IMO ISPS CodeIMO ISPS CodeSecurity Assessments and PlansSecurity Assessments and Plans

APEC Capacity Building

Transport Security DivisionDOTARS

DiscussionDiscussion

ISPS Code requirementsRisk management standards - 4360Port facility and ship security assessmentsPort facility and ship security plansModel Security plans - common themesRelevant skills and experience.

ISPS CodeISPS CodeIMO requirements for security assessments

and plans apply to:passenger ships, including high speed craft;cargo ships of 500 gross tonnes - upwards; mobile off-shore drilling units (MODU’s) on

international voyages; andport facilities serving such

vessels engaged oninternational voyages.

Some Key ChallengesSome Key Challenges

Tight timeframes for IMO compliance by 1 July 2004

Significant numbers of security assessments and plans to be reviewed and approved.

Approved security assessments and plans will need to be in place by 30 June 2004.

DOTARS Maritime Risk Assessment ModelDOTARS Maritime Risk Assessment Model

INTELLIGENCE INPUTS

NATIONAL RISK CONTEXT STATEMENT

Port, Port Facility and Ship Security Assessments

Port, Port Facility and Ship Security Plans

Guidance material

4360

Model Plans

IMO

RE

QU

IRE

ME

NT

S

Security Assessment PrinciplesSecurity Assessment Principles

Security assessments provide a solid risk based approach to the implementation of preventive security planning measures to counter terrorism.

Senior management requires information on security risks in order to make well informed decisions regarding preventive security measures.

AS/NZS 4360:1999 – Risk AS/NZS 4360:1999 – Risk Management StandardManagement Standard

Security assessments should be conducted using a recognised risk management standard, such as AS/NZS 4360:1999 or US Coast Guard guidance materials.

DOTARS encourages stakeholders to prepare security assessments in accordance with the 4360 standard.

Establish the contextIdentify risks - what can happen

and how can it happen?Analyse risks - determine

likelihood and consequencesEvaluate Risks–set risk prioritiesTreat Risks

Steps in the Steps in the 4360 Risk Assessment 4360 Risk Assessment

ProcessProcess

YES

NO

TREAT RISKS

CO

MM

UN

ICA

TE

AN

D C

ON

SU

LT

MO

NIT

OR

AN

D R

EV

IEW

ESTABLISH THE CONTEXT

IDENTIFY RISKS

ANALYSE RISKS

EVALUATE RISKS

ACCEPT RISKS?

Port Facility Security AssessmentsPort Facility Security AssessmentsSecurity assessment requirements apply to

all facilities servicing SOLAS cargo and passenger ships on international voyages.

Port facility security officers will ensure that security assessments are conducted.

Port Facility Security AssessmentsPort Facility Security AssessmentsPFSAs shall include, at least, the following

elements:Identification and evaluation of important assets

and infrastructure;Identification of possible threats and their

likelihood of occurrence;Identification, selection and prioritisation of

counter measures and procedural changes;andIdentification of weaknesses, including human

factors, in infrastructure, policies and practices.

ISPS Code Part A, Section 15.5

Ship Security AssessmentsShip Security Assessments Ship owners or operators of SOLAS Cargo

and passengers ships are required to complete ship security assessments.

Company ship security officers will be expected to ensure that ship security assessmentsare carried out.

Ship Security AssessmentsShip Security Assessments Assessments should include on-scene

security surveys and identify and evaluate key ship board operations.

It would also be expected that ship security assessments consider trading routes when identifying security risks.

Security Assessment ReportsSecurity Assessment Reports

Port facility and ship security assessment reports will be required to be submitted to Contracting Governments for consideration of approval.

The results of security assessments should form the basis of preventive security planning - clear linkage to security plans.

Tailor Security Plan CoverageTailor Security Plan CoverageMultiple plans

Separate plans for each port area

Single planUsed were there are common controlsAnnexes used where differences occur

Describe the systems used to deliver security outcomes

Common CharacteristicsCommon Characteristics

Security Structure

Basic security measures

Heightened threat responses

Devolved responsibilities

Access controlled areas

Port Fac. Ship

Port Fac. Ship

Common CharacteristicsCommon Characteristics

Training arrangements

Contact details

Review/ internal audit

Ship communications

IMO / ISPS Security LevelsIMO / ISPS Security Levels

Security Level 1…“Normal” …The the level for which standard security measures shall be maintained at all times

Security Level 3…“Exceptional” …The level for which further additional security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target

Security level 2…“Heightened” … The level for which appropriate additional security measures shall be maintained for a period of time as a result of heightened risk of a security incident

… A Risk Based Strategy

Security Plans Required By?Security Plans Required By?International requirement for ship and port

facility security plans to be in place by 1 July 2004 (ISPS Code)

By then, regulated ships and port facilities receiving such ships must:have an approved security plan that is in force

at all times; andcomply with the plan

Relevant Skills and ExperienceRelevant Skills and ExperiencePersons with appropriate skills and

experience should conduct security assessments and prepare plans.

A good understanding of risk management standards and basic security planning principles is required.

Seek expert assistance where necessary.

ConclusionConclusion Security assessments are an extension of

good risk management processes.Effective security planning is recognised as

a good business practice.Security measures can result in shared

regional and international benefits that counter terrorism.