Home IMO SOLAS ISPS Code › You are here

IMO ISPS Code Section 15 - Port Facility Security Assessment PFSA by Contacting Governments or Registered Security Organizations and its Importance

isps port security assessment

The International Maritime Organization (IMO) mandated International Ship and Port Facility Security Code (ISPS Code) is a supplement to the International Convention for the Safety of Life at Sea, 1974, as amended (SOLAS). ISPS Code intends to provide an international framework for mandatory requirements regarding the provisions of Chapter XI-2 of SOLAS.

The Port Facility Security Assessment (PFSA) is a risk analysis of all aspects of a port facility’s operation in order to determine which parts of it are more susceptible to be the subject of attack. PFSA is an essential and integral part of developing and updating Port Facility Security Plan (PFSP). The CG or the RSO, who must have appropriate skills, carries out PFSA and its shall be approved by the member state concerned.


Like Ship Security Assessment (SSA), the PFSA must be periodically reviewed and updated periodically when fresh security threats or major changes in the port facilities. While a PFSA is carrying out, all possible threats should be considered along with the vulnerability of each target and the consequences of each security threat.

Contents:

isps code pfsa

ISPS Code - Port Facility Security Assessment

ISPS Code Part A Section 15 - Port Facility Security Assessment

Port Facility Security Assessment Requirements




15 Port Facility Security Assessment

15.1 The port facility security assessment is an essential and integral part of the process of developing and updating the port facility security plan.

15.2 The port facility security assessment shall be carried out by the Contracting Government within whose territory the port facility is located. A Contracting Government may authorise a recognized security organization to carry out the port facility security assessment of a specific port facility located within its territory.

15.2.1 When the port facility security assessment has been carried out by a recognized security organization, the security assessment shall be reviewed and approved for compliance with this section by the Contracting Government within whose territory the port facility is located.

15.3 The persons carrying out the assessment shall have appropriate skills to evaluate the security of the port facility in accordance with this section, taking into account the guidance given in part B of this Code.

15.4 The port facility security assessments shall periodically be reviewed and updated, taking account of changing threats and/or minor changes in the port facility and shall always be reviewed and updated when major changes to the port facility take place.

15.5 The port facility security assessment shall include, at least, the following elements:

.1 identification and evaluation of important assets and infrastructure it is important to protect;

.2 identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritize security measures;

.3 identification, selection and prioritization of counter measures and procedural changes and their level of effectiveness in reducing vulnerability; and

.4 identification of weaknesses, including human factors in the infrastructure, policies and procedures.

15.6 The Contracting Government may allow a port facility security assessment to cover more than one port facility if the operator, location, operation, equipment, and design of these port facilities are similar. Any Contracting Government, which allows such an arrangement shall communicate to the Organization particulars thereof.

15.7 Upon completion of the port facility security assessment, a report shall be prepared, consisting of a summary of how the assessment was conducted, a description of each vulnerability found during the assessment and a description of counter measures that could be used to address each vulnerability. The report shall be protected from unauthorized access or disclosure.

ISPS Code Part B Section 15 - Port Facility Security Assessment

Guidance regarding port facility security assessment

15 Port Facility Security Assessment

General

15.1 The Port Facility Security Assessment (PFSA) may be conducted by a Recognized Security Organization (RSO). However, approval of a completed PFSA should only be given by the relevant Contracting Government.

15. 2 If a Contracting Government uses a RSO, to review or verify compliance of the PFSA, the RSO should not be associated with any other RSO that prepared or assisted in the preparation of that assessment.

 15.3 A PFSA should address the following elements within a port facility:

.1 physical security;

.2 structural integrity;

.3 personnel protection systems;

.4 procedural policies;

.5 radio and telecommunication systems, including computer systems and networks;

.6 relevant transportation infrastructure;

.7 utilities; and

.8 other areas that may, if damaged or used for illicit observation, pose a risk to persons, property, or operations within the port facility.

15.4 Those involved in a PFSA should be able to draw upon expert assistance in relation to:

.1 knowledge of current security threats and patterns;

.2 recognition and detection of weapons, dangerous substances and devices;

.3 recognition, on a non- discriminatory basis, of characteristics and behavioural patterns of persons who are likely to threaten security;

.4 techniques used to circumvent security measures;

.5 methods used to cause a security incident;

.6 effects of explosives on structures and port facility services;

.7 port facility security;

.8 port business practices;

.9 contingency planning, emergency preparedness and response;

.10 physical security measures e.g. fences;

.11 radio and telecommunications systems, including computer systems and networks;

.12 transport and civil engineering; and

.13 ship and port operations.

Identification and evaluation of important assets and infrastructure it is important to protect

15.5 The identification and evaluation of important assets and infrastructure is a process through which the relative importance of structures and installations to the functioning of the port facility can be established. This identification and evaluation process is important because it provides a basis for focusing mitigation strategies on those assets and structures which it is more important to protect from a security incident. This process should take into account potential loss of life, the economic significance of the port, symbolic value, and the presence of Government installations.

15.6 Identification and evaluation of assets and infrastructure should be used to prioritise their relative importance for protection. The primary concern should be avoidance of death or injury. It is also important to consider whether the port facility, structure or installation can continue to function without the asset, and the extent to which rapid re-establishment of normal functioning is possible.

15.7 Assets and infrastructure that should be considered important to protect may include:

.1 accesses, entrances, approaches, and anchorages, manoeuvring and berthing areas;

.2 cargo facilities, terminals, storage areas, and cargo handling equipment;

.3 systems such as electrical distribution systems, radio and telecommunication systems and computer systems and networks;

.4 port vessel traffic management systems and aids to navigation;

.5 power plants, cargo transfer piping, and water supplies;

.6 bridges, railways, roads;

.7 port service vessels, including pilot boats, tugs, lighters etc;

.8 security and surveillance equipment and systems; and

.9 the waters adjacent to the port facility.

15.8 The clear identification of assets and infrastructure is essential to the evaluation of the port facility’s security requirements, the prioritisation of protective measures, and decisions concerning the allocation of resources to better protect the port facility. The process may involve consultation with the relevant authorities relating to structures adjacent to the port facility which could cause damage within the facility or be used for the purpose of causing damage to the facility or for illicit observation of the facility or for diverting attention.

Identification of the possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritise security measures

15.9 Possible acts that could threaten the security of assets and infrastructure, and the methods of carrying out those acts, should be identified to evaluate the vulnerability of a given asset or location to a security incident, and to establish and prioritise security requirements to enable planning and resource allocations. Identification and evaluation of each potential act and its method should be based on various factors, including threat assessments by Government agencies. By identifying and assessing threats, those conducting the assessment do not have to rely on worst-case scenarios to guide planning and resource allocations.

 15.10 The PFSA should include an assessment undertaken in consultation with the relevant national security organizations to determine:

.1 any particular aspects of the port facility, including the vessel traffic using the facility, which make it likely to be the target of an attack;

.2 the likely consequences in terms of loss of life, damage to property, economic disruption, including disruption to transport systems, of an attack on, or at, the port facility;

.3 the capability and intent of those likely to mount such an attack; and

.4 the possible type, or types, of attack,

producing an overall assessment of the level of risk against which security measures have to be developed.

15.11 The PFSA should consider all possible threats, which may include the following types of security incidents:

.1 damage to, or destruction of, the port facility or of the ship, e.g. by explosive devices, arson, sabotage or vandalism;

.2 hijacking or seizure of the ship or of persons on board;

.3 tampering with cargo, essential ship equipment or systems or ship’s stores;

.4 unauthorized access or use including presence of stowaways;

.5 smuggling weapons or equipment, including weapons of mass destruction;

.6 use of the ship to carry those intending to cause a security incident and their equipment;

.7 use of the ship itself as a weapon or as a means to cause damage or destruction;

.8 blockage; of port entrances, locks, approaches etc; and

.9 nuclear, biological and chemical attack.

15.12 The process should involve consultation with the relevant authorities relating to structures adjacent to the port facility which could cause damage within the facility or be used for the purpose of causing damage to the facility or for illicit observation of the facility or for diverting attention.

Identification, selection, and prioritisation of countermeasures and procedural changes and their level of effectiveness in reducing vulnerability

15.13 The identification and prioritisation of countermeasures is designed to ensure that the most effective security measures are employed to reduce the vulnerability of a port facility or ship/port interface to the possible threats.

15. 14 Security measures should be selected on the basis of factors such as whether they reduce the probability of an attack and should be evaluated using information that includes:

.1 security surveys, inspections and audits;

 .2 consultation with port facility owners and operators, and owners/operators of adjacent structures if appropriate;

.3 historical information on security incidents; and

.4 operations within the port facility.

Identification of vulnerabilities

15.15 Identification of vulnerabilities in physical structures, personnel protection systems, processes, or other areas that may lead to a security incident can be used to establish options to eliminate or mitigate those vulnerabilities. For example, an analysis might reveal vulnerabilities in a port facility’s security systems or unprotected infrastructure such as water supplies, bridges etc that could be resolved through physical measures, e.g. permanent barriers, alarms, surveillance equipment etc.

15.16 Identification of vulnerabilities should include consideration of:

.1 waterside and shore-side access to the port facility and ships berthing at the facility;

.2 structural integrity of the piers, facilities, and associated structures;

.3 existing security measures and procedures, including identification systems;

.4 existing security measures and procedures relating to port services and utilities;

.5 measures to protect radio and telecommunication equipment, port services and utilities, including computer systems and networks;

.6 adjacent areas that may be exploited during, or for, an attack;

.7 existing agreements with private security companies providing waterside/shore-side security services;

.8 any conflicting policies between safety and security measures and procedures;

.9 any conflicting port facility and security duty assignments;

.10 any enforcement and personnel constraints;

.11 any deficiencies identified during training and drills; and

.12 any deficiencies identified during daily operation, following incidents or alerts, the report of security concerns, the exercise of control measures, audits etc.

Disclaimer: For general information purpose only - please check IMO ISPS Code - SOLAS Convention for the latest requirements and accurate info

Port Facility Security Officer Online Training

Transport Canada Approved PFSO Training Online

The Virtual Maritime Academy (VMA) online course give the essential education and training to get certified as a Port Facility Security Officer and meets the requirements set out in the International Ship and Port Facility Security (ISPS) Code. Read more..

LAST UPDATED ON Jul 16, 2022