Security measures on board ships
As provided in the ISPS Code, each company shall carry out a ship security assessment (SSA) and prepare a ship security plan (SSP). The ship security plan (SSP) and amendments must be submitted for approval to the Finnish Transport and Communications Agency (Traficom) or to a Recognized Security Organization (RSO) authorized by Traficom. Having approved the plan, Traficom or RSO carries out a verification before issuing an International Ship Security Certificate (ISSC) to the ship.
Ship security plan (SSP) amendments requiring approval:
Amendments affecting the security measures (systems or arrangements) as specified in the original approved SSP.
Amendments which no longer describes ship’s normal operation as in the original approved SSP.
Changes (instalments or removals) of any security equipment as described in the original approved SSP.
Change of CSO or CSO substitute (name and contact details).
Minor amendments to be submitted for reviewing:
Changes to the Company name and/or to address and/or phone number(-s).
Format of checklists.
Stilistic changes to i.e. wording in sentences.
(Regulation (EC) No. 725/2004, Annex II, section A/9.5).
When the cyber risk management system (CRM) has been included in the safety management system (ISM; IMO Resolution MSC.428(98)), it should be included in the Ship Security Assessment (SSA) and explicitly mentioned in the Ship Security Plan (SSP).
(Regulation (EC) No. 725/2004, Annex II, sections A/8.1 & A/9.4.4) and Annex III, sections B/8.3.5 & B/9.4).
Ships engaged on scheduled voyages have, based on application, been granted exemptions from the provision of providing security information prior to entry into port but only on security level 1.
(Regulation (EC) No. 725/2004, Article 7.1).
The company’s security officer must prepare a list of vessels for which Traficom has granted an exemption and keep the list up to date.
The list must be updated whenever changes are made to the routes of exempted vessels. The list must indicate the port facilities to which the exempted vessels operates, using the UN/LOCODE codes of the respective port facilities. (Regulation (EC) No 725/2004, Article 7.1(a)).
The updated list must be submitted to Traficom by e-mail: psc@traficom.fi.
Periodical checks of the conditions for exemptions from the provision of security information prior to entry into port (pre-arrival information) are to be carried out annually.
The master, to which ship the exemption has been granted, has to send the pre-arrival report (MARSEC Doc 0508) every calendar year to Maritime Inspections (Traficom) by e-mail: merenkulun.valvonta@traficom.fi
(Regulation (EC) No. 725/2004, Article 7.3).
As provided in regulation XI-2/9.2.3 of the SOLAS Convention, the Administration shall specify the minimum period for which declarations of security shall be kept on board.
Records of Declarations of Security shall be carried on board Finnish ships for at least 90 days from their date of signature. Alternatively declarations pertaining to the last ten calls at port shall be kept. The alternative comprising the longer period of the two shall be chosen.
As provided in section A/10.1 of the ISPS Code, the Administration shall also specify the minimum period for which records listed under paragraphs A/10.1.1 to 10.1.10 shall be kept on board.
Such records shall be kept on board Finnish ships for at least three years from the date of the incident thus enabling their verification during the interval between two of the verifications specified in paragraph A/19.1.1 of the ISPS Code.
If reference has been made to incidents or threats in the Declarations of Security or other records mentioned above and an investigation has been initiated, the documents must be retained until the case is closed.
The period for which Declarations of Security and other records must be kept on board shall be stated in the ship security plan.
As provided in the ISPS Code, paragraph A/9.4.15, the ship security alert system (hereinafter SSAS) shall be calibrated and tested in accordance with the security plan and documented as provided in paragraph 10.1.10 of the Code.
The SSAS is tested annually by means of a test transmission to MRCC Turku carried out by an inspector from Traficom or by the service station used for servicing shipborne radio installations. The inspector or the service station decides on how the test should be performed based on the type of equipment concerned and its characteristics and agrees on the test transmission with the MRCC. If the SSAS is of such a type that the inspector cannot carry out the test without the assistance of service station personnel, the test is to be carried out by a service station employee. Alternatively, the service station employee must be present on board to put the SSAS into test mode.
If the SSAS has to be tested in the absence of both the Traficom inspector and the service station employee, testing can be carried out by a ship’s officer as follows:
NB. Some ship security alert systems are such that they can be tested only by a service station employee on board.
MRCC Turku should always be notified of any false alarms.
All records pertaining to the SSAS must be preserved as attachments of the ship security plan.
If the ship is transferred to another flag or sold abroad, the contact information in the ship security alert system shall be deleted.
Adresses to be entered in the SSAS:
E-mail: ssas.mrcc@raja.fi
INM-C: 423002211
Telephone +358 294 1031Fax +358 294 1019
The purpose of the International Ship and Port Facility Security Code is to enhance the security of ships and port facilities. The Code was prepared by the International Maritime Organization in 2001 and was included in the SOLAS Convention as chapter XI-2 "Special measures to enhance maritime security". Within the EU it has been implemented by Regulation (EC) No 725/2004.
Consolidated version
725/2004Valid from: 19/05/2004
The ISPS Code applies to the following types of ships engaged on international voyages:
The Code does not apply to warships, naval auxiliaries or other ships owned or operated by a Contracting Government and used only on Government non-commercial service.
When a ship complies with the relevant maritime security requirements its security plan is approved by the Competent Authority and an International Ship Security Certificate is issued to the ship.
The objective of the Code is to prevent security incidents affecting ships or port facilities used in international trade.
Security levels are used for risk assessment.
The Company must carry out a ship security assessment, which it shall document, review, accept and retain. A ship security plan must then be prepared on the basis of the assessment.
Each ship must have a ship security plan. Both the ship security assessment and the ship security plan must be submitted to Traficom, the Competent Authority in charge of approving ship security plans in Finland.
The plan must be written in the working language or languages of the ship. If the language or languages used is not English, French or Spanish, a translation into one of these languages must be included.
Traficom inspectors or classication society's (RSO) inspectors carry out an interim verification when the ship security plan is to be introduced. An interim International Ship Security Certificate is issued to the ship after the verification. The certificate is valid for a period of six months.
When the ship has undergone an initial verification, an International Ship Security Certificate is issued. As a rule, the certificate is issued for a period of five years. An intermediate verification takes place between the second and third anniversary date of the certificate and a renewal verification at intervals of five years.
Traficom's or authorized classification society's (RSO) responsibilities
Ship security verifications are often combined with ISM audits.
For verification of the identity of Traficom inspectors and their authorization to carry out ship security verifications please call +358 50 343 1800.
