BUREAU VERITAS GUIDANCE SHIPOWNERS

Size: px
Start display at page:

Download "BUREAU VERITAS GUIDANCE SHIPOWNERS"

Transcription

1 Division Marine Direction des Navires en Services (DNS) Marine Division Ships in Service Management (DNS) Date 28/04/03 BUREAU VERITAS GUIDANCE TO SHIPOWNERS THE INTERNATIONAL SHIP AND PORT FACILITY CODE (ISPS CODE)

2 Guidance Plan : INTRODUCTION TO THE ISPS CODE REQUIREMENTS I) REGULATION OVERVIEW I-1) General I-2) Application,Schedule, Process II) COMPANY S OBLIGATIONS AND RESPONSIBILITIES II-1) General II-2) Specific Responsibility of Companies II-3) Specific Obligations of Companies II-4) Company Security Officer (CSO) II-5) Ship Security Officer (SSO) II-6) Company security manual (not mandatory) III) SECURITY LEVELS III-1) General III-2) Definitions IV) SHIP SECURITY ASSESSMENT Please refer to the separate document Ship Security Assessment V) SHIP SECURITY PLAN V-1) General V-2) Master s authority V-3) Security measures/procedures based on security levels V-4) Other procedures

3 VI) TRAINING OF PERSONNEL, DRILLS AND EXERCISES ON SHIP SECURITY VI-1) General VI-2) Training of CSO, SSO and relevant shore-based personnel VI-3) Specific additional training of the SSO VI-4) Knowledge of relevant shipboard personnel VI-5) Knowledge of other shipboard personnel VII) INTERNAL AUDITS/REVIEWS VII-1) Requirements VII-2) Guidance VIII) SHIP SECURITY RECORDS VIII-1) General VIII-2) Required records IX) VERIFICATION AND CERTIFICATION OF SHIPS IX-1) Verifications IX-2) Certification / International Ship Security Certificate (ISSC) X) DECLARATION OF SECURITY (DOS)

4 INTRODUCTION TO THE ISPS CODE REQUIREMENTS I) REGULATION OVERVIEW I-1) General A SOLAS Conference has been held at the IMO Headquarters in December 2002, with the aim to adopt specific measures to enhance ships and port facilities security. The following was adopted : - Amendments to the SOLAS 1974 Convention, Chapter V, Safety of Navigation, addressing the early implementation of the Automatic Identification System (AIS) - Amendments to the SOLAS 1974 Convention, with the new Chapter XI-1 now providing : arrangements for the permanent marking of the ship identification number either on the stern or on each side of the ship.(reg. XI/3) arrangements for continuously keeping and maintaining on-board a ship a continuous synopsis record providing information on the ship and the company.(reg.xi/5) - Amendments to the SOLAS 1974 Convention, with a new Chapter XI-2 «Special Measures to enhance maritime security», which adopts the INTERNATIONAL SHIP AND PORT SECURITY (ISPS) CODE. This new Chapter XI-2 comprises 13 Regulations, as follows : - Reg. XI-2/1 Definitions - Reg. XI-2/2 Application - Reg. XI-2/3 Obligations of contracting governments with respect to security - Reg. XI-2/4 Requirements for companies and ships - Reg. XI-2/5 Specific responsibilities of companies - Reg. XI-2/6 Ship Security Alert System - Reg. XI-2/7 Threats to ships - Reg. XI-2/8 Master s discretion for ship safety and security - Reg. XI-2/9 Control and compliance measures - Reg. XI-2/10 Requirements for port facilities - Reg. XI-2/11 Alternative security agreements - Reg. XI-2/12 Equivalent security arrangements - Reg. XI-2/13 Communication of information This Guidance to Shipowners is based on the requirements of the INTERNATIONAL SHIP AND PORT FACILITY SECURITY (ISPS) CODE. I-2) Application,Schedule, Process a) Application The ISPS Code is divided into two parts : PART A which is made mandatory under SOLAS Chapter XI-2. PART B which is a guidance note with the aim to clarify the provisions of both SOLAS Chapter XI-2 and Part A of the ISPS Code. It is to be noted that several Administrations, including the United States Coast Guard (USCG) consider this Part B to be mandatory.

5 The provisions of the ISPS Code apply both to ships and port facilities. It applies to the following types of ships engaged on international voyages: - Passenger ships, including HSC (High Speed Crafts) - Cargo ships of 500 grt and upwards, including HSC - Mobile offshore drilling units It applies as well to port facilities serving such ships engaged on international voyages. This guidance to shipowners deals more specifically with ship-related security matters. The Security Alert System as required by SOLAS 74 as amended, Reg. XI-2/6, is also part of the security equipment required under the ISPS Code (in addition to other safety-related items such as the Automatic Identification System, the ship identification number and the continuous synopsis record). b) Schedule The ISPS Code will enter into force on 1 st July 2004, for both ships and port facilities. c) Process The ISPS Code requires a Ship Security Assessment (SSA) to be carried out by the company for each ship of its fleet.this SSA is basically to include a so-called «on-scene security suvey» and the review of «threat scenarios». Based on the conclusions of this SSA, particularly the identification of the particular features of the ship and the potential threats and vulnerabilities, a Ship Security Plan (SSP) will have to be prepared by the company and submitted for approval by the Flag administration or a Recognized Security Organization (RSO). The ISPS Code also requires relevant personnel to have sufficient knowledge to perform their assigned duties with respect to the relevant provisions of the SSP, to receive adequate training and to carry out drills and exercises. Another important requirement of the ISPS Code is the provision of specific records of all security activities, which shall be kept on-board. As a consequence, by the 1 st July 2004, each ship to which Part A of the ISPS Code applies, shall be subject to an initial and complete verification of its security system and any associated security equipment covered by the ISPS Code. An International Ship Security Certificate (ISSC) shall then be issued to the ship upon satisfactory completion of the initial verification. Bureau Veritas has now applied to all relevant Flag States / Administrations to become a Recognized Security Organization (RSO). Consequently, when so authorized by the administration, Bureau Veritas will approve the Ship Security Plans (SSP), carry out the verifications on board the ship and issue the ISSC.

6 II) COMPANY S OBLIGATIONS AND RESPONSIBILITIES II-1) General The owners and operators have the primary responsibility for ensuring the safety and security of their ships. Although the companies are to comply with the relevant requirements of Part A of the ISPS Code, taking into account the guidance given in Part B of the ISPS Code, it is not required for them to be certified» as such by the Administration or the RSO. The ISPS Code only addresses the ship «certification». It is however obvious that an efficient implementation of the security system on-board the ships of the company strongly depends on the company s active participation and involvement in the process. The specific responsibilities and obligations of the Company are detailed in below paras. II-2) and II-3). The Company must also appoint a Company Security Officer (CSO) for the company and a Ship Security Officer (SSO) for each of its ships, the duties of which are detailed in below paragraphs II-4) and II-5). Although a «Company Security Manual» is not required by the ISPS Code, some guidance is given in II-6) below for companies who wishes to establish such a plan, as part of their security system. II-2) Specific responsibility of companies EXTRACTS FROM SOLAS XI-2, Reg.5 : «The company shall ensure that the master has available on board, at all times, information through which officers duly authorised by a Contracting Governement can establish : - Who is responsible for appointing the members of the crew or other persons currently employed or engaged on board the ship in any capacity on the business of that ship - Who is responsible for deciding the employment of the ship - In cases where the ship is employed under the terms of charter party(ies), who are the parties to such charter party (ies)» II-3) Specific obligations of companies EXTRACTS FROM THE ISPS CODE PART A, paragraph 6 : - «The Company shall ensure that the Ship Security Plan contains a clear statement emphasizing the master s authority.the company shall establish in the ship security plan that the master has the overriding authority and responsibility to make decisions with respect to the security of the ship and to request the assistance of the company or of any Contracting Government as may be necessary». - «The Company shall ensure that the company security officer, the master and the ship security officer are given the necessary support to fulfil their duties and responsibilities in accordance with chapter XI-2 and this part of the Code».

7 II-4) Company Security Officer (CSO) The duties and responsibilities of the CSO are to include : - Ensuring sufficient attention and resources are allocated to security and advising the level of threats likely to be encountered by the ship, using appropriate security assessments and other relevant information - Ensuring that the Ship Security Assessment are carried out by persons with appropriate skills to evaluate the security of a ship - Ensuring the development, submission for approval, implementation and maintenance of the SSP. - Ensuring that, if sister-ship or fleet security plans are used, the plan for each ship reflects the shipspecific information accurately - Modifying the SSP to correct deficiencies and satisfy the security requirements of the individual ship - Ensuring that any alternative or equivalent arrangements approved for a particular ship or group of ships are implemented and maintained - Ensuring adequate security training for personnel responsible for the security of the ship. - Arranging for internal audits and reviews of security activities - Arranging for the initial and subsequent verifications of the ship by the Flag or the RSO - Ensuring that deficiencies and non-conformities identified are promptly addressed and dealt with. - Promoting and enhancing security awareness and vigilance - Ensuring effective communication, co-ordination and implementation of the Ship Security Plan with the SSO and relevant Ports Facility Security Officers(PFSO) - Ensuring consistency between security requirements and safety requirements In addition, the CSO may ensure the development, implementation and maintenance of the Company Security Manual, if any (not mandatory). The CSO should therefore have in his possession the following documentation for each ship and/or have a working knowledge of the following: - Updated general layout of each ship of the company - Location of restricted areas (such as bridge, engine-room, radio-room, steering gear spaces...) - Location and function of access points (actual or potential) to the ship - Location of areas that can harbour stowaways or unlawful personnel on-board the ship - Cargo spaces and stowage arrangements - Location where unaccompanied baggage is stored - Locations where the ship s supplies and equipment for ship s maintenance is stored. - Open Deck arrangements including : height of the deck above water height to the quay at various levels of the tide and at various stages of cargo loading or unloading. - Emergency and standby equipment available and stored - Crew / passenger numerical strength, and security duties of ships crew - Existing security and safety equipment for the protection of passengers and crew - Evacuation routes and passenger assembly points (in case of evacuation of the ship) - Existing security measures and procedures in effect to include monitoring, control, inspections, personnel ID, documents and communications, alarms, lighting, and access control - Relevant International conventions, codes and recommendations - Dangerous Substances - Security devices and systems available - Government legislation and regulations - Existing agreements with private security companies - Has authority to request manpower augmentation at increased alert states

8 II-5) Ship Security Officer (SSO) The duties and responsibilities of the SSO are to include : - Maintaining and supervising the implementation of the SSP on-board (including any amendments to the plan) - Proposing modifications to the SSP - Co-ordinating the implementation of the SSP with the CSO and the relevant PFSO - Carrying out regular security inspections of the ship to ensure appropriate security measures are maintained - Co-ordinating the security aspects of the handling of cargo and ship s stores with other crew and the relevant PFSO - Promoting security awareness and vigilance among the crewmembers - Reporting all security incidents - Ensuring adequate crew training is carried out - Ensuring that security equipment is properly operated, tested, calibrated and maintained - Reporting to the CSO any deficiencies and non-conformities and implementing any corrective actions on-board In addition, the Company may appoint the SSO to review and complete the Declaration Of Security (DOS) agreement (Refer to X below). II-6) Company Security Manual (not mandatory) As a guidance, this Company Security Manual may document the following items : - Company security policy - Crisis management policy - Company contingency plans - Company firearms policy. - Company guidance on «use of force» - Procedures for filing and keeping up-to-date the relevant IMO and Flag States documentation about security matters - Procedures for internal company audit program adressing security issues - Name and responsibilities of each CSO and SSO and of other relevant personnel for managing the security program - A reference to all SSP s for all ships of the fleet - Authority of all ship s masters - Records of all security incidents involving company ships III) SECURITY LEVELS III-1) General The security level is the qualification of the degree of risk that a security incident will be attempted or will occur. From 1 st July 2004, each ship to which Part A of the ISPS Code applies will be required to operate at a specified security level at all times. Consequently, the SSP must address the security measures to be taken at each security level.

9 The Flag States / Administrations are responsible for setting of the security level applying at any particular time. They shall also ensure the provision of security level information to ships flying under their Flag. The setting of the applicable security levels cannot be delegated by the Contracting Governments or Administrations. Moreover, when entering a port, a ship is required to act upon the security level set by the Contracting Government of this port. In this case, the Ship Security Officer (SSO) and the Port Facility Security Officer (PFSO) are to liaise and coordinate appropriate actions. III-2) Definitions The ISPS Code defines three Security levels as follows : - Security level 1 : «level for which minimum appropriate protective security measures shall be maintained at all times.» In other words, this is the level at which the ship normally operates and the applied security measures are the daily ones (level of normal operating conditions). At security level 1, the following shall be carried out, by means of appropriate measures, on-board the ship : - Ensuring the performance of all ship security duties - Controlling access to the ship - Controlling the embarkation of persons and their effects - Monitoring restricted areas to ensure that only authorized persons have access - Monitoring of deck areas and areas surrounding the ship - Supervising the handling of cargo and ship s stores - Ensuring that security communication is readily available - Security level 2 : «level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of security incident.» In other words, this is a level of heightened threat and additional protective measures may be expected to be sustained for substantial periods of time. - Security level 3 : «level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.» In other words, this is a level of probable or imminent threat and additional protective measures are not intended to be sustained for substantial periods of time. On-board a ship, it is of the utmost importance that the security levels are clearly defined for all personnel.

10 IV) SHIP SECURITY ASSESSMENT (SSA) The SSA (Ship Security Assessment) is to be carried out before developing the Ship Security Plan (SSP) and is a major element in the process of developing or updating the SSP. It is the responsibility of the CSO to ensure that the SSA is carried out by persons with appropriate skills, for each ship in the Company fleet. The SSA may be carried out by Bureau Veritas, acting as an RSO. In that case, Bureau Veritas shall not be the RSO undertaking the review and approval of the SSP. Although you will find further development of the SSA, it shall include the following steps : - Identification of key shipboard operations - Identification of existing security measures and procedures - Identification of potential threats (threat scenarios) - Performance of an on-scene security survey - Identification of weaknesses in both the infrastructure and in the procedures For further information, please refer to the separate document «Ship Security Assessment» V) SHIP SECURITY PLAN (SSP) V-1) General Each ship shall carry on-board a SSP which must have been approved by the Administration or the RSO (Bureau Veritas) acting on behalf of the Administration. This SSP shall be developed by the company, or by Bureau Veritas (in that case, the approval of the SSP cannot be carried out by Bureau Veritas), mainly based on the conclusions of the SSA. It is to be noted that the SSP is generally not subject to inspection by Port State Control (PSC) officers. However, if there are grounds to believe that the ship is not in compliance with the applicable security regulations, limited access to the specific sections of the plan relating to the specific noncompliances raised by the PSC, may be carried out with the agreement of the ship s master or of the Flag State. The details of this SSP will be developed in the separate document «Ship Security Plan» V-2) Master s authority The SSP shall include a clear statement emphasizing the Master s overriding authority and responsibility with respect to the security of the ship.

11 V-3) Security measures/procedures based on Security levels The plan shall include a list of security measures based on each security level (1, 2 and 3). The security measures shall cover, as an example, the following items (but are not limited to) : - General requirements for security of the ship (ensuring the performance of all ship security duties) - Monitoring of restricted areas to ensure that only authorized persons have access - Controlling access to the ship - Monitoring of deck areas and areas surrounding the ship - Controlling the embarkation of persons and their effects - Supervising the handling of cargo and ship s stores - Ensuring that port-specific security communication is readily available V-4) Other procedures The plan shall also adress procedures for: - Training, drills and exercises - Reporting - Internal audits and reviews - Maintenance, calibration and testing of security equipment - Handling the interface with the port facility (ref : DOS) - Handling the ship security alert system (testing, activation, desactivation, resetting) The SSP shall also, in addition, include contingency procedures, which have to be followed in unusual circumstances that present a threat to the security of the ship. VI) TRAINING OF PERSONNEL, DRILLS AND EXERCISES ON SHIP SECURITY VI-1) General It is a requirement that the CSO, the SSO and relevant shore-based personnel shall have knowledge and have received training on the relevant security matters. It is a requirement that the relevant shipboard personnel engaged on specific security tasks shall have sufficient knwoledge to carry out these specific security duties. The above is achieved by means of training, drills and exercises.

12 VI-2) Traing of CSO, SSO and relevant shore-based personnel It may include : - Security administration - Relevant international conventions, codes and recommendations - Relevant Government legislation and regulations - Responsibilities and functions of other security organisations - Methodology of ship security assessment - Methods of ship security surveys and inspections - Ship and port operations and conditions - Ship and port facility security measures - Emergency preparedness and response and contingency planning - Instruction techniques for security training and education, including security measures and procedures - Handling sensitive security related information and security related communications - Knowledge of current security threats and patterns - Recognition and detection of weapons, dangerous substances and devices - Recognition, on a non-discriminatory basis, of characteristics and behavioural patterns of persons who are likely to threaten securiy - Techniques used to circumvent security measures - Security equipment and systems and their operational limitations - Methods of conducting audits, inspection, control and monitoring - Methods of physical searches and non-intrusive inspections - Security drills and exercises, including drills and exercises with port facilities - Assessment of security drills and exercises VI-3) Specific additional training of the SSO It may include : - The layout of the ship - The SSP and related procedures (including scenario-based training on how to respond) - Crowd management and control techniques - Operations of security equipment and systems - Testing, calibration and whilst at sea maintenance of security equipment and systems VI-4) Knowledge of relevant shipboard personnel It may include : - Knowledge of current security threats and patterns - Recognition and detection of weapons, dangerous substances and devices - Recognition, on a non-discriminatory basis, of characteristics and behavioural patterns of persons who are likely to threaten securiy - Techniques used to circumvent security measures - Crowd management and control techniques - Security related communications. - Knowledge of the emergency procedures and contingency plans - Operations of security equipment and systems - Testing, calibration and whilst at sea maintenance of security equipment and systems - Inspection, control and monitoring techniques - Methods of physical searches of persons, personal effects, baggage, cargo and ship s stores

13 VI-5) Knowledge of other shipboard personnel It may include : - The meaning and the consequential requirements of the different security levels - Knowledge of the emergency procedures and contingency plans - Recognition and detection of weapons, dangerous substances and devices - Recognition, on a non-discriminatory basis, of characteristics and behavioural patterns of persons who are likely to threaten securiy - Techniques used to circumvent security measures VII) INTERNAL AUDITS/REVIEWS VII-1) Requirements The CSO and the SSO shall ensure that internal audits of the security system and reviews of the approved SSP are duly carried out. The personnel conducting the internal audits must be specified in the SSP.It shall also be independent of the activities being audited, unless this is impracticable. VII-2) Guidance The company may develop internal procedures and «Shipboard Security Inspection» checklists, although this is not required by the Code. As an example, the company may require, in its internal procedures that an audit of the security system is carried out on-board each ship of the company s fleet, and duly reported, with any nonconformities and corrective or preventive action in an «audit report». If the company has developed a Company Security Manual (not mandatory), then this manual may include a company audit program as well. VIII) SHIP SECURITY RECORDS VIII-1) General Records of security activities shall be kept on-board and are subject to Port State Control. The records may be kept in any format, including electronic format, but are obviously, in any case, to be protected from unauthorized access or disclosure.

14 VIII-2) Required records a) The following records are required to be kept on-board under the ISPS Code : - Training drills and exercises - Security threats and security incidents - Breaches of security - Changes in security levels - Communications relating to the direct security of the ship such as specific threats to the ship or to port facilities the ship is, or has been - Internal audits and reviews of security activities - Reviews of the SSA - Reviews of the SSP - Implementation of any amendments to the plan - Maintenance, calibration and testing of security equipment, if any, including testing of the ship security alert system b) In addition, the information as required by SOLAS XI-2, Reg.5 (ref : paragraph II-2) above) is also to be available on-board. c) The following additional information may also have to be made available to the Port State Control, when a ship is intending to enter a port of that State : - The ship possesses a valid certificate and the name of its issuing authority - The security level at which the ship is currently operating - The security level at which the ship operated in any previous port where it has conducted a ship/port interface for the last 10 calls at port facilities - Any special or additional security measures that were taken by the ship in any previous port where it has conducted a ship/port interface, for the last 10 calls at port facilities - The appropriate ship security procedures were maintained during any ship to ship activity for the last 10 calls at port facilities - Other practical security related information (but not details of the Ship Security Plan) As the Port State Control has limited access to the SSP, inspection of the above mentioned records is a means for the Port State to verify the compliance of the ship with the ISPS Code. As a consequence, it is of utmost importance that all records and information as mentioned in paragraphs a), b) and c) above are duly kept on-board the ship. Note : it is also reminded here that, as required by SOLAS Reg.XI/5 and with respect to the Safety of the ship, a continuous synopsis record providing information on the ship and the company shall be issued by the Administration to every ship to which SOLAS Chapter I applies.

15 IX) VERIFICATION AND CERTIFICATION OF SHIPS IX-1) Verifications The following verifications can be carried out by Bureau Veritas, when acting as a RSO : - Initial verification : This is the first verification to be carried out on-board, in order to verify that the implemented security system on-board the ship, and any associated security equipment, fully complies with the requirements of the ISPS Code and SOLAS Chapter XI-2, is in satisfactory condition and fit for the service for which the ship is intended. This initial verification is to be requested by the company to Bureau Veritas, when the SSP has been implemented on-board the ship for a certain period. The aim of the initial verification is consequently to verify that the security system implemented onboard the ship is also in accordance with the SSP. After satisfactory completion of the initial verification, an International Ship Security Certificate is then issued by Bureau Veritas. - Renewal Verification : It shall be carried out at invervals not exceeding five years, as prescribed by the Administration. The aim is to ensure that the implemented security system on-board the ship, and any associated security equipment, fully complies with the requirements of the ISPS Code and SOLAS Chapter XI-2, is in satisfactory condition and fit for the service for which the ship is intended. After satisfactory completion of the initial verification, a new International Ship Security Certificate is then issued by Bureau Veritas. - Intermediate verification : This verification shall be carried out between the second and third anniversary date of the ISSC. Its aim is to ensure that the implemented security system on-board the ship, and any associated security equipment remains satisfactory for the service for which the ship is intended. After satisfactory completion of the intermediate verification, the International Ship Security Certificate is endorsed by Bureau Veritas. - Additional verification : These are determined by the Administration, or by Bureau Veritas when acting as a RSO on behalf of the Administration. As an example, additional verifications may be carried out to verify the implementation, on-board the ship, of approved changes to the SSP.

16 IX-2) Certification/International Ship Security Certificate (ISSC) A certificate of compliance with ISPS Code requirements (ISSC) may be issued by Bureau Veritas. An Interim (Provisional) International Ship Security Certificate may also be issued by Bureau Veritas in such cases as detailed in ISPS Code, Part A, paragraph X) DECLARATION OF SECURITY (DOS) The DOS means an agreement reached between a ship and either a port facility or another ship with which it interfaces, specifying the security measures each will implement. A DOS is a document that should be completed when : - The Administration of the port ffacility deems it necessary or - A ship deems it necessary. The different reasons leading to the decision, by a ship or by an Administration, to complete a DOS are detailed in the ISPS Code, Part A, paragraph 5, with a guidance given in Part B of the ISPS Code, paragraph 5. The DOS is completed by either the Master or the SSO, as appointed by the company, and by the appointed representative of the port facility. The DOS, when completed, is to be dated and signed by both representaives of the port facility and of the ship.