ISPS Code - Security Procedures
ISPS Code - Security Procedures
International Ship and Port Facility Security Code Ship Security Procedures
International Ship and Port Facility Security (ISPS) Code: A practical approach to ship security
IDS International
Lloyds Register of Shipping, its affiliates and subsidiaries and their respective officers, employees or agents are, individually and collectively, referred to in this clause as the Lloyd's Register Group. The Lloyd's Register Group assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Lloyd's Register Group entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.
Page 2 of 34
This procedures manual will form part of the Ship Security Plan. It should contain sufficient procedures to demonstrate how the security measures identified from the Ship Security Assessment will be implemented onboard. The examples given here are not intended to provide a definitive list of all the required procedures. All requirements of ISPS A/7 and 9.4 (including the relevant guidance in Part B) should be covered either in these procedures or in the ship security plan. The number and scope of procedures required to demonstrate compliance will vary from company to company. Procedures should be written in such a way as to reflect the operational requirements of the company and in a style and format consistent with existing procedural documentation, such as the safety management documentation required by the ISM Code. Where procedures are duplicated from other manuals (examples may include Internal Audit, Review, etc), it is recommended that these procedures are reproduced in full. This is because the Ship Security Plan is subject to formal approval by the Administration and a simple cross reference to part of another management system manual would make that part of the manual also subject to the formal approval process of the Ship Security Plan. Administrations will require certain amendments to the Ship Security Plan to be approved before implementation. The scope of these amendments will vary from Administration to Administration. All persons involved in amending, reviewing and updating Ship Security Plans should be aware of these requirements for the appropriate Administrations.
Rev
0 Initial Issue
Description
Approval Y/N?
Yes
Approval (date)
01/01/04
Date
Implemented
01/01/04
Index
Title Compilation, Issue and amendment of Documents related to security 1 0 Introduction and overview 2 0 Company Security Organisation the Master and the Ship Security Officer 3 0 Security Levels onboard 4 0 Access to the ship 5 0 Access within the ship and Restricted Areas 6 0 Interfacing with port facilities and ships in compliance with SOLAS XI-2 7 0 Interfacing with port facilities and ships NOT in compliance with SOLAS XI-2 8 0 Security considerations for cargo (Dry Bulk Carriers) 9 0 Security considerations for ships stores and bunkering 10 0 Security monitoring onboard ship 11 0 Communications relating to ship security 12* 0 The Ship Security Alert System 13 0 Security Equipment 14 0 Security Training (including Drills and Exercises) 15 0 Internal Safety and Security Audits 16 0 Management Reviews 17 Responding to security threats and breaches of security *This procedure is retained in a secure location separate from this manual Note: These procedures shall be followed in addition to those Rules, Regulations, Codes and Guidelines which are applicable to this ship. Section 0 Rev 0
Index Page 5 of 34
1.1 This procedure describes how the Security Procedures and all other company documents relevant to the management of onboard security activities are compiled, issued and amended. All procedures are controlled documents.
2.0
Introduction
2.1 Appendix A to this procedure describes the objectives of the documented security management system and gives guidelines for the contents of associated documents. 2.2 Appendix B to this procedure lists the personnel to be involved with the development of procedures and work instructions.
3.0
Responsibilities
3.1 The appropriate Managers in Appendix B shall be responsible for the identification, compilation and amendment of procedures plans and other company documents in accordance with the requirements of this procedure and its appendices. 3.2 The CSO is responsible for the controlled issue of procedures and work instructions. 3.3 The designated holders of any document file are responsible for updating their own copy on receipt of new or amended procedures and keeping confidential both current and superseded copies.
4.0
4.1 4.1.1 a
Detail
Format: Procedures shall be drafted on white paper in the following format:
The first or second page shall indicate. Procedure number. Issue date. Page number. Authorisation. Title. Scope. Responsibilities. Detailed instructions.
b The second and subsequent pages shall indicate: Procedure number. Page number. Note: If pages are loose leaf the issue date shall be listed on all pages.
