This is the second part of an article on the very basics of the ISPS Code and its applicability to Indian ship- and port-facility security.    It is reiterated that this article has been written to provide fundamental, baseline-information about the ‘International Ship and Port Facility Code’ (ISPS Code) to the lay public, including academia.  As such, while it has not been written for professionals within the shipping sector, it nevertheless seeks to provide a useful framework for the further and more-detailed research.  Part-1 focused upon providing the reader with an overview of the administration of the ISPS Code in India and touched upon the different levels of security relevant to the Code.  This second and concluding part gives a brief account of ship- and port-facility security and evaluates some gaps in applicability of the ISPS Code as well as in legislation within India.

Ship Security

A ‘Ship Security Plan’ (SSP) indicates the minimum security measures the ship should employ or enforce at the various levels.  The plan must be developed to ensure the application of security measures on board the ship, which are designed to protect persons on board, cargo, cargo transport units, ship’s stores or the ship itself from the risks arising from a potential security incident.[1]  Every ship is required to carry on board an approved SSP.[2]  The requirements to be met by the SSP are set out in the ISPS Code.[3]  The security plans must additionally be protected from unauthorized access.[4]  The “Recognized Security Organization” (RSO) itself may prepare SSPs,[5]  and in the case of India, the government may also entrust the review, approval, and execution of SSPs to the RSO.[6] This option notwithstanding, shipping companies are obligated to appoint a ‘Company Security Officer’ (CSO), who is based ashore and a ‘Ship Security Officer’ (SSO), who is placed aboard each ship.  The CSO is required to check that ships conduct regular ‘Ship Security Assessments’ (SSA), and these SSAs then guide the development of the SSP.[7]  The ISPS Code itself provides guidance on the basic requirements of an SSA.[8]  Although the RSO may itself carry out SSAs, [9] specific responsibility to ensure that SSAs have, indeed, been diligently carried out vests with the CSO.[10]  Each SSA should take existing security measures to be a base-reference and, using this reference, must thereafter assess all possible risks involving persons, activities, services and operations.  SSAs are included with security surveys and other elements listed in the ISPS Code, such as key shipboard operations, and possible threats and weaknesses, including human factors.[11]

Under special measures to enhance maritime security vis-à-vis the security of ships and of port facilities, all ships must be provided with a Ship Security Alert System (SSAS)[12] which, at the very basic level, would include onboard security equipment such as (inter alia) metal detectors for checking persons boarding the vessel.  The SSAS is meant to alert the designated authority of the ship’s Flag State whenever the security of the ship is under threat.  Every Indian shipping company is obligated to provide each ship that it is operating with a SSAS.[13]

Every ship is subjected to prescribed control measures and compliance.[14]  Thus, every ship subject to the ISPS Code is subject to verification to ensure that the security system and the associated security equipment of the ship are fully compliant with the requirements stipulated in Chapter XI-2 of SOLAS, Part A of the ISPS Code, and the approved SSP.  The concerned administrative authority is required to carry out this verification and an International Ship Security Certificate (ISSC) or Interim International Ship Security Certificate.[15]  is to be issued, for a period not exceeding five years, by the Directorate General of Shipping (DGS).[16]  While the authority to issue an IS may be delegated — the issuance of ISSC, Ship Security Certificate (SSC) and the Continuous Synopsis Record (CSR) to Indian ships has, for example, been delegated to the concerned Registrars of Shipping[17] — the responsibility per se cannot and so, responsibility in respect of all Indian-flagged vessels remains vested solely in the Government of India.

Port Security

Plans must also be developed to ensure the application of measures designed to protect the port facility itself, as also the ships, persons, cargo, cargo transport units, and ship-stores, located within the port facility, from the risks of a security incident.[18]  In compliance with the provisions of the ISPS Code,[19] a Port Facility Security Assessment (PFSA) is required to be to be carried out by designated officers of the Indian Register of Shipping (IRS), taking into account inputs from national security agencies, with each PFSA being approved by the DGS.[20]  A Port Facility Security Plan (PFSP) is then developed and maintained by Port Facility Security Officers (PFSO), on the basis of the PFSA and every such PFSP must make provisions for all three security levels.[21]   The ISPS Code sets out the requirements of the PFSPs,[22]  which may be combined-with or made part of the overall port-security plans.[23]  Obviously, PFSPs must be protected from unauthorised access or disclosure.[24]  The Government of India may also allow a given PFSP to cover more than one port facility if the government feels that the operator, location, operations, equipment and design of the port facilities are similar.[25]

To act as a security consultative body that remains involved in the continuous development and implementation of PFSPs, the DGS has formed committees, each comprising the PFSO of the port concerned, along with suitable representatives drawn from the Customs Department, the Narcotics Control Bureau (NCB), Central Intelligence Agencies (principally the IB), State Intelligence Agencies, the Central Industrial Security Force (CISF), the local police, the Immigration Department, the Indian Navy, the Indian Coast Guard, and any other concerned agency of the state or central government, as deemed appropriate by the Chairman or CEO of the concerned port.[26]

It is, of course, quite obvious that with such an enhancement in security measures and restricted right of entry, Indian ports would be better able to handle vessel-clearance processes, while improving inter-agency and inter-departmental cooperation, and pave the way to a sharp reduction in port- or ship-related crimes.  Nevertheless, the implementation of ISPS Code needs a significant number of security assessments and plans to be approved and this, in turn, requires coordination between public and private sectors and different government- as well as intergovernmental organisations, which itself leads to a number of challenges such as delays in obtaining clearance for ships and overcrowding at port entry-points.  Such delays need to be minimised through proper regulations.

Ship-Safety Aspects of the ISPS Code

The International Ship Management Code (ISMC) for the safe operation of ships and for pollution-prevention, and the ISPS Code are interrelated.  The IMO and Chapter IX of SOLAS have developed certain standards and procedures for the safe operation of ships, as also for the prevention of pollution.[27]  A maritime navigation safety communications system, the Automatic Identification System (AIS), has been mandated by the IMO for all cargo ships of 300 gross tonnage and upwards that are on international voyages, cargo ships of 500 gross tonnage and upwards that are not on international voyages, and all passenger ships irrespective of size.[28]   In India, however, fitment of AIS is compulsory on all vessels more than 15 NT.[29]  The AIS automatically transmits vessel information, including identity, type, position, course, speed, navigational status, and other safety-related information, and this information is capable of being received by other ships and shore stations both, via line-of site radio communications as well as via satellite (the latter is known as space-based AIS).[30]  In addition, the Ship Identification Number has to be permanently marked in a visible place,[31] and the CSR has to be carried on board.[32]  In compliance with extant regulations, the Shipping Corporation of India (SCI) has introduced its safety management system by setting up an International Safety Management (ISM) cell, which has developed, documented and structured certain norms and practices to be followed.[33]

Although the implementation of both Codes sometimes leads to a dilemma as to which is more important to uphold, both safety and security are equally critical within the maritime sector.  Acts of piracy and other forms of maritime crime make ships insecure.  Consequently, in case of a conflict between safety and security, safety prevails over security.[34]

 Scope of ISPS Code

The MS Act, in relation to the ISPS Code, applies to ships engaged in international carriage, including passenger ships and high-speed passenger craft; cargo ships, including high-speed craft of 500 gross tonnes and above; as also to mobile offshore units[35] and ports facilities serving such ships.[36]  The Government of India may also extend the application of this provision to ports that are only occasionally required to serve ships on international voyages.[37]  Warships, naval auxiliaries, and other ships owned or operated-by the Government of India for non-commercial service are excluded.[38]   It is apparent that the MS Act does not apply to fishing vessels, cargo ships less than 500 tonnes, high-speed container vessels built prior to July 2001, and vessels not employed for international voyages.  In the infamous terror attack in Mumbai in November of 2008, the terrorists travelled from Pakistan to Mumbai by boat, hijacked an Indian fishing trawler on the way, and landed in Mumbai in an inflatable dinghy.[39]

This clearly indicates that the maritime security of India must include each and every apparent threat. Yet, the MS Act narrows its scope to specified vessels or ships. Threats involving containerised cargo and bulk shipments are also not covered, despite their being well-recognised globally.[40]

The ISPS Code largely deals with how risks to maritime sector can be prevented and curtailed but does not cover the aftereffects of major security incidents.  Fortunately, India has not, thus far, experienced a major incident involving merchant ships or a port, yet it would be prudent to fill this lacuna by proper procedures and laws.  India would also be well advised to look at areas like the security of ships, which is not an aspect that is expressly covered under the ISPS Code.

