What is ISPS Code?

ISPS Code or the International Ship and Port Facility Security Code is a collection of guidelines for the security of the ship her crew, cargo and the port facility.

Regulations require vessels to enforce the provisions of this code wherever they may be- at sea or in port. The port facility maintains such regulations every time a ship calls to her.

But before the implementation of the ISPS Code, the industry largely neglected maritime security. Ships were much focused on her safety aspect. Correlation between security and safety were blurry until the fateful 9/11 attack.


Pre-ISPS Era

In a normal port stay, visitors would find nobody on the gangway. The duty watchman might be busy somewhere else. He could be with the surveyor, in the cargo control room, forward or aft station or having coffee in the duty mess.

Vessels follow no specific security guidelines. As long as visitors embarking on ships have no guns, knife or deadly weapon, they are not considered a threat.

They can go straight to the ship’s office. Only there that ship’s crew can identify him. Evidently, security duties were in a case to case basis, perhaps at Master’s discretion.


Security Incidents

Before the adoption of the ISPS Code, there were already infamous maritime disasters associated with terrorism and breaches of security.

On October 7, 1985, four Palestinian terrorists armed to the teeth hijacked the Italian cruise ship Achille Lauro. As a result, the International Maritime Organization (IMO) issued an anti-piracy advice. Cruise ships mostly implemented it but was largely ignored by the rest of the industry.

In the coast of Black Sea, an armed group hijacked a Panamanian-registered ferry loaded with 177 passengers and 55 crew. They threatened to kill the 100 Russian passengers if their demands were not met. Fortunately, the event which happened on January 16-19, 1996 ended without a bloodshed.

During a routine fuel stop, a small craft exploded in the port side of USS Cole. The attack happened on October 12, 2000 killing 17 sailors and injuring 39.

A dinghy packed with high explosives rammed the starboard side of oil tanker Limburg. The vessel caught fire while spilling 90,000 barrels of oil. One crew member got killed in that incident on October 6, 2002.

Crew entering the watertight door marked with "Restricted Area".

Crew entering the watertight door marked with “Restricted Area”.

The 9-11 Attack

Perhaps, the wake up call for the shipping industry in developing security protocols was after the World Trade Center bombing.

The incident brought to light the vulnerabilities of the shipping industry against hijacking and terrorism.

In short, ship security became a top priority which is second only to safety.


History of the ISPS Code

Over a month following the attack on September 11, 2001, the IMO quickly made its move. It called for a thorough review of all existing measures and procedures to prevent acts of terrorism which threaten the passengers, the crews and the safety of ships.

Thus on December 12, 2002, the ISPS Code was adopted to the International Convention for the Safety of Life at Sea, 1974 (SOLAS ‘74).

The existing Chapter XI of SOLAS was amended and re-identified as Chapter XI-1 as “Special Measures to Enhance Maritime Safety“. A new Chapter XI-2 was adopted and became “Special Measures to Enhance Maritime Security.”



The complete name of this Code is the International Code for the Security of Ships and of Port Facilities. It entered into force on January 01, 2004 became mandatory on July 01, 2004.

This Code consists of two parts. Part A lays out minimum mandatory regulations that ships and ports must follow. Though not mandatory, Part B provides more detailed guidelines which complements Part A.

However, implementing Part B must not create conflict or inconsistencies with Part A of the ISPS Code.


Objectives of the ISPS Code

The International Code for the Security of Ships and of Port Facilities, or dubbed as the International Ship and Port Facility Security (ISPS) Code aims to enhance the security of ships and ports.

To illustrate, its objectives are the following:

  1. Establish an international framework involving cooperation between Contracting Governments, Government Agencies, local administrations, and the shipping and port industries. Their collective goal is to detect/ assess security threats and take preventive measures against security incidents affecting ships or port facilities used in international trade.
  2. Set up the respective roles and responsibilities of all parties concerned at the national and international level for ensuring maritime security.
  3. Ensure the early and efficient collation and exchange of security related information.
  4. Provide methodology for security related assessments so as to have in place plans and procedures to react changing security levels.
  5. Ensure confidence that adequate and proportionate maritime security measures are in place.


Functional Requirements

The Code embodies a number of functional requirements to achieve its objectives.

