A yacht security plan has two aspects, each equally important.
First comes the security assessment which considers every aspect of a yacht’s operations that might present a threat, however improbable, due to an existing weakness or a breach of defences, external circumstances or simply bad luck. This presents a scope of operations on which to base the actual Yacht Security Plan. Two key personnel are integral to this process of assessment and the establishment of a plan: the Company Security Officer and the Yacht (Ship) Security Officer, though external agencies with specialist skills may be brought in to advise. Unless the yacht is a new build, the security assessment will always reassess the existing plan and evaluates its effectiveness in a changing environment. Both the assessment and plan not fixed but are constantly adapting. The Yacht Security Plan is essentially a state of security awareness, always on, with every aspect of a yacht’s operations referred to the framework of the ISPS Code and the lowest possible threshold of acceptable risk. This awareness of security is crucial in the new build and refit process. Security specialists offer on board protection while transiting areas known for piracy. Strict gangway protocols restrict access to the yacht while in port.
A yacht in port is susceptible to opportunistic attempts to breach security and also planned cyber attacks. There is a fine balance between crew remaining in a vigilant state of security awareness, which is reassuring to the owners, guests and charter parties, and a highly suspicious mind state which can detract from the yacht experience. Therefore, the plan has to evaluate the number of crew, their roles in security and how this fits into their daily duties. It is worth remembering that every port will have its own ISPS code procedure in place and the port authorities will want to know the yacht’s security plans harmonise with the port’s own security measures,
The Ship’s Security Plan (SSP) is itself a highly confidential document, subject to ISPS audit, while also protective of its own contents, as a leaking of the SSP is itself a source of risk. There is no template for a SSP as each yacht presents its individual challenges. But various bodies issue geographical security alerts which are universally applicable and will be integral to the ongoing assessment procedure.
The Ship Security Plan will have a commitment to assert the authority of the Master over all matters relating to the safety of passengers and crew, relative to the size and type of the vessel and its habitual navigation patters. The role of the CSO (Company Security Officer) is emphasised as supportive to the Master, as well as identifying any agencies proving professional advice. Any physical breaches or procedural errors must be recorded. The roles of the crew in responding to security lapses, as well as maintenance of every day security, has to be identified, according the level of security in operation, from minimum level one to the highest level three. The SSP should outline the duration, frequency and methodology of training exercises and how these are to be recorded for audit purposes, along with individual certifications. An approach to Cyber Security will cover hostile threats such as hacking, ransomeware and phishing. Failures and non-conformity events must be reported and a plan to rectify these must likewise be recorded.
The level of security current must be known to all crew. The importance of this becomes more apparent when entering into a port facility which will also be subject to the ISPS Code and a declared level of security. The details that a yacht will need to report to the port security authorities on entering a port facility covered under Regulation XI-2/9.2.1.
• The vessel ISPS compliance number
• The current level, ( as a well as any change during its stay in port
• The contact details of the Ship security officer
• List of all expected visitors/contractors
• A manifest of the crew list with individual documentation
• Any recent security incidents going back to the last ten ports of call
In addition any new security incidents whilst in the port must be reported to the port security authorities.
Level one security calls for minimal security measures required to offer the ship, crew and passengers adequate protection from danger. Level two requires that additional measures be taken and recorded; crew will be required to perform extra duties and shore leave may have to be cancelled. Level three is the highest and security operates at highest extreme of measures outlined and detailed in the SSP. The Company Security Officer is to be informed of all changes and measures introduced.