M3000-3.5.17

The ISPS Code - purpose and application

Sign in to track progress

Why the ISPS Code Exists

The International Ship and Port Facility Security (ISPS) Code was adopted by IMO following the September 2001 attacks and entered into force 1 July 2004 under SOLAS Chapter XI-2. The driving principle is that a ship is a potential vector for a security threat — to itself, its crew, cargo, or a port facility — and that threat must be managed proactively rather than reactively. The Code establishes a framework of responsibilities, plans, and communication between ships, companies, flag States and port facilities so that the international maritime industry presents a consistent security posture.

What the Code Requires

ISPS has two parts. Part A is mandatory; Part B is recommendatory guidance.

The Code operates through three Security Levels set by governments:

  • Level 1 – Normal; routine protective measures.
  • Level 2 – Heightened; additional measures for an elevated threat.
  • Level 3 – Exceptional; further specific measures for a probable or imminent incident.

The Master must always know the Security Level for the ship and for any port facility to be visited, act on instructions from the contracting government if Level 3 is declared, and ensure the Ship Security Plan (SSP) is implemented at the appropriate level.

Application to Yachts

ISPS applies to vessels on international voyages in the categories specified by SOLAS XI-2. For yachts, the trigger is flag State implementation; under UK (Red Ensign Group) requirements via the Red Ensign Group Yacht Code (REG YC Part A, which superseded LY3) and MSN 1858, large commercial yachts on international voyages are subject to ISPS. This means:

  • A verified and approved SSP must be on board (kept confidential; the auditor sees it, but its contents are not disclosed routinely).
  • An International Ship Security Certificate (ISSC) is carried — issued after verification that the SSP and the ship's security arrangements comply with Part A.
  • A Company Security Officer (CSO) is designated ashore; a Ship Security Officer (SSO) — who may be the Master — is designated on board.
  • A Continuous Synopsis Record (CSR) documents the ship's history and must be kept current and available for inspection.

The Master's Command Position

The Master has overriding authority under SOLAS XI-2/8: the Master shall not be constrained by the company, the charterer or any other person from taking or executing any decision which, in the Master's professional judgement, is necessary to maintain the safety and security of the ship. This is not a discretionary power — it is a legal protection and a duty. A Master who identifies a security threat must act on it, implement the SSP at the appropriate level, report to the CSO and the competent authority, and log all actions. Failure to do so is a failure of command.

Practice questions

recallcore

What are the three ISPS Security Levels and who sets them?

recallcore

What is the significance of SOLAS XI-2/8 to you as Master?

scenariocore

You are approaching a port in a region where the host government has just declared Security Level 2. Your vessel is currently operating at Level 1. What do you do?

oralstretch

Your charterer is pressing you to enter a port quickly despite the fact that you have received information suggesting a credible security threat to vessels in that anchorage. The charterer says the schedule is critical and the threat is unconfirmed. What is your position and what do you do?

scenariostretch

A port state control officer boards and asks to see your ISPS documentation. What do you produce and what do you protect?

Independent preparatory study aligned to the MCA Master (Yachts less than 3000 GT) examination syllabus (updated June 2026). Not an MCA-approved course and confers no credit toward a Certificate of Competency.