ISPS

4. Ship Security Assessment

HZS ISPS 2006-20

07

4.1

Ship Security Assessment

I.
II.
III.
IV.
V.

Risk Assessment Methodology

Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation

HZS ISPS 2006-20

07

4.2

I. Risk Assessment Methodology

What is SSA: It is a process that identifies

weaknesses in physical structures, personnel
protection systems, processes, or other areas
that may lead to a security breach, and may
suggest options to eliminate or mitigate those
weaknesses.
Objective: Detect threats to critical assets of
the company and define preventive measures
against security incidents affecting the
company and the ships in order to prioritise
security measures.

HZS ISPS 2006-20

07

4.3

I. Risk Assessment Methodology

Must be carried out by: Persons With
Appropriate Skills To Evaluate The
Security of A Ship (see next)
Under supervision of / assigned by:
Company Security Officer
And this: In Accordance With Part A Of
The Code, Taking Into Account Part B Of
The Code.
HZS ISPS 2006-20
07

4.4

I. Risk Assessment Methodology

Persons With Appropriate Skills
Remark by Classification Company:
We understand the CSO should decide who has the
appropriate skills although the Code does not stipulate
specifically who will evaluate the appropriate skills. We
also understand persons to carry out SSA may draw upon
expert assistance as in Code B/8.4 in addition to his own
skills. The specific ways to draw upon expert assistance
are considered to be security consultant, literature,
internet web site, services delivered by e-mail and
various information issued by each country. We advise to
make a list of those assistance methods to use for
carrying out SSA.
HZS ISPS 2006-20
07

4.5

I. Risk Assessment Methodology

3 Key steps:
1. Identify the key ship board operations
important to protect. RISK
ASSESSMENT
2. Identify the possible threats to the ship
and their probability of occurrence
against the requirements of the ISPS
Code. THREAT ASSESSMENT
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.6

I. Risk Assessment Methodology

What is RISK & for What?

Risk
Lives

Estimated
likelihood

Estimated
impact

Property
Societal disruption
Image
Money

HZS ISPS 2006-20

07

1.

Risk Assessment

2.

Threat Assessment

4.7

I. Risk Assessment Methodology

Sequence of activities:
Define the system being studied
Identify the hazards associated with that
system
Assess the likelihood of the hazards
occurring
Identify how each hazard might progress
to various outcomes
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.8

I. Risk Assessment Methodology

Sequence of activities (contd):
Assess the likelihood of progression to each
outcome
Asses the consequences associated with each
outcome
Multiply likelihood and consequence to obtain
the risk associated with each outcome
Sum the risks associated with the outcomes to
produce an overall risk
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.9

I. Risk Assessment Methodology

The Threats according to the ISPS Code are:
Damage to, or destruction of, the port
facility or of the ship (by explosive devices,
arson, sabotage, vandalism)
Hijacking or seizure of the ship or the
persons on board
Tampering with cargo, essential ship
equipment or systems or ships stores
Attacks whilst at sea or from seaward at
berth or at anchor
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.10

I. Risk Assessment Methodology

Threats according to the ISPS Code are: (Cont.)
Unauthorized access or use including the
presence of stowaways
Smuggling weapons or equipment
Use of the ship to carry those intending to cause
a security incident and their equipment
Use of the ship itself as a weapon or as means
to cause damage or destruction
Blockage of port entrances, locks, approaches,
etc.
Nuclear, biological and chemical attack
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.11

I. Risk Assessment Methodology

Security Objects according to the ISPS Code are:
The ports infrastructure, especially the ports
accesses, entrances, approaches, etc
The ports facilities
The ports employees / the employees of the
ports companies
The cargo present at the port
The ports environment (surrounding areas, air,
water)
The ships (and the passengers) in the port
The IT systems
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.12

I. Risk Assessment Methodology

Items to be protected include:
The ships personnel
Passengers, visitors, vendors, repair
technicians, port facility personnel etc.
The capacity to maintain safe navigation
and emergency response
The cargo, particularly dangerous goods or
hazardous supstances
Ships stores
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.13

I. Risk Assessment Methodology

Items to be protected include: (Cont.)
Any ship security communication
equipment and systems
Any ships security surveillance equipment
and systems

HZS ISPS 2006-20

07

1.

Risk Assessment

2.

Threat Assessment

4.14

I. Risk Assessment Methodology

Items to be taken into account that could create
vulnerabilities:
Conflicts between safety and security measures
Conflicts between shipboars duties and security
assignments
Watchkeeping duties, number of ships
personnell, and any implications to crew fatigue,
alertness and performance
Any identified security training dificiencies
Any security equipment and systems , including
communication systems
HZS ISPS 2006-20
07

1.

Risk Assessment

2.

Threat Assessment

4.15

Ship Security Assessment

I.
II.
III.
IV.
V.

Risk Assessment Methodology

Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation

HZS ISPS 2006-20

07

4.16

II. Assessment Tools

The Ship Security Officer must use
systematic and consistent approaches to
evaluate the security conditions and
vulnerabilities.
The operational aspects will be the main
focus.
A checklist can/will be used and must
include items like:
HZS ISPS 2006-20
07

4.17

II. Assessment Tools

Minimum Checklist items:
General layout of the ship
Location of areas that should have restricted
access, such as the bridge, engine room, radio
room etc.
Location and function of each or potential
access point to the ship
Open deck arrangements including the height of
the deck above water
Emergency and stand-by equipment available to
maintain essential services
HZS ISPS 2006-20
07

4.18

II. Assessment Tools

Minimum Checklist items: (Cont.)
Numerical strength, reliability, and security duties of the
ships crew
Existing security and safety equipment for protecting the
passengers and crew
Existing agreements with private companies for
providing ship an waterside security services
Existing protective measures and procedures in practice,
uncluding inspection, control and monitoring equipment,
personnel identification documents and communication,
alarm, lighting, access control and other appropriate
systems
HZS ISPS 2006-20
07

4.19

Ship Security Assessment

I.
II.
III.
IV.
V.

Risk Assessment Methodology

Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation

HZS ISPS 2006-20

07

4.20

III. On-scene security surveys

The on-scene security survey is an
integral part of any SSA.
A SSA is not complete without an onscene security survey.
A company can use 1 assessment for
different ships but the survey is unique for
every vessel.

HZS ISPS 2006-20

07

4.21

III. On-scene security surveys

The survey should fulfill the following functions:
Identification of existing security measures, procedures
and operations
Identification and evaluation of key shipboard operations
that it is important to protect
Identification of possible threats to the key shipboard
operations and the likelihood of their occurrence, in order
to establish and prioritize security measures
Identification of weaknesses, including human factors in
the infrastructure, policies and procedures

HZS ISPS 2006-20

07

4.22

III. On-scene security surveys

Min. items to be examined by On-scene security
survey:
Ensuring the performance of all ship security
duties
Monitoring restricted areas to endure that only
authorized persons have access
Controlling access to the ship, including any
identification systems
Monitoring of deck areas and areas surrounding
the ship
HZS ISPS 2006-20
07

4.23

III. On-scene security surveys

Min. items to be examined by On-scene security
survey: (Cont.)
Controlling the embarkation of persons and their
effects (accompanied and unaccompanied
baggage and ships personnel personal effects)
Supervising the handling of cargo and the
delivery of ships stores
Ensuring that ship security communication,
information, and equipment are readily available
HZS ISPS 2006-20
07

4.24

III. On-scene security surveys

Threats...
May imply risks
for...
Security Objects.

Preventive
Measures
Detective
Measures
Corrective
Measures

HZS ISPS 2006-20

07

4.25

Ship Security Assessment

I.
II.
III.
IV.
V.

Risk Assessment Methodology

Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation

HZS ISPS 2006-20

07

4.26

IV. Practical steps to conduct a SSA

Overall
steps to
produce a
SSA

HZS ISPS 2006-20

07

4.27

IV. Practical steps to conduct a SSA

Step 1: Obtain and record the following information
required to conduct an assessment:
1. Ship and company documentation as detailed in
section 1 (should contribute to the threat evaluation
phase)
2. Record and document the following in detail
a)
b)
c)
d)

Authorised access points as detailed in section 4

Restricted areas as detailed within section 5
Escape and evacuation routes as detailed in section 6
Existing security equipment/systems as detailed in section 7

HZS ISPS 2006-20

07

4.28

IV. Practical steps to conduct a SSA

3. A copy of the ships general arrangement
plan annotated with:
a) Authorised access points as detailed in section 4
b) Restricted areas as detailed within section 5
c) Escape and evacuation routes as detailed in
section 6
d) Existing security equipment/systems as detailed
in section 7

This gathered information will be used in the

following steps.
HZS ISPS 2006-20
07

4.29

IV. Practical steps to conduct a SSA

Step 2: Conduct and document a detailed
threat evaluation and risk assessment for
the ship as detailed in section 8. Assess
for any weaknesses, note them and
address them in the on-scene security
survey. Keep a copy of this documentation
and add them to the final SSA.

HZS ISPS 2006-20

07

4.30

IV. Practical steps to conduct a SSA

Step 3: Conduct the on-scene security
survey during which all previous
information gathered must be confirmed
and any weaknesses identified as detailed
in section 9. Keep a copy of this survey in
the final SSA

HZS ISPS 2006-20

07

4.31

IV. Practical steps to conduct a SSA

Step 4: If any ammendments are to be
made to one of the previous documents,
due to the making of the security survey, it
must be done at this point. All additions
and ammendments must be documented
and copied in the ship security plan. They
must also be retained in the SSA.

HZS ISPS 2006-20

07

4.32

IV. Practical steps to conduct a SSA

Step 5: Present the SSA to the company for
review and acceptance. The SSP will be
finalised with the SSA.
Step 6: The SSP, accompanied with the
assessment, is put forward for approval by
the Administration or Recognised Security
Organisation (RSO)
HZS ISPS 2006-20
07

4.33

IV. Practical steps to conduct a SSA

Practical steps for the mitigation of different
threats/ scenarios:
Step 1: Scenario Selection
Step 2: Evaluate/score the scenario in terms of
potential consequences
Step 3: Evaluate/score the scenario in terms of
ships vulnerability
Step 4: Determine if the scenario requires a
mitigation strategy
Step 5: Implement mitigation strategy
HZS ISPS 2006-20
07

4.34

IV. Practical steps to conduct a SSA

Potential
Threat
Scenarios

HZS ISPS 2006-20

07

4.35

IV. Practical steps to conduct a SSA

Step 1:
Scenario
Selection

HZS ISPS 2006-20

07

4.36

IV. Practical steps to conduct a SSA

Step 2: Evaluate, score the scenario in terms of
potential consequences

HZS ISPS 2006-20

07

4.37

IV. Practical steps to conduct a SSA

Step 3:
Evaluate, score
the scenario in
terms of ships
vulnerability

HZS ISPS 2006-20

07

4.38

IV. Practical steps to conduct a SSA

Step 4:
Determine if
the scenario
requires a
mitigation
strategy

HZS ISPS 2006-20

07

4.39

IV. Practical steps to conduct a SSA

Step 5:
Implement
mitigation
strategy

HZS ISPS 2006-20

07

4.40

IV. Practical steps to conduct a SSA

Exercise: Restricted Areas
Sum up the restricted areas o/b
Read & Comment

HZS ISPS 2006-20

07

4.41

Ship Security Assessment

I.
II.
III.
IV.
V.

Risk Assessment Methodology

Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation

HZS ISPS 2006-20

07

4.42

V. Security assessment
documentation
After completion of the SSA a report must
be prepared, consisting of a summary of
how the assessment was cinducted, a
description of each vernerability found
during the assessment, and a description
of counter measures thet could be used to
address each vulnerability.
This report must be protected from
unautherized access or disclosure.
HZS ISPS 2006-20
07

4.43