The International Ship and Port Facility Security (ISPS) Code is a comprehensive set of measures adopted by the International Maritime Organization (IMO) under the Safety of Life at Sea (SOLAS) Convention. Established in response to heightened concerns about maritime terrorism and unlawful acts after the September 11, 2001 attacks, the ISPS Code entered into force on July 1, 2004. Its primary objective is to enhance the security of ships and port facilities by establishing a standardized, consistent framework that enables governments, shipping companies, port authorities, and other stakeholders to collaborate in identifying and addressing threats to maritime security.

The ISPS Code is divided into two main parts. Part A is mandatory and lays down detailed requirements for governments, shipowners, and port facilities to follow. Part B contains recommended guidelines that provide flexibility in implementation but are not legally binding. Together, these parts form a comprehensive approach to maritime security, balancing strict compliance with adaptable measures tailored to specific risks and operational environments. Since its inception, the ISPS Code has been continuously updated to address evolving threats, including cyber risks, piracy, and organized crime affecting global trade routes.

The Code applies to ships engaged in international voyages, including passenger ships, cargo ships of 500 gross tonnage and above, mobile offshore drilling units, and port facilities serving such ships. Each ship must have an approved Ship Security Plan (SSP) and designate a Ship Security Officer (SSO). Similarly, each port facility must maintain a Port Facility Security Plan (PFSP) and appoint a Port Facility Security Officer (PFSO). These officers are responsible for ensuring that security measures are implemented, drills and exercises are conducted, and compliance is maintained under the oversight of the Designated Authority from the flag or port state.

A crucial feature of the ISPS Code is the establishment of three security levels, which provide a flexible and responsive framework to adapt to varying threat environments. Security Level 1 represents the normal condition, where minimum security measures must be maintained at all times. Security Level 2 is applied when there is an increased risk of a security incident, requiring additional protective measures. Security Level 3 represents the highest alert level, where a probable or imminent security threat exists, and extraordinary measures must be implemented to safeguard ships and port facilities.

These security levels are set by the Contracting Governments and communicated to ships and port facilities. Ships are required to comply with the security level set by the administration of the port state they are visiting. This ensures that all parties are synchronized in their efforts, minimizing the likelihood of confusion or lapses during periods of heightened alert. The dynamic application of security levels demonstrates the adaptability of the ISPS Code to different threat scenarios, from routine operations to emergency conditions.

Another critical element of the ISPS Code is the use of security assessments and plans. A Ship Security Assessment (SSA) identifies potential vulnerabilities, while the Ship Security Plan outlines the preventive, protective, and response measures to address them. Likewise, Port Facility Security Assessments (PFSA) and Plans detail site-specific risks and countermeasures. Both ships and port facilities undergo audits and verifications to ensure that these plans remain effective and updated, considering new threats such as cyberattacks targeting navigation and cargo systems.

The ISPS Code also emphasizes international cooperation and information exchange. Contracting Governments are encouraged to share intelligence regarding potential threats, suspicious activities, and lessons learned from incidents. This collaborative approach enhances global maritime security, ensuring that vulnerabilities in one region do not compromise the safety of the wider international shipping community. The Code highlights that maritime security is not only a national concern but a shared global responsibility.

Training and drills form an essential part of the Code’s framework. Crew members, ship officers, and port facility staff must undergo regular security training to familiarize themselves with procedures for access control, cargo inspections, restricted area monitoring, and emergency responses. Periodic drills test the readiness of personnel and the effectiveness of the security systems in place. These practices ensure that in times of real threats, the response is swift, coordinated, and efficient.

Over time, the ISPS Code has expanded its scope to address emerging challenges. The increasing reliance on digital technologies in maritime operations has introduced new risks, particularly in the form of cyber threats. Recognizing this, the