What Is the ISPS Code?
The International Ship and Port Facility Security (ISPS) Code entered into force on July 1, 2004, under SOLAS Chapter XI-2. Developed by the International Maritime Organization (IMO) in response to post-September 11 security concerns, the Code establishes a comprehensive security regime for international shipping covering cooperation between governments, port authorities, and shipping companies.
The Code contains two parts:
Part A (Mandatory): Detailed security requirements that SOLAS contracting governments, port authorities, and shipping companies must implement and maintain.
Part B (Recommended): Guidelines on practical methods for meeting Part A requirements, including training guidance, security measure suggestions, and implementation templates.
According to the IMO, 148 Contracting Parties to SOLAS must enforce compliance. Non-compliant vessels cannot access international ports and cannot receive International Ship Security Certificates required for international operations.
Which Vessels and Facilities Must Comply?
The ISPS Code applies to ships engaged in international voyages, specifically:
-
Passenger ships of any size engaged in international voyages
-
Cargo ships 500 gross tonnage or above engaged in international voyages
-
Mobile offshore drilling units (MODUs)
-
Port facilities serving these vessel types
Exemptions: The Code does not apply to warships, naval auxiliaries, fishing vessels, ships under 500 GT, non-commercial yachts, vessels engaged in domestic-only trades, government vessels on non-commercial service, or wooden ships.
Applicability Complexity
Understanding whether your vessel requires ISPS compliance requires careful analysis:
-
A 499 GT cargo vessel operating internationally: NOT REQUIRED (below 500 GT threshold)
-
A 500 GT cargo vessel on one domestic route, one international route: REQUIRED (engages in at least one international voyage)
-
A 4,000 GT passenger vessel operating only between domestic ports: NOT REQUIRED (domestic-only operation)
-
Any ship in international trade: REQUIRED
When in doubt, consult your flag state administration for definitive applicability determination.
Understanding the Three Security Levels
The ISPS Code establishes three security levels, allowing protective measures to adjust based on current threat assessments. Port authorities and governments determine security levels and communicate them to visiting vessels.
Security Level 1 (Normal)
Minimum protective security measures are maintained at all times at all ports and vessels. Level 1 represents the baseline security posture:
-
Routine access control procedures
-
Cargo and ship store monitoring
-
Standard surveillance operations
-
Personnel and visitor screening
Most ports and vessels operate continuously at Security Level 1.
Security Level 2 (Heightened)
Additional protective measures are implemented for defined periods due to increased security risk. Level 2 activation typically results from:
-
Specific intelligence regarding potential threats
-
Regional security incidents
-
Changes in international security conditions
-
Elevated threat classifications from government authorities
At Level 2, enhanced measures include:
-
Restricted access to port and vessel areas
-
Increased patrols and surveillance
-
Enhanced screening of personnel, cargo, and supplies
-
Closer coordination with security forces
Security Level 3 (Exceptional)
Further specific protective measures are maintained when security incidents are probable or imminent. Level 3 represents the highest alert status:
-
Partial or complete closure of port access points
-
Maximum coordination with security forces and government agencies
-
Potential evacuation procedures
-
Comprehensive response to active security threats
Security levels can progress sequentially (Level 1 → 2 → 3) or jump directly to Level 3 when circumstances demand immediate escalation.
Ship Security Plan Requirements
Every vessel subject to the ISPS Code must maintain an approved Ship Security Plan (SSP). The plan is confidential. Port State Control officers cannot access its contents during routine inspections. Only qualified maritime security auditors or Recognized Security Organization (RSO) auditors are permitted to review the document.
Required SSP Components
The Ship Security Plan must address:
-
Threat prevention: Prevention of unauthorized weapons, dangerous substances, and devices on board
-
Restricted areas: Identification of restricted areas and access control procedures
-
Security procedures: Response procedures for security threats at each of the three security levels
-
Evacuation protocols: Emergency evacuation procedures for security incidents
-
Personnel duties: Defined security responsibilities for shipboard personnel
-
Audit procedures: Security audits, training requirements, drills, and exercises
-
Declaration of Security (DoS): Procedures for executing DoS agreements with port facilities
-
Incident reporting: Procedures for reporting security incidents to the flag state and port authorities
The SSP must be approved by the flag state administration or a Recognized Security Organization before the vessel engages in international voyages. Annual reviews ensure the plan remains current with changing security conditions and vessel operations.
Key Security Personnel and Responsibilities
Three designated security officers form the backbone of ISPS compliance:
Ship Security Officer (SSO)
The Ship Security Officer is responsible for implementing and maintaining the ship's security plan on board. The SSO:
-
Conducts security inspections at intervals not exceeding three months
-
Coordinates with port facility security officers during port calls
-
Ensures crew awareness and training in security procedures
-
Maintains security documentation and incident records
-
Reports security incidents to the Company Security Officer and flags the state
-
Updates the Ship Security Plan based on changing circumstances
The SSO must hold recognized training certification and maintain competency through regular updates.
