Shortly after their establishment in October 1945, the United Nations (UN) recognised the need for international coordination of all actions aimed at maintaining and improving safety in maritime operations. To this end, the UN held a conference in 1948 that gave birth to the International Maritime Organisation (IMO): the first ever international body devoted exclusively to maritime matters.
Unsurprisingly, given the safety concerns that gave rise to its formation, the first convention promoted by IMO in 1960 was the International Convention on Safety of Life at Sea (SOLAS). Amended in 1974 to achieve greater effectiveness, SOLAS is generally regarded as the most important of all international treaties concerning the safety of merchant ships.
During the 1980s, following the hijacking of the cruise liner, Achille Lauro in 1985, IMO adopted specific resolutions aiming to establish measures to prevent unlawful acts which threaten the safety of ships and the security of passengers.
In December 2002 the SOLAS conference adopted a new set of amendments aimed at enhancing maritime security on ships
In the wake of the 9/11 terrorist attack in 2001, a number of issues were raised by IMO to improve the awareness of the maritime industry and its security against terrorism. Ships were not excluded from being an objective of, or a means to enable, terrorist attacks or other unlawful acts against the safety of life, property and the environment.
In December 2002 the SOLAS conference adopted a new set of amendments aimed at enhancing maritime security on ships and at ship/port interface areas. These measures are contained in SOLAS Chapter-XI-2 and the International Ship and Port Facility Security Code (ISPS Code).
These regulatory instruments enforce the adoption of well-formed security systems in sea logistics – a fundamental part of many supply chains – involving security assessments, drawing up and adoption of security plans, and the training and testing of personnel through drills and simulations.
Over the last five years piracy has become the most serious threat for the maritime industry, with an ever-growing number of highly equipped and organised groups operating in specific geographical areas.
The ISPS Code is not a panacea for all security related threats. Sometimes the only safe option is to avoid particularly dangerous areas or cross them only under military escort. Nevertheless eight years after its entry into force, the Code is still considered a fundamental step in an effective response to modern security threats to the shipping industry: criminality, piracy and terrorism.
Technical Contents
SOLAS Chapter XI-2
The new SOLAS amendments introduced special measures to enhance maritime safety and security, applicable to new and existing vessels.
Special consideration is to be given to the Ship Security and Alert System (SSAS). A SSAS initiates and continually transmits a ship-to-shore security alert to a competent authority designated by the administration until it’s deactivated or reset, without raising any alarms on the ship.
SSAS can be activated from the navigation bridge and in at least one other secret location.
Administrations or contracting governments receiving a ship security alert shall immediately notify the state(s) in the vicinity of which the ship is operating (if appropriate) and the ship’s flag administration.
ISPS Code
In order to achieve its objectives, ISPS embodies a number of functional requirements, such as:
- Gathering and assessing information on security threats and exchanging it with appropriate Contracting Governments.
- Requiring the maintenance of communication protocols for ships and port facilities.
- Preventing unauthorised access to ships, port facilities and their restricted areas.
- Preventing the introduction of unauthorised weapons, incendiary devices or explosives to ships or to port facilities.
- Providing means for raising the alarm in reaction to security threats or security incidents.
- A requirement for ship and port facility security plans based upon security assessments; and requiring training, drills and exercises to ensure familiarity with security plans and procedures.
The ISPS Code applies to:
- The following types of ships engaged on international voyages:
- Passenger ships, including high-speed passenger craft.
- Cargo ships, including high-speed craft, of 500GT and upwards.
- Mobile offshore drilling units.
- Port facilities serving such ships engaged on international voyages.
Key roles and definitions
Security Management
The company is responsible for developing and maintaining a security management system that is the most appropriate for itself and its particular ships.
ISPS Code prescribes that the company in charge of security shall provide a Ship Security Assessment (SSA) and develop the Ship Security Plan (SSP). It shall ensure that all persons assigned key security roles are given the necessary support to fulfil their duties and responsibilities.
The company in charge of ISPS is the same as that implementing the vessel’s Safety Management System (ISM Code).
Security Assessment
A Ship Security Assessment (SSA) includes the identification and evaluation of key shipboard operations that it is important to protect and possible threats to them together with the likelihood of their occurrence.
It shall include an on-scene security survey and, at least, address the physical security of the ship, its structural integrity, personnel protection systems, procedural policies, and any other areas that may, if damaged or used for illicit observation, pose a risk to people, property, or operations on the ship or within a port facility.
ISPS Code prescribes that the company in charge of the security shall provide a Ship Security Assessment (SSA)
Company Security Officer
The Company Security Officer (CSO) is the person ashore designated by the company for ensuring that a SSA is carried out, that the Ship Security Plan is developed, approved, implemented and maintained and for the liaison with Port Facility and Ship Security Officers.
Ship Security Officer
The Ship Security Officer (SSO) is the person on board accountable to the Master for the security of the ship, including implementation and maintenance of the Ship Security Plan and for the liaison with the CSO and the Port Facility Security Officers.
Ship Security Plan
A Ship Security Plan (SSP) approved by the administration shall be carried on board a ship. This makes provisions for the three security levels as defined in the Code.
The content of each individual SSP should apply to the particular ship it covers, but should at least detail:
- The organisational structure of security for the ship,
- The basic security measures for Security Level 1, both operational and physical, that will always be in place, and
- The additional security measures that will allow the ship to progress without delay to Security Level 2 and, when necessary, to Security Level 3.
Security Levels
Security Levels represent the assessment of the degree of risk of a security incident being attempted, or the possibility of an attack.
In setting the security level contracting governments should take account of general and specific threat information. They should set the security level applying to ships or port facilities at one of three levels:
- Security Level 1 is the status the ship or port facility normally operates. At this level, the threat of an unlawful act against a vessel is possible, but not likely.
- Security Level 2 is a heightened alert status. This risk level indicates that a particular segment of the industry may be in jeopardy, but that no specific target has been identified. This level applies for as long as there is a heightened risk of a security incident.
- Security Level 3 means imminent danger. This level applies for the period of time when there is the probable or imminent risk of a security incident.
Security Level 1
At Security Level 1, the following actions shall be carried out on all ships, which should employ appropriate measures in order to identify and take preventive measures against security incidents to ensure the performance of all ship security duties.
- Controlling access to the ship.
- Controlling the embarkation of persons and their effects.
- Monitoring restricted areas to ensure that only authorised persons have access. These include: the bridge; engine room; spaces containing security and surveillance equipment; ventilation and air-con systems; spaces with access to potable water systems; and crew accommodation.
- Monitoring deck areas and areas surrounding the ship (including lighting, watch-keeping, patrols, automatic intrusion detection devices and surveillance equipment).
- Supervising the handling of cargo and ship’s stores. These include: ensuring checking of ship’s stores and package integrity; preventing ship’s stores from being accepted without inspection and unless ordered.
- Ensuring that security communication is readily available.
Security Level 2 and 3
At Security Levels 2 and 3 additional protective measures, specified in the SSP, shall be implemented for each above mentioned activity.
Training, Drills and Exercise on Security
The CSO, appropriate shore-based company personnel and the SSO, should have knowledge of and receive specific training on security-related issues such as ship security assessment, surveys and inspections, emergency preparedness and response, contingency planning, security systems and maintenance, security drills and exercises.
In addition the SSO should have adequate knowledge of and receive training on the layout of the ship, the SSP and related procedures, crowd management and control techniques, operations of security equipment and systems and their testing. The objective of drills and exercises is to ensure that shipboard personnel are proficient in all assigned security duties at all security levels and the identification of any deficiencies which need to be addressed.
Drills should test individual elements of the plan, such as damage to the ship or a port facility (for instance by explosive devices, arson, sabotage or vandalism); hijacking or seizure of the ship or of persons on board; attacks while at berth or at anchor; and attacks while at sea.
The impact on the yachting industry
The ISPS Code applies only to commercial yachts operating international voyages, having a gross tonnage equal or over 500GT and to the port facilities serving such yachts.
Yachts which follow the code are provided with an International Ship Security Certificate (ISSC) valid for five years.
An initial verification (which includes the yacht’s security system and the security equipment carried aboard the yacht) is carried out before the yacht is put in service, or before the ISSC is issued for the first time.
A renewal verification is due at five-year intervals, while one intermediate verification is carried out between the second and third anniversary date of the certificate.
Neither passenger ships nor yachts have ever been used as a base for a terrorist attack and most professionals within the yachting industry think the rules to be an example of ill-considered bureaucracy.
Many flag administrations do not delegate the ISPS activity to other recognised organisations, such as the class societies, but carry out the surveys and issue the certificates through suitably trained flag inspectors.
The impact of these rules on the yachting industry has not been particularly severe in terms of design and construction, as pleasure vessels are usually equipped with the most advanced technologies for security and the protection of privacy.
Operationally, there has been an increase in requests for training and certificates of competency for officers who need to implement on-board procedures, drills and exercises, records and other ‘paperwork’, but this is still perceived by the industry as bureaucracy rather than an enhancement of safety and security standards.
The increasing number and size of commercial superyachts has also raised security concerns at ports that have traditionally been used for private yachts only, with the need for such sites to develop a security plan and improve controls and security measures while maintaining their pleasant ambience.
Many owners are also seeking voluntary compliance with the requirements of ISPS for yachts which are not subject to the provisions of the Code. Sea Force One was the first yacht to be certified under the voluntary additional class notation Secure Yacht issued by RINA.
These rules were introduced as a knee-jerk reaction to 9/11 when all possible terrorist threats were examined and legislation introduced to make them less viable. Neither passenger ships nor yachts have ever been used as a base for a terrorist attack and most professionals within the yachting industry think the rules to be an example of ill-considered bureaucracy.
Nevertheless, the rules carry great force and, until they are repealed, they must be observed as large penalties exist against the owners and crew of vessels who do not carry them out exactly.