 2001. It made us all realize how vulnerable our global security systems were, even when it came to the maritime industry.
The result of this shifting mindset was The International Ship and Port Facility Security (ISPS) Code.
The International Maritime Organization (IMO), a specialized agency of the United Nations, played a pivotal role in developing the ISPS code, which came into force on July 1, 2004.
The code aims to codify international cooperation, provide a calibrated methodology for security assessments, and ensure that adequate and proportionate maritime security measures are in place worldwide.
In today’s blog, we’ll discuss some of the provisions and requirements of the ISPS code so port operators can remain compliant and secure.
Introduction to the ISPS Code
The ISPS Code was designed to mitigate risks to maritime security and prevent acts of terrorism that could disrupt global trade and cause significant economic repercussions.
The ISPS code establishes an international framework for cooperation between contracting governments, government agencies, local administrations, and the shipping and port industries. The primary aim is to detect security threats and take preventative measures against security incidents affecting ships or port facilities used in international trade.
Who Does the ISPS Code Apply To?
The ISPS Code applies universally to ships engaged in international voyages and the port facilities serving them. Here are the key areas of its applicability.
Ships
Any ship engaged in international voyages, including:
- Passenger Ships, including ferries.
- Cargo Ships of 500 gross tonnage and upwards, including container ships, bulk carriers, and oil tankers.
- Mobile Offshore Drilling Units (MODUs).
Port Facilities
Any port facility that serves the ships outlined above is subject to the ISPS code.
The code mandates these facilities to have security plans and measures in place to address risks associated with the ships and the goods they transport or handle.
Provisions of the ISPS Code, Part A: Requirements
The ISPS Code is divided into two parts: Part A, which contains mandatory requirements, and Part B, which provides guidelines on how to comply with these requirements.
Part A outlines requirements such as:
Security Assessments
Part A of the ISPS code requires both ships and port facilities to conduct security assessments to identify potential security threats and outline the necessary measures to prevent security incidents.
Security Plans
Following the security assessments, ships and ports must develop security plans.
Ship response plans must be approved by the flag state.
Ports must specify the preventive measures to be taken to protect against a security incident.
Security Officers
Ships, ports, and shipping companies are all required to designate security officers responsible for the security plans.
- Ships must have a designated ship security officer (SSO) responsible for the security of the ship.
- Every shipping company must appoint a company security officer (CSO) to oversee the security of their fleet and compliance with the ISPS code.
- Every port facility must designate a port facility security officer (PFSO) to implement and maintain the port facility security plan (PFSP).
Security Procedures
The Code outlines various security measures and procedures that must be in place at different security levels (1 through 3, with 3 being the highest).
These include features such as:
- Access control.
- Monitoring and control of a ship or facility’s perimeter.
- Procedures for handling cargo, ship stores, and ship personnel.
Provisions of the ISPS Code, Part B: Guidelines for Compliance
Part B provides a comprehensive set of guidelines to assist in the implementation of Part A.
Guidance on Training
While not mandatory, part B offers best practices and detailed guidance on training for security personnel, including SSOs, CSOs, and PFSOs.
Detailed Security Measure Suggestions
This section also contains suggestions for practical security measures that can be implemented at each security level.
Templates and Checklists
Finally, the section contains templates for conducting security assessments, as well as checklists for developing security response plans.
Compliance and Further Reading
Compliance with the ISPS Code is enforced through a combination of flag state and port state control.
To prove compliance, ships must carry a valid International Ship Security Certificate (ISSC), issued by the ship’s flag state or an authorized Recognized Security Organization (RSO).
Ports are issued a Statement of Compliance of a Port Facility (SoCPF) by the national authority or a Recognized Security Organization (RSO) authorized to act on its behalf.
Compliance Resources
For more information on the code, see these resources:
- The IMO’s ISPS overview
- ISPS FAQ
- OAS’ Verification and Compliance Manual for Port Security Officials
Supplement Physical Security with Tideworks’ Secure Software Solutions
The process of remaining compliant with the ISPS code is designed to be rigorous and continuous.
Bad actors look for weak points and easy targets, meaning that companies who take physical security lightly are more vulnerable to cyber-attacks, and vice versa.
As part of your security upgrades, consider a software solutions partner who understands the importance of physical and cyber security.
Tideworks’ software solutions were developed from the ground up with terminal operators in mind. We know the importance of data security in terminal operations, and the critical role they play in supplementing the physical security of ports and ships.
Contact Tideworks today and let’s talk about how we can help secure your marine terminal operations.