ISPS Code – Basic Elements & Guide to Maritime Security

by | Last updated May 9, 2024 | Maritime Regulations, Maritime Security | 0 comments

What is the ISPS Code?

ISPS Code or the International Ship and Port Facility Security Code is a collection of guidelines for the security of the ship her crew, cargo, and the port facility.

It is part of SOLAS and you can find more about it in Chapter XI-2 of that book.

Regulations require vessels to enforce the provisions of this code wherever they may be at sea or in port. The port facility maintains such regulations every time a vessel calls to her.

But before the implementation of the ISPS Code, the industry largely neglected maritime security. 

Vessels were much more focused on her safety aspect. The correlation between security and safety was blurry until the fateful 9/11 attack.

Pre-ISPS Era

In a normal port stay, visitors would find nobody on the gangway. The duty watchman might be busy somewhere else. 

He could be with the surveyor, in the cargo control room, forward or aft station, or having coffee in the duty mess.

Vessels follow no specific security guidelines. As long as embarking visitors have no guns, knives, or deadly weapons, they are not considered a threat.

They can go straight to the ship’s office. Only there that the crew can identify him. Evidently, security duties were on a case-to-case basis, perhaps at Master’s discretion.

Security Incidents

Before the adoption of the ISPS Code, there were already infamous maritime disasters associated with terrorism and breaches of security.

On October 7, 1985, four Palestinian terrorists armed to the teeth hijacked the Italian cruise liner Achille Lauro. 

As a result, the International Maritime Organization (IMO) issued an anti-piracy advice. Cruise ships mostly implemented it but was largely ignored by the rest of the industry.

On the coast of the Black Sea, an armed group hijacked a Panamanian-registered ferry loaded with 177 passengers and 55 crew. They threatened to kill the 100 Russian passengers if their demands were not met. Fortunately, the event which happened on January 16-19, 1996 ended without bloodshed.

During a routine fuel stop, a small craft exploded in the port side of USS Cole. The attack happened on October 12, 2000, killing 17 sailors and injuring 39.

A dinghy packed with high explosives rammed the starboard side of oil tanker Limburg. The vessel caught fire while spilling 90,000 barrels of oil. One crew member was killed in that incident on October 6, 2002.

Crew entering the watertight door marked with "Restricted Area".
Doors leading to restricted Area.

The 9-11 Attack

Perhaps, the wake-up call for the maritime industry in developing security protocols was after the World Trade Center bombing.

The incident brought to light the vulnerabilities of the shipping industry against hijacking and terrorism.

After that, ship security became a top priority which is second only to safety.

History of the ISPS Code

Over a month following the attack on September 11, 2001, the IMO quickly made its move. 

It called for a thorough review of all existing measures and procedures to prevent acts of terrorism that threaten the passengers, the crews, and the safety of ships.

Thus on December 12, 2002, the ISPS Code was adopted by the International Convention for the Safety of Life at Sea, 1974 (SOLAS ‘74).

The existing Chapter XI of SOLAS was amended and re-identified as Chapter XI-1 as “Special Measures to Enhance Maritime Safety“. 

A new Chapter XI-2 was adopted and became “Special Measures to Enhance Maritime Security.”


The complete name of this Code is the International Code for the Security of Ships and Port Facilities. It entered into force on January 01, 2004, and became mandatory on July 01, 2004.

This Code consists of two parts. 

Part A lays out minimum mandatory regulations that vessels and ports must follow. Though not mandatory, Part B provides more detailed guidelines that complement Part A.

However, implementing Part B must not create conflict or inconsistencies with Part A of the ISPS Code.

Objectives of the ISPS Code

The International Code for the Security of Ships and of Port Facilities, dubbed as the International Ship and Port Facility Security (ISPS) Code aims to enhance the security of vessels and ports.

To illustrate, its objectives are the following:

  1. Establish an international framework involving cooperation between Contracting Governments, Government Agencies, local administrations, and the shipping and port industries.
  2. Set up the respective roles and responsibilities of all parties concerned at the national and international level for ensuring maritime security.
  3. Ensure the early and efficient collation and exchange of security-related information.
  4. Provide methodology for security-related assessments so as to have in place plans and procedures to react to changing security levels.
  5. Ensure confidence that adequate and proportionate maritime security measures are in place.

Functional Requirements

The Code embodies a number of functional requirements to achieve its objectives.

These include, but are not limited to:

  1. Gathering and assessing information with respect to security threats and exchanging such information with appropriate Contracting Governments;
  2. Requiring the maintenance of communication protocols for ships and port facilities;
  3. Preventing unauthorized access to vessels, port facilities, and their restricted areas;
  4. Providing means for raising the alarm in reaction to security threats or security incidents;
  5. Requiring vessels and port facility security plans based on security assessments; and
  6. Preventing the introduction of unauthorized weapons, incendiary devices, or explosives to ships or port facilities;
  7. Requiring ISPS training, drills, and exercises to ensure familiarity with security plans and procedures.
Door marked with "Restricted Area". This is in accordance with ISPS Code.
The Ship Security Plan includes marking of “Restricted Area” to some important spaces on board.


By the name itself, the ISPS Code applies to ships and port facilities. 

But looking into the “micro” would direct us to ask, 

“What types of ships? What size? and ,Which ports?”

Here below are the specifics to which the Code covers, namely:

  1. The following types engaged in international voyages:
  • passenger liners, including high-speed passenger craft;
  • cargo carriers, including high-speed craft, of 500 gross tonnage and upwards; and
  • mobile offshore drilling units; and
  1. Port facilities serving such ships engaged on international voyages.

Do note that a cargo ship, as per SOLAS definition, is any carrier that is not a passenger vessel.

However, the Code exempts warships, naval auxiliaries, or other watercraft owned or operated by a Contracting Government. 

As long as they are used only on Government non-commercial services, the regulations here do not cover these types.

ISPS Code for Ships

The designs of merchant ships focus primarily on safety while considering their earning capacity and stability. 

She has limited security features to which the human element augments and plays the biggest role.

Agreeably, threats of smuggling, theft, stowaways, piracy, hijacking, and terrorism attacks are real. A properly implemented security plan on board could be enough to detect and deter them.

Security drills, exercises, and training are essential in keeping the crew refreshed in case the ship encounters a breach of security.

Here are the basic elements of the ISPS Code on board.

Basic Elements of the ISPS Code

Company Security Officer (CSO)

Is a company-designated person in charge of carrying out a ship security assessment.

Moreover, the CSO is responsible for developing, implementing, and maintaining the Ship Security Plan (SSP) whether prepared by the Company itself or a contracted organization.

His job includes fixing any deficiencies, non-conformities, and modifications in the SSP as per ISPS standards. 

He also serves as liaison with port facility security officers (PFSO) and the ship security officer (SSO).

Ship Security Assessment (SSA)

Before developing an SSP, a Ship Security Assessment is first conducted.

An SSA is an on-scene security survey of a vessel. 

In this survey, an investigation identifies possible threats and security weaknesses. Such threats include whether the vessel is at sea or in port.

Equally important, the assessment considers the vessel’s particular features and key shipboard operations.

After determining the vulnerabilities, the surveyors propose countermeasures to address them by patching any security holes. 

An SSA evaluates existing measures, procedures, and operations and updates them periodically.

Ship Security Plan (SSP)

A Ship Security Plan is a document containing plans to ensure the application of security measures on board. 

It consists of procedures to protect persons, cargoes, cargo transport units, stores, or the vessel itself from risks of security breaches.

Furthermore, the plan indicates the security duties of each crew member under each security level

Included in the SSP are specific guidelines on different security threats and how the vessel must respond to them.

The SSP is developed from the information compiled in the SSA.

Ship Security Officer (SSO)

An SSO is a person on board responsible for the security of the vessel. His main duty is implementing and maintaining the ship security plan.

He is accountable to the Master and thus ensures that he reports any security incidents. Moreover, he maintains security equipment and provides adequate training to shipboard personnel.

His job is to guarantee that the vessel carries out regular security inspections including proposals for the modification of the SSP.

In addition, he serves as the liaison between the Company Security Officer and Port Facility Security Officers.

Ship Security Alert System (SSAS)

An SSAS is a silent alarm that does not raise any visible or audible alarm on board the ship or to others when activated. 

The alert is transmitted to a competent authority designated by the Administration including the company.

There must be at least two activating points of the SSAS: one in the bridge and the other in a different location.

Additionally, an SSAS alert transmits only three information; the identity of the ship, its location, and an indication that her security is under threat or it has been compromised.

Declaration of Security (DoS)

A DoS is a document signifying an agreement between the ship and the port infrastructure or with other ships with which it interfaces. 

It indicates various security measures each will undertake under the provisions of their respective approved security plans.

The Master or SSO and the Port Facility Security Officer complete the Declaration of Security.

ISPS Code for Port Facilities

The Code requires port facilities to set up security measures against all forms of threats. Terrorism or bombing are not the only dangers present.

In fact, smuggling, stowaways, theft, tampering with cargo, and blockage of port entrances or locks are incidents that they should prepare against.

Port facilities are opportunities for terrorists to launch attacks on ships hence port security is vital.

