UK Government implementation of the ISPS Code

1.  The ISPS Code was given direct legal effect in the UK by the adoption of EC Regulation 725/2004 on enhancing ship and port facility security, by all Member States of the European Union on 31st March 2004. The Regulation entered into force on 19th May and applied from 1st July 2004. In addition the UK developed secondary legislation to create offences and penalties in the Ship and Port Facility (Security) Regulations 2004 which came into force on 1st July 2004. The ISPS implementation process was communicated to industry and other Government stakeholders by TRANSEC and MCA at regular intervals. A dedicated maritime security website, e-mail account and telephone helpline were also established to deal with enquiries.

2.  A port facility security questionnaire was sent out to over 1000 port facilities in the UK seeking details of port ownership, traffic patterns, cargoes handled and existing security measures. This exercise enabled TRANSEC to identify those port facilities where the ISPS Code would apply.

3.  The Regulations require that all port facilities handling ships engaged on international voyages appoint a Port Facility Security Officer (PFSO), as the designated security focal point. TRANSEC can refuse an appointment if it appears that the officer will be unable to effectively fulfil their duties. Each PFSO was required to undergo Counter Terrorist Check (CTC) security vetting carried out by the Department at no charge to industry. TRANSEC also required that deputy PFSOs be appointed to ensure continuous cover. All deputy PFSOs must also be vetted to CTC level. Also every ship is required to have a Ship Security Officer (SSO) and a Company Security Officer (CSO) responsible for co-ordinating security with the SSOs for that company. All PFSOs, CSOs and SSOs must also attend a TRANSEC or a Maritime Coastguard Agency (MCA) approved training course, and pass the assessment that forms part of the course. TRANSEC and MCA set national training parameters for security officer courses and prospective training providers have to demonstrate their ability to deliver against the identified criteria by submitting all course material and CVs of the trainers for consideration and approval. The training courses are also subject to unannounced inspection to ensure the quality of the training remains at the expected level.

4.  TRANSEC inspectors conducted detailed on-site assessments based on the questionnaire responses and wrote port facility security assessment reports which are protectively marked and controlled documents. The aim was to ensure that port infrastructure was identified, likely threat scenarios explored, any existing vulnerabilities (both physical and procedural) identified with suitable counter measures developed.

5.  Ships were responsible for conducting their own assessments, but these had to be approved by the Flag State, in the case of the UK by TRANSEC for passenger ships and the MCA for all other internationally trading ships.

6.  To assist UK industry comply with the requirements of the ISPS Code, TRANSEC developed and disseminated under the cover of a protected marking, Port Facility Security Instructions for four types of operation: Passenger; Container/ro-ro, Chemical, Oil and Gas; and Other Bulk Cargo. The Instructions covered the management of security (including the formation of security committees, training, exercises, IT security, and the vetting of staff). The Instructions also set standards for security measures (including the designation of restricted areas, pass systems, access control, searching and patrolling). Supplementary Instructions were issued to provide additional operational guidance for ships' pilots, ship repair yards, pre-arrival notification procedures, Declarations of Security, and ship security alert systems. Further Instructions were issued for cruise and passenger ro-ro ships covering the designation of restricted areas, searching requirements, control of ships' stores and access control.

7.  TRANSEC also issued templates for security plans that could be used by PFSO's and SSO's. The templates helped to ensure that the security plans were consistent and fully met the security requirements. An equivalent template was also produced for the non-passenger fleet.

8.  TRANSEC and MCA developed procedures for approving the security plans and issuing compliance certificates. Plans were allocated to inspectors for detailed checks to ensure they met the necessary requirements and addressed any issues identified during the assessment process. The approval process finished with notifying IMO and EU with details of all compliant port facilities. A database recorded all the stages of approving a plan.

9.  It is the responsibility of the PFSO's and SSO's to review their plans and the procedures, requirements and activities laid down in it, on a regular basis and at least every 6 months. They must also be reviewed in the event of:

• operational changes;
• an independent audit or a TRANSEC or MCA inspection of the port facility or ship identifies failings in the organisation or questions the continuing relevance of significant elements of the approved PFSP or SSP; or
• in the event of there being any unsuccessful exercises, security incidents and changes in ownership or operational control of the port facility.

10.  Where amendments to the plan are substantive the plan must be submitted for re-approval. The PFSP or SSP should be audited internally at least annually by personnel independent of the activities being audited.

11.  TRANSEC is also responsible for setting the Security Level for port facilities and UK and REG shipping. It does so after considering the JTAC maritime threat assessment. The UK has five Threat Levels and these are translated into one of the three ISPS Code Security Levels. TRANSEC advises port facilities and ships of changes to Security Levels as well as specific security requirements by fax requiring recipients to operate a 24 hour fax machine. Telephone calls are made where faxes have not been successful. Port facilities and ships must ensure that revised measures are in place within 24 hours of notification of a change in Security Level. Confirmation must be provided to TRANSEC that this has been achieved and may be provided by e-mail, fax or telephone call. It is planned in the near future that communications will be sent via a secure internet based system.

12.  Ships are required to provide the Port State with pre-arrival security information at least 24 hours in advance. This information should include confirmation of the ship's Security Level. Information can either be provided through the ship's agent or direct from the SSO. All PFSOs have been issued with comprehensive decision making flowcharts and contact lists to ensure that TRANSEC is informed of any ship arriving at Security Level 2 or 3. Operational guidance has also been circulated to the shipping fleet.

Compliance activity

13.  TRANSEC's and MCA's Inspectorates are responsible for ensuring that all UK ports and ships subject to the ISPS regime are complying with UK requirements.

14.  For the ports, initial compliance was tested by inspections of all port facilities during the latter half of 2004. Subsequent compliance has been ensured by a programme of unannounced and announced inspections, participation in Port Security Committees and observing port facility exercises and drills.

15.  Maritime compliance activity has been reviewed recently and a methodology has been introduced which links inspection frequency to risk criteria (e.g. size and profile of the port). Maritime compliance activity is undertaken in accordance with the principles set out in the TRANSEC Compliance Policy Framework document which has been shared with the Transport Select Committee Inquiry "Travelling without Fear". A specific outcome of the Compliance Policy Review is that we have introduced a system of Deficiency Notices from 1st September 2006 for dealing with any serious or persistent compliance failings. This change is supported by the maritime industry.

16.  In March 2006 TRANSEC reintroduced a maritime covert testing programme for UK ports and ships which are subject to security regulation by TRANSEC. The aim is to further assess levels of compliance and examine the effectiveness of existing security requirements. The focus of the covert testing programme will be on passenger operations as these are the most likely to be attacked.

17.  A European Commission maritime security inspection team carried out a detailed three day inspection at Portsmouth Continental Ferry Port in January 2006 to assess compliance with the ISPS Code and EC Regulation 725/2004. This was the first such inspection at a UK port and only the second inspection anywhere in the EC. The EC team found overall levels of compliance to be good and the port also passed a covert test of its access control measures. The EC team confirmed to TRANSEC that they were very satisfied with the security arrangements at the port and their recommendations were limited to minor procedural changes that have already been implemented.

18.  In May 2006 a US Coast Guard (USCG) delegation visited the UK as part of the International Port Security Program. The USCG use these visits to engage in bilateral discussions with trading nations around the world to exchange information and share best practices to align port security programmes through implementation of the ISPS Code and other international maritime security standards. They visited facilities in Southampton, Bristol and Liverpool and raised no concerns about the levels of compliance. The USCG observed in an out-brief document that TRANSEC has "close ties and exceptional working relationships with the maritime industry" and a "very robust review cycle". They felt that the travelling road-show training programme "provides continuity, consistency and provides means for continuous contact for ports" and that the prescriptive measures developed in the Port Facility Security Instructions (PFSI) "provides consistency among implementation and reduces ambiguity".

International work

19.  The global importance of achieving a secure maritime trading system means that the UK must not consider its implementation of the ISPS Code in isolation. It is necessary to develop a strategy to define, prioritise and co-ordinate the protection of UK seafarers and ships and to safeguard our wider interests.

20.  The strategy will promote the adoption of a risk based approach so that resources and effort will be channelled to meet prioritised objectives and ensure the strategy is sustainable. The potential resource impact will be lessened by enhancing co-operation and co-ordination between the various UK Government stakeholders and closer integration and collaboration with the maritime industry and foreign Governments. The success of the strategy will be monitored and objective measures of effectiveness will be developed. It will be reviewed in light of international developments but is expected to form the basis of the UK's international civilian maritime security initiatives for the next few years.

21.  The UK cruise ship sector has been identified as a potential terrorist target and the increased threat and additional vulnerabilities that exist at many overseas locations has resulted in TRANSEC conducting at least one annual security inspection of each UK flagged cruise ship overseas. These security inspections are conducted both on an announced and unannounced basis depending on the type of work being conducted. Annual inspections provide TRANSEC and UK cruise lines with important information about how the risk to these operations is being managed. These overseas visits are structured so that officials conduct bi-laterals with the relevant UK diplomatic post representatives, relevant host government officials and port authorities.

22.  In July 2006 the UK Government signed a Memorandum of Understanding with the French Government on civilian maritime security. The Memorandum consists of two parts: national and local (pertaining to the English Channel) and will form the basis of closer co-operative working with the French Government for the foreseeable future.

23.  TRANSEC has over the last two years, developed an overseas capacity building programme utilising FCO Global Opportunities Funding (both from the Counter-Terrorism and Economic Governance Funds). So far this has focused on supporting the attendance of officials from priority Member States at seminars and training courses organised by the International Maritime Organisation. This programme may move more towards bi-lateral working with specific priority countries. The initial focus will be on risk prioritised States where the UK can add value through the application of its technical knowledge and experience.