What is the ISPS Code?

Who has to comply with the ISPS Code?

Is there a black list of countries not in compliance with the ISPS code?

Are all IMO Member States obliged to comply with the ISPS Code?

What are the different security levels referred to in the ISPS Code?

Where can I get a copy of the ISPS Code?

What are the other measures adopted in addition to the ISPS Code?

What are the latest data/information on the implementation of the requirements of SOLAS chapter XI-2 and the ISPS Code?

What about compliance?

What has changed since 1 July 2004?

What does implementing the ISPS Code involve?

Will the new security measures be effective?

What would happen to ships if they do not comply with the ISPS Code requirements and if they do not have the Certificate?

What would happen to ships, having visited ports where the ISPS Code is not implemented properly, when they intend to enter ports where the ISPS Code is implemented vigorously?

How can I find out if a ship or port is compliant?

What are major security concerns and potential threats? Are they real or imaginary?

What additional/specific security measures and actions would be required at local/regional level to further raise the defence against threats?

Will the new security measures imposed after 1 July 2004 will help reduce the piracy and armed robbery incidents?

What are the security concerns and potential threats to oil tankers navigating in narrow straits?

How will the code specifically affect ports and shipping in different regions of the world?

Do these measures go far enough for port and shipping security?

Who has to implement the ISPS Code?

What penalties will there be on any Governments who do not ensure compliance with the ISPS Code?

What guidelines are there for dealing with ships/ports that are not compliant after 1 July 2004?

Why isn't the IMO directly responsible for the ISPS code and its implementation?

Will the ISPS Code be a big hindrance to international trade and shipping?

Why did the IMO leave so much of ISPS open to interpretations?

What about the issue of master as a ship security officer?

What has IMO done to help developing countries implement the ISPS Code?

Which maritime security model courses are available?

What led to the development of the ISPS Code?

What maritime security measures existed before the ISPS Code and other measures were adopted?

What issues are under discussion at the Legal Committee with a view to amending the SUA Convention?

What measures have been adopted in the security communication field?

What role would AIS and ship security alert system play?

Should IMO should be worried about the implications of terrorists or criminals using AIS derived information to target vessels?

When do ordinary container ships and ro/ros have to fit AIS?

What is the current situation at WCO in relation to container security?

What about seafarers identification documents?

Where can I find more information on maritime security?

What is the ISPS Code?

The International Ship and Port Facility Security Code (ISPS Code) is a comprehensive set of measures to enhance the security of ships and port facilities, developed in response to the perceived threats to ships and port facilities in the wake of the 9/11 attacks in the United States.

The ISPS Code is implemented through chapter XI-2 Special measures to enhance maritime security in the International Convention for the Safety of Life at Sea (SOLAS). The Code has two parts, one mandatory and one recommendatory.

In essence, the Code takes the approach that ensuring the security of ships and port facilities is a risk management activity and that, to determine what security measures are appropriate, an assessment of the risks must be made in each particular case.

The purpose of the Code is to provide a standardised, consistent framework for evaluating risk, enabling Governments to offset changes in threat with changes in vulnerability for ships and port facilities through determination of appropriate security levels and corresponding security measures.

Who has to comply with the ISPS Code?

The ISPS Code is part of SOLAS so compliance is mandatory for the 148 Contracting Parties to SOLAS - see Status of Conventions complete list for list of SOLAS Contracting Governments.

Is there a black list of countries not in compliance with the ISPS code?

No. IMO does not issue a "black list" of any kind. There is no IMO list of ports or flag States which are not in compliance.

The ISPS Code database contains the information required by SOLAS regulation XI-2/13 as supplied by Contracting Governments. Lack of inclusion in the database should not be construed automatically as failure to comply with the requirements in SOLAS.

Are all IMO Member States obliged to comply with the ISPS Code?

No. Only States who are Contracting Governments to SOLAS have a legal obligation to comply with the requirements of the ISPS Code and to submit information to IMO.

What are the different security levels referred to in the ISPS Code?

Security level 1: normal, the level at which the ship or port facility normally operates. Security level 1 means the level for which minimum appropriate protective security measures shall be maintained at all times.

Security level 2: heightened, the level applying for as long as there is a heightened risk of a security incident.
Security level 2 means the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a security incident.

Security level 3: exceptional, the level applying for the period of time when there is the probable or imminent risk of a security incident.
Security level 3 means the level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.

Setting security level 3 should be an exceptional measure applying only when there is credible information that a security incident is probable or imminent. Security level 3 should only be set for the duration of the identified security threat or actual security incident. While the security levels may change from security level 1, through security level 2 to security level 3, it is also possible that the security levels will change directly from security level 1 to security level 3.

Where can I get a copy of the ISPS Code?

You can purchase the ISPS Code from IMO Publications.

What are the other measures adopted in addition to the ISPS Code?

The measures adopted in 2002 include:

Modifications to SOLAS Chapter V (Safety of Navigation) contain a new timetable for the fitting of Automatic Information Systems (AIS). Ships, other than passenger ships and tankers, of 300 gross tonnage and upwards but less than 50,000 gross tonnage, will be required to fit AIS not later than the first safety equipment survey after 1 July 2004 or by 31 December 2004, whichever occurs earlier. Ships fitted with AIS shall maintain AIS in operation at all times "except where international agreements, rules or standards provide for the protection of navigational information."

The existing SOLAS Chapter XI (Special measures to enhance maritime safety) has been re-numbered as Chapter XI-1. Regulation XI-1/3 is modified to require ships' identification numbers to be permanently marked in a visible place either on the ship's hull or superstructure. Passenger ships should carry the marking on a horizontal surface visible from the air. Ships should also be marked with their ID numbers internally.

A new regulation XI-1/5 requires ships to be issued with a Continuous Synopsis Record (CSR) which is intended to provide an on-board record of the history of the ship. The CSR shall be issued by the Administration and shall contain information such as the name of the ship and of the State whose flag the ship is entitled to fly, the date on which the ship was registered with that State, the ship's identification number, the port at which the ship is registered and the name of the registered owner(s) and their registered address. Any changes shall be recorded in the CSR so as to provide updated and current information together with the history of the changes.

New Chapter XI-2 (Special measures to enhance maritime security)
A new Chapter XI-2 (Special measures to enhance maritime security) is added after the renumbered Chapter XI-1.

This chapter applies to passenger ships and cargo ships of 500 gross tonnage and upwards, including high speed craft, mobile offshore drilling units and port facilities serving such ships engaged on international voyages.

Regulation XI-2/2 of the new chapter enshrines the International Ship and Port Facilities Security Code (ISPS Code). Part A of this Code is mandatory and part B contains guidance as to how best to comply with the mandatory requirements.

Regulation XI-2/3 requires Administrations to set security levels and ensure the provision of security level information to ships entitled to fly their flag. Prior to entering a port, or whilst in a port, within the territory of a Contracting Government, a ship shall comply with the requirements for the security level set by that Contracting Government, if that security level is higher than the security level set by the Administration for that ship.

Regulation XI-2/8 confirms the role of the Master in exercising his professional judgement over decisions necessary to maintain the security of the ship. It says he shall not be constrained by the Company, the charterer or any other person in this respect.

Regulation XI-2/6 requires all ships to be provided with a ship security alert system, according to a strict timetable that will see most vessels fitted by 2004 and the remainder by 2006. When activated the ship security alert system shall initiate and transmit a ship-to-shore security alert to a competent authority designated by the Administration, identifying the ship, its location and indicating that the security of the ship is under threat or it has been compromised. The system will not raise any alarm on-board the ship. The ship security alert system shall be capable of being activated from the navigation bridge and in at least one other location.

Regulation XI-2/10 covers requirements for port facilities, providing among other things for Contracting Governments to ensure that port facility security assessments are carried out and that port facility security plans are developed, implemented and reviewed in accordance with the ISPS Code.

Other regulations in this chapter cover the provision of information to IMO, the control of ships in port (including measures such as the delay, detention, restriction of operations including movement within the port, or expulsion of a ship from port), and the specific responsibility of Companies

What are the latest data/information on the implementation of the requirements of SOLAS chapter XI-2 and the ISPS Code?

Please see the latest ISPS Code status update.

Please see also the ISPS Code Database.

What about compliance with the requirements?

Please see the latest ISPS Code status update.

Please see also the ISPS Code Database.

What has changed since 1 July 2004?

The biggest change is that the Contracting Governments to the 1974 SOLAS Convention are able to formally exercise of control over ships in accordance with the provisions of chapter XI-2 and of the ISPS Code.

At the same time, the Contracting Governments are obliged to address all the objectives and functional requirements of the ISPS Code and to ensure that appropriate security measures and procedures are in place in the port facilities and waterways located within their territory.

The new requirements form the international framework through which Governments, ships and port facilities can co-operate to detect and deter acts which threaten security in the maritime transport sector.

The new regulatory maritime security regime will have a huge impact for those port facilities and ship operators who had not already taken on board the increased threat to maritime security in the current climate. They will need to catch up, according to the rules and guidelines in the ISPS Code.

For those Governments and ship operators who have already implemented enhanced security regimes, the ISPS Code formalises and standardises globally the security measures.

The point is that there is a very real threat. We have already seen attacks on maritime infrastructures elsewhere (such as Yemen and Iraq).

The whole idea of the ISPS Code is to reduce the vulnerability of the industry to attack, thus countering the threat and reducing the risk.

There are potential commercial benefits to the maritime industry in implementing the Code. It seems clear that, in the long run, implementation of the Code should provide considerable cost-benefit for the port industry as a whole and for individual ports. By putting in place an effective and compliant security regime, ports will be able to continue to participate fully in global trade and, of course, the potential economic consequences of a major security breach, which might result in disruption or even port closure, are serious indeed.

