Practical Approach to Compliance of ISPS Code

To assist shipowners in complying with the ISPS Code, HudsonTrident has developed a methodology that employs a practical, step-by-step approach.

Time is of the essence.

By July 1, 2004, on board Ship Security Assessments based upon threat assessments conducted by competent security professionals must have been completed. Ship Security Assessment Reports must have been prepared and Ship Security Plans based upon the Ship Security Assessment Reports must have been written and implemented on board ship.

In addition, training of all ship and company personnel must have been conducted, drills carried out and records produced during what we anticipate will be the 90-day implementation period. All this must be accomplished before the shipowner can request the flag state to attend each vessel to verify compliance and issue the International Ship Security Certificate (ISSC).

Step 1: Appoint and train the Company Security Officer (CSO).

The CSO is the person ashore designated by the company to develop and maintain the Ship security Plan and to liaise with the Port Facility Security Officer and the Ship Security Officer (SSO) for each vessel in the company fleet.

CSO Duties

Conduct the initial security survey and thereafter the annual security surveys.

Maintain and modify the ship security plan annually to satisfy all security requirements and ensure consistency with terminal security plans.

Coordinate implementation of the ship security plan with the port facility security officer.

Coordinate reporting of crimes and serious offenses to law enforcement.

Ensure appropriate training is provided for all personnel responsible for security.

Ensure security awareness and implementation.

Step 2: Conduct an onboard Ship Security Assessment of each vessel in the fleet.

This required assessment is a risk-based analysis of security-related threats faced by each ship the company operates. The Ship Security Assessment should address the particulars of the ship, its cargoes and crew and the ports to which it trades. The assessment should also consider the likelihood of various security-related scenarios and possible responses to those scenarios.

The Ship Security Assessment is the critical starting point in developing the Ship Security Plan. In fact, the plan is developed directly from the assessment and the report generated from it, and the assessment must be attached to the plan when it is submitted for approval.

The Ship Security Assessment process, which is conducted under the direct supervision of the CSO, begins with an assessment of the threats faced by the ship in the areas where the ship trades. The security threats identified in the threat assessment must be addressed in the Ship Security Assessment, which evaluates existing security measures, procedures, key shipboard operations and security weaknesses.

Ship Security Assessment Report

A Ship Security Assessment Report is then developed from the Ship Security Assessment and becomes a permanent part of the ship’s records.

Step 3: Develop a Ship Security Plan specific to each vessel in the Fleet and submit to the flag state for approval.

With the ship Security Assessment Report in hand, the Ship Security Plan must be drafted to meet the requirements of the ISPS Code.

The Ship Security Plan is intended to make sure that appropriate measures are taken on the ship to protect those on board the vessel, its cargo and the ship itself from the risks of a security incident.

These measures must vary with the security level prevailing in the port.

Elements of the Ship Security Plan

Measures designed to prevent unauthorized weapons, dangerous substances and devices from being introduced.

Identification of the SSO and CSO.

Identification of the restricted areas and measures to prevent unauthorized access.

Procedures for responding to security threats or breaches of security.

Procedures for inspection, testing, calibration and maintenance of any security equipment.

Locations of ship security alert system activation points.

Procedures, instructions and guidance on the use of the ship security alert system.

Procedures for evacuation.

Duties of shipboard personnel.

Procedures for auditing, training, exercises and drills - interfacing with port facility security activities - and periodic review and reporting security incidents.

Ship Security Approval Process

Security Levels:

Security Levels. also called MARSEC levels in the US, are the key to understanding the requirements of the Ship Security Plan

Security Levels

Objective

Description

Level 1

Detection
Security Level One is considered the “normal” for operating procedures, whereby access to the ship is controlled, deck areas are monitored. Control is also exerted over the embarkation of persons and their effects. Supervision for handling cargo and ship stores will be necessary, and port-specific security communication must be in place before entering port.

Level 2

Deterrence
Security Level Two means additional protective measures for access control, security procedures and restricted areas.

Level 3

Defense
Further specific protective measures are needed at this security level that include a single controlled access point to the ship, a suspension of cargo-handling operations and a search of the restricted areas.

While the ISPS Code permits a contracting government to appoint an RSO to review the Ship Security Plan, the plan must be approved by the flag state.

Step Four: Appoint and train Ship Security Officer (SSO) for each vessel.

The fourth step is to appoint and train an SSO for each ship in your fleet. That officer will implement the plan on board and is accountable to the Master, crew and port for the security of personnel, cargo and the ship itself. He is also responsible for the implementation and maintenance of the Ship Security Plan and for liaison with the CSO and Port Facility Security Officer. The SSO must be able to react quickly and effectively to any situation for which he is responsible, and he must be able to do so in a manner that has the least potential for harm to life.

SSO Duties

• Performs regular security inspections of the ship.
• Implements and maintains security plan.
• Proposes modifications to correct deficiencies.
• Ensures security awareness and vigilance on board and within terminals.
• Ensures adequate training provided for all personnel responsible for security.
• Reports all occurrences or suspected occurrences of unlawful acts committed on board to Master and CSO.

Step 5: Implement Ship Security Plan on ship.

Once the plan has been submitted for approval, it must be implemented on board. During the implementation period the owner must:

Provide general security awareness training to the entire crews.

Provide crew with appropriate training for specific security duties.

Ensure crew has been drilled.

Compile records of training and drills.

Conduct internal audit to confirm compliance.

HudsonTrident recommends a 90-day implementation period to train and drill the crew properly and to develop the track record necessary to establish compliance.

We understand that a number of class societies are considering requiring such a time period before verification can take place. Only when all this has been accomplished will the certifying authority attend on board to verify compliance and issue the International Ship Security Certificate (ISSC).

Crew Training Requirements

All hands should be familiar with the Ship Security Plan, security level requirements and emergency procedures. They should be able to recognize and detect weapons, dangerous substances and devices; they should be able to distinguish characteristics and behavioral patterns of potential terrorists.

Crew members with security jobs must be able to understand current security threats and patterns, as well as crowd management and control. They have the responsibility for physical searches of people, personal effects, baggage, cargo and ship stores. They should be able to operate, test, calibrate and maintain security equipment and systems.

Step 6: Obtain implementation verification and ISSC certification.

HudsonTrident believes it likely that only after the 90-day implementation period can an owner obtain certification.

The ISSC, which is valid for five years, will require intermediate verification between the second and third years.

Given the requirements of the ISPS Code and the deadline looming on the horizon, what should a prudent shipowner do?

Immediately appoint a Company Security Officer (CSO).

Train the CSO in his obligations under the ISPS Code.

Consider seeking outside assistance.

HudsonTrident’s team is balanced to provide expertise from both security and commercial viewpoints. We have:

Conducted fleet audits and training projects for tankers and luxury passenger ships.

Formulated procedures for ship security assessments that include threat assessments.

Completed numerous ship security assessments around the world.

Created company security officer (CSO), ship security officer (SSO) and ship security assessor training and qualification courses.

Completed a draft ship security plan to comply with requirements of the ISPS Code.

Conducted port and terminal facility security assessments for major US ports for the Department of Homeland Security.

Conducted security assessments for nation states.

Tested Methodology

HudsonTrident’s methodology is a practical process approach to compliance, which is cost-effective and beneficial to the shipowner.

Remember, time is of the essence. The financial risk to your business should you fail to meet the ISPS deadline is enormous. The cost of outside, competent maritime security experts is miniscule when compared to the potential costs of failure to comply. Whatever you do, do not delay.

Instructions for Printing