ISPS Code

The ISPS Code

BACKGROUND

A Diplomatic Conference held at the International Maritime Organization (IMO) in London from 9- 13 December 2002 adopted amendments to the 1974 International Convention for the Safety of Life at Sea (SOLAS 74), as amended, and adopted the International Ship and Port Facility Security (ISPS) Code. The SOLAS amendments and ISPS Code, a series of maritime security measures that will have a significant impact on the operation of ship owning companies, ships, their operators, and the port facilities they call on, will be deemed to be accepted on 1 January 2004 and will come into force and must be fully implemented by ships and port facilities to which they apply by 1 July 2004 or various “first surveys” after that date. The ISPS Code is divided into Part A that is mandatory and Part B that is recommendatory and provides necessary guidance to implement Part A.

Additionally, the United States Congress has passed and the President has signed into law, the Maritime Transportation Security Act of 2002 (MTSA) that overlays the SOLAS Amendments and ISPS Code and by order of which the United States Coast Guard has promulgated Interim Rules for domestic and foreign flagged vessels operating in United States territorial waters. Final rules are anticipated in November 2003.

APPLICABILITY:

1 SOLAS AMENDMENTS
1.1 Chapter V, “Safety of Navigation”
1.1.1 Regulation 19, “Carriage requirements for shipborne navigational systems and equipment”
.1 Details: The required installation date for Automatic Identification Systems (AIS) for ships, other than passenger ships and tankers, of 300 gross tonnage and upwards but less than 50,000 gross tons is now not later than the first safety equipment survey after 1 July 2004 or by 31 December 2004, whichever occurs earlier. The first safety equipment survey means the first annual survey, the first periodical survey or the first renewal survey for safety equipment, whichever is due first after 1 July 2004, and, in addition, in the case of ships under construction, the initial survey. There is a companion amendment that requires that all ships fitted with AIS maintain the AIS in operation at all times except where international agreements, rules or standards provide for the protection of navigational information.

(Note) With respect to the requirement that the AIS be maintained on at all times subject to the stipulations noted above, Masters should be aware of Regulation 8 of Chapter XI-2 titled, “Master’s discretion for ship safety and security”. This regulation reinforces and provides the Master with significant discretion concerning the safety and security of their ship.

1.2 Chapter XI-1, “Special Measures to Enhance Maritime Safety”
1.2.1 Regulation 3, “Ship identification number”
.1 Details:

All ships engaged in international trade have a unique IMO number. There are new requirements that specify that the IMO number must to be placed in a visible location on the ship. Specific details concerning character size are contained in the regulation. It is important to note that the IMO number must include the prefix letters, “IMO”. The requirement is applicable to all SOLAS ships. For ships constructed before 1 July 2004, the requirement must be complied with not later than the first scheduled dry-docking of the ship after 1 July 2004.

(Note)The Continuous Synopsis Record (CSR) is a new record keeping requirement for all SOLAS Ships. It will need to be on board all vessels by 1 July 2004.

1.3 Chapter XI-2, “Special Measures to Enhance Maritime Security”
1.3.1 Regulation 4, “Requirements for Companies and Ships”
.1 Details:
Ships not in compliance with SOLAS or the ISPS Code or unable to comply with established security levels must notify competent authorities prior to conducting any ship/port interface or port entry.

1.3.2 Regulation 6, “Ship Security Alert System”

.1 Details:
The Ship Security Alert System is a new hardware requirement designed to provide a covert means of alerting authorities that the ship’s security has been compromised or is under attack. All passenger ships, including high-speed passenger craft subject to SOLAS and oil tankers, chemical tankers, gas carriers, bulk carriers and cargo high speed craft of 500 gross tonnage and upwards constructed before 1 July 2004, are required to install the system, not later than the first survey of the radio installation after 1 July 2004. Other cargo ships of 500 gross tonnage and upward as well as mobile offshore drilling units constructed before 1 July 2004, need to have the system installed not later than the first radio survey after 1 July 2006. Owners and operators need to pay particular attention to the scheduling of the annual radio survey because for certain types of ships the required installation date could be as soon as 2 July 2004.

NOTE:
Companies are responsible to ensure that the Master has overriding authority and responsibility to make decisions with respect to the security of the ship, and the Company shall ensure that the CSO, Master and Ship Security Officer (SSO) are given necessary support.

1.3.4 Regulation 9, “Control and Compliance Measures”

.1 Details:
This regulation addresses in a comprehensive manner port State actions that may be taken concerning a ship either in port or intending to enter the port of a Contracting Government. 2 ISPS CODE

2.1 Objectives
The objectives of the ISPS Code are:
.1 to establish an international framework involving co-operation between Contracting Governments, Government agencies, local administrations and the shipping and port industries to detect security threats and take preventive measures against security incidents affecting ships or port facilities used in international trade;
.2 to establish the respective roles and responsibilities of the Contracting Governments, Government agencies, local administrations and the shipping and port industries, at the national and international level for ensuring maritime security;
.3 to ensure the early and efficient collection and exchange of security-related information;
.4 to provide a methodology for security assessments so as to have in place plans and procedures to react to changing security levels; and
.5 to ensure confidence that adequate and proportionate maritime security measures are in place.
2.2 Functional requirements
In order to achieve its objectives, the ISPS Code embodies a number of functional requirements. These include, but are not limited to:
.1 gathering and assessing information with respect to security threats and exchanging such information with appropriate Contracting Governments;
.2 requiring the maintenance of communication protocols for ships and port facilities;
.3 preventing unauthorized access to ships, port facilities and their restricted areas;
.4 preventing the introduction of unauthorized weapons, incendiary devices or explosives to ships or port facilities;
.5 providing means for raising the alarm in reaction to security threats or security incidents;
.6 requiring ship and port facility security plans based upon security assessments; and
.7 requiring training, drills and exercises to ensure familiarity with security plans and procedures.
2.3 Definitions
.1 “Convention” means the International Convention for the Safety of Life at Sea, 1974 as amended.
.2 “Contracting Government” means a government signatory to SOLAS, but used more specifically to mean port State (country) receiving a ship at a port facility.
.3 “Company” means the owner of the ship or any other organization or person such as the Manager, or the Bareboat Charterer, who has assumed the responsibility for operation of the ship from the ship owner and who on assuming such responsibility has agreed to do so in writing.
.4 “International Ship and Port Facility Security (ISPS) Code” means the ISPS Code, or Code, consisting of Part A and Part B as adopted.
.5 “Ship Security Assessment” (SSA) means the identification of the possible threats to key shipboard operations, existing security measures and weaknesses in the infrastructure, policies and procedures.
.6 “Ship Security Plan” (SSP) means a plan developed to ensure the application of measures onboard the ship designed to protect persons onboard, the cargo, cargo transport units, ship’s stores or the ship from the risks of a security incident.
.7 “Ship Security Officer” (SSO) means the person on board the ship accountable to the master, designated by the Company as responsible for the security of the ship, including implementation and maintenance of the ship security plan and for the liaison with the Company Security Officer (CSO) and the Port Facility Security Officer (PFSO).
.8 “Company Security Officer” (CSO) means the person ashore designated by the Company to develop and revise the ship security plan and for liaison with the PFSO and the SSO.
.9 “Security Incident” means any suspicious act or circumstance threatening the security of a ship, including mobile offshore drilling unit and a high speed craft, or of a port facility or of any ship/port interface or any ship-to-ship activity to which the ISPS Code applies.
.10 “Security Level” means the qualification of the degree of risk that a security incident will be attempted or will occur.
.11 “Security Level 1” means the level for which minimum appropriate protective and preventive security measures shall be maintained at all times.
.12 “Security Level 2” means the level for which appropriate additional protective and preventive measures shall be maintained for a period of time as a result of heightened risk of a security incident.
.13 “Security Level 3” means the level of which further specific protective and preventive measures shall be maintained for a period of time when a security incident is probable or imminent (although it may not be possible to identify the specific target).
.14 “Short Voyage” means an international voyage in the course of which a ship is not more than 200 miles from a port or place in which a ship, the passengers and crew could be placed in safety. Neither the distance between the last port of call in the country in which the voyage begins and the final port of destination nor the return voyage shall exceed 600 miles. The final port of destination is the last port of call in the scheduled voyage at which the ship commences its return voyage to the country in which the voyage began.
.15 “Regulation” means a regulation in the Convention.
.16 “Chapter” means a chapter in the Convention.
.17 “Section” means a section of Part A of the ISPS Code.
.18 “Paragraph” means a paragraph of Part B of the ISPS Code.
.19 “Ship” when used in this Code, includes unassisted mechanically propelled mobile offshore drilling units that are not on location and high-speed craft as defined in Chapter XI-2/1.
.20 “Certain Dangerous Cargo” (CDC) means the same as defined in the U.S. 33 CFR 160.203, as amended by the USCG Interim Rules dated 1 July 2003 (see Appendix 6).
.21 “Hazardous Condition” means the same as defined in the U.S. 33 CFR 160.203, as amended by the USCG Interim Rules dated 1 July 2003 (see Appendix 6).
.22 “Cruise Ship” means any vessel over 100 gross registered tons, carrying more than 12 passengers for hire, which makes voyages lasting more than 24 hours of which any part is on the high seas.
.23 “Non-compliance” means non-fulfillment of a specified requirement or the subject matter is inappropriate for the ship.
.24 “Verification” means the audit of the SSP and its implementation on a ship and associated procedures, checking the operational status of the Ship Security Alert System and a representative sample of associated security and surveillance equipment and systems mentioned in the SSP.
.25 “USCG” means the United States Coast Guard.
.26 “Port Facility Security Officer (PFSO) means the person at the port facility designated by the facility to be responsible for implementation of measures required by the ISPS Code.