What does implementing the ISPS Code involve?

Ship and port facility security is a risk management activity. As with all risk management efforts, the most effective course of action is to eliminate the source of the threat. Eliminating the source of the threat, which in this case is those that would commit acts of terrorism or otherwise threaten the security of ships or of the port facilities, is essentially a Government function. 100% security is an aim but cannot be guaranteed - hence the risk reduction approach to lessen possibilities to the lowest practicable

In order to determine what security measures are appropriate, Governments must assess the threat and evaluate the risk of a potential unlawful act. The ISPS Code provides a standardized, consistent framework for managing risk and permitting the meaningful exchange and evaluation of information between Contracting Governments, companies, port facilities, and ships.

Because each ship and each port facility is subject to different threats, the method by which they will meet the specific requirements of this ISPS Code will be determined and eventually be approved by the Administration or Contracting Government, as the case may be.

In order to communicate the threat at a port facility or for a ship and to initiate the appropriate response actions the Contracting Government must set the appropriate security level. The security level creates a link between the ship and the port facility, since it triggers the implementation of appropriate security measures for the ship and for the port facility.

As threat increases, the only logical counteraction is to reduce vulnerability. This ISPS Code provides several ways to reduce vulnerabilities. Each ship and each port facility will have to determine the measures needed to intensify its security measures to appropriately offset the threat by reducing its vulnerability.

After 1 July 2004 ships and port facilities will be required to demonstrate that they are implementing proper and standardized risk management procedures.

Are the new security measures be effective?

It has to be remembered that the new security requirements are part of a wider United Nations strategy for combating terrorism and should not be seen in isolation.

As with all other aspects of shipping regulated through multilateral treaty instruments the effectiveness of the agreed requirements is dependant on how the relevant provisions are implemented and enforced. Thus, the matter is in the hands of Governments and the industry. If the special measures to enhance maritime security are implemented and enforced effectively we will be successful in protecting ships and ports facilities from unlawful acts.

It may take some time before someone may be able to argue and convince that a deep rooted comprehensive and effective security net is in place. Although a ship or a port facility may operate in accordance with an approved security plan, unless all Contracting Governments put in place and maintain the necessary arrangements to address all the objectives and the functional requirements of the ISPS Code, the actual level of security will not be enhanced.

The ISPS Code requires Governments to gather and assess information with respect to security threats and exchange such information with other Contracting Governments. Shipboard and port facility personnel need to be aware of security threats and needs to report security concerns to the appropriate authorities for their assessment. Governments need to communicate security related information to ships and port facilities. Therefore, in effect we are talking about establishing an entirely new culture amongst those involved in the day-to-day running of the shipping and port industry.

What would happen to ships if they do not comply with the ISPS Code requirements and if they do not have the Certificate?

Those ships, which do not comply with the aforesaid requirements, should not be issued with International Ship Security Certificates (or after the 1 July 2004, if they qualify, with an Interim International Ship Security Certificate).

In the strict legal sense and bearing in mind that we are talking about security, all Contracting Governments should direct those ships flying their flag and which are required to comply with the requirements of chapter XI-2 and the ISPS Code and which have not been issued with the required certificate by the 1 July 2004 to immediately discontinue operations until they have been issued with the required certificate.

A ship, which is required to comply with the requirements of chapter XI-2 and the ISPS Code, is subject to control and compliance measures when in a port of another Contracting Government by officers duly authorised by that Government. IMO has issued MSC/Circ.1111 Guidance relating to the implementation of SOLAS chapter XI-2 and the ISPS Code
This circular includes:

In simple terms, if a ship does not have a valid certificate that ship may be detained in port until it gets a certificate. Of course, the port State has various other options available at its disposal if a ship does not have a certificate. It may expel the ship from port, it may refuse the entry of the ship into port, it may curtail the operations of the ship. In effect the measures which are in place have been designed in such a way to ensure that those ships which do not have certificates find themselves out of the market in the shortest possible time.

The consequences of either initially failing to comply or of failing to maintain continuous compliance with IMO's special measures to enhance maritime security will be serious and far reaching. It should come as no surprise if, after July 1st, we see Governments exercising, in the interest of their own national security and in order to protect the business operations of their ports and thus their trade, the rights laid down within the framework of the control and compliance measures established in chapter XI-2 and the ISPS Code. Hence, Governments may refuse entry into their ports to those ships which have failed to comply with the ISPS Code. In addition and for the same reasons, ships which call at port facilities which have failed to comply with the ISPS Code, although they may hold a valid International Ship Security Certificate, may be faced with additional security requirements at subsequent ports of call, leading to delays and possibly denial of port entry.

With such possible scenarios looming on the horizon, owners and charterers may decide to instruct ships not to proceed to port facilities which have not complied with the requirements of the ISPS Code, primarily because of the problems such ships may encounter at subsequent ports of call. While failure to ensure compliance may have catastrophic consequences on human life and the environment, it will also damage the commercial interests of the countries concerned, will have harmful repercussions on international trade and will negatively impact the world economy.