The first page shall indicate: Ships Name and IMO Number. Flag State and Port of Registry. Issue date. Page number. Authorisation.
b The second or subsequent pages shall indicate: Ships Name and IMO Number. Page number. Note: If pages are loose leaf the issue date shall be listed on all pages. 4.2
4.2.1 In order to ensure that operating procedures and associated instructions accurately reflect current Company practice, the contents of draft procedures shall be based on the following: a The guidelines in appendix A to this procedure. b Previous existing documentation. c Precise notes prepared by senior staff or appointed representative describing various routines or activities. d Notes arising from discussions with staff. 4.2.2 All procedures and instructions shall clearly define the relevant task and assign it to qualified personnel. 4.2.3 On completion of the written draft, the author shall forward it to the appropriate Manager for approval prior to typing. The Master copy shall be signed by the relevant personnel to indicate their agreement to the written procedure. 4.2.4 The CSO shall arrange for typing on red paper1 and shall authorise the issue of the typed procedure by signing and dating the first page in the block provided. All drafts shall then be destroyed. 4.2.5 A new procedure shall be issued together with an updated File Revision List and a transmittal memorandum. Procedures will be issued on a "need to know" basis and the number of copies in each area shall be such that each person shall have ready access to a copy as required. Access to security procedures and all other company documentation relating to security shall be strictly controlled. Photocopying of any such documents is strictly prohibited. No locally controlled or uncontrolled copies are to be produced. 4.2.6 The master copy of each procedure are retained in a Master File retained by the CSO 4.2.7 The CSO shall be responsible for maintaining the distribution list of procedures and the ship security plan. 4.2.8 All Security Procedures and the Ship Security Plan shall be treated as strictly confidential and their contents shall not be disclosed to any outside party. Masters shall be aware of restrictions on disclosure of
1 Security documentation is to be printed on red paper to make such documentation easily identifiable and to avoid confusion with non confidential items. In addition, the use of red paper makes photocopying of documents considerably more difficult, thus discouraging working copies.
Amendment:
4.3.1 When subject to review and approval by the Flag Administration, changes are required to a procedure or the ship security plan then this should be co-ordinated through the CSO. All staff involved in the review and amendment process shall be aware of the relevant Flag State requirements for amendments that require APPROVAL BEFORE IMPLIMENTATION ONBOARD. The CSO holds details of all such amendments applicable to ships currently being operated. 4.3.2 When a procedure or work instruction is amended its revision date shall be changed and a completely new issue shall be authorised for release by the CSO. 4.3.3 The master copy shall be removed from the file, marked superseded and filed in the appropriate procedure or work instructions amendment file. 4.3.4 In order to ensure that the nature of the change can be readily identified, the revised parts or wording shall be highlighted in the text of the procedure by a single line adjacent to the amendment. The highlighting shall only be applied to the most recent changes. 4.3.5 Brief details of the amendments, together with the procedure and work instructions number and revision date shall be recorded in the appropriate Procedure File Revision List. 4.3.6 Copies of the following are produced and distributed to all holders of a document file: a Procedure File Revisions List. b Procedure Transmittal Memorandum. c The amended Procedure. 4.4 Receipt: 4.4.1 On receipt of a new or amended procedure or work instruction and the associated documentation the recipient shall: a remove from the document file any superseded pages, File Revisions List and destroy them. b insert the new and amended pages and replacement File Revision List. c sign and return the Amendment Transmittal memorandum. 4.5 Should an individual recognise a need for a new procedure/instruction, he shall communicate that need in writing to the relevant Manager or through the company or ship's safety and security meetings.
5.0
Records/References
Amendment File. Transmittal Memorandum. File Revision List. Distribution List. Master Copy File.
Appendix A:
System Documentation
1.0 Objectives:
1.1 The objectives for the company's Documented System are: a To have the documented management system of onboard security activities documented in a hierarchical structure. b For the hierarchical System documents to be titled and numbered in one style. c That each document in the company which affects or could affect the safety/pollution prevention of the company's operations may be included in this documentation either directly or by crossreference. All documents affecting the security of operations shall be included here.
2.0
2.1
Documentation Structure
The hierarchical structure of the System documentation is shown below:
Security Procedures
Defines the company's policies for the management of security activities, and details what the company does to satisfy the requirements of the ISPS Code. Define the responsibilities of personnel and the controls to be applied to either a single or collated set of activities, applicable to for onboard operations on any trading pattern. Some procedures will only be applicable to a single ship type while others apply across the companys fleet. These procedures are attached to and form part of the individual ship security plan.
3.0
3.1 3.1.1
Document Contents
General
Documents within the documented system shall be written as part of the structured system.
3.1.2 All documents shall, where necessary, cross reference other external documents, rules, codes and instructions in use. Documents directly controlling the management of security activities shall be included in either the Security Procedures or the Ship Security Plan. 3.1.3 All procedures and work instructions shall be written in the future tense using the words 'shall' and 'must'. 3.1.4 Numbering of the documented system shall be as follows: (The company will need to devise the numbering system that best suits them). 3.2 The Ship Security Plan.
Security Documents Page 9 of 34
Appendix B:
1.0 List of personnel responsible for identification and development of procedures and work instructions (including amendments) Managing Director Company Security Officer (CSO) Technical Director Operations Manager Fleet Manager Ship Masters Ship Security Officers (SSO) Others with specific roles related to security through either the SSO or CSO, as appropriate. .
Records/References
This section should give any background information that the company feels appropriate. This section should also contain a copy of the Security Management Policy Statement.
Overview Page 12 of 34
Company security organisation, the master and the ship security officer
This procedure shall detail the companys security organisation, both ashore and onboard. All specific security duties of the master and SSO should be documented if not included in other procedures.
Scope Responsibilities
The Administration is responsible for setting security levels onboard ships flying their flag.
This procedure describes the three security levels that company ships shall observe.
2.2 The Designated Authority may increase the security level on ships visiting port facilities in their territory to match the security level of those port facilities. 2.3 Masters and ship security officers are responsible for ensuring ships act on security levels set by Administrations and Designated Authorities.
3.0
3.1
Detail
Three security levels shall be observed onboard company ships.
3.1.1 Security Level 1: Is the level for which minimum appropriate protective security measures shall be maintained at all times. Companies may wish to extend this definition from ISPS Code Part A Section2.1.9 in line with company operations to illustrate that this is the normal condition. 3.1.2 Security Level 2: Is the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a security incident. Companies may wish to extend this definition from ISPS Code Part A Section2.1.10 in line with company operations to illustrate that this is a heightened state of readiness which may have to be maintained for a period of time. 3.1.3 Security Level 3: Is the level for which specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target. Companies may wish to extend this definition from ISPS Code Part A Section2.1.11 in line with company operations to illustrate that this security level is only maintained when there is specific indications that a security incident is imminent and that this security level is only maintained for the duration of the specific threat, or the duration of a security incident. At security level 3, Administrations and Designated Authorities will issue instructions relating to security that ships shall follow. At security level 3, the ship security officer shall be relieved of all other onboard duties and shall be dedicated to overseeing the security of the ship and supporting the master. 3.2 The ship security plan details the specific measures that shall be maintained in each area of ship operation at each security level. These procedures detail how these measures are to be applied, maintained and controlled at each security level. 3.3 The master, in consultation with the company and ship security officers, may increase the security measures onboard from the minimum measures stipulated in the ship security plan. Such actions could result from the ship transiting a high security risk area or entering a port where security problems have been encountered previously. Under no circumstances shall the master apply security measures less than those stated in the ship security plan for the current security level.
Document Version 0.1 created on 2-Apr-03 Lloyds Register 2003 Security Levels Page 14 of 34
3.4 When operating with increased security measures, as described in 3.3, above, the ship security level remains as that set by the Administration or the Designated Authority (for the current port facility). Masters, company security officers or ship security officers can not set or change the security level onboard the ship. 3.5 Whenever increased security measures are applied as described in 3.3 above, details of the increased security measures and their duration of implementation shall be recorded in the security logbook. 3.6 Communications related to security levels, including when the ship has difficulty complying with security levels set be Administrations or Designated Authorities, are included in section XX (Communications relating to security) of these procedures.
4.0
Records/References
This procedure describes how access to the ship is controlled in various operational situations at the three security levels.
2.0
Responsibilities
2.1 This section should detail who has responsibilities relating to controlling access to the ship. It should contain responsibilities of the ship security officer, watch keeping officers and crew. Outside security contractors may be included. If so, responsibilities for controlling these contractors should be included.
3.0
Detail
3.1 This section will detail who does what and when. Reference should be made to the ship security plan where the individual security measures are contained. Cross reference to the section on contingency planning should be made to cover attempts (whether successful or unsuccessful) to gain unauthorised access to the ship. Consideration should be given to discharging security duties in conjunction with normal duties relating to ship operation, safety, etc.
4.0
Records/References
This procedure describes how access within the ship is controlled in various operational situations at the three security levels. Within the ship there are a number of Restricted Areas; this procedure details has access to such areas is monitored and controlled.
2.0
Responsibilities
2.1 This section should detail who has responsibilities relating to controlling access within the ship. It should include the responsibilities of the ship security officer, watch keeping officers and crew. Responsibilities should reflect that deck, engine and catering departments will all have Restricted Areas within their normal jurisdiction.
3.0
Detail
3.1 This section will detail who does what and when. Reference should be made to the ship security plan where the individual security measures are contained. Cross reference to the section on contingency planning should be made to cover attempts (whether successful or unsuccessful) to gain unauthorised access to a Restricted Area. If the Company has a policy concerning controlling access to Restricted Areas it should be included here and reflected in the measures in the ship security plan. Consideration should be given to discharging security duties in conjunction with normal duties relating to ship operation, safety, etc.
4.0
Records/References
Interfacing with port facilities and ships in compliance with SOLAS XI-2
1.0 2.0 3.0 4.0 Scope Responsibilities Detail Records/References
This procedure will detail the normal security activities involved with ship/port and ship/ship interfaces when the other ship or port facility is also subject to, and in compliance with, SOLAS XI-2. This section will cover pre arrival activities, entering port and actions in port. Guidance / instruction should be given as to the circumstances when the ship should request the issue of a Declaration of Security. Records to maintained of ship/port interfaces should also be specified.
Interfacing with port facilities and ships NOT in compliance with SOLAS XI-2
1.0 2.0 3.0 4.0 Scope Responsibilities Detail Records/References
There will be occasions when the ship will have to interface with other ships or port facilities that are not in compliance with SOLAS XI-2. In such circumstances additional security measures should be implemented and records of these additional measures maintained.
This procedure shall detail security considerations relating to loading and discharging cargo.
This procedure could also cover control of baggage and persons seeking access to the ship
This procedure defines the activities and controls necessary to monitor the deck and areas surrounding the ship. In addition it defines how the ship security officer ensures that the appropriate security measures are implemented and maintained at all times.
2.0
2.1
Responsibilities
The Master is ultimately responsible for the security of the ship
2.2 The ship security officer is responsible for ensuring that appropriate security measures are implemented and maintained at all times. He is also responsible for directing others in the measures required to monitor the deck areas and areas surrounding the ship dependent on the ships location and the current security level. 2.3 Officers are responsible for implementing security measures relating to monitoring the deck and areas surrounding the ship, as directed by the ship security officer through their head of department. 2.4 The crew are responsible for carrying out security duties as directed by officers. 2.5 The navigation officer is responsible for annotating passage plans in accordance with this procedure.
While underway 4.1 At security level 1 while underway: The requirements for conducting a safe navigational watch shall be suitable for monitoring the deck areas and areas surrounding the ship. 4.2 At security level 2 while underway: The requirements for conducting a safe navigational watch shall be suitable for monitoring the deck areas and areas surrounding the ship, providing the ship is at least 100 nautical miles from the nearest land. 4.3 At security level 3 while underway: The requirements for conducting a safe navigational watch shall be suitable for monitoring the deck areas and areas surrounding the ship, providing the ship is at least 200 nautical miles from the nearest land and watch keepers have been instructed to maintain maximum vigilance. 4.4 The navigation officer shall annotate all passage plans and course lines on charts to indicate when the ship is within 200 nautical miles and 100 nautical miles of the nearest land. 4.5 Masters standing orders shall include a requirement for the officer on watch to inform the master or the ship security officer when the ship comes within 200 and 100 nautical miles from the nearest land. These requirements should be reflected in the procedures controlling passage planning and bridge watch keeping in the Safety Management System. At anchor, in port and while underway in circumstances not covered in 4.1 to 4.3, above 4.6 Security measures employed shall be as described in the ship security plan. 4.7 At security level 1 security measures may be implemented by a single crew member in conjunction with their normal shipboard duties, provided such other duties do not hamper the effectiveness of the security measures. An example could be a crewmember maintaining a gangway watch while performing other duties in the vicinity of the gangway. 4.8 At security level 2 security duties shall be performed by crewmembers dedicated to that duty while it is being undertaken. Crewmembers undertaking security duties shall be in constant communication with the ship security officer or with the relevant officer on watch. An example could be a crewmember dedicated to undertaking the gangway watch and supplied with a handheld VHF radio. Another example could be if a deck tour is required at certain intervals. In this case it would be permissible to periodically take a crew member of other duties to conduct the tour and then return to their other duties once the tour was complete. It is not necessary to have crewmembers dedicated to security duties. 4.9 At security level 3 security duties shall be performed by a team of at least two crewmembers dedicated to performing security duties. Each team shall be in constant contact with either the master or the ship security officer. Given the nature of security level 3, it is not unreasonable to expect either the master or the ship security officer to be overseeing the security of the vessel at all times.
5.0
Records/References
All communications relating to security should be controlled and recorded. This includes Ship Company, Ship Administration and Ship Port State.
2.0
Definitions
2.1 Ship Security Alert: The alert system required by SOLAS XI-2 Reg 6 and complying with the performance standards stated in IMO Resolution MSC.136(76). 2.2 Competent Authority: As designated by the Administration in accordance with SOLAS XI-2 Reg 6.2.1, which for this ship is the Company Security Officer.
3.0
Responsibilities
3.1 The master is responsible for the activation of the ship security alert system in the circumstances detailed in current Instructions to masters or in other circumstances deemed appropriate by the master. 3.2 The Ship Security Officer is responsible for ensuring that the ship security alert system is tested in accordance with this procedure. The ship security officer is also responsible for ensuring that others onboard know the location of the ship security alert activation points and the circumstances in which they are authorised to activate the ship security alert. 3.3 The Company Security Officer is responsible for acting as the Administration nominated competent authority and acting on security alerts received from the ship. The company security officer is also responsible for limiting false alerts in line with this procedure. For routine testing of the ship security alert, the company security officer may delegate his duties to a nominated deputy. 3.4 All officers and crew are responsible for activating the ship security alert system when ordered to do so by the master or the senior officer in the event that a security incident has removed effective command of the ship from the master.
4.0
Detail
The locations of the ship security alert activation points are included in the ship security plan. These locations shall not be disclosed to any outside party without the express permission of the ships Administration.
2 The means of communication (telex, GMDSS, fax, etc) and the content of this message shall be agreed with the master before joining the vessel. No record as to the type and content of this message will be kept onboard.
5.0
Records
Records of routine testing Records of maintenance of all GMDSS equipment onboard Record of survey of Safety Radio Equipment List of current security code words and covert messages (held ashore with the company security officer)
Security Equipment
1.0 2.0 3.0 4.0 Scope Responsibilities Details Records/References
This procedure will detail the additional controls by which the SSO ensures that inspection, testing and calibration of security equipment is carried out. The actual inspection, test and calibration can be carried out as part of the ships planned maintenance system.
If this procedure is combined with the corresponding section of the Safety Management System, the combined procedure should be reproduced in full in the security procedures. An example of a combined procedure is included in the Management Review procedure included here.
This procedure may be combined with the corresponding section of the Safety Management System. If so, then the combined procedure should be included , in full, in these procedures.
Management Review 3
This procedure duplicates Safety Management System procedure number XXXX. If this procedure is required to be amended or revised, such amendments and revisions shall also apply to SMS procedure XXXX.
1.0
Scope
This procedure describes the activities required to carry out periodic reviews ashore of the Security and Safety Management Systems in conformity with the ISPS and ISM Codes.
2.0
Responsibilities
2.1 The Managing Director is responsible for arranging and co-ordinating Management Review meetings. 2.2 The Designated Person Ashore and Company Security Officer are responsible for ensuring that any actions concerning shore based activities, raised at Management Review meetings, are carried out as soon as is practicable thereafter. 2.3 Superintendents assigned to particular ships are responsible for ensuring that actions concerning those ships resulting from Management Review meetings, are carried out as soon as practicable thereafter.
3.0
Detail
3.1 A Management Review of the Security and Safety Management Systems shall be held at intervals not exceeding once each year. 3.2 Whilst it is appreciated that some superintendents may not be able to attend the meeting due to overseas commitments, a Management Review shall not take place unless at least 50% of the superintendent staff are present. The Managing Director, (M.D.) Designated Person Ashore (D.P.A.), Company Security Officer (CSO) and at least two Masters on voyage leave shall be present at every Management Review meeting. 3.3 The purpose of a Management Review meeting is to evaluate the efficiency of the Security and Safety Management Systems and to recommend any changes intended to enhance that efficiency. 3.4 Every Management Review meeting shall be minuted and shall indicate actions required, where appropriate. 3.5 Each year, in January, the M.D. shall prepare a list of attendees for the Management Review meeting.
The requirement for the CSOs review of security is included in section 2 Company Security Organisation, the master and the ship security officer.
3
4.0
Records/References
This procedure should detail the controls necessary to effectively implement the measures on contingency planning contained in the ship security plan.