IMO ISPS Code

Security Assessments and Plans

APEC Capacity Building

Transport Security Division

DOTARS

Discussion
ISPS Code requirements
Risk management standards - 4360
Port facility and ship security assessments
Port facility and ship security plans
Model Security plans - common themes
Relevant skills and experience.

ISPS Code

IMO requirements for security assessments

and plans apply to:
passenger ships, including high speed craft;
cargo ships of 500 gross tonnes - upwards;
mobile off-shore drilling units (MODUs) on
international voyages; and
port facilities serving such
vessels engaged on
international voyages.

Some Key Challenges

Tight timeframes for IMO
compliance by 1 July 2004
Significant numbers of security
assessments and plans to be
reviewed and approved.
Approved security assessments and plans will
need to be in place by 30 June 2004.

DOTARS Maritime Risk Assessment Model

INTELLIGENCE INPUTS

Guidance material

4360
Port, Port Facility and Ship Security Assessments

Model Plans
Port, Port Facility and Ship Security Plans

IMO REQUIREMENTS

NATIONAL RISK CONTEXT STATEMENT

Security Assessment Principles

Security assessments provide a solid risk
based approach to the implementation of
preventive security planning measures to
counter terrorism.
Senior management requires information on
security risks in order to make well informed
decisions regarding
preventive security measures.

AS/NZS 4360:1999 Risk

Management Standard
Security assessments should be conducted
using a recognised risk management
standard, such as AS/NZS 4360:1999 or US
Coast Guard guidance materials.
DOTARS encourages stakeholders to
prepare security assessments in
accordance with the 4360 standard.

Steps in the
4360 Risk Assessment

MONITOR AND REVIEW

IDENTIFY RISKS
COMMUNICATE AND CONSULT

Establish the context

Process
Identify risks - what can happen
and how can it happen?
Analyse risks - determine
likelihood and consequences
Evaluate Risksset risk priorities
Treat Risks

ESTABLISH THE CONTEXT

ANALYSE RISKS

EVALUATE RISKS

ACCEPT
RISKS?

NO
TREAT RISKS

YES

Port Facility Security Assessments

Security assessment requirements apply to
all facilities servicing SOLAS cargo and
passenger ships on international voyages.
Port facility security officers will ensure that
security assessments
are conducted.

Port Facility Security Assessments

PFSAs shall include, at least, the following
elements:
Identification and evaluation of important assets and
infrastructure;
Identification of possible threats and their likelihood
of occurrence;
Identification, selection and prioritisation of counter
measures and procedural changes;and
Identification of weaknesses, including human
factors, in infrastructure, policies and practices.
ISPS Code Part A, Section 15.5

Ship Security Assessments

Ship owners or operators of SOLAS Cargo

and passengers ships are required to
complete ship security assessments.
Company ship security officers will be
expected to ensure that
ship security assessments
are carried out.

Ship Security Assessments

Assessments should include on-scene
security surveys and identify and evaluate
key ship board operations.
It would also be expected that ship security
assessments consider trading routes when
identifying security
risks.

Security Assessment Reports

Port facility and ship security assessment
reports will be required to be submitted to
Contracting Governments for consideration
of approval.
The results of security assessments should
form the basis of preventive security
planning - clear linkage to security plans.

Tailor Security Plan Coverage

Multiple plans
Separate plans for each port area

Single plan
Used were there are common controls
Annexes used where differences occur

Describe the systems used to deliver

security outcomes

Common Characteristics
Port Fac. Ship
Security Structure

Basic security measures

Heightened threat responses

Devolved responsibilities

Access controlled areas

Common Characteristics
Port Fac. Ship
Training arrangements

Contact details

Review/ internal audit

Ship communications

IMO / ISPS Security Levels

A Risk Based Strategy

Security Level 1
Normal
The the level for which
standard security
measures shall be
maintained at all times

Security level 2
Heightened
The level for which
appropriate additional
security measures
shall be maintained for
a period of time as a
result of heightened
risk of a security
incident

Security Level 3
Exceptional
The level for which
further additional
security measures shall
be maintained for a
limited period of time
when a security
incident is probable or
imminent, although it
may not be possible to
identify the specific
target

Security Plans Required By?

International requirement for ship and port
facility security plans to be in place by 1 July
2004 (ISPS Code)
By then, regulated ships and port facilities
receiving such ships must:
have an approved security plan that is in force
at all times; and
comply with the plan

Relevant Skills and Experience

Persons with appropriate skills and
experience should conduct security
assessments and prepare plans.
A good understanding of risk management
standards and basic security planning
principles is required.
Seek expert assistance where necessary.

Conclusion
Security assessments are an extension of
good risk management processes.
Effective security planning is recognised as
a good business practice.
Security measures can result in shared
regional and international benefits that
counter terrorism.