The ISPS Code was established by the IMO (The International Maritime Organisation) . Its remit was to establish a far-reaching set of measures to improve the security aspects of ships operations and port facilities, following heightened awareness of threats to ships and maritime infrastructure after the 9/11 attacks in the United States These measures were incorporated into the International Ship and Port Facility Security Code. The ISPS Code is an integral part of the IMO SOLAS Convention and is covered under Chapter XI-2, special measures to maximize maritime security.
ISPS serves as an amendment to the Safety of Life at Sea Convention (SOLAS) 1974 – 1988. It defines minimum
security provisions for ships, ports and governmental agencies and was implemented in 2004. The Code establishes the legal
responsibilities of governments, shipping companies, maritime personnel and port facility operators, specifically in identifying
security threats and undertaking preventative measures against security incidents that can impact ships or port facilities used in
After 7/11, there was a general consensus that the loose affiliation of different protocols and arrangements adopted by individual countries and regional authorities needed to be replaced by a single standard code to be followed across the globe. This mish-mash was both confusing and often ineffective. The IMO was the obvious candidate to serve as the development agency of the new code and its subsequent enforcement.
Over one hundred signatories cooperated on the resolution of the code which was brought into force on the 1 July 2004.
The ISPS Code is divided into two sections, one defining mandatory stipulations, the other outlining the application in terms of guidance, to be applied to all vessels and associated facilities engaged in international trade. The Code applies to vessels over 500gt but superyachts under 500gt will usually adhere to its recommendations as these were designed to provide an all-encompassing and fully comprehensive framework of security and safe operational management.
The Code requires measures to be taken to:
Detect threats and lapses in security
Formulate roles and responsibilities at all levels, local, international, regional and on board.
Organize and circulate security data
Establish a methodology for assessing and evaluating the effectiveness of security measures in place,
These aspirational and abstract requirements can be broken down to distinct concrete formalities
– Drawing up Ship and Port Facility security plans
– Appointing Ship, Port Facility Managing Agent security officers
– Listing which on board and port security equipment is relevant to the code
– Establishing procedures for monitoring and regulating access to vessels and port facilities, both in terms of people and cargo.
– Ensuring channels of communication are always open.
Although not obliged to, yachts under 500gt tend towards a complete adoption of the code as part of a sensible security management policy. However, total adherence is not always possible, especially at berth, given the nature of the yachting industry and the public and open location of ports. Superyachts are often berthed in close proximity, end on, almost touching, Mediterranean mooring style. Interpretation of the Code can differ across the world, especially as a threat is often a case of perception rather than an actuality.
The ISPS Code requires that The Ship Security Plan will have a commitment to assert the authority of the Master over all matters relating to the safety of passengers and crew, relative to the size and type of the vessel and its habitual navigation patterns. The role of the CSO (Company Security Officer) is emphasized as supportive to the Master, as well as identifying any agencies proving professional advice. Any physical breaches or procedural errors must be recorded. The roles of the crew in responding to security lapses, as well as maintenance of everyday security, has to be identified, according to the level of security in operation, from minimum level one to the highest level three. The SSP should outline the duration, frequency and methodology of training exercises and how these are to be recorded for audit purposes.
Ship cybersecurity code of practice provides actionable advice on:
• developing a cybersecurity assessment and plan to manage risk
• handling security breaches and incidents
• highlighting national and international standards used
• the relationship to existing regulation
The code is to be used with organisation’s:
• risk management systems