ISPS Code
The International Ship and Port Facility Security (ISPS) Code is the IMO's mandatory security framework for ships and port facilities, adopted in 2002 and effective from 1 July 2004 in response to 9/11. It is implemented as Chapter XI-2 of SOLAS and applies to passenger ships, cargo ships of 500 GT and above, mobile offshore drilling units, and port facilities serving international shipping.
The Code requires three security levels (1=normal, 2=heightened, 3=exceptional threat), a designated Ship Security Officer (SSO) on each ship, a Port Facility Security Officer (PFSO) at each port, a Ship Security Plan (SSP) and a Port Facility Security Plan (PFSP), both subject to audit and approval by the flag state or its recognised security organisation.
ISPS compliance generates extensive documentation — security drills, exercise records, incident reports, restricted area access logs — all of which must be retained and audit-ready.
ISPS is the maritime security regime born after 9/11. It requires ships and ports to plan for, and escalate against, security threats — with designated officers, approved security plans and detailed records. Non-compliance can bar a ship from port, so security drills, access logs and incident reports must be retained and audit-ready.
Who are the SSO and PFSO under ISPS?
The Ship Security Officer (SSO) is the designated officer on each ship; the Port Facility Security Officer (PFSO) is their counterpart at each port facility. Each maintains an approved security plan.
What are the three ISPS security levels?
Level 1 is normal operation, Level 2 is heightened (a probable threat), and Level 3 is exceptional (a specific, imminent threat) — each triggering progressively stricter measures.