Terrorism is not a matter of concern to one country or a group of countries - it is a global issue and we should address it as such. The Secretary-General of the United Nations, Mr. K. Annan, has put it in similar terms: "Terrorism is a global scourge with global effects." In this particular case, maybe more than in others, prevention is better, much better, than cure. The comforting yet complacent argument that some of us may hope never to become victims of a terrorist act is of no value here. With the interdependence of the world's economies today, the chain reaction that such an act may trigger will have a major negative impact on trade and the global economy - we will all be victims; as we would certainly have been if the attack on the Basra oil terminal had not been foiled and we would now suffer the repercussions of the major impact it would have on oil pricing- more than it has already had.

What would happen to ships, having visited ports where the ISPS Code is not implemented properly, when they intend to enter ports where the ISPS Code is implemented vigorously?

To address this question one has to examine two possible scenarios.

The first scenario presupposes that the Government at the next port of call has reliable information that the security measures at a particular port facility are inadequate. In such a case a responsible approach will be for the two Governments to communicate and to resolve the issues of concern.

The second scenario, assumes that, during the stay of a ship at a particular port facility, the ship and/or someone representing the port facility or the Government where the ship is to proceed next are able to assess the security measures which the particular port facility was implementing during the stay of the ship. In this respect, one has to bear in mind that in a lot of case the security measures in place may be of a covert nature and a third party may not be able to identify or to appreciate them.

MSC 78 has considered the issue of security concerns, where a ship has concerns about the security of a port facility, which is supposed to operate in accordance with an approved Port Facility Security Plan. In this respect the Committee decided to draw the attention to the fact that certain of the security measures may be of a covert nature and may not be easily identified. Thus, the Committee recommended that the ship, as a first step, should contact the port facility security officer (PFSO) and discuss the matter. If no remedial action is agreed then the ship should contact the authorities of its flag State and raise the matter with them for their consideration and action.

In any case, if a ship has concerns about the security measures in places at a particular port facility and the ship has not been able to resolve such concerns with the particular PFSO, the ship should establish appropriate security measures and procedures and should document them. When asked at any subsequent port of call, the master of the ship should presented the record it has kept on the matter for the consideration of the relevant authorities.

Of course in all cases the ship is subject to control and compliance measures at subsequent ports of call and what might happened to a ship is dependant on the attitude the particular Government might take on the matter depending on the merits of each case. This may range from a requirement for inspection prior to entry into port to an outright refusal of entry into port.

See also MSC/Circ.1111 Guidance relating to the implementation of SOLAS chapter XI-2 and the ISPS Code
This circular includes:

How can I find out if a ship or port is compliant?

A ship that is compliant should have an International Ship Security Certificate (ISSC).

The "ISPS Code Database", which forms an integral part of the Organization's Global Integrated Shipping Information System (GISIS), contains the information required by SOLAS regulation XI-2/13 as supplied by Contracting Governments, including national maritime security contact points. The ISPS Code database has a section listing ports including whether or not they have an approved port facility security plan (PFSP).

What are major security concerns and potential threats? Are they real or imaginary?

The threat of terrorist acts against the shipping and port industry are real and not imaginary. It is for these reasons the Assembly of IMO, in November 2001, decided that the Organization should review measures and procedures to prevent acts of terrorism which threaten the security of passengers and crew and the safety of ships. It is also obvious that the Contracting Governments to the 1974 SOLAS Convention, when they adopted the special measures to enhance maritime security in December 2002, were well aware of potential threats.

Chapter XI-2 and the ISPS Code provide a methodology of addressing security threats and managing potential risks which ships and ports involved in the international trade may face. IMO is of the view they are adequate to protect the shipping and the port industry if implemented and enforced wisely and effectively in conjunction with the wider United Nations counter terrorism strategy. Ships engaged on domestic voyages and ports which serve such ships need to be addressed by each Government individually and each Government needs to put in place appropriate security measures and procedures to this end based their assessment of the security threats.

Security threats change from day-to-day. Governments need to monitor changes and to offset them, as they occur, by communicating appropriate information and guidance to ships and port facilities. Security is not a static issue and requires continuous awareness, vigilance and prompt response.

The IMO has provided a methodology in addressing the matter by introducing a global minimum standard. Individual Governments can use these as a basis for expansion as appropriate.

What additional/specific security measures and actions would be required at local/regional level to further raise the defence against threats?

All appropriate measures should be taken in accordance with the perceived local needs.

Some examples might include regular and intensive patrolling at the local level in identified vulnerable sea/port areas. In addition, joint patrolling and exchange of real time intelligence and threat perception among countries at a regional level would have a meaningful impact in preventing incidents of piracy and armed robbery against ships.

For measures to be applied for container security, it is important to put in place the necessary measures for shippers and container packers to secure the "real content" of containers. This area is beyond the scope of IMO and necessary measures have been under consideration at the World Customs Organization (WCO).

Will the new security measures imposed after 1 July 2004 will help reduce the piracy and armed robbery incidents?

Logically it should be so. In the months leading up to the 1 July 2004 deadline of the ISPS Code, there has been a reduction in the number of incidents reported to have occurred during the first quarter of 2004. There could be a possible correlation between the two but only a careful monitoring over a longer period would give a firm indication of the long-term trend in this respect.

Chapter XI-2 includes a regulation addressing threats to ships at sea. This regulation requires Governments to set security levels and ensure the provision of security level information to ships operating in their territorial sea or having communicated an intention to enter their territorial sea.

Where a risk of attack has been identified, the Government concerned shall advise the ships concerned and their flag State of the current security level; of any security measures that should be put in place by the ships concerned to protect themselves from attack; and of the security measures that the coastal State has decided to put in place.

Thus, at least the international framework has been put in place to address the matter. Now is up to Governments to implement it.

What are the security concerns and potential threats to oil tankers navigating in narrow straits?

IMO Secretary-General Mr. Efthimios Mitropoulos has stressed the importance of ensuring that strategically important international shipping lanes are protected from the threat of terrorism and remain open for trade at all times and has emphasized the need to ensure that shipping lanes, particularly those of strategic significance and importance, are kept open under all circumstances.

Maritime security experts have identified a number of scenarios: loaded oil tankers could well be hijacked and grounded at environmentally sensitive sea areas to cause pollution or run aground intentionally in narrow channels to block navigation channels. In addition, loaded oil tankers could be used as potential incendiary devices by terrorists near ports and large anchorage areas.

SOLAS regulation XI-2/7 relating to threats to ships at sea requires littoral States to advise the ships concerned and their flag State of the current security level; of any security measures that should be put in place by the ships concerned to protect themselves from attack; and of the security measures that the coastal State has decided to put in place.

How will the code specifically affect ports and shipping in different regions of the world?

The ISPS Code is applicable in the same way to all shipping nations - flag States and port States - globally and universally. All 148 Parties to SOLAS must ensure their ships and port facilities comply with the requirements.

Do these measures go far enough for port and shipping security?

The maritime security provisions of SOLAS chapter XI-2 and the ISPS Code are part of a wider initiative to counter terrorism, including action by the Counter Terrorist Committee of the UN Security Council through resolution 1373, co-operation with the WCO on container security, joint initiatives with the ILO on port security and identification documents etc.

It is better to have a tool that we can refine and improve over time, than nothing at all. After all, those who would wish to spread terror, should they choose to launch an attack against shipping, would surely look to strike where they detect the greatest weakness.

The Maritime Safety Committee and its subsidiary bodies are continuously working on additional elements of and guidance for the mandatory requirements, i.e. Ship Security Alert Systems (SSAs), long-range identification and tracking (LRIT) of ships, control and compliance measures, training and certification of security officers, etc.

Who has to implement the ISPS Code?

It is for the SOLAS Contracting Governments to implement the measures - detailed implementation of the Code is a matter for individual national governments.

We are all aware of the changing world around us and the threat to the maritime industry as demonstrated by the attacks on maritime infrastructure which have taken place. We cannot afford to be complacent.

The ISPS Code was adopted in December 2002 - but IMO had already initiated its regional awareness seminars - seven regional seminars during 2002 - so the idea of security was out there. Although all parties concerned knew that the time frame was very tight, the industry and Governments had sufficient time to prepare. There is no leeway in SOLAS for extensions of the deadline.

What penalties will there be on any Governments who do not ensure compliance with the ISPS Code?

IMO will not impose any penalties - it is not within its remit to do so.

It is to be anticipated that market forces and economic factors will drive compliance.

But the consequences of either initially failing to comply or of failing to maintain continuous compliance with IMO's special measures to enhance maritime security, could be serious and far reaching.

What guidelines are there for dealing with ships/ports that are not compliant after 1 July 2004?

The Maritime Safety Committee (MSC) at its 78th session adopted Guidelines on Control and Compliance Measures to Enhance Maritime Security - MSC/Circ.1111 Guidance relating to the implementation of SOLAS chapter XI-2 and the ISPS Code includes:

Why isn't the IMO directly responsible for the ISPS code and its implementation?

The ISPS Code and other security amendments were adopted under the SOLAS Convention. The Convention itself does not allow for IMO as a body to impose penalties. It provides for individual Contracting Governments to adopt the rules into their own national legislation. So there is no remit under the Convention for IMO as a body to monitor compliance or to go beyond the role set out for it under the Convention.

Is the ISPS Code be a big hindrance to international trade and shipping?

The consequences of either initially failing to comply or of failing to maintain continuous compliance with IMO's special measures to enhance maritime security will be serious and far reaching. But IMO's goal remains the efficiency of shipping.

Regulation XI-2/9 on Control and compliance measures states that when Contracting Governments exercise control:

  • 1 all possible efforts shall be made to avoid a ship being unduly detained or delayed. If a ship is thereby unduly detained, or delayed, it shall be entitled to compensation for any loss or damage suffered; and
  • 2 necessary access to the ship shall not be prevented for emergency or humanitarian reasons and for security purposes.

Why did the IMO leave so much of ISPS open to interpretations?

The ISPS Code is a very detailed document. It includes a mandatory part and a recommendatory part. The recommendatory part is intended to address those areas where very specific characteristics of a ship or port facility may mean that "one size" does not "fit all".

What about the issue of master as a ship security officer?

The Maritime Safety Committee (MSC) has confirmed that neither the drafting of the definition of the SSO nor the provisions of the ISPS Code relating to his responsibilities, training etc. were aimed at preventing the master from being designated as SSO.

According to the ISPS Code, it is the responsibility of the Company and the Company Security Officer to appoint the SSO. This naturally has to be endorsed by the Administration of the flag State and/or the Recognized Security Organization through the approval of the Ship Security Plan and issuing of the International Security Shipping Certificate and/or the relevant training certificate by the Administration as appropriate.

The definition of the SSO should be viewed in conjunction with SOLAS regulation XI-2/8 on "Master's discretion for ship safety and security", which makes it clear that the master has ultimate responsibility for safety and security.

The phrase "accountable to the master" in the definition of SSO is intended to cover those situations, for example on large passenger ships, where the SSO is not the master, by reaffirming that the master has overall responsibility for security. There is implicitly no intention of preventing the master from assuming the duties of SSO, as this would be inconsistent with SOLAS regulation XI-2/8.
It is, of course, for the national Administrations to decide if they wish to impose particular restrictions on who may serve as SSOs on ships flying their flag. This should, however, not be imposed by national Administrations on ships not flying their flag through port State control measures, since this is clearly the prerogative of the Contracting Government of the flag State concerned.

What has IMO done to help developing countries implement the ISPS Code?

In 2002, IMO initiated a major programme under its Integrated Technical Co operation Programme (ITCP) to assist developing countries to contribute to the global effort to protect shipping from terrorist attacks. A sum of US$2,145,000 was set aside in the ITCP for 2002-2003 with a further US$500,000 allocated in 2004-2005 to undertake the work involved.

More than 60 regional and national seminars and workshops on maritime security, together with a number of advisory and assessment missions, have already been undertaken and more are planned. A Maritime Security Trust Fund has been established and financial support and pledges from a number of Member Governments have been received.

Which maritime security model courses are available?

IMO has developed the following Model Courses:

ISPS - Company Security Officer, 2003 edition

This model course aims to provide knowledge to those who may be designated to perform the duties and responsibilities of a Company Security Officer (CSO).

ISPS - Port Facility Security Officer, 2003 edition

This model course aims to provide knowledge to those who may be designated to perform the duties and responsibilities of a Port Facility Security Officer (PFSO).

ISPS - Ship Security Officer, 2003 edition

This model course aims to provide knowledge to those who may be designated to perform the duties and responsibilities of a Ship Security Officer (SSO).

What led to the development of the ISPS Code?

In November 2001, two months after the "9/11" attacks, IMO's 22nd Assembly adopted resolution A.924(22) Review of measures and procedures to prevent acts of terrorism which threaten the security of passengers and crews and the safety of ships, which called for a thorough review of all existing measures already adopted by IMO to combat acts of violence and crime at sea.

The Assembly agreed to hold a diplomatic conference on maritime security in December 2002, to adopt any new regulations that might be deemed necessary to enhance ship and port security and prevent shipping from becoming a target of international terrorism and it also agreed to a significant boost to the Organization's technical co-operation programme of £1.5 million, to help developing countries address maritime security issues.

The ISPS Code and other maritime security measures were developed by IMO's Maritime Safety Committee (MSC) and its Maritime Security Working Group before being adopted by a Conference n Maritime Security in December 2002, with entry into force set for 1 July 2004.


What maritime security measures existed before the ISPS Code and other measures were adopted?

The existing measures prior to the adoption of the ISPS Code included guidelines adopted following the 1985 Achille Lauro incident, in which Palestinian terrorists hijacked an Italian cruiseship and killed a passenger before agreeing terms to end their siege.

Assembly resolution A.584(14) on Measures to prevent unlawful acts which threaten the safety of ships and the security of their passengers and crew, adopted in 1985, invited the MSC to develop detailed and practical technical measures to ensure the security of passengers and crews on board ships, taking into account the work of the International Civil Aviation Organization in the development of standards and recommended practices for airport and aircraft security. In December 1985, the United Nations General Assembly called on the IMO to study the problem of terrorism aboard or against ships with a view to making recommendations on appropriate measures.

In 1986, IMO issued MSC/Circ.443 on Measures to prevent unlawful acts against passengers and crews on board ships gave guidelines on the steps that should be taken, with particular reference to passenger ships engaged on international voyages of 24 hours or more and the port facilities which service them.

