The ISPS Code

BACKGROUND

A Diplomatic Conference held at the International Maritime Organization (IMO) in

London from 9- 13 December 2002 adopted amendments to the 1974 International
Convention for the Safety of Life at Sea (SOLAS 74), as amended, and adopted the
International Ship and Port Facility Security (ISPS) Code. The SOLAS amendments
and ISPS Code, a series of maritime security measures that will have a significant
impact on the operation of ship owning companies, ships, their operators, and the port
facilities they call on, will be deemed to be accepted on 1 January 2004 and will come
into force and must be fully implemented by ships and port facilities to which they
apply by 1 July 2004 or various “first surveys” after that date. The ISPS Code is
divided into Part A that is mandatory and Part B that is recommendatory and provides
necessary guidance to implement Part A.

Additionally, the United States Congress has passed and the President has signed into
law, the Maritime Transportation Security Act of 2002 (MTSA) that overlays the
SOLAS Amendments and ISPS Code and by order of which the United States Coast
Guard has promulgated Interim Rules for domestic and foreign flagged vessels
operating in United States territorial waters. Final rules are anticipated in November
2003.

APPLICABILITY:

1 SOLAS AMENDMENTS
1.1 Chapter V, “Safety of Navigation”
1.1.1 Regulation 19, “Carriage requirements for shipborne navigational systems and
equipment”
.1 Details: The required installation date for Automatic Identification Systems (AIS)
for ships, other than passenger ships and tankers, of 300 gross tonnage and upwards
but less than 50,000 gross tons is now not later than the first safety equipment survey
after 1 July 2004 or by 31 December 2004, whichever occurs earlier. The first safety
equipment survey means the first annual survey, the first periodical survey or the first
renewal survey for safety equipment, whichever is due first after 1 July 2004, and, in
addition, in the case of ships under construction, the initial survey. There is a
companion amendment that requires that all ships fitted with AIS maintain the AIS in
operation at all times except where international agreements, rules or standards
provide for the protection of navigational information.

(Note) With respect to the requirement that the AIS be maintained on at all times
subject to the stipulations noted above, Masters should be aware of Regulation 8 of
Chapter XI-2 titled, “Master’s discretion for ship safety and security”. This regulation
reinforces and provides the Master with significant discretion concerning the safety
and security of their ship.

1
1.2 Chapter XI-1, “Special Measures to Enhance Maritime Safety”
1.2.1 Regulation 3, “Ship identification number”
.1 Details:

All ships engaged in international trade have a unique IMO number. There are new
requirements that specify that the IMO number must to be placed in a visible location
on the ship. Specific details concerning character size are contained in the regulation.
It is important to note that the IMO number must include the prefix letters, “IMO”.
The requirement is applicable to all SOLAS ships. For ships constructed before 1 July
2004, the requirement must be complied with not later than the first scheduled dry-
docking of the ship after 1 July 2004.

(Note)The Continuous Synopsis Record (CSR) is a new record keeping requirement

for all SOLAS Ships. It will need to be on board all vessels by 1 July 2004.

1.3 Chapter XI-2, “Special Measures to Enhance Maritime Security”

1.3.1 Regulation 4, “Requirements for Companies and Ships”
.1 Details:
Ships not in compliance with SOLAS or the ISPS Code or unable to comply with
established security levels must notify competent authorities prior to conducting any
ship/port interface or port entry.

1.3.2 Regulation 6, “Ship Security Alert System”

.1 Details:
The Ship Security Alert System is a new hardware requirement designed to provide a
covert means of alerting authorities that the ship’s security has been compromised or
is under attack. All passenger ships, including high-speed passenger craft subject to
SOLAS and oil tankers, chemical tankers, gas carriers, bulk carriers and cargo high
speed craft of 500 gross tonnage and upwards constructed before 1 July 2004, are
required to install the system, not later than the first survey of the radio installation
after 1 July 2004. Other cargo ships of 500 gross tonnage and upward as well as
mobile offshore drilling units constructed before 1 July 2004, need to have the system
installed not later than the first radio survey after 1 July 2006. Owners and operators
need to pay particular attention to the scheduling of the annual radio survey because
for certain types of ships the required installation date could be as soon as 2 July
2004.

NOTE:
Companies are responsible to ensure that the Master has overriding authority and
responsibility to make decisions with respect to the security of the ship, and the
Company shall ensure that the CSO, Master and Ship Security Officer (SSO) are
given necessary support.

