Why the ISPS Code Exists
The International Ship and Port Facility Security (ISPS) Code was adopted by IMO following the September 2001 attacks and entered into force 1 July 2004 under SOLAS Chapter XI-2. The driving principle is that a ship is a potential vector for a security threat — to itself, its crew, cargo, or a port facility — and that threat must be managed proactively rather than reactively. The Code establishes a framework of responsibilities, plans, and communication between ships, companies, flag States and port facilities so that the international maritime industry presents a consistent security posture.
What the Code Requires
ISPS has two parts. Part A is mandatory; Part B is recommendatory guidance.
The Code operates through three Security Levels set by governments:
- Level 1 – Normal; routine protective measures.
- Level 2 – Heightened; additional measures for an elevated threat.
- Level 3 – Exceptional; further specific measures for a probable or imminent incident.
The Master must always know the Security Level for the ship and for any port facility to be visited, act on instructions from the contracting government if Level 3 is declared, and ensure the Ship Security Plan (SSP) is implemented at the appropriate level.
Application to Yachts
ISPS applies to vessels on international voyages in the categories specified by SOLAS XI-2. For yachts, the trigger is flag State implementation; under UK (Red Ensign Group) requirements via the Red Ensign Group Yacht Code (REG YC Part A, which superseded LY3) and MSN 1858, large commercial yachts on international voyages are subject to ISPS. This means:
- A verified and approved SSP must be on board (kept confidential; the auditor sees it, but its contents are not disclosed routinely).
- An International Ship Security Certificate (ISSC) is carried — issued after verification that the SSP and the ship's security arrangements comply with Part A.
- A Company Security Officer (CSO) is designated ashore; a Ship Security Officer (SSO) — who may be the Master — is designated on board.
- A Continuous Synopsis Record (CSR) documents the ship's history and must be kept current and available for inspection.
The Master's Command Position
The Master has overriding authority under SOLAS XI-2/8: the Master shall not be constrained by the company, the charterer or any other person from taking or executing any decision which, in the Master's professional judgement, is necessary to maintain the safety and security of the ship. This is not a discretionary power — it is a legal protection and a duty. A Master who identifies a security threat must act on it, implement the SSP at the appropriate level, report to the CSO and the competent authority, and log all actions. Failure to do so is a failure of command.