These include, but are not limited to:

  1. Gathering and assessing information with respect to security threats and exchanging such information with appropriate Contracting Governments;
  2. Requiring the maintenance of communication protocols for ships and port facilities;
  3. Preventing unauthorized access to ships, port facilities and their restricted areas;
  4. Providing means for raising the alarm in reaction to security threats or security incidents;
  5. Requiring ship and port facility security plans based upon security assessments; and
  6. Preventing the introduction of unauthorized weapons, incendiary devices or explosives to ships or port facilities;
  7. Requiring ISPS training, drills and exercises to ensure familiarity with security plans and procedures.


Door marked with "Restricted Area". This is in accordance with ISPS Code.

The Ship Security Plan includes marking of “Restricted Area” to some important spaces on board.


By the name itself, the ISPS Code applies to ships and port facilities. But looking into the “micro” would direct us to ask, “what types of ships? What size? and Which ports?”

Here below are the specifics to which the Code covers, namely:

  1. The following types of ships engaged on international voyages:
    • passenger ships, including high-speed passenger craft;
    • cargo ships, including high-speed craft, of 500 gross tonnage and upwards; and
    • mobile offshore drilling units; and
  1. Port facilities serving such ships engaged on international voyages.

Do note that cargo ships, as per SOLAS definition, is any ship which is not a passenger ship.

However, the Code exempts warships, naval auxiliaries or other ships owned or operated by a Contracting Government . As long as they are used only on Government non-commercial service, the regulations here do not cover these ships.


ISPS Code for Ships

Merchant ship designs focus primarily on safety while considering its earning capacity and stability. She has limited security features to which the human element augments and plays the biggest role.

Agreeably, threats of smuggling, theft, stowaways, piracy, hijacking, and terrorism attacks are real. A properly implemented security plan on board could be enough to detect and deter them.

Security drills, exercises and training are very essential in keeping the crew refreshed in case the ships encounters a breach of security.

Here are the basic elements of the ISPS Code on board.


Company Security Officer (CSO)

Is a company designated person in charge of carrying out a ship security assessment. He is also responsible in developing, implementing and maintaining the ship security plan.

Moreover, the CSO is responsible for satisfactory development of the SSP whether prepared by the Company itself or a contracted organization.

His job includes fixing any deficiencies, non-conformities and modifications in the SSP as per ISPS standards. He also serves as liaison with port facility security officers and the ship security officer.


Ship Security Assessment (SSA)

Before developing an SSP, a Ship Security Assessment is first conducted.

An SSA is an on-scene security survey of a vessel. On this survey, an investigation identifies possible threats and security weaknesses. Such threats include whether the ship is at sea or in port.

Equally important, the assessment considers the vessel’s particular features and key shipboard operations.

After determining the vulnerabilities, the surveyors proposes counter-measures to address them by patching any security holes. An SSA evaluates existing measures, procedures and operations and updates them periodically.


Ship Security Plan (SSP)

A Ship Security Plan is document containing plans to ensure the application of security measures on board. It consists of procedures to protect persons, cargoes, cargo transport units, ship’s stores or the ship itself from risks of security breaches.

Furthermore, the plan indicates security duties of each crew member under each security levels. Included in the SSP are specific guidelines on different security threats and how the vessel must respond to them.

The SSP is developed from the information compiled in the SSA.


Ship Security Officer (SSO)

An SSO is a person on board responsible for the security of the ship. His main duty is implementing and maintaining the ship security plan.

He is accountable to the Master and thus ensure that he reports any security incidents. Moreover, he maintains security equipment and provides adequate training to shipboard personnel.

His job is to guarantee that the vessel carries out regular security inspections including proposals for the modification of the SSP.

In addition, he serves as liaison between the Company Security Officer and Port Facility Security Officers.


Ship Security Alert System (SSAS)

An SSAS is a silent alarm that does not raise any visible or audible alarm on board the ship or to other ship when activated. The alert transmits to a competent authority designated by the Administration including the company.

There must be at least two activating points of the SSAS: one in the bridge and the other in a different location.

Additionally, an SSAS alert transmits only three information; the identity of the ship, its location and an indication that her security is under threat or it has been compromised.


Declaration of Security (DoS)

A DoS is a document signifying an agreement between the ship and the port infrastructure or with other ships with which it interfaces. It indicates various security measures each will undertake under the provisions of their respective approved security plans.

The Master or SSO and the Port Facility Security Officer completes the Declaration of Security.


ISPS Code and Port Facilities

The Code requires port facilities to set up security measures against all forms of threats. Terrorism or bombing are not the only dangers present.