Port Facility Security Assessment (PFSA)

A Port Facility Security Assessment is fundamentally a risk analysis of all aspects of a port facility’s operation. 

Its aim is to determine which part(s) of it are more susceptible, and/or more likely, to be the subject of attack.

Similarly, PFSA is the counterpart of SSA. It is an essential and integral part of the process of developing and updating the port facility security plan, or SSO for vessels.

Port Facility Security Plan (PFSP)

A PFSP is a plan developed to ensure the application of measures designed to protect the port facility and ships. 

This includes persons, cargo, cargo transport units, and stores within the port facility from the risks of a security incident.

The plan indicates the operational and physical security measures the port facility takes on security levels 1, 2, and 3.

Port Facility Security Officer (PFSO)

A PFSO is a person designated as responsible for the development, implementation, revision, and maintenance of the port facility security plan. 

He also functions as a liaison with the ship security officers and company security officers.

The PFSO is the counterpart of SSO. Thus, one of his jobs is to ensure adequate training for personnel responsible for the security of the port infrastructure.

Security/ MARSEC Levels

The ISPS Code requires vessels and port facilities to operate on security levels. Contracting Governments normally assign these levels. 

In the United States, they call it MARSEC Levels or Maritime Security Levels.

Each level of security has corresponding actions that ports and ships implement to ensure their safety. Correspondingly, a higher level means the presence of bigger impending threats.

Maritime Security Level Displayed On Board.
Maritime Security Level 1.

Security Level 1: Normal

This is the level where the vessel or port facility normally operates. It means that ships and ports maintain minimum appropriate protective security measures at all times.

In other words, these are the normal, everyday security measures. The threat of an unlawful act against a vessel or port is possible, but not likely.

Vessels and ports allow shore leave only at this level.

Security Level 2: Heightened

On this level, ships and ports implement appropriate additional protective security measures for a period of time as a result of a heightened risk of a security incident.

The risk level indicates that a particular segment of the industry may be in jeopardy, but that no specific target has been identified.

Ship or port facility may suspend or slow down cargo operations.

Security Level 3: Exceptional

Level 3 applies for a period of time when there is a probable or imminent risk of a security incident.

Further specific protective security measures are maintained for a limited period of time when a security incident is probable or imminent. 

However, it may not be possible to identify the specific target.

Cargo operations, store deliveries, going alongside or departing port, accepting visitors, and ballasting/ de-ballasting may be canceled.

All parts of the ship are monitored with frequent rounds and lighting to quickly deter or identify any security threat.

The vessel may have the same or higher security level than that of the port. However, in no case that their level of security is lower than that of the port facility.

ISPS Certification

Certificates are issued to vessels complying with the International Code for the Security of Ships and of Port Facilities (ISPS Code).

Port State Control Officers often check them if they are still valid. If not, the vessel could face fines or penalties.

International Ship Security Certificate

This certifies that the security system and any associated security equipment of the vessel have been verified in accordance with the ISPS Code.

The certificate also states that the vessel has an approved Ship Security Plan (SSP).

International Ship Security Certificate
International Ship Security Certificate.

Interim International Ship Security Certificate

After July 1, 2004, a vessel without a certificate, on delivery or prior to its entry or re-entry into service is given an Interim International Ship Security Certificate.

Furthermore, the Administration provides this certificate to a vessel transferred between flags of Contracting Governments.

Lastly, a Company assuming the responsibility for the operation of a vessel not previously operated by that Company is also provided with an interim certificate.

Interim International Ship Security Certificate
Interim International Ship Security Certificate.

Ship Security Awareness Training and Seafarers with Designated Security Duties (SSAT-SDSD)

Since the crew plays a vital role in vessel security, training them is important.

The SSAT-SDSD certifies that the holder of the certificate is competent, and therefore is capable, of performing the required competency on security duties.

Security training is part of the International Ship and Port Facility Security Code. You can find the specifics stated in the STCW Convention.

Future of Maritime Security

Maritime security has come a long way since its entry into force. However, the threat still remains and continues to evolve. 

A new area with which shipping companies need to focus on is cyber security.

ISPS only focuses on the physical aspects of security. There is a growing trend of connectivity using the internet in which attacks are happening. 

Moreover, companies are now building autonomous vessels that may sail without crew on board.

May the winds be in your favor.




  1. Fighting Guns with Guns Private Maritime Security Companies Who Protect Vessels Against Piracy - […] Their 40-year experience in ship security and protection earned them a seat with the IMO during the development of…
  2. ISPS Code- Basic Elements and Guide to Maritime Security - Maritime Shipping News - […] […]

Submit a Comment

Your email address will not be published. Required fields are marked *