Why the ISPS Code Exists
The International Ship and Port Facility Security (ISPS) Code emerged from the recognition, sharpened after 9/11, that ships and ports are potential targets and vectors for terrorism, piracy, and unlawful acts. SOLAS Chapter XI-2 provides the legal hook; the ISPS Code gives the operational detail. Its fundamental principle is that security is a risk-management discipline: assess the threat, assign a level, apply proportionate measures.
Structure
The Code has two parts:
- Part A — mandatory requirements.
- Part B — guidance (but flag states may make elements of Part B mandatory; the MCA does).
Who It Applies To
The ISPS Code applies to ships on international voyages in the following categories: cargo ships ≥500 GT, passenger ships, mobile offshore drilling units, and high-speed craft. Yachts under 500 GT operating as private vessels on international voyages are not within the mandatory ISPS framework. However, a yacht certificated and operated as a commercial vessel may fall within flag state or port state requirements — the Red Ensign Group Yacht Code (REG YC Part A, which superseded LY3) addresses this — and any port the yacht enters may impose ISPS-driven requirements on non-ISPS vessels as a condition of entry. The Master must understand the Code whether or not the yacht holds an ISSC.
Security Levels
Three levels set the operational tempo:
- Level 1 — normal operations; routine protective measures.
- Level 2 — heightened threat; additional measures activated.
- Level 3 — specific or imminent threat; exceptional measures, likely directed by the Contracting Government.
Levels are set by the Contracting Government and communicated to the ship. The Master acts on the level in force for the port being approached, not just the level the flag state has set.
The Ship Security Plan and the Master's Authority
ISSC vessels carry a Ship Security Plan (SSP), approved by the flag administration. The SSP defines measures for each security level, restricted areas, access control, declarations of security with port facilities, and crew duties. The Ship Security Officer (SSO) manages day-to-day implementation; the Company Security Officer (CSO) bridges ship and company. Critically, nothing in the ISPS Code limits the Master's overriding authority to take whatever action is necessary for the safety and security of the ship — this is explicit in SOLAS XI-2/8.
The Decision the Master Makes
On approaching a port, the Master must: confirm the security level in force, ensure the SSP measures for that level are active, have the last ten port facility interactions logged (the 'continuous synopsis' security element), and — if directed to security level 3 — comply with Contracting Government instructions while exercising overriding authority if life or ship safety is threatened.