1.3.4 Regulation 9, “Control and Compliance Measures”

.1 Details:
This regulation addresses in a comprehensive manner port State actions that may be
taken concerning a ship either in port or intending to enter the port of a Contracting
Government. 2 ISPS CODE

2
2.1 Objectives
The objectives of the ISPS Code are:
.1 to establish an international framework involving co-operation between Contracting
Governments, Government agencies, local administrations and the shipping and port
industries to detect security threats and take preventive measures against security
incidents affecting ships or port facilities used in international trade;
.2 to establish the respective roles and responsibilities of the Contracting
Governments, Government agencies, local administrations and the shipping and port
industries, at the national and international level for ensuring maritime security;
.3 to ensure the early and efficient collection and exchange of security-related
information;
.4 to provide a methodology for security assessments so as to have in place plans and
procedures to react to changing security levels; and
.5 to ensure confidence that adequate and proportionate maritime security measures
are in place.
2.2 Functional requirements
In order to achieve its objectives, the ISPS Code embodies a number of functional
requirements. These include, but are not limited to:
.1 gathering and assessing information with respect to security threats and exchanging
such information with appropriate Contracting Governments;
.2 requiring the maintenance of communication protocols for ships and port facilities;
.3 preventing unauthorized access to ships, port facilities and their restricted areas;
.4 preventing the introduction of unauthorized weapons, incendiary devices or
explosives to ships or port facilities;
.5 providing means for raising the alarm in reaction to security threats or security
incidents;
.6 requiring ship and port facility security plans based upon security assessments; and
.7 requiring training, drills and exercises to ensure familiarity with security plans and
procedures.
2.3 Definitions
.1 “Convention” means the International Convention for the Safety of Life at Sea,
1974 as amended.
.2 “Contracting Government” means a government signatory to SOLAS, but used
more specifically to mean port State (country) receiving a ship at a port facility.
.3 “Company” means the owner of the ship or any other organization or person such
as the Manager, or the Bareboat Charterer, who has assumed the responsibility for
operation of the ship from the ship owner and who on assuming such responsibility
has agreed to do so in writing.
.4 “International Ship and Port Facility Security (ISPS) Code” means the ISPS Code,
or Code, consisting of Part A and Part B as adopted.
.5 “Ship Security Assessment” (SSA) means the identification of the possible threats
to key shipboard operations, existing security measures and weaknesses in the
infrastructure, policies and procedures.
.6 “Ship Security Plan” (SSP) means a plan developed to ensure the application of
measures onboard the ship designed to protect persons onboard, the cargo, cargo
transport units, ship’s stores or the ship from the risks of a security incident.
.7 “Ship Security Officer” (SSO) means the person on board the ship accountable to
the master, designated by the Company as responsible for the security of the ship,
including implementation and maintenance of the ship security plan and for the

3
liaison with the Company Security Officer (CSO) and the Port Facility Security
Officer (PFSO).
.8 “Company Security Officer” (CSO) means the person ashore designated by the
Company to develop and revise the ship security plan and for liaison with the PFSO
and the SSO.
.9 “Security Incident” means any suspicious act or circumstance threatening the
security of a ship, including mobile offshore drilling unit and a high speed craft, or of
a port facility or of any ship/port interface or any ship-to-ship activity to which the
ISPS Code applies.
.10 “Security Level” means the qualification of the degree of risk that a security
incident will be attempted or will occur.
.11 “Security Level 1” means the level for which minimum appropriate protective and
preventive security measures shall be maintained at all times.
.12 “Security Level 2” means the level for which appropriate additional protective and
preventive measures shall be maintained for a period of time as a result of heightened
risk of a security incident.
.13 “Security Level 3” means the level of which further specific protective and
preventive measures shall be maintained for a period of time when a security incident
is probable or imminent (although it may not be possible to identify the specific
target).
.14 “Short Voyage” means an international voyage in the course of which a ship is not
more than 200 miles from a port or place in which a ship, the passengers and crew
could be placed in safety. Neither the distance between the last port of call in the
country in which the voyage begins and the final port of destination nor the return
voyage shall exceed 600 miles. The final port of destination is the last port of call in
the scheduled voyage at which the ship commences its return voyage to the country in
which the voyage began.
.15 “Regulation” means a regulation in the Convention.
.16 “Chapter” means a chapter in the Convention.
.17 “Section” means a section of Part A of the ISPS Code.
.18 “Paragraph” means a paragraph of Part B of the ISPS Code.
.19 “Ship” when used in this Code, includes unassisted mechanically propelled
mobile offshore drilling units that are not on location and high-speed craft as defined
in Chapter XI-2/1.
.20 “Certain Dangerous Cargo” (CDC) means the same as defined in the U.S. 33 CFR
160.203, as amended by the USCG Interim Rules dated 1 July 2003 (see Appendix 6).
.21 “Hazardous Condition” means the same as defined in the U.S. 33 CFR 160.203, as
amended by the USCG Interim Rules dated 1 July 2003 (see Appendix 6).
.22 “Cruise Ship” means any vessel over 100 gross registered tons, carrying more
than 12 passengers for hire, which makes voyages lasting more than 24 hours of
which any part is on the high seas.
.23 “Non-compliance” means non-fulfillment of a specified requirement or the subject
matter is inappropriate for the ship.
.24 “Verification” means the audit of the SSP and its implementation on a ship and
associated procedures, checking the operational status of the Ship Security Alert
System and a representative sample of associated security and surveillance equipment
and systems mentioned in the SSP.
.25 “USCG” means the United States Coast Guard.

4
.26 “Port Facility Security Officer (PFSO) means the person at the port facility
designated by the facility to be responsible for implementation of measures required
by the ISPS Code.

3 Application of the ISPS Code

3.1 The ISPS Code applies to:

•Passenger ships, including high-speed passenger craft;
•Cargo ships, including high-speed craft, of 500 gross tonnage and upwards; and
•Self-propelled mobile offshore drilling units capable of making international voyages
unassisted and unescorted when underway and not on location.
3.2 The ISPS Code does not apply to:
•Government-operated ships used for non-commercial purposes;
•Cargo ships of less than 500 gross tonnage as measured by the Administration or the
ITC 69, whichever is the lesser;
•Ships not propelled by mechanical means;
•Wooden craft of primitive origins;
•Private pleasure yachts not engaged in trade;
•Fishing vessels;
•Non-self propelled mobile offshore drilling units, nor to mobile offshore drilling
units of any description whilst on location, making field moves, or in port;
•Mobile and immobile floating production, storage and offloading units (FPSUOs)
and floating storage units (FSUs), but should have some security procedures in place;
and
•Single buoy moorings (SBMs) attached to an offshore facility that are covered by the
facility’s security regime, or if connected to a port facility, covered by the port facility
security plan (PFSP).
3.3 Mobile and immobile floating units, when engaged in periodic short voyages
between a platform and the coastal State, are not considered to be ships engaged on
international voyage. Security in territorial waters is the responsibility of the
applicable coastal State, though they may take any onboard security as required by
section 3.1 above into consideration.
3.4 Vessels not subject to mandatory compliance with the ISPS Code may do so
voluntarily. It must be understood, however, that certain coastal States may impose
special security requirements on these vessels. Such is the case in United States
territorial waters wherein foreign commercial vessels greater than 100 gross registered
tons not subject to SOLAS are subject to Part 104 of the USCG Interim Rules.

4 Mandatory Compliance

4.1 Regulation 4 of Chapter XI-2 makes the ISPS Code mandatory for ships affected
as of 1 July 2004. The Code is made up of two (2) parts. Part A is the mandatory
portion of the Code, and Part B is the portion that is recommendatory in nature. Part B
was crafted to provide guidance and information concerning how to implement Part
A.

5 Additional Mandatory U.S. and E.U. Requirements

5.1 Mandatory Requirements For Ships Operating in United States Waters

5.1.1 Details:

5
.1 The United States Coast Guard (USCG) has published a series of six (6) Interim
Rules (IRs), U.S. 33 CFR Parts 101 through 106, to promulgate maritime security
requirements mandated by the Maritime Transportation Security Act of 2002 for ships
trading in the United States. These Interim Rules are effective from 1 July 2003 until
25 November 2003 after which final rules will be promulgated. Where appropriate,
they align U.S. domestic maritime security requirements with those of the ISPS Code
and the amendments to SOLAS.
.2 U.S. 33 CFR Part 101 establishes three (3) Maritime Security (MARSEC) Levels at
which each port, vessel and facility shall operate as set by the Commandant of the
USCG. Unless otherwise directed, MARSEC Level 1 is the standard operating level.
This Part also establishes the authority levels within the USCG for Enforcement,
Control and Compliance Measures civil and criminal penalties, and the applicability
of the IRs. They are applicable to vessels, structures, and facilities of any kind,
located under, in, on, or adjacent to waters subject to the jurisdiction of the U.S.,
unless otherwise specified.
.3 U.S. 33 CFR Part 102 is reserved for the development of a National Maritime
Transportation Security Plan. U.S. 33 CFR Part 103 establishes U.S. Coast Guard
Captains of the Ports (COTPs) as Federal Maritime Security Coordinators and
establishes U.S. domestic requirements for Area Maritime Security Plans and Area
Maritime Security Committees of which operators should be aware.

5.2 Mandatory Requirements For Ships Operating In European Community Waters

5.2.1 Details:
To raise the level of security of shipping in the European Community and to avoid
variations in interpretation from one Member State to another, the following
regulations have been proposed by the European Union to make certain paragraphs of
Part B mandatory to ships.
•1.12 on continuous checking of the relevance of SSPs, and their revision;
•4.1 on protection of the confidentiality of security plans and assessments;
•4.5 on the minimum competency of the RSO which can be authorized by Member
States to assess the security of port facilities and, on behalf of the competent
administrations of the Member States, to approve and verify the SSPs and certify
ships’ conformity with regard to security;
•4.18 on identity documents for government officials appointed to inspect security
measures;
•4.24 on ships’ application of the safety measures recommended by the State in whose
territorial waters they are sailing;
•4.28 on observance of the new requirements generated by security tasks when ships’
crews are selected;
•6.1 on the Company’s obligation to furnish the Master with information on the ship’s
operators; •8.3 to 8.10 on the minimum standards to be observed with regard to
assessment of the security of the ship;
•9.2 on the minimum standards to be observed with regard to assessment of the SSP;
and
•13.6 and 13.7 on the frequency of security training, drills and exercises for ships’
crews and for Company and Ship Security Officers.

6 Recognized Security Organizations

6.1 Details:

6
.1 The ISPS Code created a new entity for the purpose of providing verification and
certification with respect to the Code. These new organizations are called Recognized
Security Organizations (RSOs), and specific experience and qualification
requirements must be met prior to approval by administrations. Utilizing the
guidelines developed by the Marshall Islands and promulgated by IMO
MSC/Circ.1074 as well as the authority provided in the ISPS code, the Administration
has delegated by written agreement to certain RSOs specific security related duties
under Chapter XI- 2. A list of the authorized RSOs for the purposes of ISPS Code
verifications has been circulated by MI Marine Safety Advisory, which will be
updated as necessary.
.2 The ISPS Code expressly prohibits those instances where an RSO provides
consulting services and risk assessments in security plan development for ISPS Code
Certifications, the RSO shall not approve the plans or issue any required certificates.
In short, RSOs cannot approve or certify their own work product.

7 Declaration of Security
7.1 Details:
A Declaration of Security (DoS) provides a means for ensuring that critical security
concerns are properly addressed prior to and during a vessel-to-facility interface. The
DoS addresses security by delineating responsibilities for security arrangements and
procedures between a vessel and a facility. DoSs shall be completed at anytime the
Administration, a Contracting Government, PFSO, CSO or SSO deems it necessary.
This requirement is similar to the existing U.S. practice for vessel-to-facility oil
transfer proceedings.

8 Obligations of the Company

8.1 Details:
Every Company shall develop, implement, and maintain a functional SSP aboard its
ships that is compliant with SOLAS Chapter XI-2 and the ISPS Code.

9 Ship Security Assessment

9.1 Details:
The CSO is responsible for satisfactory development of the SSA whether prepared by
the company itself or a contracted organization. The SSA serves as a tool for
development of a realistic SSP. It takes into account the unique operating
environment of each individual ship, the ship’s compliment and duties, structural
configuration and security enhancements. The ISPS Code does not permit the SSA to
be performed by the Company chosen RSO.

10 Ship Security Plan

10.1 Details:
The CSO is responsible for satisfactory development of the SSP whether prepared by
the Company itself or a contracted organization. The SSP is developed from the
information compiled in the SSA. It ensures application of measures onboard the ship
designed to protect.

12 Company Security Officer

12.1 Details:

7
The Company Security Officer (CSO) is the person designated by the Company and
recognized by the Administration to perform the duties and responsibilities of the
CSO as detailed in Part A, Section 11 and the relevant provisions of Part B, Sections
8, 9 and 13 of the Code. The CSO shall have the knowledge of, and receive training
in, some or all of the elements of Part B, Section 13.1 of the Code.

13 Ship Security Officer

13.1 Details:
The Ship Security Officer (SSO) is the person designated by the CSO to perform the
duties and responsibilities detailed in Part A, Section 12 and Part B, Sections 8, 9 and
13. The SSO shall have the knowledge of, and receive training, in most of the
elements of Part B, Section 13.1 of the Code.

14 Training and Certification

14.1 Details:
Company and shipboard personnel having specific security duties must have
sufficient knowledge, ability and resources to perform their assigned duties per Part
B, Section 13.1, 13.2, and 13.3. All other shipboard personnel must have sufficient
knowledge of and be familiar with relevant provisions of the SSP including the
elements described in Part B, Section 13.4.

15 Drills and Exercises

15.1 Details:
.1 The objective of security drills and exercises is to ensure that shipboard personnel
are proficient in all assigned security duties at all security levels and to identify and
address security-related deficiencies encountered during such drills and exercises.
Drills shall test individual elements of the SSP such as those security threats listed in
Part B, Section 8.9. When practicable, the Company and ship should participate in the
drills being conducted by a port facility whereat they may be located.
.2 The SSP shall address drill and training frequency. Drills shall be conducted at least
every three (3) months. In cases where more than 25% of the ship’s personnel have
changed, at any one time, with personnel previously not participating in any drill on
that ship within the last three (3) months, a drill shall be conducted within one (1)
week of the change. .3 Exercises shall be carried out at least once each calendar year
with no more than 18 months between the exercises.

16 Ship Security Plan Verification Onboard Audits For Issuance of the ISSC
16.1 Details:
Each ship to which the ISPS Code applies shall be subject to an initial verification
before the ship is put in service or before an ISSC is issued for the first time; a
renewal verification at intervals specified by the Administration, but not more than
five (5) years; and at least one (1) intermediate

17 International Ship Security Certificate

17.1 Initial Issuance:
.1 The International Ship Security Certificate (ISSC) shall be issued by the RSO after
the ship has successfully completed an Initial or Renewal verification audit in
compliance with the applicable requirements of Chapter XI-2 and ISPS Code Parts A
and relevant provisions of Part B. The original ISSC must remain onboard the vessel.

8
.2 An ISSC shall only be issued when:
.1 the ship has an approved SSP;
.2 all technical equipment specified in the SSP is 100% operational; and
.3 there is sufficient objective evidence found to the satisfaction of the
Administration’s RSO
through the verification audit that the ship is operating in accordance with the
provisions of the approved SSP.
.3 Certificates shall not be issued in cases where minor deviations from the approved
plan or the requirements of SOLAS Chapter XI-2 and Parts A and relevant provisions
of Part B of the Code exist, even if these deviations do not compromise the ship’s
ability to operate at security levels 1, 2 and 3.
17.2 Validity:
.1 The ISSC shall normally be valid for a period of five (5) years or a period specified
by the Administration from the date of the Initial Verification Audit and be subject to
an Intermediate Audit between the second and third anniversary date. However, the
period of validity may be shorter than five (5) years if so requested by the CSO.
.2 Upon initial issue, the expiry date shall be harmonized with the ship’s Safety
Management Certificate (SMC) so that renewal and auditing shall occur together.

18 Subsequent Failures or Suspensions

18.1 Details:
.1 Any subsequent failure of security equipment or systems, or suspension of a
security measure that compromises the ship’s ability to operate at security levels 1, 2
or 3 shall be reported immediately to the Administration or the ship’s RSO and to the
appropriate authorities responsible for any port facility the ship is using, or the
authorities of any coastal State through whose territorial seas the ship has indicated it
intends to transit, and instructions requested. .2 Any failure of security equipment or
systems, or suspension of a security measure that does not compromise the ship’s
ability to operate at security levels 1, 2 or 3 shall be reported without delay to the
Administration or the ship’s RSO with details of equivalent alternative security
measures the ship is applying until the failure or suspension is rectified together with
an action plan specifying the timing of any repair or replacement.
.3 The Administration or the ship’s RSO on instructions from the Administration shall
withdraw or suspend the ISSC if the alternative security measures are not, in fact, in
place, or if an approved action plan has not been complied with.

19 Interim ISSC Certificate

19.1 Details:
.1 An Interim ISSC shall be issued by the RSO on behalf of the Administration on or
after 1 July 2004, for a period of not longer than six (6) months, to a ship that is fully
compliant with Part A, Section 19.1 for the purposes of:
.1 a ship without a Certificate, on delivery or prior to its entry or re-entry into
service; .2 the transfer of a ship from the flag of a Contracting Government to the
Marshall Islands; .3 the transfer of a ship to the Marshall Islands from a State which is
not a Contracting Government; or
.4 a Company assuming the responsibility for the operation of a ship not previously
operated by that Company.

20 Notification of Arrival in U.S. Ports

20.1 Details:

9
.1 The USCG IRs affect the Notice of Arrival rule in Part 160 of title 33, U.S. Code.
These changes provide the Coast Guard with additional information essential to their
exercise of port State control functions and to their imposition of control and
compliance measures on foreign vessels

10