Questions and Answers - Maritime Security

You are here: Home > Ships and Cargoes > Legislation and Guidance > International Ship and Port Facility Security (ISPS) Code >

Quick Links
International Ship & Port-facility Security Code (ISPS Code)
Requirements of the ISPS Code
ISPS Code Compliance
The EU Regulation
International Ship Security Certificate (ISSC)
Ship Security Assessment and Plan
Ship’s Identification (IMO) Number
Company Security Officers & Ship Security Officers
Domestic Voyages
Entering a Foreign Port
Vessels Visiting the USA
Offshore Installations
Tasks for the MCA
Further Information

International Ship & Port-facility Security Code (ISPS Code)

Q1.What is the ISPS Code?
A1. The ISPS Code and new provisions in the International Convention for the Safety of Life at Sea, 1974 (SOLAS) were adopted by contracting Governments of the International Maritime Organisation on 12 December 2002 to enhance maritime security.These new requirements form the international framework through which ships and port facilities co-operate to detect and deter acts which threaten security in the maritime transport sector.

The ISPS Code provides further detail and guidance on the measures outlined in the new SOLAS Regulations. Part A of the Code contains the mandatory requirements which Contracting Governments must implement taking into account the detailed guidance in Part B of the Code.

Q2. Who is responsible for implementing the ISPS Code in the UK?
A2. Transport Security Division (TRANSEC), which is part of the Department for Transport (DfT), has overall responsibility for implementing the requirements of the ISPS Code in the UK and deals primarily with port facility and passenger ship security. The Maritime and Coastguard Agency (MCA) is responsible for cargo and freight ship security.

Q3 Who does the Code apply to?
A3.The following types of ships engaged on international voyages: Passenger ships, including high- speed passenger craft, cargo ships, including high-speed craft, of 500 gross tonnage and upwards Mobile offshore drilling units; and Port facilities serving such ships engaged on international voyages

Requirements of the ISPS Code

Q1. What are the requirements of the ISPS Code?
A1.

Responsibilities of Contracting Governments, e.g setting security levels and providing guidance for protection from security incidents ,establishing the requirements for a Declaration of Security, testing the effectiveness of ship security plans and or port facility security plans and exercising control and compliance measures in accordance with SOLAS X-1 2/9;
A Declaration of Security addressing the security requirements that could be shared between a port facility and a ship (or between ships) and stating the responsibility each shall take.
Obligations of the company to “ensure the ship security plan contains a clear statement emphasizing the master’s authority” and “ensure the company security officer, the master and the ship security officer are given the necessary support to fulfil their duties and responsibilities”.
Ship security with activities defined as to how a ship is required to act upon security levels set by Contracting Governments.
Ship Security Assessments to be “carried out by persons with appropriate skills to evaluate the security of a ship” and to include an on-scene survey and a number of other elements.
Ship Security Plan approved by the Administration and carried on board ship.
Records of certain “activities addressed in the ship security plan shall be kept on board for at least the minimum period specified by the Administration” These records to be protected from unauthorised access or disclosure.
Provisions for designated company security officers and ship security officers.
Training, drills and exercises concerning ship security.
Verification and certification for ships.

Other requirements under Amendments to SOLAS chapters V and XI include:

Carriage requirements for ship borne navigational systems and equipment.
Requirements as to where and how the ship’s identification number will be permanently marked.
Every ship to which chapter I of SOLAS applies must have a Continuous Synopsis Record containing specified information.
Provision of a ship security alert system as specified in SOLAS XI-6

ISPS Code Compliance

Q1. Which Internationally trading Ships need to comply with the ISPS Code?
A1. The ISPS Code and the Amendments to SOLAS apply to the following types of ships engaged on international voyages:

Passenger ships, including high-speed passenger craft.
Cargo ships, including high-speed craft, of 500 gross tonnage and upwards, and also including commercial yachts carrying over 12 fare paying passengers.
Mobile Offshore Drilling Units (MODUs).

They also apply to port facilities serving such ships engaged on international voyages.

Q2. To what domestic trading ships does the ISPS Code apply?
A2 EU Regulation 725/2004 on enhancing ship and port facility security requires Class A passenger ships within the meaning of Article 4 of Council Directive 98/18/EC and their companies and to port facilities serving them to comply fully by 1/7/05. Additionally following a risk assessment passenger ships carrying more than 250 passengers and tankers of 500 gt and above should comply with specific measures by 1/7/07. Please apply to?? For details.

Q3. What method of calculation is used to determine the 500 tonnage limit for compliance with the ISPS Code?
A3. IMO clarified through MSC/Circ.1157 that TONNAGE 69 should be used to determine whether cargo ships comply or not. An interim scheme where cargo ships and companies operating such ships which were not initially required to comply with the ISPS Code requirements will comply not later than 1 July 2008

INTERIM SCHEME FOR THE COMPLIANCE OD CERTAIN CARGO SHIPS WITH THE SPECIAL MEASURES TO ENHANCE MARITIME SECURITYPlease click here

Q4. To what extent does the ISPS code apply to commercial and private yachts?
A4. The ISPS Code will apply to commercial yachts over 500 GT. It will not apply to commercial yachts under 500GT or to private yachts. A yacht carrying over 12 fare paying passengers will be classed as a passenger vessel. If it is also over 500 gt and engaged on international voyages, then the ISPS Code will apply. The reference to this in the code is ISPS Code reference is A/3.1.1.

Q5. If a mega yacht is used solely for the owner’s purposes, and all 12 passengers are carried as guests. Do they have to comply with ISPS?
A5. Yes, because they are a cargo vessel over 500gt. Passengers are defined in SOLAS as persons who are carried and are not members of the crew, so it does not matter whether they are commercial or private.

The EU Regulation

Q1. What is the objective of the EU Regulation?
A1. The objective of the EU Regulation (currently in draft) is to introduce and implement Community measures aimed at enhancing the security of ships used in international trade and domestic shipping and associated port facilities in the face of threats of intentional unlawful acts. The Regulation is also intended to provide a basis for the harmonised interpretation and implementation and Community monitoring of SOLAS security amendments and the ISPS Code.

Q2. Will there be security measures for all other ships?
A2. The EU Regulation is expected to be authorised by the European Parliament and the Council of the European Union in October 2003.The Regulation will expect Domestic Class A passenger ships[1] to apply the SOLAS amendments and the ISPS Code[2] in full by 1 July 2005.

Other domestic ships must apply the SOLAS amendments and the ISPS Code by 1 July 2007. Member States may decide, on the basis of the results of a security risk assessment, not to apply these provisions to other domestic ships provided that the overall level of security is not comprised.

Q3. Does the EU Regulation recognise that the UK is the contracting Government for the Red Ensign Group?
A3. No

International Ship Security Certificate (ISSC)

Q1. How do UK registered ships gain a UK International Ship Security Certificate (ISSC)?
A1. The following steps need to be taken:

Appoint and organise approved training for, the Company Security Officer and Ship Security Officers.
Ensure a Ship Security Assessment (ISPS Code A/8.2) is undertaken for each ship by people with appropriate skills. This will include as on-scene survey of the ship (ISPS Code A/8.4) and could involve the use of a consultant.
Approve the Ship Security Assessment (ISPS Code A/8.5)
Develop a Ship Security Plan (ISPS Code A/9.4) taking into account the findings of the Ship Security Assessment. This could involve the use of a consultant.
Implement Ship Security Plan (SSP) and submit SSP and Ship Security Assessment for approval to TRANSEC for passenger ships or MCA for cargo ships. The UK is not authorising Recognised Security Organisations.
Arrange for an internal review of the ship security system prior to verification visit.

Q2. If an SSP is approved and AIS is installed by 1^st July 2004, will an International Ship Security Certificate be issued, in spite of not having permanent markings or Ship Security Alert System fitted?
A2. Yes if all other aspects of Security are complied with you will be issued with an ISSC, on the verification audit it is likely that the auditor will make comment on this for records, the two items will not prevent issue of the ISSC.

Ship Security Assessment and Plan (SSA and SSP)

Q1. Why do ships need to have a Ship Security Assessment and a Ship Security Plan?
A1. The Ship Security Assessment (SSA) is an essential and integral part of the process of developing and updating Ship Security Plans (SSP).

Q2. What language does the Ship Security Plan need to be in?
A2. The SSP is to be developed from the SSA written in the working language of the ship. If that language is not English, French or Spanish a translation into one of these languages shall be included. The reason for the translation is that different parts of the plan could be inspected by port state officers if clear grounds for non-compliance are established.

Q3. Is a ship visit required before an SSP is approved?
A3. There is currently no requirement in either SOLAS XI-2 or the ISPS Code for this to take place. MCA have based their maritime security process on the basis of a single ship visit for the verification. However, for training purposes a limited number of ship visits will be made to liaise with CSO regarding SSA and SSP.

SOLAS XI-2  No mention is made here of SSP approval.
ISPS Part A
Section 9.1   Requires Administration to approve SSP
Section 9.3   Requires SSPs submitted for approval to be accompanied by SSA (8.4 SSA shall include an on-scene survey by persons with appropriate skills - 8.3)
Section 9.5   Requires administrations to specify which changes to SSP require approval
ISPS Part B
Para 9.6 Requires SSP security measures to be in place before initial verification

Q4. Will there be charge for Ship Security Plan (SSP) Approval?
A4. There are no costs at present for plan approvals, verifications visits, inspections, issuing ISSC’s and approving auditing training providers, these will be met by the Government.There is a possibility charges will be levied should a ship visit be requested prior to approval of an SSP.

Q5. When do we need to have Ship Security Alert Systems?
A5. Ship Security Alert Systems should be fitted after the ships first radio survey after 1^stJuly 2006.

Ship’s Identification (IMO) Number

Q1. Are IMO Numbers required before the first dry-dock after July 2004?
A1. IMO Numbers do not need to be fitted until first dry-dock after July 2004. Please note if dry-docking before then it would be suggested that they are applied sooner rather than later

Q2. How should the Ships Identification Number (SIN) be marked on a Ship?
A2. The marking shall be plainly visible and painted in a contrasting colour in the form of “IMO XXXXXXX”. On ships constructed of steel or metal the marking shall be made by:

raised lettering, or
cutting it in, or
centre-punching it, or
any equivalent method of marking which is not easily expunged.

Q3. Where should the marking of the SIN go?
A3. Externally the permanent marking shall be clear of any other markings on the hull and shall be not less than 200 mm high (width proportionate to the height). The positioning of the external marking is subject to a range of options:

on the stern of the ship, or
either side of the hull, amidships port and starboard, above the deepest assigned load line, or
either side of the superstructure port and starboard, or
on the front of the superstructure, or
In the case of passenger ships, on a horizontal surface visible from the air.

Internally the permanent marking shall be in an easily accessible place and shall be not less than 100 mm high (width proportionate to the height). The positioning of the internal marking is also subject to a range of options:

on either end of the transverse bulkheads of machinery spaces as defined in regulation II-2/3.30, or
one of the hatchways or
in the case of tankers in the pump room, or
In the case of ships with ro-ro spaces as defined in regulation II-2/3.41, on one of the end transverse bulkheads of the ro-ro space.

Company Security Officers & Ship Security Officers

Q1. Why is there a need for a Company Security Officer and Ship Security Officer?
A1. Shipping companies are required to designate a Company Security Officer (CSO) to co-ordinate the security activities of the company and its ships on one hand and port facilities and Governments on the other. The CSO is also responsible for ensuring the security systems are fully maintained and internally audited. Each ship is to have a designated Ship Security Officer (SSO), who may be the ships master.