In November 1986, work began in IMO's Legal Committee on the preparation of a convention on unlawful acts against the safety of maritime navigation. In March 1988 a conference in Rome adopted the Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation, 1988 and the Protocol for the Suppression of Unlawful Acts Against the Safety of Fixed Platforms Located on the Continental Shelf, 1988.

In 1996 the MSC adopted MSC/Circ.754 on Passenger ferry security.

What issues are under discussion at the Legal Committee with a view to amending the SUA Convention?

The Legal Committee at it last session in April 2004 continued its consideration of a draft protocol to the SUA Convention and Protocol

Most delegations stated their support for the revision and strengthening of the SUA Convention in order to provide an answer to the increasing risks posed by terrorism to maritime navigation. Nevertheless, several delegations referred to the need to ensure that the prospective SUA Protocols do not jeopardize the principle of freedom of navigation and the right of innocent passage which are guaranteed by the 1982 United Nations Convention on the Law of the Sea (UNCLOS), as well as basic principles of international law and the operation of international commercial shipping.

What measures have been adopted in the security communication field?

In order to achieve its objectives, the ISPS Code embodies a number of functional requirements. These include, amongst others, a requirement for the maintenance of communication protocols for ships and port facilities and requirement for means for raising the alarm in reaction to security threats or security incidents.

Neither chapter XI-2 nor the ISPS Code expand, for good reasons, on security communications and the matter is left to the discretion of Governments.

What role would AIS and ship security alert system play?

Ship Security Alert System (SSAS)
The ship security alert system is designed to raise the alarm ashore in reaction to security threats or security incidents by notifying the flag State of the ship without alerting ships or coastal States in the vicinity or giving any indication on board. Use of the ship security alert system is a recognition that security is political and requires different response to a distress or emergency situation on board.

AIS
Operation of AIS in certain sea areas would cause security concern because information broadcast through AIS could be collected by pirates or terrorists. Because of this concern, the last Assembly adopted resolution A 956(23) which allow ship masters to switch off the AIS in specific areas where threat of attack by pirates or terrorists are imminent. IMO has taken an action to cover this area of concern.

Should IMO should be worried about the implications of terrorists or criminals using AIS derived information to target vessels?

IMO has taken an action to cover this area of concern, i.e. that operation of AIS in certain sea areas would cause security concern because information broadcasted through AIS could be collected by pirates or terrorists. Because of this concern, the last Assembly in November 2003 adopted resolution A 956(23) Amendments to the Guidelines for the onboard operational use of shipborne automatic identification systems (AIS) resolution A.917(22) which allows ship masters to switch off the AIS in specific areas where threat of attack by pirates or terrorists are imminent.

AIS is the broadcasting device and information will be made available for everyone without any discrimination. That information will be available for the coast safety agencies and authorities and could equally be available for ill-minded people. AIS itself is a tool used in an information collection system and we can not prevent people misusing that information.

However, AIS is also useful for monitoring the situation over any particular sea area by the security authorities within the security system established by those security authorities.

Concern over the security implication of the operation of AIS can only be overcome by tightening the security control measures to be enforced by the coastal security authorities.

When do ordinary container ships and ro/ros have to fit Ship Security Alert Systems?

New container ships and new ro-ro cargo ships (i.e. container and ro-ro cargo ships constructed on or after 1 July 2004) are required to comply with the requirements of regulation XI-2/6 on ship security alert systems on the date they enter service.

Existing container ships and existing ro-ro cargo ships (i.e. container and ro-ro cargo ships constructed before 1 July 2004) are considered, for the purpose of regulation XI-2/6, as other cargo ships and are required to comply with the requirements for ship security alert system not later than the first survey of their radio installation after 1 July 2006.

Passenger ships includes ro-ro passenger ships. Thus, new ro-ro passenger ships (i.e. ro-ro passenger ships constructed on or after 1 July 2004) are required to comply with the requirements of regulation XI-2/6 on ship security alert systems on the date they enter service. Existing ro-ro passenger ships (i.e. ro-ro passenger ships constructed before 1 July 2004) are required to comply with the requirements for ship security alert system not later than the first survey of their radio installation after 1 July 2004.

Regulation I/3(a)(vi) states that the present regulation (the term regulation is defined in regulation I/2(a) as meaning the regulations contained in the annex to the 1974 SOLAS Convention), unless expressly provided otherwise, do not apply to fishing vessels. Regulation XI-2/2.1 indicates the classes of ships to which the special measures to enhance maritime security apply and does not include fishing vessels. Thus, fishing vessels, irrespective of their size, are not required to be provided with ship security alert systems. However, nothing prohibits a State requiring the fishing vessels flying its flag to be provided with ship security alert systems.

The Maritime Safety Committee has recognized that in a number of occasions certain container ships may meet, in terms of speed, the definition of a high-speed craft. However, such container ships should be treated as cargo ships and not a high-speed crafts falling under the scope of the High Speed Craft Codes.