In fact, smuggling, stowaways, theft, tampering with cargo and blockage of port entrances or locks are incidents that they should prepare against.

Port facilities are opportunities for terrorists to launch attacks on ships hence port security is vital.


Port Facility Security Assessment (PFSA)

A Port Facility Security Assessment is fundamentally a risk analysis of all aspects of a port facility’s operation. It’s aim is to determine which part(s) of it are more susceptible, and/or more likely, to be the subject of attack.

Similarly, PFSA is the counterpart of SSA. It is an essential and integral part of the process of developing and updating the port facility security plan, or SSO for vessels.


Port Facility Security Plan (PFSP)

A PFSP is a plan developed to ensure the application of measures designed to protect the port facility and ships. This includes persons, cargo, cargo transport units and ship’s stores within the port facility from the risks of a security incident.

The plan indicates the operational and physical security measures the port facility takes on security levels 1, 2 and 3.


Port Facility Security Officer (PFSO)

PFSO is a person designated as responsible for the development, implementation, revision and maintenance of the port facility security plan. He also functions as liaison with the ship security officers and company security officers.

The PFSO is the counterpart of SSO. Thus, one of his job is to ensure adequate training to personnel responsible for the security of the port infrastructure.


ISPS Code Security Levels

The ISPS Code requires ships and port facilities to operate on security levels. Contracting Governments normally assign these levels. In the United States, they call it MARSEC Levels or Maritime Security Levels.

Each level of security has corresponding actions that ports and ships implement to ensure their safety. Correspondingly, higher level means the presence of bigger and impending threats.


Maritime Security Level Displayed On Board.

Maritime Security Level Displayed On Board.


Security Level 1: Normal

This is the level where ship or port facility normally operates. It means that ships and port maintain minimum appropriate protective security measures at all times.

In other words, these are the normal, every day security measures. The threat of an unlawful act against a vessel or port is possible, but not likely.

Ship and port allow shore leave only in this level.


Security Level 2: Heightened

On this level, ships and ports implement appropriate additional protective security measures for a period of time as a result of heightened risk of a security incident.

The risk level indicates that a particular segment of the industry may be in jeopardy, but that no specific target has been identified.

Ship or port facility may suspend or slow down cargo operations.


Security Level 3: Exceptional

Level 3 applies for a period of time when there is a probable or imminent risk of a security incident.

Further specific protective security measures is maintained for a limited period of time when a security incident is probable or imminent. However, it may not be possible to identify the specific target.

Cargo operations, store deliveries, going alongside or departing port, accepting visitors and ballasting/ de-ballasting may be cancelled.

The vessel may have the same or higher security level than that of the port. However, in no case that their level of security be lower than that of the port facility.


ISPS Certification

Certificates are issued to ships complying the International Code for the Security of Ships and of Port Facilities (ISPS Code).

Port State Control Officers often check them if they are still valid. If not, the vessel could face fine or penalties.


International Ship Security Certificate

This certifies that the security system and any associated security equipment of the ship has been verified in accordance with the ISPS Code.


International Ship Security Certificate

International Ship Security Certificate

The certificate also states that the vessel has an approved Ship Security Plan (SSP).

Interim International Ship Security Certificate

After July 1, 2004, a ship without a certificate, on delivery or prior to its entry or re-entry into service is given an Interim International Ship Security Certificate.


Interim International Ship Security Certificate

Interim International Ship Security Certificate


Furthermore, the Administration provides this certificate to a ship transferred between flags of Contracting Governments.

Lastly, a Company assuming the responsibility for the operation of a ship not previously operated by that Company is also provided with an interim certificate.

Ship Security Awareness Training and Seafarers with Designated Security Duties (SSAT-SDSD)

Since the crew play vital roles in ship security, training them is important.

The SSAT-SDSD certifies that the holder of the certificate is competent, and therefore is capable, of performing the required competency on security duties.

Security training is part of the International Ship and Port Facility Security Code. You can find the specifics stated in STCW Convention.


Future of Maritime Security

Maritime security has come a long way since its entry into force. However, threat still remains and continue to evolve. A new area with which shipping companies need to focus on is cyber security.

ISPS only focuses on the physical aspects of security. There is a growing trend of connectivity using the internet in which attacks are happening. Moreover, companies are now building autonomous vessels which may sail without crew on board.

May the winds be on your favor.


%d bloggers like this: