ISPS Code (International Ship and Port Facility Security Code)

The ISPS Code (International Ship and Port Facility Security Code) is a set of mandatory security measures for ships and port facilities adopted by the International Maritime Organization (IMO) in 2002, following the September 11, 2001, terrorist attacks. The code took effect on July 1, 2004, and applies to all commercial vessels over 500 gross tonnage engaged in international voyages and to the port facilities that serve them. Its purpose is to establish a standardized framework for detecting security threats and implementing preventive measures to protect ships, port infrastructure, and the people working in and around them.

Structure of the ISPS Code

The ISPS Code has two parts. Part A contains mandatory requirements that all signatory nations must implement. Part B provides guidance on how to meet those requirements. Part A establishes obligations for governments, port authorities, and ship operators to assess security vulnerabilities, develop security plans, designate security officers, and conduct regular drills and exercises.

Three security levels are defined. Security Level 1 is the normal operating condition, where minimum protective measures are maintained at all times. Security Level 2 is heightened, activated when there is an increased risk of a security incident, requiring additional protective measures such as enhanced screening of cargo and passengers, restricted access zones, and increased patrols. Security Level 3 is exceptional, invoked when a security incident is probable or imminent, triggering maximum protective measures including potential port closures, vessel boarding restrictions, and coordination with military or law enforcement agencies.

Requirements for Port Facilities

Every port facility serving international vessels must conduct a Port Facility Security Assessment (PFSA) to identify vulnerabilities, including access points, cargo handling areas, restricted zones, and communication systems. Based on the assessment, the facility develops a Port Facility Security Plan (PFSP) that outlines procedures for each security level, access control measures, cargo handling protocols, and incident response procedures.

Each port facility must designate a Port Facility Security Officer (PFSO) responsible for implementing the security plan, conducting drills at least once every three months, coordinating with ship security officers, and reporting security incidents to the government authority. Port workers who handle cargo, control access gates, or monitor surveillance systems must receive security awareness training appropriate to their roles.

Practical measures at ISPS-compliant port facilities include identification checks for all personnel entering the facility, screening of vehicles and cargo, restricted areas around vessel berths and cargo handling zones, surveillance cameras covering critical infrastructure, and procedures for dealing with unattended packages or unauthorized persons.

Requirements for Ships

Every applicable vessel must have a Ship Security Plan (SSP) approved by the flag state or a recognized security organization. The ship must designate a Ship Security Officer (SSO) responsible for onboard security measures, crew training, and coordination with port facility security officers. The ship’s owning company must also designate a Company Security Officer (CSO) who oversees security across the fleet.

Ships carry an International Ship Security Certificate (ISSC) issued by the flag state after verification that the vessel meets ISPS requirements. Port state control officers can inspect this certificate when the vessel arrives at a foreign port. If the certificate is invalid, expired, or the vessel’s security measures are found deficient, the port state can detain the vessel until the deficiencies are corrected.

Impact on Importers and Shippers

The ISPS Code’s costs are passed through to shippers and importers as the ISPS surcharge, a per-container fee that appears on freight invoices. This surcharge typically ranges from $5 to $25 per container, covering the port facility’s cost of maintaining security measures. While the per-container amount is small, it is one of many surcharges that accumulate on an ocean freight invoice.

From an operational perspective, ISPS security measures can affect port access for truck drivers picking up or delivering containers. Drivers must carry valid identification (typically a Transportation Worker Identification Credential, or TWIC, at U.S. ports) and may face vehicle inspections before entering the terminal. These security procedures add time to the port visit, particularly during elevated security levels when additional screening is required.