OOW-3.3.6

International Ship and Port Security (ISPS) Code

Sign in to track progress

Candidates routinely conflate the roles of the key duty-holders — Company Security Officer (CSO), Ship Security Officer (SSO), and Port Facility Security Officer (PFSO) — and cannot clearly state what the ISPS Code requires a vessel to do at each security level. Those two gaps almost always attract follow-up questions and can derail an otherwise solid answer.

What the ISPS Code is and why it exists

The ISPS Code (International Ship and Port Facility Security Code) is a mandatory IMO framework under SOLAS Chapter XI-2, introduced after the 11 September 2001 attacks. It establishes a standardised, risk-based approach to security for ships and port facilities, creating a framework for detecting and deterring security threats in international shipping.

It applies to ships on international voyages (including passenger ships, cargo ships of 500 GT and above, mobile offshore drilling units) and to the port facilities that serve them. Yachts in commercial operation that fall within scope must comply.

The three security levels

  • Level 1 – Normal: Minimum appropriate protective measures maintained at all times.
  • Level 2 – Heightened: Additional protective measures due to an elevated risk.
  • Level 3 – Exceptional: Further specific measures for a probable or imminent incident. Set by contracting governments; the ship does not set Level 3 unilaterally.

Key duty-holders — know the distinctions

  • CSO (Company Security Officer): Ashore. Responsible for the Ship Security Assessment, ensuring the Ship Security Plan (SSP) is developed, approved, implemented and maintained, and for liaison with PFSOs and the SSO.
  • SSO (Ship Security Officer): Onboard. Responsible for implementing the SSP, conducting regular inspections, ensuring crew are trained, reporting security incidents to the CSO and the master.
  • PFSO (Port Facility Security Officer): Responsible for the port facility's security plan and for coordinating with the SSO when a vessel is in port or approaching.

Ship Security Plan (SSP)

The SSP is confidential. It must be approved by the flag state (or an approved Recognised Security Organisation on the flag state's behalf) and must detail the measures for each security level. Crew must know their duties under it; the full document need not be disclosed to port state control inspectors — inspectors can verify it exists and is approved, but cannot demand to read confidential operational details.

International Ship Security Certificate (ISSC)

Issued by the flag state following verification of compliance. Required for vessels in scope. Port state control can check its validity. A vessel without a valid ISSC can be detained or denied entry.

Declarations of Security (DoS)

A DoS is a written agreement between an SSO and a PFSO (or ship-to-ship) setting out the respective security responsibilities for a specific interface. Either party may request one; certain circumstances may make it mandatory.

Practice questions

recallcore

What are the three ISPS security levels and what does each mean?

recallcore

Distinguish clearly between the roles of the CSO, SSO, and PFSO under the ISPS Code.

scenariostretch

Port state control officers board your vessel and demand to read the full Ship Security Plan. How do you respond?

oralcore

You are the OOW on a commercial yacht arriving at a foreign port. The port authority raises the security level to Level 2 before you berth. What does this mean for your vessel and what actions would you expect to be taken?

scenariostretch

Your vessel is about to conduct a ship-to-ship transfer of crew in international waters with another commercial vessel. When is a Declaration of Security required and who can initiate it?

Independent preparatory study aligned to the MCA OOW (Yachts <3000 GT) oral examination syllabus. Not an MCA-approved course and confers no credit toward a Certificate of Competency.