International Ship and Port Facility Security

(ISPS) Code


The International Ship and Port Facility Security (ISPS) Code sets new standards for security for ships at sea as well as port facilities around the world. It aims to make shipping activities more secure against threats of terrorism, piracy and smuggling.

Security at sea has been a concern to governments, shipping lines, port authorities and importers and exporters for years. The terrorist attacks of September 11, 2001, however, provided the catalyst for formalizing tough new security measures.

In December of 2002, the International Maritime Organization (IMO) a specialized agency of the United Nations (UN) organized a conference to discuss issues related to security at sea. At this conference, representatives from 150 nations (the Contracting Governments) participated in drafting amendments to the Safety of Life at Sea (SOLAS) Convention, and the ISPS Code was adopted.

Changes to the SOLAS Convention include amendments to Chapters V and XI, and Chapter XI was divided into Chapters XI-1 and XI-2. The new Chapter XI-2 provides the umbrella ISPS regulations. The Code itself is divided into two parts. Part A presents mandatory requirements, Part B contains guidance regarding the provisions of Chapter XI-2 of the Convention and part A of the Code.

ISPS Code Overview

The Code aims, among other things, to establish an international framework for co-operation between Contracting Governments, government agencies, local administrations and the shipping and port industries to detect security threats and take preventive measures against security incidents affecting ships or port facilities used in international trade and to establish relevant roles and responsibilities at the national and international level. ISPS provisions relating to port facilities relate solely to the ship/port interface. Also, ISPS provisions do not extend to the actual response to attacks or to any necessary clear-up activities after such an attack.

In addition, for each ship and port authority affected, the ISPS Code requires:

Enforcement Date

The ISPS Code went into effect on July 1, 2004.

ISPS Code Full Text

The full text of the ISPS Code can be found on the Web at:

Application of the ISPS Code

The ISPS Code applies to ships and ports of signatory nations to the SOLAS Convention as well as ships that call upon ports of contracting nations: Specifically:

-Passenger ships, including high-speed passenger craft

-Cargo ships, including high-speed craft, of 500 gross tonnage and upwards

-Mobile offshore drilling units

This represents about 55,000 ships and 10,000 to 20,000 port facilities worldwide that need to be certified.

The ISPS Code does not apply to warships, naval auxiliaries or other ships owned or operated by a SOLAS Convention Contracting Government and used only on Government non-commercial service.

The ISPS Code does not directly impact importers, exporters, NVOCCs or air, rail and truck carriers.

Ship Owing Companies

Individual ship-owning companies are required to appoint a Company Security Officer (CSO), develop a Ship Security Plan (SSP) for each vessel and appoint a Ship Security Officer (SSO) for each vessel.

A company's SSP must contain a clear statement emphasizing the ship master's overriding authority and responsibility to make decisions with respect to the safety and security of the ship and to request the assistance of the ship company or of any Contracting Government as may be necessary.

The Ship Security Plan (SSP) and
International Ship Security Certificate (ISSC)

Flag states (countries of registry of ships) are responsible for approving Ship Security Plans, compliance with SOLAS and the ISPS Code through verification audit, issuing an International Ship Security Certificate (ISSC) and continuous monitoring of ownership, classification and operator information. A flag state may appoint a recognized security organization to act on its behalf.

Port Authorities

Port authorities are responsible for establishing a Port Facility Security Plan (PFSP) and to act upon the security levels set by the Contracting Government within whose territory it is located. The Port Authority must also provide an interface with the Ship Security Office of vessels calling on the port.

Contracting Governments and Security Levels

Contracting Governments are responsible for setting security levels (see definitions of security levels which follow) and provide guidance for protection from security incidents.

"White List" Ports

The IMO has stated that it will publish a "White List" of ports with accepted Port Facility Security Plans (PFSP). If a ship comes from a port which is not on the IMO "White List" the government responsible for a "White List" port may take this as "clear grounds" that the ship may not be in compliance with the ISPS Code. Such vessels may be subject to control and compliance measures. In extreme cases this may even lead to the ship being denied entry into port.

"White List" Ships

The International Association of Classification Societies (IACS) also publishes a "White List" of ships issued with an International Ship Security Certificate (ISSC) by member societies. A ship not having a valid ISSC will, by definition, be outside ISPS Code requirements.

Black List

The IMO does not issue a “black list” of any kind. There is no IMO list of ports or flag states that are not in compliance.

U.S. Pre-Arrival Requirements

The United States has imposed pre-arrival requirements in addition to those of the International Maritime Organization (IMO). Be aware of various U.S. Navigation & Vessel Inspection Circulars (NAVIC), specifically NAVIC 10-02 ( Information on U.S. cargo security requirements can be found at (

Non-Compliance With the ISPS Code

International : As of July 2, 2004 vessels unable to produce the necessary ISPS certification risk being detained by a port authority until she can show she is implementing the code on board.

United States : In the U.S., ship owners were required to have their Ship Security Plans (SSPs) ready by December 29, 2003. As of July 2, 2004, ships cannot enter U.S. waters without a valid ISPS International Ship Security Certificate. Also, their arrival must be announced 48 hours before entry into U.S. waters.

IMO Security Model Courses

The IMO has developed the following model courses:

ISPS - Company Security Officer
ISPS - Port Facility Security Officer
ISPS - Ship Security Officer

ISPS Definitions

Ship Security Plan (SSP)

A plan developed to ensure the application of measures on board a ship designed to protect persons on board, cargo, cargo transport units, ship's stores or the ship from the risks of a security incident.

The SSP must address issues such as:

Port Facility Security Plan (PFSP)

A plan developed to ensure the application of measures designed to protect the port facility and ships, persons, cargo, cargo transport units and ship's stores within the port facility from the risks of a security incident. The ISPS (Section 16) offers guidelines for developing the PFSP.

Ship Security Officer (SSO)

The person on board a ship, accountable to the master, designated by the Company as responsible for the security of the ship, including implementation and maintenance of the Ship Security Plan (SSP) and for liaison with the Company Security Officer (CSO) and Port Facility Security Officer(s) (PFSO). Note that the ISPS Code does not specify who the SSO shall be. Appointment of the SSO will take into account such factors as existing workloads, aptitude and suitability for the job. Appropriate training must also be given. The SSO may be the ship's master. The ISPS (Section 12) offers guidelines for developing the SSO job description.

Company Security Officer (CSO)

The person designated by the Company for ensuring that a ship security assessment is carried out; that a Ship Security Plan (SSP) is developed, submitted for approval, and thereafter implemented and maintained and for liaison with Port Facility Security Officer(s) (PFSO) and the Ship Security Officer (SSO). Note that the ISPS Code does not specify who the CSO shall be. Appointment of the CSO will take into account such factors as existing workloads, aptitude and suitability for the job. Appropriate training must also be given. The ISPS (Section 11) offers guidelines for developing the CSO job description.

Port Facility Security Officer (PFSO)

The person designated as responsible for the development, implementation, revision and maintenance of the Port Facility Security Plan (PFSP) and for liaison with the Ship Security Officer(s) (SSO) and Company Security Officer(s) (CSO). The ISPS (Section 17) offers guidelines for developing the PFSO job description.

Security Level 1

The level for which minimum appropriate protective security measures shall be maintained at all times.

Security Level 2

The level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a security incident.

Security Level 3

The level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.

The International Maritime Organization (IMO)

The IMO is a specialized agency of the United Nations, which is responsible for measures to improve the safety of shipping and to prevent marine pollution from ships. It was established by means of a Convention adopted under the auspices of the United Nations in Geneva on March 17, 1948 and met for the first time in January 1959. It currently has 163 Member States. IMO's governing body is the Assembly which is made up of all 163 Member States and meets normally once every two years. It adopts the budget for the next biennium together with technical resolutions and recommendations prepared by subsidiary bodies during the previous two years. The Council acts as governing body in between Assembly sessions. It prepares the budget and work program for the Assembly. The main technical work is carried out by the Maritime Safety, Marine Environment Protection, Legal, Technical Co-operation and Facilitation Committees and a number of sub-committees. For complete information go to: