UK Maritime Security Frequently Asked Questions

1. What is SOLAS and how is it relevant to security?

The Safety of Life at Sea Convention 1974 is one of the Conventions of the International Maritime Organisation (IMO). Around 120 Governments world-wide have signed up to this Convention and these Governments are referred to as 'Contracting Governments'.

As a result of the heightened threat to transport sectors following the terrorist attacks of September 11, IMO members agreed that the introduction of international maritime security requirements would be beneficial and that amending SOLAS would be the most efficient way of introducing such requirements. A series of meetings was held throughout 2002 to draft new SOLAS Regulations, which were formally adopted in December 2002. As a Contracting Government, the UK must now implement the requirements of the Regulations by 1st July 2004.

2. What is the ISPS Code?

The International Ship and Port Facility Security Code was drafted and agreed at the same time as the new SOLAS Regulations and provides further detail and guidance on the measures outlined in the Regulations. The Code has two parts; Part A which contains mandatory requirements and Part B which contains detailed guidance. Contracting Governments must implement the mandatory requirements of the Code, taking into account the guidance, by 1st July 2004.

Copies of the ISPS Code can be purchased from the IMO.

International Maritime Organization
4 Albert Embankment
London SE1 7SR , United Kingdom
E-mail: publications-sales@imo.org
Tel: + 44 (0)20 7735 7611, Fax: + 44 (0)20 7587 3241
Web: www.imo.org (for online purchases)

3. What is the aim of the Regulations and ISPS Code?

The aim is to establish an international framework to detect and assess security threats and take preventative measures against security incidents affecting ships or port facilities used in international trade. 

4. What has the UK 's involvement been?

The UK Government has been involved from the outset, working closely with other Contracting Governments, in particular with the US and EU Member States. UK shipping and ports industry representatives have also been involved and attended the IMO meetings throughout 2002 as part of the UK Delegation.

5. Who is responsible for implementing the ISPS Code in the UK?

The Department for Transport (DfT), has overall responsibility for implementing the IMO requirements and will deal primarily with port security. The Maritime and Coastguard Agency (MCA) will deal with ship security, although responsibility for cruise ship security will remain with the DfT.

6. Who will be affected by the new Regulations and ISPS Code?

The Regulations and ISPS Code apply to the following types of ships engaged on international voyages:

  •  passenger ships, including high-speed passenger craft;

  • cargo ships, including high-speed craft, of 500 gross tonnage and upwards; and

  • mobile offshore drilling units;

 as well as port facilities serving such ships engaged on international voyages.

7. What does the ISPS Code require?

The requirements under the ISPS Code are wide-ranging but include; ship and port facility security assessments, ship and port facility security officers, ship and port facility security plans, training for security personnel, ship and port facility security drills and exercises, a system of 3 international Security Levels, ship security certificates, ship identification numbering, Automatic Identification Systems (AIS) for ships, ship security alert systems, sharing of information internationally and control and compliance measures. The issues relating primarily to ports are outlined in more detail below.

8. What is a port facility?

A port facility is defined by the IMO as a location, as determined by the Contracting Government, where interactions occur when a ship is directly and immediately affected by actions involving the movement of persons, goods or the provision of port services to or from the ship. It includes areas such as anchorages, waiting berths and approaches from seaward. The IMO's definition of a port facility in practical terms, could therefore be an individual berth, wharf or terminal.

9. What is a port facility security assessment (PFSA) and who will do it?

The PFSA process is outlined in the ISPS Code as a process by which competent persons identify key assets within a port facility, assess the threats to these assets and identify security measures that can be implemented to reduce the vulnerability of these assets.

In the UK , PFSAs will be carried out by DfT Maritime Inspectors and will be undertaken in two steps. The first step will be to use the information obtained from the Port Security Questionnaire, along with information on threat, to group ports into broad security categories. Those categories will be used to prioritise ports to ensure that high priority ports, i.e. those that are deemed to be most at risk, are dealt with first.

The second step will involve visits to ports by the Maritime Inspectors. The information obtained from the Annex to the Port Security Questionnaire will be used to gain a picture of the levels of existing security provision in ports and therefore inform these visits. During the visits the inspectors will survey the port to identify key assets and will discuss the options for security measures with the port management. High priority ports will be visited early in the programme.

10. Will I have to pay for the PFSA?

No. DfT will not charge for the PFSAs.

11. What is a port facility security plan (PFSP) and who will write it?

PFSPs will need to be developed to cover each port facility. Responsibility for developing and maintaining the plans lies with the port facility, in particular the Port Facility Security Officer. PFSPs must be based on the results of the PFSA and must cover:

  • the port security management structure;

  •  the duties, responsibilities, performance measures and training requirements of port personnel with a security role;

  • the links and communication lines with relevant authorities;

  • the procedures for undertaking security drills and exercises; 

  • the procedures for protecting security sensitive information;

  • the procedures for review, audit, amendment and approval of the PFSP; and

  • the procedures and circumstances requiring reports to DfT.

The plan will also outline, for each of the issues below, the procedures and measures to be taken at each Security Level and the procedures for moving between Security Levels.

  • access control to the port, including pass systems and searching;

  • designation of, and measures relating to, Restricted Zones;

  • procedures and security measures relating to cargo handling;

  • procedures and security measures relating to the delivery of ship's stores;

  • procedures and security measures relating to the handling of unaccompanied baggage;

  • procedures and security measures relating to Declarations of Security; and

  • procedures and security measures relating to the monitoring of the port.

Once developed, PFSPs must be approved by DfT to ensure that they meet the relevant security requirements.

12. What help will be available to develop the PFSPs?

DfT will provide a PFSP template giving details of the information that must be included in the plan. The security measures required of the port facility will be discussed during the PFSA process and the standards required for the various security measures will be set out in guidance notes. Guidance will also be provided on other relevant issues.

13. What are a port facility security officers (PFSO) and who appoints them?

PFSOs will need to be appointed to cover each port facility, although a single officer may have responsibility for more than one port facility. Responsibility for appointing a PFSO lies with the port facility.

14. What is a Declaration of Security (DoS)?

A Declaration of Security is an agreement reached between a ship and a port facility, or a ship and another ship, when they interface. It details the respective security measures each will undertake. A DoS may be requested either by a Ship Security Officer (SSO) or a PFSO and might be requested, for example, when a ship is at a higher Security Level than a port facility. However, the precise circumstances under which a DoS should be requested will be determined by DfT and the MCA and guidance provided to industry in due course.

15. What do the Security Levels mean and who will set them?

The three Security Levels reflect the likelihood that a security incident will occur and will be set by DfT based on threat information obtained from the Security Services. At Security Level 1, ships and ports will be required to have baseline security measures in place, as outlined in the PFSP. Security Level 2 represents a heightened level of threat, and ships and ports will be required to increase their levels of protective security. Security level 3 represents an imminent and specific threat, and ships and ports will be required to increase security provision and also respond to instructions from the relevant authorities.

16. What is 'threat'?

Threat is a function of both the capability and intent of a terrorist group to mount an attack on a target. It varies from group to group, by target and over time.

17. What is 'risk'?

Risk can be defined as a function of threat, vulnerability and consequence. Vulnerability is the susceptibility of a target to a given form(s) of attack, and consequence is the impact and effect of a successful attack. Each of these issues must be considered during a security assessment.

18. What are Recognised Security Organisations (RSOs) and will we have them in the UK?

The ISPS Code allows Governments to appoint RSOs to undertake work on their behalf, such as undertaking PFSAs. The UK will not be appointing such organisations, at least during the initial implementation phase. This decision is based on the fact that RSOs would not have access to essential threat information.

19. Can we still use security consultants and contractors?

Although the implementation process will not necessarily require it, port and shipping companies remain free to employ security consultants and contractors to undertake work on their behalf, such as completing and implementing a port security plan, based on Government instruction and guidance.

20. How much will all this cost and who will pay?

In line with existing transport security regimes, the costs of implementing the security measures will fall to those the measures are designed to protect, in this case UK ships and ports and the persons and property associated with them.

It is extremely difficult to give an indication of cost at this early stage, but DfT is aware of the commercial implications to industry. We will have a better idea of costs once the assessment process has been completed and standards of security have been agreed. However, our watchword is proportionality, and developing and implementing an effective maritime security regime that minimises the cost to industry is our ultimate objective.

21. Can the existing crime prevention measures that are in place at most ports be used for counter terrorist security?

At many ports it is likely that existing security measures, such as good quality perimeter fencing and CCTV systems, can be used to contribute to the ISPS Code requirements. Where this is possible and practical DfT will support such read-across.

22. Can the equipment used by border agencies be used for security?

DfT is represented on a Border Agencies Working Group and is currently discussing how the new security regime will be co-ordinated with the work of the Border Agencies. In particular, DfT has been discussing the use of Customs and Excise freight screening x-ray equipment as part of the protective security measures at some ports.

23. What will be the legal basis for the new security regime?

The legal basis for implementation in ports is primarily the Aviation and Maritime Security Act 1990 (AMSA), although this is subject to review depending on the adoption of an EU Regulation. AMSA allows Directions to be issued for the purposes of protecting ships, harbour areas, and persons and property on board ships or in a harbour area, against acts of violence. Instructions and requirements would be issued by way of such Directions. Once implemented, the measures and procedures will be inspected and enforced by DfT and MCA Maritime Inspectors.

24. What is the EU's involvement?

The European Commission has drafted a Regulation that is expected to make the ISPS Code mandatory in all Member States. However, until this Regulation is made available it is difficult to assess its impact. In particular, we are waiting to see to what extent the Regulation makes Part B of the ISPS Code (the guidance section) mandatory for Member States. The European Commission has also signalled its intent to introduce a Directive on Port Security. This is expected to extend the IMO requirements to cover the whole port estate, not just the individual port facilities.

25. What will happen to the existing UK security regime for passenger ships and ports?

While the IMO requirements are being implemented the existing security regime, covering international cruise and ferry operations, will remain in place and continue to operate as normal. Although the existing arrangements will become part of the overall Maritime Security Programme, the standards of protection required will not change. Passenger operations continue to be high profile and security standards will not be compromised by the development of the programme.

26. What will happen to the existing UK maritime security system of five Risk Assessment Levels (RAL)?

The RAL system will be aligned with the three-level international system and DfT is considering how best to achieve this.

27. What is the Maritime Security Programme (MSP)?

In the UK , implementation of the IMO requirements will form part of a Maritime Security Programme (MSP) that will bring together the IMO requirements and the UK 's existing maritime security regime to provide a comprehensive protective security regime for UK ships and ports. Although DfT has overall responsibility for the programme, DfT will deal primarily with port security and the Maritime and Coastguard Agency (MCA) will deal primarily with ship security.

28. How is the MSP different to the ISPS Code?

The MSP is a UK Government initiative that will cover the IMO requirements and the UK 's existing regime. It will also consider those ships and ports that will not be covered by a mandatory security regime with a view to issuing guidance on security practices. Ultimately the maritime industry will be issued with a complete UK Maritime Security Programme document covering all aspects of maritime security. The concepts of threat and risk assessment will be central to the MSP and the level of security provision required on any ship or at any port will be based on such assessments. Security provisions will therefore be proportionate to the levels of threat and risk faced by a ship or port.

29. How will I know what's happening?

Throughout the implementation process, the DfT Maritime Security Programme Implementation (MSPI) Team will ensure continued dialogue with the maritime industry. Such dialogue and consultation will take place in a variety of ways, including industry seminars, working groups and regional roadshows. This information pack provides the first step in communicating directly with industry, and follows the first in a series of formal meetings with the maritime trade associations which will continue throughout the year. An industry-wide seminar will also be held on 28th May and will be attended by David Jamieson MP, Parliamentary Under Secretary of State for Transport. Invitations to this seminar will be distributed in due course.

30. Is the questionnaire a one-off, or will I have to fill in a questionnaire on a regular basis?

In order for the information obtained from the questionnaire to remain of use it must be updated. Updates are likely to be requested on an annual basis, although certain information may need to updated regularly. Every effort will be made to reduce the burden on industry and where information is no longer required it will not be requested. We are also exploring the use of electronic information systems to request, share and store information.

31. You haven't answered all my questions so who can I contact?

The Maritime Security Programme Implementation (MSPI) Team in DfT can be contacted with any questions you might have. The contact details are:

Post: MSPI Team
Department for Transport
4/33 Great Minster House
76 Marsham Street
London SW1P 4DR

Tel: 020 7944 2844
Fax: 020 7944 2170

E-mail: maritimesecurity@dft.gsi.gov.uk