3 Application of the ISPS Code

3.1 The ISPS Code applies to:
•Passenger ships, including high-speed passenger craft;
•Cargo ships, including high-speed craft, of 500 gross tonnage and upwards; and
•Self-propelled mobile offshore drilling units capable of making international voyages unassisted and unescorted when underway and not on location.
3.2 The ISPS Code does not apply to:
•Government-operated ships used for non-commercial purposes;
•Cargo ships of less than 500 gross tonnage as measured by the Administration or the ITC 69, whichever is the lesser;
•Ships not propelled by mechanical means;
•Wooden craft of primitive origins;
•Private pleasure yachts not engaged in trade;
•Fishing vessels;
•Non-self propelled mobile offshore drilling units, nor to mobile offshore drilling units of any description whilst on location, making field moves, or in port;
•Mobile and immobile floating production, storage and offloading units (FPSUOs) and floating storage units (FSUs), but should have some security procedures in place; and
•Single buoy moorings (SBMs) attached to an offshore facility that are covered by the facility’s security regime, or if connected to a port facility, covered by the port facility security plan (PFSP).
3.3 Mobile and immobile floating units, when engaged in periodic short voyages between a platform and the coastal State, are not considered to be ships engaged on international voyage. Security in territorial waters is the responsibility of the applicable coastal State, though they may take any onboard security as required by section 3.1 above into consideration.
3.4 Vessels not subject to mandatory compliance with the ISPS Code may do so voluntarily. It must be understood, however, that certain coastal States may impose special security requirements on these vessels. Such is the case in United States territorial waters wherein foreign commercial vessels greater than 100 gross registered tons not subject to SOLAS are subject to Part 104 of the USCG Interim Rules.

4 Mandatory Compliance

4.1 Regulation 4 of Chapter XI-2 makes the ISPS Code mandatory for ships affected as of 1 July 2004. The Code is made up of two (2) parts. Part A is the mandatory portion of the Code, and Part B is the portion that is recommendatory in nature. Part B was crafted to provide guidance and information concerning how to implement Part A.

5 Additional Mandatory U.S. and E.U. Requirements

5.1 Mandatory Requirements For Ships Operating in United States Waters
5.1.1 Details:
.1 The United States Coast Guard (USCG) has published a series of six (6) Interim Rules (IRs), U.S. 33 CFR Parts 101 through 106, to promulgate maritime security requirements mandated by the Maritime Transportation Security Act of 2002 for ships trading in the United States. These Interim Rules are effective from 1 July 2003 until 25 November 2003 after which final rules will be promulgated. Where appropriate, they align U.S. domestic maritime security requirements with those of the ISPS Code and the amendments to SOLAS.
.2 U.S. 33 CFR Part 101 establishes three (3) Maritime Security (MARSEC) Levels at which each port, vessel and facility shall operate as set by the Commandant of the USCG. Unless otherwise directed, MARSEC Level 1 is the standard operating level. This Part also establishes the authority levels within the USCG for Enforcement, Control and Compliance Measures civil and criminal penalties, and the applicability of the IRs. They are applicable to vessels, structures, and facilities of any kind, located under, in, on, or adjacent to waters subject to the jurisdiction of the U.S., unless otherwise specified.
.3 U.S. 33 CFR Part 102 is reserved for the development of a National Maritime Transportation Security Plan. U.S. 33 CFR Part 103 establishes U.S. Coast Guard Captains of the Ports (COTPs) as Federal Maritime Security Coordinators and establishes U.S. domestic requirements for Area Maritime Security Plans and Area Maritime Security Committees of which operators should be aware.

5.2 Mandatory Requirements For Ships Operating In European Community Waters

5.2.1 Details:
To raise the level of security of shipping in the European Community and to avoid variations in interpretation from one Member State to another, the following regulations have been proposed by the European Union to make certain paragraphs of Part B mandatory to ships.
•1.12 on continuous checking of the relevance of SSPs, and their revision;
•4.1 on protection of the confidentiality of security plans and assessments;
•4.5 on the minimum competency of the RSO which can be authorized by Member States to assess the security of port facilities and, on behalf of the competent administrations of the Member States, to approve and verify the SSPs and certify ships’ conformity with regard to security;
•4.18 on identity documents for government officials appointed to inspect security measures;
•4.24 on ships’ application of the safety measures recommended by the State in whose territorial waters they are sailing;
•4.28 on observance of the new requirements generated by security tasks when ships’ crews are selected;
•6.1 on the Company’s obligation to furnish the Master with information on the ship’s operators; •8.3 to 8.10 on the minimum standards to be observed with regard to assessment of the security of the ship;
•9.2 on the minimum standards to be observed with regard to assessment of the SSP; and
•13.6 and 13.7 on the frequency of security training, drills and exercises for ships’ crews and for Company and Ship Security Officers.

6 Recognized Security Organizations
6.1 Details:
.1 The ISPS Code created a new entity for the purpose of providing verification and certification with respect to the Code. These new organizations are called Recognized Security Organizations (RSOs), and specific experience and qualification requirements must be met prior to approval by administrations. Utilizing the guidelines developed by the Marshall Islands and promulgated by IMO MSC/Circ.1074 as well as the authority provided in the ISPS code, the Administration has delegated by written agreement to certain RSOs specific security related duties under Chapter XI- 2. A list of the authorized RSOs for the purposes of ISPS Code verifications has been circulated by MI Marine Safety Advisory, which will be updated as necessary.
.2 The ISPS Code expressly prohibits those instances where an RSO provides consulting services and risk assessments in security plan development for ISPS Code Certifications, the RSO shall not approve the plans or issue any required certificates. In short, RSOs cannot approve or certify their own work product.

7 Declaration of Security
7.1 Details:
A Declaration of Security (DoS) provides a means for ensuring that critical security concerns are properly addressed prior to and during a vessel-to-facility interface. The DoS addresses security by delineating responsibilities for security arrangements and procedures between a vessel and a facility. DoSs shall be completed at anytime the Administration, a Contracting Government, PFSO, CSO or SSO deems it necessary. This requirement is similar to the existing U.S. practice for vessel-to-facility oil transfer proceedings.

8 Obligations of the Company

8.1 Details:
Every Company shall develop, implement, and maintain a functional SSP aboard its ships that is compliant with SOLAS Chapter XI-2 and the ISPS Code.

9 Ship Security Assessment
9.1 Details:
The CSO is responsible for satisfactory development of the SSA whether prepared by the company itself or a contracted organization. The SSA serves as a tool for development of a realistic SSP. It takes into account the unique operating environment of each individual ship, the ship’s compliment and duties, structural configuration and security enhancements. The ISPS Code does not permit the SSA to be performed by the Company chosen RSO.

10 Ship Security Plan

10.1 Details:
The CSO is responsible for satisfactory development of the SSP whether prepared by the Company itself or a contracted organization. The SSP is developed from the information compiled in the SSA. It ensures application of measures onboard the ship designed to protect.

12 Company Security Officer
12.1 Details:
The Company Security Officer (CSO) is the person designated by the Company and recognized by the Administration to perform the duties and responsibilities of the CSO as detailed in Part A, Section 11 and the relevant provisions of Part B, Sections 8, 9 and 13 of the Code. The CSO shall have the knowledge of, and receive training in, some or all of the elements of Part B, Section 13.1 of the Code.

13 Ship Security Officer

13.1 Details:
The Ship Security Officer (SSO) is the person designated by the CSO to perform the duties and responsibilities detailed in Part A, Section 12 and Part B, Sections 8, 9 and 13. The SSO shall have the knowledge of, and receive training, in most of the elements of Part B, Section 13.1 of the Code.

14 Training and Certification
14.1 Details:
Company and shipboard personnel having specific security duties must have sufficient knowledge, ability and resources to perform their assigned duties per Part B, Section 13.1, 13.2, and 13.3. All other shipboard personnel must have sufficient knowledge of and be familiar with relevant provisions of the SSP including the elements described in Part B, Section 13.4.

15 Drills and Exercises
15.1 Details:
.1 The objective of security drills and exercises is to ensure that shipboard personnel are proficient in all assigned security duties at all security levels and to identify and address security-related deficiencies encountered during such drills and exercises. Drills shall test individual elements of the SSP such as those security threats listed in Part B, Section 8.9. When practicable, the Company and ship should participate in the drills being conducted by a port facility whereat they may be located.
.2 The SSP shall address drill and training frequency. Drills shall be conducted at least every three (3) months. In cases where more than 25% of the ship’s personnel have changed, at any one time, with personnel previously not participating in any drill on that ship within the last three (3) months, a drill shall be conducted within one (1) week of the change. .3 Exercises shall be carried out at least once each calendar year with no more than 18 months between the exercises.

16 Ship Security Plan Verification Onboard Audits For Issuance of the ISSC
16.1 Details:
Each ship to which the ISPS Code applies shall be subject to an initial verification before the ship is put in service or before an ISSC is issued for the first time; a renewal verification at intervals specified by the Administration, but not more than five (5) years; and at least one (1) intermediate

17 International Ship Security Certificate
17.1 Initial Issuance:
.1 The International Ship Security Certificate (ISSC) shall be issued by the RSO after the ship has successfully completed an Initial or Renewal verification audit in compliance with the applicable requirements of Chapter XI-2 and ISPS Code Parts A and relevant provisions of Part B. The original ISSC must remain onboard the vessel.
.2 An ISSC shall only be issued when:
.1 the ship has an approved SSP;
.2 all technical equipment specified in the SSP is 100% operational; and
.3 there is sufficient objective evidence found to the satisfaction of the Administration’s RSO
through the verification audit that the ship is operating in accordance with the provisions of the approved SSP.
.3 Certificates shall not be issued in cases where minor deviations from the approved plan or the requirements of SOLAS Chapter XI-2 and Parts A and relevant provisions of Part B of the Code exist, even if these deviations do not compromise the ship’s ability to operate at security levels 1, 2 and 3.
17.2 Validity:
.1 The ISSC shall normally be valid for a period of five (5) years or a period specified by the Administration from the date of the Initial Verification Audit and be subject to an Intermediate Audit between the second and third anniversary date. However, the period of validity may be shorter than five (5) years if so requested by the CSO.
.2 Upon initial issue, the expiry date shall be harmonized with the ship’s Safety Management Certificate (SMC) so that renewal and auditing shall occur together.

18 Subsequent Failures or Suspensions
18.1 Details:
.1 Any subsequent failure of security equipment or systems, or suspension of a security measure that compromises the ship’s ability to operate at security levels 1, 2 or 3 shall be reported immediately to the Administration or the ship’s RSO and to the appropriate authorities responsible for any port facility the ship is using, or the authorities of any coastal State through whose territorial seas the ship has indicated it intends to transit, and instructions requested. .2 Any failure of security equipment or systems, or suspension of a security measure that does not compromise the ship’s ability to operate at security levels 1, 2 or 3 shall be reported without delay to the Administration or the ship’s RSO with details of equivalent alternative security measures the ship is applying until the failure or suspension is rectified together with an action plan specifying the timing of any repair or replacement.
.3 The Administration or the ship’s RSO on instructions from the Administration shall withdraw or suspend the ISSC if the alternative security measures are not, in fact, in place, or if an approved action plan has not been complied with.

19 Interim ISSC Certificate
19.1 Details:
.1 An Interim ISSC shall be issued by the RSO on behalf of the Administration on or after 1 July 2004, for a period of not longer than six (6) months, to a ship that is fully compliant with Part A, Section 19.1 for the purposes of:
.1 a ship without a Certificate, on delivery or prior to its entry or re-entry into service; .2 the transfer of a ship from the flag of a Contracting Government to the Marshall Islands; .3 the transfer of a ship to the Marshall Islands from a State which is not a Contracting Government; or
.4 a Company assuming the responsibility for the operation of a ship not previously operated by that Company.

20 Notification of Arrival in U.S. Ports
20.1 Details:
.1 The USCG IRs affect the Notice of Arrival rule in Part 160 of title 33, U.S. Code. These changes provide the Coast Guard with additional information essential to their exercise of port State control functions and to their imposition of control and compliance measures on foreign vessels