Ship Security Plan (SSP): Requirements, Contents & Implementation Under ISPS Code
On October 7, 1985, four armed men boarded the MV Achille Lauro in the Mediterranean, took 400 passengers hostage, and killed one American passenger before negotiations ended the standoff.
The incident exposed that international shipping had no standardised security framework, even though vessels crossed borders and carried thousands of people and millions of tonnes of cargo.
Ships sailed under no common security obligations beyond the goodwill of individual operators.
Sixteen years later, the September 11, 2001, attacks and the bombing of the French tanker MV Limburg in October 2002 made it impossible to ignore this fact.
Hence, the International Maritime Organisation adopted the International Ship and Port Facility Security (ISPS) Code in December 2002. From July 1, 2004, every vessel had to carry an approved Ship Security Plan.
This article explains what the SSP is, how it is developed, who is responsible for it, and what it requires in practice.
What Is the ISPS Code & Why Does the SSP Exist?
The ISPS Code includes a set of measures aimed at improving the security of ships and ports. It was adopted by the IMO at a Diplomatic Conference in December 2002 and entered into force on July 1, 2004.
It is an intrinsic part of the SOLAS Convention under Chapter XI-2, and makes compliance a treaty obligation for all flag states party to SOLAS.
The Code has two parts, A and B. Part A mentions the mandatory requirements; what ships, companies, and port facilities must do, while Part B explains how to meet those requirements.
The Ship Security Plan is mandated under Part A, Section 9, meaning it is not optional, not discretionary, and not subject to individual interpretation by the shipowner.
It applies to all passenger ships regardless of size, going on international voyages; all cargo ships of 500 gross tonnage and above on international voyages; and mobile offshore drilling units.
A vessel below 500 GT on a domestic route is not required to comply, but many flag states extend the obligation to domestic shipping through national legislation.
The SSP does not exist in isolation and sits within a broader security management framework that includes the Ship Security Assessment, the Company Security Officer, the Ship Security Officer, the International Ship Security Certificate, and the Ship Security Alert System, all of which are explained in this article.
What Is a Ship Security Plan (SSP)?
A Ship Security Plan is a confidential document which is made specifically for a vessel, as it lays down the processes and responsibilities by which the ship will meet the ISPS Code requirements at each of the 3 security levels.
The plan is made by the Company Security Officer (CSO), based on the findings of the Ship Security Assessment.
It is compulsory to write the plan in the working language of the vessel. If that language is not English, Spanish or French, then a certified translation into one of the three languages must be included.
The Ship Security Plan can be maintained in electronic form, given that safeguards are in place to prevent its deletion, modification or destruction.
Approval
The SSP must be approved by the flag State Administration or by a Recognised Security Organisation (RSO) acting on behalf of the administration.
Additionally, the RSO that conducted the Ship Security Assessment must not be the same organisation that approves the SSP. This measure helps prevent an organisation from validating its own risk analysis.
Once approved, the flag state issues an International Ship Security Certificate (ISSC) which remains valid for 5 years, subject to an intermediate verification between the second and third anniversary of issue.
Port State Control officers inspect the ISSC as part of routine port entry checks; the certificate confirms that the SSP exists and has been approved, without requiring the officers to read the plan itself.
Any subsequent amendment to the SSP or to the security equipment specified in it requires Administration or RSO approval before implementation.
Approved amendments must be documented and held on board alongside the ISSC.
Confidentiality
The SSP is one of the most protected documents on board. Port State Control officers do not have the right to inspect the plan during a routine port entry. Inspection is only permissible where there is specific evidence of non-compliance with the Code.
Even then, the inspection is limited to the elements alleged to be non-compliant, not a wholesale review of the plan. The master’s consent is required in all cases, and the master retains overriding authority over any security decision affecting the safety of the vessel.
KEY RULE –PSC officers cannot inspect the SSP during a routine port entry. The master’s consent is required, and any inspection is limited only to elements with specific grounds for non-compliance.
The Ship Security Assessment (SSA)
The Ship Security Assessment is the mandatory risk analysis that must be completed before the SSP can be written.
A plan that is not grounded in a proper SSA is, by definition, non-compliant with the ISPS Code.
The CSO bears overall responsibility for ensuring the SSA is conducted for every ship in the company fleet.
Persons with appropriate security skills must carry out the assessment, and the CSO may engage an RSO to conduct the work, subject to the conflict-of-interest restriction noted above.
The SSA involves five core elements-
- On-scene survey: a physical inspection of the vessel, which comprises examining access points, deck layouts, restricted areas, and cargo handling arrangements.
- Critical operations identification: determining which shipboard operations, if disrupted or compromised, would have the greatest impact on safety, security, or the environment.
- Existing security measures: reviewing what controls are already in place and how effective they are.
- Vulnerability analysis: identifying weaknesses in physical security, personnel procedures, communications systems, and operational policies that a threat actor could exploit.
- Threat assessment: evaluating the likelihood and potential impact of specific threats given the ship’s trading area, cargo type, and operational profile.
The SSA produces a written report documenting every vulnerability identified and the countermeasures recommended to address it. This report is the direct input to the SSP; the plan’s structure and content should mirror the assessment’s findings.
The SSA must be reviewed and updated whenever there is a material change in the ship’s security environment, trading area, or operational arrangements.
The Three Security Officers
Three distinct officer roles form the backbone of the ISPS Code’s implementation structure. Each operates in a different domain and carries different responsibilities, but all three must coordinate when a ship is in port.
| Officer | Appointed By | Primary Domain | Reports To |
|---|---|---|---|
| Company Security Officer (CSO) | The shipping company | Company-wide security | Company management |
| Port Facility Security Officer (PFSO) | The port authority | Port facility security | Port authority |
| Ship Security Officer (SSO) | The company, per vessel | Shipboard security | Master and CSO |
Company Security Officer (CSO)
The CSO is the company’s designated security authority, responsible for the security posture of the entire fleet. The role carries 24-hour availability as a contact point for security communications.
Core responsibilities include ensuring the SSA is carried out for each vessel; developing and submitting the SSP for approval; arranging security training and equipment; and receiving and acting on security incident reports from individual SSOs.
The CSO is the channel through which SSP amendments are submitted to the Administration. When an SSO identifies a shortcoming in the plan, the recommendation travels to the CSO, who assesses it, incorporates any supporting security assessment, and forwards the proposed amendment for formal approval.
Ship Security Officer (SSO)
The SSO is the on-board authority for implementing the SSP. The role is not merely administrative, as th SSO is responsible for the practical security of the vessel at all times. An SSO must hold a recognised certificate of training in ship security, as required under the STCW Convention.
Operational responsibilities include conducting security inspections of the vessel; managing access control at all security levels; ensuring crew members understand their security duties; conducting and recording security drills and exercises; reporting incidents to the CSO; maintaining security records; and coordinating with the PFSO on arrival at and departure from every port.
Port Facility Security Officer (PFSO)
The PFSO is the shore-side counterpart to the SSO. Appointed by the port authority, the PFSO is responsible for the Port Facility Security Plan (PFSP) and for coordinating all security arrangements at the ship/port interface.
Before a ship’s arrival, the SSO and PFSO exchange security information: security level in effect at the port, any known threats, access control arrangements, and the Declaration of Security (DoS) if required. The DoS is a written agreement between the ship and the port facility specifying the security measures each party will implement during the port call.
The Three Security Levels
Security levels are set by Contracting Governments, the flag state or the port state, depending on jurisdiction, and communicated to ships operating in their waters or entering their ports.
A ship must be capable of operating at whatever security level is in effect and must comply with instructions received from the relevant authority.
| Level | Designation | Threat Status | Duration |
|---|---|---|---|
| Level 1 | Normal | Minimum standing threat | Permanent baseline |
| Level 2 | Heightened | Elevated threat of a security incident | Duration of the identified threat |
| Level 3 | Exceptional | Security incident probable or imminent | Limited period; specific response |
Security Level 1
Level 1 represents the baseline security posture maintained at all times. The measures in effect include continuous access control at the gangway and all deck access points; monitoring of restricted areas; supervision of cargo handling and ship’s stores delivery; ensuring that security communications are functional; and maintaining the ability to respond to a security alert at short notice.
Security Level 2
When intelligence or circumstances indicate a heightened risk, the port state or flag state raises the security level to 2. The SSP must specify the additional measures the ship implements in response: more intensive checking of persons and vehicles seeking access; increased frequency of security patrols; enhanced lighting of the vessel’s exterior; more restricted access to the bridge and machinery spaces; and closer coordination with the PFSO and port authority.
Security Level 3
Level 3 is declared when a security incident is probable or imminent. It is time-limited and triggers the most intensive response measures the SSP contains: potential partial or full evacuation of non-essential personnel; suspension of cargo operations; full restriction of movement on board to pre-authorised personnel; maximum scrutiny of all persons seeking to board; and direct liaison with government response forces. The master operates in close communication with the flag state and relevant authorities throughout.
Contents of the Ship Security Plan
The ISPS Code Part A, Section 9 specifies 13 elements that every SSP must address. These are not aspirational guidelines and each element is a mandatory component of an approvable plan.
1. Weapons and unauthorised devices
Measures to prevent weapons, dangerous substances, and devices intended to be used against persons, ships, or port facilities from being brought on board without authorisation.
2. Restricted areas
Identification of every restricted area on the vessel — bridge, engine room, steering gear room, cargo control room, crew accommodation — and the specific access control measures that apply to each at every security level.
3. Unauthorised access to the ship
Procedures for verifying the identity of all persons seeking to board: crew, passengers, visitors, contractors, port workers, and surveyors. Access control measures must be calibrated to the security level in effect.
4. Response to security threats and breaches
Step-by-step procedures covering every credible threat scenario identified in the SSA: armed boarding, bomb threat, stowaways, cyber interference with navigation systems, and cargo tampering.
5. Evacuation procedures
Procedures for partial or full evacuation if a security incident cannot be contained. These must be integrated with the ship’s muster and emergency procedures.
6. Duties of security-assigned personnel
Specific written duties for every crew member assigned a security function, including the SSO, watchkeepers, gangway watch, and any designated security patrol personnel.
7. Ship/port facility interface
Procedures for coordinating with the PFSO before arrival; issuing or receiving a Declaration of Security; and managing the security of cargo, ship’s stores, and crew changes at the port interface.
8. Auditing security activities
How the CSO and SSO will audit the effectiveness of the SSP, including the frequency of internal security audits and the procedures for recording and acting on findings.
9. Training, drills, and exercises
The schedule for security training and drills for all crew, including the SSO’s individual training requirements and the frequency of shipboard security exercises.
10. Reporting security incidents
Internal reporting procedures to the master and CSO; external reporting to the flag state, port authority, and relevant national authority, including the format and timing of reports.
11. Identification of SSO and CSO
Full identification of the SSO by name and rank, and the CSO by name and company, with 24-hour contact details for both. This information must be current at all times.
12. Security equipment testing and maintenance
A schedule for testing, calibrating, and maintaining all security equipment on board — access control systems, CCTV, lighting, alarms — with specific intervals for each.
13. Ship Security Alert System (SSAS)
Location of all SSAS activation points; procedures for activation, deactivation, and resetting; testing intervals; and guidance on avoiding false alerts, including steps the master must take when an inadvertent activation occurs.
The Ship Security Alert System (SSAS)
The Ship Security Alert System is one of the most operationally significant and least understood, with requirements under SOLAS XI-2, Regulation 6. Every ship of 500 GT and above, and every passenger ship regardless of size, must be fitted with an SSAS.
The system is designed for one specific scenario: a ship whose security has been compromised or is under threat, where alerting the perpetrators to the fact that help has been summoned would put lives at greater risk.
The SSAS transmits a silent, covert alert directly to the flag state, carrying the ship’s identity, name, and position without triggering any audible alarm on board.
CRITICAL FACT –The SSAS does not sound an audible alarm on board. The alert is transmitted silently and directly to the flag state, so perpetrators who have seized the vessel are not alerted.
Two activation points are required, one on the navigation bridge and at least one other location that is accessible without passing through the bridge. The intention is that the alert can be activated even if the bridge has been seized.
The SSP must specify the exact location of every activation point on that vessel; procedures for activation, deactivation, and reset; the testing schedule; and the procedure for cancelling a false alert. False activations are treated seriously by flag state authorities.
The SSP must document the immediate steps the master takes when an unintended activation occurs, including the contact number for the flag state’s 24-hour response authority.
Testing of the SSAS is carried out at intervals specified in the SSP. Test transmissions must be pre-notified to the flag state to prevent them from being treated as genuine alerts.
Implementing the SSP: Drills, Records and Amendments
Drills and Exercises
A Ship Security Plan has no operational value unless the crew who must execute it have practised doing so. The ISPS Code specifies minimum drill frequencies that are non-negotiable.
Security drills must be conducted at least once every three months. Two exceptions apply: if the vessel is out of service for repairs or scheduled layup, the drill must be conducted within one week of reactivation; and if 25% or more of the crew is replaced at one time by personnel who have not previously participated in a drill on that vessel within the preceding three months, a drill must be held within one week of the crew change.
Full-scale security exercises, which may involve the port facility, competent authorities, or other ships, must be conducted at least once every calendar year, with no more than 18 months between consecutive exercises.
Security Records
Five categories of security records must be maintained on board and protected from unauthorised access:
- Records of training, drills, and exercises
- Records of security threats and incidents
- Records of security breaches
- Records of changes to the security level
- Records of maintenance, calibration, and testing of all security equipment, including SSAS test notifications
Records may be kept in electronic format provided they are protected against unauthorised access, modification, and deletion. They must be available for inspection by authorised security auditors.
Reviewing and Amending the SSP
The SSO identifies shortcomings during the normal operation of the vessel, through drills, near-miss incidents, changes in trading area, or feedback from security audits, and submits recommendations to the CSO.
The CSO evaluates the recommendations, carries out or commissions any supporting security assessment, and submits the proposed amendment to the Administration or RSO for approval.
No amendment takes effect until formal approval is received and documented. The approved amendment record is held on board alongside the ISSC.
The SSP must also be reviewed following any security incident involving the vessel, any significant change in the ship’s operating profile, and at the intermediate verification of the ISSC.
Frequently Asked Questions
1. Which ships are required to have a Ship Security Plan?
The ISPS Code applies to all passenger ships regardless of size engaged on international voyages, all cargo ships of 500 gross tonnage and above on international voyages, and mobile offshore drilling units. Many flag states extend the requirement to domestic trade vessels through national legislation.
2. Who approves the Ship Security Plan?
The Flag State Administration approves the SSP, or it may delegate approval to a Recognised Security Organisation (RSO). The RSO that conducted the Ship Security Assessment cannot be the same organisation that approves the SSP — the Code explicitly prohibits this to prevent a conflict of interest.
3. Can Port State Control officers read the Ship Security Plan?
No, not during a routine port entry inspection. PSC officers verify the existence of the ISSC but have no right to inspect the contents of the SSP unless there is specific evidence of non-compliance. Even then, the inspection is limited to the elements alleged to be non-compliant, and the master’s consent is required before any part of the plan may be examined.
4. What is the difference between the SSO and the CSO?
The Company Security Officer (CSO) is appointed at the company level and is responsible for the security of the entire fleet, the SSP development, approval, training resources, and amendments. The Ship Security Officer (SSO) is appointed per vessel and is responsible for implementing the SSP on that specific ship, including drills, access control, records, and incident reporting. The SSO reports to both the master and the CSO.
5. How often must ship security drills be conducted?
At a minimum, once every 3 months. If more than 25% of the crew is replaced at one time by personnel who have not drilled on that vessel within the past three months, a drill must be conducted within one week of the crew change.
6. What is the SSAS, and when is it activated?
The Ship Security Alert System is a covert alarm that transmits the ship’s identity and position directly to the flag state when the vessel’s security has been compromised.
It does not sound an audible alarm on board. It is activated when the master or a crew member determines that the security of the vessel is under threat and that alerting the perpetrators could endanger lives.
Two activation points are required: one on the bridge and at least one in another accessible location.
You might also like to read-
Want to read more?
Check out the full article on the original site