MSC.1/Circ.1283

NON-MANDATORY GUIDELINES ON SECURITY ASPECTS OF THE OPERATION OF VESSELS WHICH DO NOT FALL WITHIN THE SCOPE OF SOLAS CHAPTER XI-2 AND THE ISPS CODE

 

DRAFT MSC CIRCULAR

(22 December 2008)

 

 

1. The Maritime Safety Committee, at its eighty-first session (10 to 19 May 2006), recalling the request of the Tokyo Ministerial Conference on International Transport Security, held on 12 and 13 January 2006, for the Organization to undertake a study and make, as necessary, recommendations to enhance the security of ships other than those already covered by SOLAS chapter XI-2 and the ISPS Code, agreed that the development of recommendations aimed at enhancing the security of those ships would be desirable and would contribute to the efforts of the Organization to enhance maritime security and that such recommendations would need to be practical, sustainable and proportionate to the risks and threats involved.

 

2. The Committee, at its eighty-second session (29 November to 8 December 2006), began consideration of issues relating to the security aspects of the operation of vessels which do not fall within the scope of SOLAS chapter XI-2 and the ISPS Code (non-SOLAS vessels), and established a correspondence group on these issues.

 

3. The Committee, at its eighty-third session (3 to 12 October 2007), considered how to progress the issue of security aspects of the operation of non-SOLAS vessels and re-established a correspondence group on these issues and agreed the following categories of vessel to be covered by the Guidelines:

 

.1 commercial non-passenger and special purpose vessels;

 

.2 passenger vessels;

 

.3 fishing vessels; and

 

.4 pleasure craft.

 

4. The Committee, at its eighty-fifth session (26 November to 5 December 2008), approved the non-mandatory Guidelines on security aspects of the operation of ships which do not fall within the scope of SOLAS chapter XI-2 and the ISPS Code, as set out in the annex, as guidance for Member States.

 

5. This guidance is non-mandatory and has not been designed to form the basis of a mandatory instrument.

 

6. It has been formatted in two parts. Part 1 of the annex contains information of interest to Member States and other authorities with responsibility for administering non-SOLAS vessels (other authorities). Part 2 of the annex contains information pertinent to the owners, operators and users (operators) of non-SOLAS vessels and related facilities, with appendices containing information specific to the four vessels categories.

 

7. Member States are invited to consider these non-mandatory Guidelines and take action as appropriate.

 

Annex.

GUIDELINES ON SECURITY ASPECTS OF THE OPERATION OF VESSELS WHICH DO NOT FALL WITHIN THE SCOPE OF SOLAS CHAPTER XI-2 AND THE ISPS CODE

 

Foreword

 

These Guidelines are intended to provide information and best practice guidance to Member States and other authorities with responsibility for administering non-SOLAS vessels (other authorities), and operators of non-SOLAS vessels.

 

The Guidelines may be utilized by Member States and other authorities at their own discretion. They are non-mandatory and their application should be under the purview of individual Member States proportionate to assessed levels of threat and risk. The Guidelines are not intended to form the basis for a mandatory instrument. The Guidelines reiterate the importance of undertaking a risk assessment to determine if and to what extent such Guidelines are to be applicable.

 

The Guidelines have been formatted in two parts. The first part contains information of interest to Member States and other authorities with responsibility for administering non-SOLAS vessels (other authorities). The second part contains information pertinent to the operators of non-SOLAS vessels and related facilities, with appendices containing information specific to the four categories of vessels.

 

Member States and other authorities may wish to use the annex and its appendices to assist the operators of non-SOLAS vessels and related facilities to implement effective security. In doing so, Member States and other authorities are encouraged to promulgate appropriate contact information.

 

The Guidelines should not be interpreted or applied in a manner inconsistent with the proper respect of fundamental rights and freedoms as set out in international instruments, particularly those relating to maritime workers and refugees.

 

The Guidelines take into account the risk context for non-SOLAS vessels. Non-SOLAS vessels have been used for terrorist attacks and actions resulting in injury of innocent persons and destruction of ships and structures. They have also been used for smuggling operations.

 

Contents

 

Foreword

 

Part 1: Information for Member States and other authorities with responsibility for administering non-SOLAS vessels (other authorities)

 

1. Risk Assessment                                                    3

 

2. Maintaining security awareness and reporting suspicious activity   3

 

3. Training and personnel practices                                   4

 

4. Non-SOLAS vessels on international voyages                         4

 

5. Using available means of vessel identification (where appropriate) 4

 

6. International quality standards                                    6

 

7. Assisting operators of non-SOLAS vessels to understand practices for interacting with ISPS Code-compliant vessels and port facilities      6

 

8. ISPS Code as industry best practice for certain non-SOLAS vessels  6

 

Appendix Risk Assessment and Management Tools                         7

 

Part 2: Information for use by owners, operators and users (operators) of non-SOLAS vessels and related facilities

 

1. Risk assessment                                                   19

 

2. Maintaining security awareness and reporting suspicious activity  19

 

3. Awareness of basic security requirements of SOLAS chapter XI-2 and the ISPS Code                                                        19

 

4. Awareness of basic requirements for interacting with ISPS-compliant ships and port facilities                                            20

 

5. Training and personnel practices                                  21

 

6. Security measures                                                 21

 

7. Planning for security events                                      24

 

Appendix A Guidelines for commercial non-passenger vessels           28

 

Appendix B Guidelines for non-SOLAS passenger vessels                30

 

Appendix C Guidelines for fishing vessels                            33

 

Appendix D Guidelines for pleasure craft                             35

 

Appendix E Guidelines for marina, port and harbour authorities       38

 

Part 1.
Information for Member States and other authorities with responsibility for administering non-SOLAS vessels (other authorities)

 

1. Risk Assessment

 

1.1 Member States and other authorities with responsibility for administering non-SOLAS vessels (other authorities) may wish to consider the risk context for each category of non-SOLAS vessel¹.

____________

¹ Examples of guidance and tools for undertaking a risk assessment of vessels may be found in:

 

- ILO/IMO Code of Practice on Security in Ports.

 

- MSC.1/Circ.1193: Guidance on voluntary self-assessment by Administrations and for ship security.

 

- American Bureau of Shipping: Ship Security Plan Review Checklist.

 

- United States Coast Guard Navigation and Vessel Inspection Circular 10-02: Security Guidelines for Vessels.

 

- Norwegian Shipowners' Association: Guideline for performing Ship Security Assessment.

 

1.2 A tool to assist Member States and other authorities with undertaking risk assessments is attached in the Appendix.

 

2. Maintaining security awareness and reporting suspicious activity

 

2.1 Member States and other authorities may wish to encourage operators of non-SOLAS vessels to provide all personnel with information on how to reach appropriate officials and authorities in the event of security problems or if suspicious activity is observed. This information should include contact information for the officials responsible for emergency response, the national response centre(s) (if appropriate) and any authorities that may need to be notified.

 

2.2 Member States and other authorities may wish to engage with operators of non-SOLAS vessels and relevant organizations in developing security initiatives with respect to education, information sharing, coordination, and outreach programmes. Member States and other authorities may wish to consider establishing programmes to improve vessel operators' security awareness² and to promote links with the Administration's maritime security services.

_____________

² Two programmes are offered as models. In the United Kingdom, Project Kraken delivers an enhanced counter terrorist "vigilance" capability within the maritime environment of the Solent area on the South Coast. It engages key stakeholders together with local communities to provide a hostile environment to terrorists and criminals looking to disrupt the everyday lives and safety of those who live, work, or travel through the Solent. Project Kraken provides a single central phone number for the reporting of unusual activity or behaviour within the maritime environment that might be linked to criminal or terrorist acts. Similarly, in the United States, the America's Waterway Watch programme utilizes existing reporting systems within a public outreach programme, encouraging participants to report suspicious activity to the U.S. Coast Guard and/or other law enforcement agencies.

 

2.3 Authorities responsible for establishing and maintaining security awareness and culture should be mindful of the need for the proper balance between the needs of security and the requirement to maintain the safe and working efficiency of vessels. These authorities should take into account the Human Element and the rights and welfare of seafarers and maritime workers, including the relevant provisions of the ISPS Code, when implementing these Guidelines.

 

3. Training and personnel practices

 

3.1 Member States and other authorities may wish to develop security policies and procedures, taking into consideration security assessments, to ensure that all operators and crew members (and passengers where appropriate) are familiar with basic security measures applicable to each of the vessel categories.

 

3.2 Basic security familiarization training is recommended for crew members enabling them to have the capability to respond to security threats. In higher-risk environments, this training should also have the purpose of testing and assessing competence and knowledge for effective implementation of the recommendatory security measures contained in these Guidelines.

 

3.3 Operator proficiency training for pleasure craft owners and operators could encompass security awareness familiarization.

 

4. Non-SOLAS vessels on international voyages

 

4.1 Non-SOLAS vessels engaged in international voyages may be required to declare arrival and departure information for purposes of obtaining a port clearance from the relevant authorities. This declaration may be required within a specified period as determined by local authorities following arrival and/or prior to departure. The information to be submitted may include the particulars of vessel, date/time of arrival, position in port, particulars of Master/owner/shipping line/agent, purpose of call, amount of cargo on board, passenger and crew list, and emergency contact numbers. This declaration would enable the relevant authorities to better conduct monitoring and enforcement activities on the movement of vessels arriving/departing their port.³

_________

³ An example of such a programme is the declaration of information by pleasure craft currently required by Singapore via their Maritime and Port Authority Port Marine Circular No.17 of 2003.

 

4.2 Additionally pleasure craft or any other non-SOLAS vessel departing a port could be required to submit voyage information when applying for port clearance. The voyage information may include the estimated time of departure, destination and the planned route of the trip. The additional information may be useful to the relevant authorities not only in monitoring and enforcement activities, but also when conducting search and rescue operations should the vessel run into trouble and require assistance.

 

5. Using available means of vessel identification (where appropriate)

 

5.1 The IMO vessel identification number is made of the three letters "IMO" followed by the seven-digit number assigned to all vessels by the Lloyd's Register Fairplay when constructed. This is a unique seven-digit number that is assigned to propelled, seagoing merchant vessels of 100 gross tonnage and upwards and all cargo vessels of 300 gross tonnage and upwards upon keel laying with the exception of the following:

 

- Vessels solely engaged in fishing;

 

- Vessels without mechanical means of propulsion;

 

- Pleasure yachts;

 

- Vessels engaged on special service (e.g., light vessels, SAR vessels);

 

- Hopper barges;

 

- Hydrofoils, air cushion vehicles;

 

- Floating docks and structures classified in a similar manner; and

 

- Wooden vessels.

 

5.2 Member States and other authorities may wish to consider encouraging operators of pleasure craft to register with the Administration or a suitable organization which could provide a database available for authorized online access to assist in both preventative and response activities related to both safety and security.^4,5 It should be noted however that registration in itself offers no protection against the misuse of a registered pleasure craft which may be stolen, hijacked or even legally acquired.

____________

⁴ Such a registration system may be seen in Finland, where all pleasure craft with a minimum length of 5.5 metres, or with an engine power of at least 15 kW, including sailboats, are required to be registered. The vessels are required to be visibly marked with a registration number, and registration documentation containing information regarding the owner, vessel and engine technical specifications and serial numbers is mandatory in order for the pleasure craft to be used. The register of information is kept by local city administrative courts and the registration number can be traced to the appropriate register.

 

⁵ Another example may be found in the United Kingdom, where the authorities have created the United Kingdom Small Ships Register (SSR). This is simpler and cheaper than full vessel registration and specifically aimed at pleasure craft. Owners benefit by having details of their craft's nationality and registered keeper recorded by an authoritative organization. SSR can be applied for on line and is inexpensive.

 

5.3 Pleasure craft engaged in international voyages present unique circumstances. Even when registered, information regarding vessel characteristics, ownership, etc., is often not shared between countries of departure and arrival. This can result in a lack of transparency for security and safety organizations, leading to, for example, complications in validating an arriving vessels identity. Member States and other authorities may wish to seek agreements to provide for such information sharing, within the context of their individual laws and regulations, possibly as part of their individual coastal security initiatives.⁶

____________

⁶ The European Commission and French Maritime Administration EQUASIS database provides this international type of transparency currently for commercial vessels.

 

5.4 Member States and other authorities may consider (where appropriate) recommending the fitting of automated tracking equipment for ships which are not included in the requirements of SOLAS chapter V. The benefits of such a system could include:

 

- Enhanced safety and security;

 

- More rapid emergency response to maritime accidents and casualties;

 

- Better and more effective SAR capabilities;

 

- Better control of smuggling and human-trafficking attempts;

 

- Better control of illegal, unregulated and unreported fishing.

 

5.5 Such an automated tracking system could include the Automatic Identification System (AIS), Radio Frequency Identification Device (RFID) tags, Vessel Tracking Systems (VTS), and radar-based systems.

 

6. International quality standards

 

6.1 Member States and other authorities may wish to consider recommending the implementation of an appropriate quality standard which specifies the requirements for a security management system to ensure security in the supply chain.⁷

__________

⁷ The ISO 28000 series of international standards is an example of such a quality standard.

 

7. Assisting operators of non-SOLAS vessels to understand practices for interacting with ISPS Code-compliant vessels and port facilities

 

7.1 Member States and other authorities may wish to assist the operators of non-SOLAS vessels to become aware of the security framework applying to ships and port facilities subject to SOLAS chapter XI-2 and the ISPS Code. Key aspects of this framework relevant to non-SOLAS vessels are:

 

- Awareness of security levels set by Contracting Governments;

 

- Requirements for interacting with ISPS-compliant vessels; and

 

- Requirements for interacting with ISPS-compliant port facilities.

 

7.2 Guidance on these three points is set out in paragraphs 3 and 4 of part 2.

 

8. ISPS Code as industry best practice for certain non-SOLAS vessels

 

8.1 Member States and other authorities may wish to encourage operators of non-SOLAS vessels engaged on international voyages to adopt, where appropriate, the provisions of the ISPS Code as industry best practice.

 

Appendix.
RISK ASSESSMENT AND MANAGEMENT TOOLS

 

1. Introduction

 

1.1 The methodology presented herein includes five main phases:

 

.1 Threat assessment – identifying the different threat scenarios and determining the likelihood of each occurring based on intent and capability.

 

.2 Impact assessment – considering what the consequence of each threat scenario materializing would be and how much effect this would have.

 

.3 Vulnerability assessment – determining what the key assets are and how they can be exploited, examining the mitigating controls in place and their effectiveness and considering residual weaknesses.

 

.4 Risk scoring – making an assessment of the risk given all the factors noted in phases 1, 2 and 3.

 

.5 Risk management – developing action plans, where appropriate, to address weaknesses and mitigate identified residual risks.

 

2. Risk register and terminology

 

2.1 The risk register

 

2.1.1 The risk register is a tool to document different scenarios and the associated findings on threat (likelihood based on intent and capability), impact, vulnerability and risk score. The format (at Table 1, below) is listed below along with accompanying explanations for each column. A step-by-step guide for completing the risk register follows the definition as well as details on the scoring mechanism.

 

 

Column 1: Reference number

 

- Each scenario should be listed with an assigned number so