It is, of course, undeniable that India has implemented the basic principles of the ISPS Code by enhancing security measures through national legislation.  However, the requisite checks and control mechanisms in respect of the ISPS Code are scattered in the MS Act, and rules and regulations are promulgated through DGS circulars.  To fill this gap the Indian Ports Bill, 2021, was introduced by Ministry of Ports, Shipping and Waterways.[41]  Chapter IX (Sections 44-61) of this bill will provide a comprehensive mechanism that provides more transparency to all maritime stakeholders for implementing their obligations under the ISPS Code.


About the Author:

Bhanu Krishna Kiran Ravella is an independent researcher in public international maritime law and security.  He earned an MSc in Strategic Studies from the S Rajarathnam School of International Studies, Nanayang Technological University, Singapore; an MPhil in international law and a PhD in international maritime law from the Jawaharlal Nehru University, New Delhi; he holds a diploma in Ocean laws and Policy from the Rhodes Academy, Greece; and is a Master of Law from Sri Venkateswara University, Tirupathi.  He may be contacted at


[1]               ISPS Code, Part A, Section 2.1.4

[2]               Ibid, Section 9.1

[3]               Ibid, Section 9.4

[4]               Ibid, Section 9.7

[5]               Ibid, Section 9.1.1

[6]               Ibid, Section 9.2.1

[7]               Ibid, Part B, Section 1.9

[8]               Ibid, Section 8

[9]               Ibid, Section 8

[10]             Ibid, Part A, Section 8.2

[11]             Ibid, Section 8.4

[12]             SOLAS XI-2, Regulation 6.1

[13]             MS Act, Section 344 R

[14]             Ibid, Section 344 S

[15]             MS Act, Section 344 Q

[16]             ISPS Code, Part A, Section. 19.3.1

[17]             DGS, Shipping Notices, M S Notice No. 1 S of 2014, Para 1,

[18]             ISPS Code, Part A, Section. 2.1.5

[19]            Ibid, Section 15

[20]             DGS Circular, “ISPS and Maritime Security”, ISPS Circular NT/ISPS/PFSP/02/2004, Para 2,

[21]             ISPS Code, Part A, Section 16.1

[22]             Ibid, Section 16.3

[23]             Ibid, Section 16.5

[24]             Ibid, Section 16.8

[25]             Ibid, Section 16.9

[26]             DGS Circular No. 04 of 2022,

[27]             Resolution A.788 (19) of the IMO,

[28]             SOLAS Chapter V, Regulation 9

[29]             DGS Circular No. NT/ISPS/2/2013 dated 14 May 2013.  NT (net tonnage) is a method of calculation for how much cargo-space a ship has.

[30]             Guidelines for the onboard operational use of shipborne  \AIS,

[31]             Ibid, Regulation 3

[32]             Ibid, Regulation 5

[33]             The Shipping Corporation of India Ltd., ISM Cell,

[34]             Safety4Sea, “Security Measures: A Brief Review of ISPS Code Implementation,”

[35]             Merchant Shipping Act, 1958 as amended in 2004 (MS Act) Section 344J para 1(a)

[36]             Ibid, Para 1(b)

[37]             Ibid

[38]             Ibid, Para (2)

[39]            Nana Kwabena Boakye-Boampong, “The ISPS code: An Effective or Defective Maritime Security Tool?”

[40]             Maritime Transport Committee, Organization for Economic Co-operation and Development (OECD), July 2004,

[41]             Ministry of Ports, Shipping and Waterways website,

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *