π What is the ISPS Code?
The International Ship and Port Facility Security (ISPS) Code is a maritime security framework adopted under SOLAS Chapter XI-2, designed to safeguard ships, port facilities, cargo, and personnel against acts of terrorism, piracy, and other unlawful threats.
Enforced globally since 1 July 2004, the ISPS Code:
- Enhances shipboard and port security,
- Establishes protocols to manage security threats,
- Requires ships and ports to operate under defined MARSEC (security) levels.
π The ISPS Code is legally binding under the SOLAS Convention, meaning compliance is mandatory for specific vessels and ports worldwide.
β Maritime Security Before the ISPS Code
Before 2004, maritime security was largely neglected, especially in commercial shipping.
Unlike the strict standards in place for safety (SOLAS), ships had no unified international guidelines to prevent intrusions, unauthorized access, or terror threats.
Typical pre-ISPS practices:
- Visitors boarded without strict verification.
- No assigned security duties; the gangway was often unattended.
- Suspicious individuals were only flagged if visibly armed.
- Security responsibilities were often handled case-by-case at the Masterβs discretion.
π§ In short, the industry treated safety as paramount while security remained reactive and informal until a global crisis reshaped everything.
π¨ Notable Maritime Security Incidents (Pre-2004)
Several high-profile attacks highlighted the vulnerabilities in the shipping sector:
πΉ Achille Lauro Hijacking (1985)
- Attackers: 4 armed Palestinian terrorists
- Target: Italian cruise ship Achille Lauro
- Outcome: Hostage situation; 1 American passenger killed
- Result: IMO issued anti-piracy advisories, mostly adopted only by cruise lines
πΉ Avrasya Ferry Hijacking (1996)
- Location: Sailing along the Black Sea
- Passengers: 177; Crew: 55
- Threat: Kill 100 Russian passengers unless demands met
- Outcome: Resolved without casualties
πΉ USS Cole Bombing (2000)
- Type: Suicide boat attack in Yemen
- Casualties: 17 U.S. sailors killed, 39 injured
πΉ MT Limburg Attack (2002)
- Method: Explosive-laden dinghy
- Impact: Tanker set ablaze, 90,000 barrels of oil spilled, 1 crew member killed
These incidents revealed the gaping holes in maritime security, especially regarding asymmetric threats like terrorism.

π The 9/11 Impact: Turning Point in Maritime Security
The September 11, 2001 attacks triggered a global reckoning- not just for aviation, but also for shipping.
The maritime industry, realizing its own exposure to similar threats (e.g., weaponized cargo or ship hijacking), responded swiftly.
Just three months later, the International Maritime Organization (IMO) convened to revamp its maritime security framework.
π History and Adoption of the ISPS Code
πΈ Development Timeline:
- Sep 2001: Post-9/11 review of maritime security begins
- Dec 12, 2002: IMO adopts the ISPS Code under SOLAS 1974 Convention
- Jul 01, 2004: Full implementation of the ISPS Code becomes mandatory
πΈ SOLAS Amendments:
- Chapter XI becomes XI-1 β βSpecial Measures to Enhance Maritime Safetyβ
- A new Chapter XI-2 is introduced β βSpecial Measures to Enhance Maritime Securityβ
π― Core Objectives of the ISPS Code
The ISPS Code outlines a global strategy for preventing and responding to maritime threats.
It aims to:
β
Establish a cooperative framework between governments, port authorities, and shipping companies
β
Clearly define roles and responsibilities in maritime security
β
Enable real-time exchange of threat intelligence
β
Create standardized assessment procedures
β
Build confidence in global maritime security systems
βοΈ Functional Requirements of the ISPS Code
To achieve its objectives, the ISPS Code mandates several security functions for both ships and port facilities:
- π Prevent unauthorized access to ships, ports, and restricted areas
- π‘ Maintain reliable ship-port communication protocols
- π¨ Ensure clear procedures to raise alarms in case of threats
- π Conduct security assessments (SSA/PFSA) and create approved security plans (SSP/PFSP)
- π§― Prevent introduction of weapons or explosives
- π§ Require security training, drills, and familiarization for crew and port personnel
π These requirements must be documented and verifiable during audits, inspections, and Port State Control (PSC) checks.

π Scope of Application: Who Must Comply?
The ISPS Code applies to the following ships engaged in international voyages:
- π³οΈ Passenger ships (including high-speed passenger craft)
- π’ Cargo ships of 500 gross tonnage or more (including high-speed craft)
- π’οΈ Mobile offshore drilling units
- β Port facilities serving any of the above ships
π« Exempted Vessels:
- Warships
- Naval auxiliaries
- State-owned vessels on non-commercial government service
π For merchant vessels, ISPS compliance is not optional. Non-compliance can lead to detentions, fines, or denial of port entry.
π’ How the ISPS Code is Applied Onboard Ships
The ISPS Code requires every ship in scope to maintain a documented, working Ship Security Plan (SSP) and designate onboard personnel responsible for implementing security measures.
π Key Onboard Security Measures Include:
- Gangway control and restricted area monitoring
- Seafarer and visitor ID verification
- Surveillance of cargo operations and mooring areas
- Monitoring deck areas and blind spots
- Controlling access via accommodation ladder or pilot ladder
- Conducting regular drills and security audits
π The shipβs Master remains legally responsible for ensuring the SSP is followed, but actual tasks are delegated to a trained Ship Security Officer (SSO) and crew.
π³οΈ ISPS Code Responsibilities in Ports
Port facilities play a crucial role in securing the maritime domain.
Under the ISPS Code, all designated port facilities must have a Port Facility Security Plan (PFSP) and trained personnel responsible for implementing it.
π Key Port Security Tasks Include:
- Screening cargo and baggage
- Monitoring perimeter fencing and restricted zones
- CCTV surveillance of gates and berths
- Coordinating with ship security teams during calls
- Designating port access routes for ISPS-covered vessels
- Handling Declaration of Security (DoS) formalities
π§ Without a valid PFSP or designated Port Facility Security Officer (PFSO), port authorities risk non-compliance and potential international penalties.
π€ Key Security Personnel Under the ISPS Code
1. Company Security Officer (CSO)
πΉ Appointed by the shipping company
πΉ Acts as the link between ship and shore security
πΉ Ensures each ship has a valid, updated SSP
πΉ Conducts Ship Security Assessments (SSA)
πΉ Coordinates drills, exercises, and audits
π The CSO is usually based ashore and may oversee multiple ships within a fleet.
2. Ship Security Officer (SSO)
πΉ Designated by the Master and approved by the CSO
πΉ Implements and maintains the SSP onboard
πΉ Conducts security rounds, inspections, and crew training
πΉ Coordinates with PFSO during port stays
πΉ Monitors security equipment like CCTV, alarms, and SSAS
π The Ship Security Officer (SSO) must undergo STCW-approved training and hold a valid certificate.
3. Port Facility Security Officer (PFSO)
πΉ Appointed by port authority or terminal operator
πΉ Conducts Port Facility Security Assessments (PFSA)
πΉ Develops and maintains the PFSP
πΉ Coordinates with CSOs and SSOs for DoS and real-time threat response
πΉ Oversees port drills and security infrastructure (e.g., barriers, scanners)
π§Ύ Security Assessments and Plans Explained
Before implementing security measures, both ships and ports must undergo detailed assessments to identify vulnerabilities.
β Ship Security Assessment (SSA)
- Evaluates shipboard access points, lighting, blind zones, gangways
- Assesses past incidents, port states visited, and likely threats
- Forms the basis of the Ship Security Plan (SSP)
β Port Facility Security Assessment (PFSA)
- Examines facility layout, access routes, and cargo operations
- Considers threat levels based on port type (e.g., oil terminals, RoRo, container hubs)
- Becomes the foundation for the Port Facility Security Plan (PFSP)
π Both the SSP and PFSP must be approved by the relevant national authority or Recognized Security Organization (RSO).
π Ship Security Alert System (SSAS)
The SSAS is a silent alarm system mandated by the ISPS Code.
It enables ships to notify flag state authorities instantly when under security threat without alerting onboard attackers.
π‘ How It Works:
- Hidden switch is activated by the crew (usually SSO or Master)
- Signal is sent via satellite to a pre-registered contact point (e.g., CSO or flag state security agency)
- The alert does not trigger any external noise or visible response onboard
π¨ SSAS is required on cargo ships β₯500 GT, all passenger ships, and MODUs under ISPS jurisdiction.
π€ Declaration of Security (DoS)
A Declaration of Security is a formal agreement between the ship and port facility that outlines security responsibilities during a port stay.
π It includes:
- MARSEC level at the time of arrival
- Assigned responsibilities (gangway control, visitor screening)
- Security equipment to be used (e.g., scanners, CCTV, ID checks)
- Contact persons (SSO and PFSO details)
When is a DoS Required?
- When the ship docks in port.
- Upon request by the ship or port based on risk assessment
- For ship-to-ship transfers in port or at anchorage
- When calling a non-ISPS compliant facility
π‘οΈ A signed DoS helps align expectations and ensures both sides are prepared for coordinated threat management.

πΆ Maritime Security (MARSEC) Levels
The MARSEC Levels are a 3-tier security system used to indicate the threat condition to ships and port facilities.
They guide how the ISPS Code should be applied in real-time.
| Level | Description | Application |
|---|---|---|
| Level 1 | Default – normal operations with standard security measures | Continuous |
| Level 2 | Heightened threat – more targeted security actions required | Temporary |
| Level 3 | Imminent or actual threat – maximum security response | Exceptional |
π Examples:
- Level 1: Routine port calls, standard access control
- Level 2: Political unrest near port, suspicious activity reports
- Level 3: Active piracy threat, bomb threat, terrorist intelligence
π All crew must know their responsibilities at each level as outlined in the Ship Security Plan (SSP).
π Continuous Synopsis Record (CSR)
The CSR is a unique security document required under SOLAS Chapter XI-1 Regulation 5 and directly supports ISPS Code compliance.
π Whatβs in the CSR?
- Shipβs IMO number and flag
- Ownership and management details
- History of previous owners/operators
- Dates of changes (name, flag, company, etc.)
π Purpose: To maintain a transparent, tamper-proof history of the ship throughout its life – improving identity verification and deterring unlawful activities.
π ISPS Training Requirements
The ISPS Code mandates security training for all personnel based on their roles.
πΉ Mandatory Security Training Courses:
| Role | Training Required |
|---|---|
| All seafarers | Ship Security Awareness Training (SSAT) |
| Crew with duties | SSAT + Seafarers with Designated Security Duties (SDSD) |
| SSO | Ship Security Officer Course |
| CSO | Company Security Officer Course |
| PFSO | Port Facility Security Officer Course |
β All training must comply with STCW Chapter VI and be delivered by an approved maritime training center.
π ISPS Code Certificates and Validity
Ships and ports must hold valid ISPS Code documents issued by their flag state or a Recognized Security Organization (RSO).
π₯οΈ For Ships:
- International Ship Security Certificate (ISSC)
βΈ Valid for 5 years (subject to intermediate verification)
βΈ Issued after SSP approval and successful audit - π Interim International Ship Security Certificate (IISSC)
Granted in the following scenarios:- β When a new vessel is delivered or enters/re-enters service
- β If the vessel is transferred between flags of Contracting Governments
- β When a new company takes over management of a vessel it hasnβt operated before
- β³ Typically valid for 6 months, allowing time for full compliance before ISSC issuance
π This interim certificate ensures continuous ISPS compliance during transitional periods.


π’ For Ports:
- Issued post-PFSP audit and inspection
- Statement of Compliance for a Port Facility
- Validity depends on national authority policies
π΅οΈ Port State Control (PSC) Inspections on ISPS Compliance
ISPS-related checks are part of PSC inspections under regional MOUs (e.g., Tokyo, Paris, Black Sea).
π PSC May Inspect:
- Validity of ISSC and CSR
- Familiarity of crew with MARSEC levels
- SSO certificate and log entries
- SSAS test records
- Declaration of Security (DoS) documentation
- Physical access control (e.g., guards, signs, CCTV)
π© Deficiencies can lead to ship detention, delayed port clearance, or even denial of entry.
β οΈ Penalties for ISPS Code Violations
π« Consequences of Non-Compliance:
- Detention by Port State Control
- Invalidation of ISSC
- Fines or legal action from flag/state authorities
- Blacklisting from secure port facilities
- Insurance issues due to breach of safety/security clauses
β Ignoring ISPS responsibilities can jeopardize ship safety, cargo security, and even crew welfare.
β Frequently Asked Questions (SEO-Optimized)
What is the main purpose of the ISPS Code?
To enhance maritime security by preventing unauthorized access, terrorism, piracy, and other unlawful acts on ships and in ports.
Who are the key ISPS officers onboard a ship?
- Ship Security Officer (SSO) β Implements the SSP.
- Company Security Officer (CSO) β Oversees ship security from shore.
- Master β Ultimately responsible for ship security.
What is the difference between SSP and PFSP?
- SSP (Ship Security Plan) applies to the ship.
- PFSP (Port Facility Security Plan) applies to the port.
Both outline security measures under the ISPS Code.
When is a Declaration of Security (DoS) required?
- When ship docks in port
- When requested by port or ship
- During ship-to-ship operations or non-compliant port visits
Is SSAS required on all ships?
Yes, for:
- Passenger ships
- Cargo ships β₯500 GT in international voyages
- Mobile Offshore Drilling Units (MODUs)
π§ Summary and Final Thoughts
The ISPS Code is a cornerstone of global maritime security, developed in response to terrorism and modern threats at sea.
It establishes clear roles, procedures, training standards, and security levels to protect ships, crew, ports, and cargo.
β For seafarers, knowing your ISPS responsibilities isn’t just about compliance.
It’s about keeping your ship, crewmates, and yourself safe in an unpredictable world.
May the winds be in your favor.


Leave a Reply