The CSO and SSO are required to have knowledge of the security system and to have received appropriate training; this also applies to other personnel assigned security duties. In addition to maintaining the SSP they are to ensure its effective implementation by carrying out drills and exercises at appropriate intervals. The guidance gives a three month interval for drills, or within a week of changing more than 25% of the crew (if they have not participated in a drill on that ship within 3 months) and annual exercises.

Q2. What arrangements need to be made in the case of a one–ship company where the master is the owner/operator, regarding the appointment of a Company Security Officer (CSO)?
A2. The ISPS Code requires a shore based CSO to be appointed

Q3. In the case of a company, for what ever reason, eg small size, appoints another person not a company employee, ie an agency to act as CSO for them, in a similar way as ISM allows this for the DPA function?
A3. The ISPS Code doesn’t specifically disallow this therefore it could be a runner. However the Code does impose some executive powers in the CSO such as ensuring the SSA’s are carried out (A?11.2.2) etc which would need addressing.

Q4. Multi flag management companies, Does the CSO have to have an MCA validated certificate?
A4. No, if the number of ships on another flag exceeds the number on the UK flag, then that Flag’s CSO course would be required. You can always check with Seafarer Standards. Tel: 023 80329231.

Q5.What would need to be addressed by a Training Provider regarding a ‘conversion course’ for CSOs to do the SSO Course, and vice –versa ?Also, what would be required from the Training Provider in order for them to do a combined CSO/SSO Course, if they were already approved for both separately?
A5. This is being looked over by Seafarer Standards at the moment. The demand for a ‘conversion course’ is not seen as high and has been given low priority. However the possibility of a combined course (duration 5 days) is being investigated.

Q6. Does MCA recognise CSO/SSO courses provided by class societies like Bureau Veritas (BV), Det Norske Veritas (DNV), Germanischer Lloyd (GL) etc?
A6. MCA will recognise them if they have gone through the approval process.

Q7. If the CSO moves on, leaves the company etc, if the SSP is sealed then does it have to be returned to the Flag State for amendment?
A7. Do not return the SSP as we could be inundated. It could be amended on board by the first available MCA Surveyor to visit the vessel for any survey as you would for class items, minor changes in certificates etc. Also inforn your Security Liaison Officer so the copy of the plan can be amended. This would be the same for all amendments.

Q8. How can I find out who MCA have approved to conduct ISPS related training courses for CSO and SSO?
A8. Please contact the Seafarer Standards branch on 023 80329231.

Q9. Can a CSO request a Declaration of Security?
A9. A company can instruct the SSO to request a Declaration of Security.

Q10. Will there be a vetting procedure for CSOs, SSOs and PFSOs (Port Facility Security Officers)? A10. CSOs and SSOs will not be vetted. It would be very difficult to vet SSOs in particular bearing in mind most would not be UK citizens. Regarding PFSOs, bearing in mind the limited numbers of PFSOs it is likely they will be vetted though the final decision remains to be made by TRANSEC.

Entering a Foreign Port

Q1. What should a ship do when entering a Foreign Port?
A1. When ships are intending to enter a foreign port they may be required to provide information by the port state including:

Confirmation the ship possesses a valid ISSC,
Security level at which the ship is operating,
Security level at which the ship operated in the last ten ports of call,
Special or additional security measures undertaken at the last ten ports of call,
Confirmation that appropriate procedures were maintained during any ship-to-ship activity between the last ten ports of call,
Other practical security related information.

Q2. When should this information be provided?
A2. When a ship announces its intention to enter the port of a Member State, the competent authority for maritime security of that Member State shall require that the information referred to in paragraph 2.1 of Regulation 9 be provided:

At least twenty-four hours in advance; or
At the latest, at the time the ship leaves the previous port, if the voyage time is less than twenty-four hours.

Q3. What happens if all necessary information is provided but the member state believes we are not in compliance with the ISPS Code?
A3. If, after receipt of this information, there are clear grounds for believing that the ship is in non-compliance with the ISPS code, port state officers are to attempt to establish communications with and between the ship and its Administration in order to rectify the situation. Should this fail they may take proportionate steps that include:

A requirement to rectify the non-compliance,
A requirement that the ship proceed to a location specified in the country’s territorial seas or internal waters,
Inspection of the ship, if it is within their territorial sea,
Denial of entry into port.

Vessels Visiting the USA

Q1. Will the USCG review/approve Vessel Security Plans submitted by owners and operators of non-US ships that expect to call at US ports for compliance with US regulations promulgated under the MTSA, if so requested by the submitter?
A1. We have consistently taken the position that security plans for foreign flag SOLAS vessels do not have to be submitted to the Coastguard. The regulations we published on July 1^st and then finalised last month make this clear. We have also gone on record with that position with our oversight committees in Congress. The Coastguard fully intends to abide by the reciprocal obligations in SOLAS and the ISP code regarding ISSCs and security plans. The Coastguard will not approve foreign SOLAS vessel security plans even if requested by the owners or operators. The US Administration is convinced that the SOLAS amendments and the ISPS Code provide an excellent framework for minimising the threat of terrorism in the maritime community. The United States should not alone battle this world wide threat. We need the help of the 102 signatories.

Q2. Does the USG concur with the contention that a foreign ship owner that fails to comply with the unique security plan requirements of the MTSA runs the risk of not being able to limit its liability in the event of a terrorist attack involving the vessel in US waters because, under US law, the owner must show compliance with applicable laws and regulations before a limitation of liability will be allowed?
A2. Specifically with regard to the limitation of liability issue, the MTSA and our regulations do not address third party liability. We have concluded however, that the requirements of the MTSA are satisfied through participation in the international regime and that an owner’s ability to limit liability is not in jeopardy by complying with the MTSA regulations. In our view, compliance with a plan will not only prevent a TSI (Transport Security Incident) but also will allow an owner of a SOLAS vessel who has complied with the SOLAS amendments and the ISPS Code to limit liability. This can be accomplished by those responsible for security effectively implementing its plan so that the requirements of the ISPS Code are met. Of course we re-emphasise the point that this assumes the plan being implemented fully complies with the SOLAS amendments and the ISPS Code and takes into account the relevant provisions of Part B. We will be vigorously overseeing this implementation through a very active port state control regime and through our foreign country audit program.

Q3. Can the USCG advise us of the additional requirements for Vessel Security Plans in the MTSA in relation to those for the Ship Security Plan in the ISPS Code which would need to be included in the Ship Security Plan to comply with the requirements of the MTSA of 2002?
A3. An International Ship Security Certificate issued under the ISPS Code will be accepted as prima facie evidence that the ship is in compliance with the MTSA and its implementing regulations, with the exception of 33 CFR Parts 104.240, 104.255 and104.295 as appropriate. We will verify implementation of the ship security plan through our robust port state control regime.

Offshore Installations

Q1. Concerning offshore installations, is a UK ship travelling from a UK Port to an installation in the UK sector considered to be on a domestic voyage, and if the installation is in a foreign sector, on an international voyage?
A1. A UK ship travelling from a UK port to an installation in the UK sector (of the North Sea) would not be travelling to a port, so this is not an international voyage. Even if the installation was in a foreign sector of the North Sea, it would still not be a port. The word port’ is not defined in SOLAS Chapter 1, however it is considered that it would be stretching the natural meaning too far to make it include an offshore installation.

Q2. What is the ISPS definition of a MODU?
A2.The reference to MODU is shorthand for that contained in SOLAS XI-2/1. MODU means a Mechanically propelled Offshore Drilling Unit as defined in regulation 1X/1 not on location.

Regulation IX/1 defines MODU as ‘a vessel capable of engaging in drilling operations for the exploration or exploitation of resources beneath the sea-bed such as liquid or gaseous hydrocarbons, sulphur or salt’.

IMO’s Maritime Safety Committee at its 77^th session, which met in May 2003 after the ISPS Code was ratified, agreed that Floating Production Storage and Offloading (FPSO) units and Floating Storage Units (FSU) were not subject to the ISPS Code. It was also agreed that Single Buoy Moorings (SBM) would be covered either by the security regime of the offshore facility or port facility as appropriate.

Q3. Will all MODUs be required to obtain ISSCs?
A3. If a MODU is mechanically propelled – ie able to make a voyage as opposed to being just able to move around a wellhead – it will need an ISSC, with no exceptions.

Tasks for the MCA

Q1. What tasks have the MCA been delegated to do?
A1. The MCA have been delegated the tasks of;

Approving ships’ security assessments and security plans, the associated verification activities for cargo ships and the issuing of ISSCs.
Undertaking inspections of foreign flagged ships visiting UK ports MCA’s through Port State Control Officers.
Issuing ships’ Continuous Synopsis Records. This is a document that remains with the ship for its whole life detailing, the ships’ identification number, name changes, ownership, operating company, ISM and ISPS issuing and maintaining authorities.
Communicating security levels set by TRANSEC to ships; both UK ships world-wide and foreign ships in UK waters.
Monitoring ships operating at higher security level than those set for UK Port Facilities.
Approving training courses for Company Security Officers and Ship security Officers.

Q2. What has MCA got to do to ensure the implementation deadline is met?
A2. TRANSEC are the policy leaders in maritime security, and the MCA implements that policy. MCA is undertaking plan approval for cargo ships while TRANSEC are continuing to do the same for passenger ships and for all ports.

A proactive approach is being taken with shipping companies following a joint letter from TRANSEC and MCA Directors setting out the requirements. We have assigned a named liaison officer to assist each company achieve compliance with the ISPS Code and they are making contact at the moment.

Q3. How far has the UK progressed with authorisation of Recognised Security Organisations?
A3. A policy decision agreed by Ministers was made in Spring 2003 that the UK would not be authorizing any RSOs as maritime security was seen as part of the larger national security domain and that approval of plans for ships and ports should remain within Government.

Q4. Are arrangements being made to put our photo/details on a secure part of the MCA website, so that if anyone arrives purporting to be us, the master SSO/CSO can check validity?
A4. These details are contained on your ID Card and can also be obtained by making a phone call to the Information Line on: 0870 600 6505. They maintain a database of who is authorised to do what to whom.

Further Information

Q1. Where can I purchase a copy of the ISPS Code?
A1. From the International Maritime Organisation, details as follows:
Product:     International Ship and Port Facility Code
Code:        1116E
Price:         £14.00
Tel:            + 44 (020) 7735 7611
Email:          publications-sales@imo.org
Website:      www.imo.org

Q2. Where can I find other Maritime Security related information?
You can contact us by:
Telephone: 02380329478
email: hq_maritimesecurity@mcga.gov.uk
Other useful sites are:
International Maritime Organisation - www.imo.org
Department for Transport – www.dft.gov.uk

Q3.With regard to queries on cargo and freight ship security, who is the contact point?
A3. The Maritime Security Branch of the Maritime and Coastguard Agency:

Maritime and Coastguard Agency
2/18 Spring Place
105 Commercial Road
Southampton
SO15 1EG
Tel: +44 2380 329 478

Fax: +44 2380 329 488
Email: hq_maritimesecurity@mcga.gov.uk
Website: www.mcga.gov.uk

Q4. Where can information on piracy be obtained?
A4. TRANSEC are the policy leaders on piracy (Matt Lemon tel: 020 7944 2884 email: matthew.lemon@dft.gsi.gov.uk) and issue formal guidance on piracy. MGN 241 has been updated and reissued as MGN 298, which is available on the M-net under Maritime Security/Controlled Documents. TRANSEC also issue occasional advice to Company and Ship Security Officers (copies of the circular letters can be found on our internal M-Net Site under Maritime Security/Transec Circulars to CSO's).

The International Chamber of Commerce (International Maritime Bureau) run a website click here

IMO publish monthly, quarterly and annual reports of piracy and armed robbery against ships as MSC Circulars. The Latest annual report is MSC.4/Circ.32 which can be found at:

http://www.imodocs.imo.org