What is the current situation at WCO in relation to container security?

When adopting the amendments to the 1974 SOLAS Convention and the new ISPS Code concerning special measures to enhance maritime security in 2002, the SOLAS Conference, being aware of the competencies and work of the World Customs Organization (WCO), also adopted a resolution (Conference resolution 9), which, inter-alia, invites the WCO to consider, urgently, measures to enhance security throughout international movements of closed cargo transport units (CTUs). In response to the call for action from the Group of eight (G8) and IMO, the WCO adopted the Resolution on Supply Chain Security and Trade Facilitation in 2002, which addresses a series of steps to protect the international trade supply chain from acts of terrorism. Since the adoption of the resolution, the WCO Task Force was established and developed a package of measures, including:

  • an amended WCO data Model and a list of 27 essential data elements for identification of high risk consignments;
  • Customs guidelines for Advance Cargo Information (ACI Guidelines) to enable the advance (pre arrival) electronic transmission of customs data (Title of these guidelines has recently been changed to "Integrated Supply Chain Management Guidelines" (ISCM Guidelines);
  • WCO High Level Guidelines for Co-operative Arrangements between Members and private industry to increase supply chain security and facilitate the flow of international trade; and
  • a new International Convention on Mutual Administrative Assistance in Customs Matters to assist Members in developing a legal basis to enable the advance electronic transmission of customs data.

WCO is currently working on further development of supplementary instruments for the implementation of the above mentioned major WCO instruments, with a view to finalizing them by the end of 2004.

Measures to be taken by all parties in the supply chain (e.g. shipper, consolidator, terminal operators, warehouse operators etc) for the security of closed cargo transport units (CTUs) have been addressed in principle in the "WCO High Level Guidelines for Co-operative Arrangements between Members and private industry" and more detailed guidelines for each business sector are currently under development by WCO.

What about seafarers identification documents?

Conference resolution 8 (Enhancement of security in co-operation with the International Labour Organization) adopted by the 2002 maritime secuirty conference invited the ILO to continue the development of a Seafarers' Identity Document as a matter of urgency, which should cover, among other things, a document for professional purposes; a verifiable security document; and a certification information document, and invited IMO and the ILO to establish a joint ILO/IMO Working Group to undertake more detailed work on comprehensive port security requirements.

The Seafarers' Identity Documents Convention (Revised), 2003 was adopted in June 2003 and it becomes effective as from 9 February 2005.

Where can I find more information on maritime security?


Information Resources on International Maritime Security and ISPS Code

IMO Latest News


RELATED MATERIAL

Assembly resolutions

Resolution A.955(23) Amendments to the Principles on Safe Manning (Resolution A.890(21))

Resolution A.956(23) Amendments to the Guidelines for the onboard operational use of ship borne automatic identification systems (AIS) (Resolution A.917(22))

Resolution A.959(23) Format and guidelines for the maintenance of the Continuous Synopsis Record (CSR)


MSC Resolutions

Resolution MSC.136(76) Performance standards for a ship security alert system

Resolution MSC.147(77) Adoption of the Revised performance standards for a ship security alert system

Resolution MSC.159(78) Interim guidance on control and compliance measures to enhance maritime security


MSC Circulars

MSC/Circ.1067 Early implementation of the special measures to enhance maritime security

MSC/Circ.1072 Guidance on provision of ship security alert systems

MSC/Circ.1073 Directives for Maritime Rescue Co ordination Centres (MRCCs) on acts of violence against ships

MSC/Circ.1074 Interim Guidelines for the authorization of RSOs acting on behalf of the Administration and/or Designated Authority of a Contracting Government

MSC/Circ.1097 Guidelines for the implementation of SOLAS chapter XI-2 and the ISPS Code

MSC/Circ. 1104 Implementation of SOLAS chapter XI-2 and the ISPS Code

MSC/Circ. 1106 Implementation of SOLAS chapter XI-2 and the ISPS Code to port facilities

MSC/Circ. 1109 False security alerts and distress/security double alerts

MSC/Circ. 1110 Matters related to SOLAS regulations XI-2/6 and XI-2/7

MSC/Circ. 1111 Guidance relating to the implementation of SOLAS chapter XI-2 and the ISPS Code

MSC/Circ. 1112 Shore leave and access to ships under the ISPS Code

MSC/Circ.1113 Guidance to port State control officers on the non-security related elements of the 2002 SOLAS amendments


Model Courses

IMO Model Course 3.19 Ship Security Officer

IMO Model Course 3.20 Company Security Officer

IMO Model Course 3.21 Port Facility Security Officer


Circular Letters

Circular Letter No. 2514 Information required from SOLAS Contracting Governments under the provisions of SOLAS regulation XI-2/13

Circular Letter No. 2529 Information required from SOLAS Contracting Governments under the provisions of SOLAS regulation XI-2/13.1.1 on communication of a single national contact point

Other material

ILO/IMO Code of Practice on Security in Ports