Company Security Officer (CSO)
Oversees security compliance across the entire fleet. The CSO:
-
Ensures each vessel has an approved Ship Security Plan
-
Arranges security assessments for all company vessels
-
Coordinates security training for ship and shore personnel
-
Liaises with flag state authorities and port facility security officers
-
Maintains company-level security documentation
-
Addresses deficiencies identified during port state control inspections
Port Facility Security Officer (PFSO)
Implements and maintains port facility security plans. The PFSO:
-
Coordinates security measures between the port and visiting vessels
-
Manages access control and perimeter security
-
Oversees cargo and ship store handling security
-
Communicates security level changes to visiting vessels
-
Facilitates Declaration of Security procedures
-
Maintains port security documentation
ISPS Compliance Checklist for Vessels
Use this checklist to verify your vessel meets all ISPS compliance requirements:
Documentation and Certification
-
✓ Valid International Ship Security Certificate (ISSC) on board
-
✓ Approved Ship Security Plan on board and current
-
✓ Security assessment completed within the required timeframe
-
✓ Training records for Ship Security Officer
-
✓ Records of security drills and exercises (minimum three months apart)
-
✓ Flag state requirements referenced and documented
-
✓ Declaration of Security procedures established
Personnel and Training
-
✓ Ship Security Officer designated and trained
-
✓ Company Security Officer appointed for fleet
-
✓ All crew trained in security awareness
-
✓ Security duties assigned at each security level
-
✓ Training records maintained for each crew member
-
✓ Refresher training current (annually minimum)
Physical Security Measures
-
✓ Access points to the vessel are identified and controlled
-
✓ Restricted areas clearly marked and secured
-
✓ Monitoring equipment (CCTV, alarms) operational
-
✓ Security equipment is maintained and tested regularly
-
✓ Perimeter surveillance procedures established
-
✓ Cargo handling security procedures documented
Operational Procedures
-
✓ Communication protocols with port facilities established
-
✓ Incident reporting procedures documented
-
✓ Emergency response procedures current and tested
-
✓ Procedures for adjusting security measures at each level
-
✓ Procedures for handling weapons, explosives, and dangerous materials
-
✓ Personnel screening procedures established
Port Facility Security Requirements
Port facilities must maintain comprehensive security plans addressing:
-
Access control and personnel screening
-
Cargo handling security procedures
-
Ship store and supply delivery protocols
-
Coordination with vessels at different security levels
-
Perimeter monitoring and surveillance
-
Training and drill requirements for facility personnel
-
Communication with vessel security officers
Port facilities must complete security assessments, identifying vulnerabilities and implementing appropriate countermeasures. The resulting Port Facility Security Plan (PFSP) must be approved by the national authority or a Recognized Security Organization.
Certification: The International Ship Security Certificate (ISSC)
Vessels complying with ISPS requirements receive an International Ship Security Certificate (ISSC):
-
Interim Certificate: Valid for up to six months (issued before full-term certification)
-
Full-term Certificate: Valid for five years with intermediate verification between the second and third anniversary dates
-
Renewal: Full-term certificates must be renewed every five years through the flag state or RSO
The ISSC is verification that your vessel maintains approved security plans and meets all ISPS Code requirements. Without a valid ISSC, vessels cannot access international ports.
Modern Compliance Considerations
While the original 2003 Code focused on physical security, modern ISPS compliance increasingly addresses cybersecurity. IMO Resolution MSC.428(98) requires integration of cybersecurity measures into Safety Management Systems and Security Plans.
Staying current with regulatory updates, maintaining proper documentation, and ensuring regular crew training are ongoing responsibilities. Working with experienced maritime compliance partners helps navigate these complex, evolving requirements.
FAQs
Q: What happens if a vessel is not ISPS compliant?
A: Non-compliant vessels may be denied entry to ports, detained for inspection, or face significant fines. The vessel becomes unable to engage in international commerce until compliance is achieved, resulting in substantial financial losses and reputational damage.
Q: How often must security drills be conducted?
A: Security drills should be conducted at intervals not exceeding three months. At least one drill per year should involve coordination with port facility security personnel. Drills must test communication, coordination, and response procedures for various security scenarios.
Q: Can Port State Control inspect the Ship Security Plan?
A: No. The SSP is confidential and protected from routine inspection. Port State Control officers can verify the existence of an approved plan and a valid ISSC, but cannot access plan contents. Only qualified maritime security auditors or RSO auditors are permitted to review the document.
Q: What is a Declaration of Security (DoS)?
A: A Declaration of Security is an agreement between a vessel and port facility addressing security requirements and responsibilities during ship-port interface activities (cargo operations, passenger embarkation, etc.). The DoS clarifies which party is responsible for specific security measures and coordinates security arrangements.
Q: How does ISPS Code relate to other maritime regulations?
A: The ISPS Code forms part of SOLAS Chapter XI-2 and complements other IMO conventions. ISPS compliance works alongside the International Safety Management (ISM) Code for broader safety management and integrates with modern cybersecurity requirements.
Related Resources
American Nautical Services supports maritime security and compliance through access to current SOLAS publications, flag state compliance resources, and expert guidance. Contact our maritime security specialists for personalized assistance in achieving and maintaining full ISPS compliance across your fleet or port facility.
