1. SCM Research, Development and Planning Unit Page 1 of 7
SCM
___________________________________________________Ships Classification Malaysia
Revision : 0 Distribution Lists:
Last Rev. Date : - Unit Managers
Issue date : 20.02.2004 All Surveyors
Prepared By : KYUZRI
Verified By : ROSIDI
For Internal Distribution Only Guidelines to Surveyors
Port Security Assessment and Security Plan
1.0 INTRODUCTION
1.1 Scope
This internal guideline is to provide guidance for the SCM’s Maritime Security Assessor (MSA) acting as a
Consultant approved by the Designated Authority (DA), in performing port area security assessment (PASA)/ port
facility security assessment (PFSA) and developing port area security plan (PASP)/ port facility security plan
(PFSP) when requested by a Port Facility Operator (PFO) or Port Administrator (PA), based on the restricted
scope stipulated in SOLAS Chapter XI-2 and ISPS Code Part A (mandatory) and taking into account ISPS Code
Part B and guidelines from DA.
1.2 Application
The assessment and development of plan is only applicable to port and port facilities serving vessels engaged on
international voyages as categorized below:
All passenger ships, including high speed passenger crafts
Cargo ships, including high speed craft cargo ships of 500GRT and above
Mobile offshore drilling unit (MODU)
1.3 Qualification
SCM Maritime Security Assessor assigned to perform the assessment and development of plan, shall be qualified
in accordance to SCM minimum requirements as follows:
i. The assessor should have knowledge in the ship operations, port facilities and operations.
ii. The assessor should have knowledge in the auditing of management systems either through ISM
certification or ISO certification.
iii. The assessor should have successfully attended ISPS course, covering PFSA and PFSP, internal or external
and passed the course examination.
iv. The assessor shall carry out a minimum of one (1) PFSA and develop one (1) PFSP under direct supervision
by a qualified maritime security assessor.
v. The assessor shall have passed a security vetting by the relevant authorities and periodical confirmation
thereafter.
1.4 Obligations and Responsibilities
1.4.1) Port Facility Operator (PFO)/ Port Administrator (PA)
a) Provide a qualified Officer (PASO/PFSO) based on the ISPS Code and any additional requirements set by the
DA.
b) Provide the resources needed by the SCM Assessor to ensure an effective and efficient assessment
(PASA/PFSA).
c) Provide an effective communication and coordination through out the assessment (PASA/PFSA) period and
during the development of plan (PASP/PFSP) by forming up a committee so call Port Area Security
Committee (PASC).
d) Provide necessary access to document, records, reports and facilities if requested by the SCM Assessor.
e) Fully co-operate with the SCM Assessor in order to achieve the objective of assessment (PASA/PFSP) and
development of plan (PASP/PFSP).
f) Provide necessary resources, tools and support if SCM is requested to assist the implementation process of
plan (PASP/PFSP).
g) Actively participate and involved if assistance from SCM is required to perform in-house audit and review.
h) Complete PASA/PFSA and PASP/PFSP to be submitted to DA for review and approval.
i) To furnish SCM with any directives, guidelines and relevant information form the port itself or DA on the
port security measures.
2. SCM Research, Development and Planning Unit Page 2 of 7
1.4.2) SCM
a) To ensure that the PASA/PFSA and PASP/PFSP process is performed in accordance with this guideline and
relevant DA requirements within the scope of ISPS code.
b) To carry out and develop the PASA/PFSA and PASP/PFSP effectively and efficiently.
c) To comply with applicable requirements and other appropriate directives.
d) To note in the report any major obstacles encountered in performing the PASA/PFSA.
e) To organize special technical assistance if required, to fulfill the compliance.
f) To report the PASA/PFSA results clearly, conclusively and without undue delay.
g) To ensure confidentiality of documents and information pertaining to the PASA/PFSA and PASP/PFSP.
1.4 Definitions and Abbreviations
SCM Maritime Security Assessor (MSA) is a SCM Security Personnel who has been duly trained in accordance to
IACS Procedural Requirement No.25 and qualified to carry out port assessment and plan development.
SCM Maritime Security Unit (MSU) is a unit in Ships Classification Malaysia responsible for the maritime security
activities, relating to port and ship.
SCM Head of Maritime Security Unit (HMSU) is a Senior Manager of Ships Classification Malaysia who is
responsible in the management of the maritime security activities.
SCM Secretary of Maritime Security Unit (SMSU) is an SCM Administration Personnel accountable to HMSU and
responsible in general secretarial and clerical tasks related to maritime security activities.
Designated Authority (DA) means an authority or administration (Malaysia Marine Dept.) designated by the
Contracting Government (Malaysia Government) to undertake security duties with respect to ship and port
facilities.
Port Facility Operator (PFO) means an organization or owner that operates a port facility.
Port Administrator (PA) means the regulatory authority of the federal ports, which have been gazette as a port
authority, or ports under the management of the state authority or the “Marine Department” which do not have
gazette port authorities.
Port Area Security Officer (PASO) means a qualified officer designated by the PA to facilitate the development,
implementation, review and maintenance of a PASP and for liaison with PFSO and SSO.
Port Facility Security Officer (PFSO) means a person designated by the PFO, responsible for the development,
implementation, revision and maintenance of the port facility security plan (PFSP) and for liaison with CSO, SSO
and PASO.
Ship Security Officer (SSO) means the shipboard personnel, accountable to the Master designated by the Company,
responsible for the security of the ship, implementation and maintenance of SSP and liaison with CSO and PFSO.
Company Security Officer (CSO) means a person designated by the company to develop and revise the SSP and for
liaison with the PFSO and SSO.
Port Area Security Committee (PASC) means a committee composing of PASO, PFSO, PFO, Ship Operators,
Agents and Government Bodies (such as Immigration, Custom, Quarantine, Police, Marine Dept. etc.) chaired by
the PA, responsible to provide a communication and coordination of security arrangement, development and
implementation of PFSP.
Port Area Security Plan (PASP) means a plan developed to ensure the application and measures designed to
protect the port area and vessels, their cargoes, persons onboard from the risk of a security incident.
Port Facility Security Plan (PFSP) means a plan developed to ensure the application and measures designed to
protect the port facility and vessels, their cargoes, persons onboard from the risk of a security incident.
Port Area Security Assessment (PASA) means a comprehensive analysis of threats, vulnerabilities, existing
protective measures, procedures and operations within the port area.
Port Facility Security Assessment (PFSA) means a comprehensive analysis of threats, vulnerabilities, existing
protective measures, procedures and operations within the port facility.
3. SCM Research, Development and Planning Unit Page 3 of 7
International Ship and Port Facility Security Code (ISPS) means the ISPS Code consisting of Part A and Part B as
adopted by the Organization.
Security Incident (SI) means any suspicious act or circumstance threatening the security of a ship, MODU, high
speed craft, port facility, and ship/port interface and ship/ship activity.
Security Level (SL) means the qualification of the degree of risk that a security incident will be attempted or will
occur.
Security Level 1 (SL 1) means the level for which appropriate minimum protective security measures shall be
maintained at all times.
Security Level 2 (SL 2) means the level for which appropriate additional protective security measures shall be
maintained for a period of time as a result of heightened risk of a security incident.
Security Level 3 (SL 3) means the level of which further specific protective security measures shall be maintained
for a period of time when a security incident is probable or imminent. (Although it may not be possible to identify
specific target).
Port Security System (PSS) is the security system placed onboard which implements the procedures.
Documentation and associated records, which are examined to verify compliance with the requirements of the
ISPS Code.
Declaration of Security (DoS) means an agreement to be executed between the SSO and PASO/PFSO and
provides means for ensuring that the critical security concerns are properly address and security will remain in
place throughout the time when vessel is in the port area and facility.
Ship/Port Facility Interface means the interaction that occur when a ship is directly and immediately affected by
actions involving the movement of persons, goods or the provision of port services to or from the ship.
Threat means the likelihood of an unlawful act will be committed against a particular target, based on a
perpetrator’s intents and capability.
Verification means a planned and systematic audit sampling, examination, measurement and testing in order to
verify that the port security system and equipment specified in the PASP/PFSP is being effectively maintained and
implemented.
Objective evidence means a quantitative or qualitative information, records or statement of facts pertaining to the
security system and equipment observed during approval and verification.
Observation means a statement of fact and judgment made during approval and verification supported by objective
evidence which if not corrected may lead to non-conformity in the future.
Non Conformity means an observed situation where objective evidence indicates the non-fulfillment with a
specified mandatory rules and requirements.
Findings means an observation or nonconformity raised up during PASA/PFSA, implementation of PASA/PFSA
and internal audit.
Recommendation means an observed situation due to findings made and recommended in order to comply with the
ISPS code Part and Part B requirements.
2. WORK METHODOLOGY
2.1 Scope of Work
SCM scope of work is just limited to port security assessment and security plan development. However, it may be
extended, in a case by case basis and at the request of PFO/PA covering SCM value added services such as
implementation of PASP/PFSP, in-house audit/review and ISPS awareness course with a clear define scope agreed
between SCM and PFO/PA at an early stage of communication.
2.2 Process Flowchart
The flowchart shown in Appendix 1 shows an overall process, including lines of communication, responsibilities
and references involved in the port assessment, plan development, plan implementation (optional), in-house
audit/review stages (optional) and in-house ISPS awareness course (optional). It is a responsibility of all Maritime
Security Unit (MSU) personnel to follow and maintain a smooth flow of the process in order to prevent
inefficiency causing unnecessary delay to PFO/PA.
4. SCM Research, Development and Planning Unit Page 4 of 7
2.3 Handling Request
2.3.1 Request and Confirmation Order
SCM application for survey form (form No: TE/SURV/F/0) may be used for confirmation of order. Formal
request made through letter or fax signed by the company’s representative would normally be acceptable. Soon as
after receiving the request, SCM then should send a reply letter confirming to undertake the project noting an
estimated period of project, scope of works and fee if requested.
2.3.2 Formal Contract Agreement
In some cases, the PFO/PA may request a formal form of special agreement or contract for conducting a port
assessment and plan development to a number of facilities in the port areas or a complete package inclusive of the
optional services. In this regard, SCM or client’s standard format of agreement shall be used, with mutual
acceptance
2.4 Planning
In order to have good end results, an effective planning before/during /after execution of port assessment, plan
development, plan implementation and plan audit verification, is necessary. It is to ensure that a channel of
coordination and communication is always being maintained and controlled. This can be achieved through:
(a) Setting up a specific agreeable work program (see Appendix 2- form to be used).
(b) Conducting an opening meeting or kick off meeting or the first meeting in the PFO/PA premises participated
by PASO/PFSO and PASC for the purpose of collecting information, issuing instruction, discussion on the
method of execution etc.
(c) Conducting a regular progress meeting with PASO/PFSO and PASC in order to discuss and agree to the
daily findings and recommendations.
(d) Conducting a closing meeting or a final meeting with PASO/PFSO and PASC to summing up and to conclude
information, findings, recommendation etc.
2.5 Execution
Port assessment, plan implementation and plan audit verification are to be carried out based on the checklist
attached in Appendix 3,4,5 respectively. Prior to conducting the aforementioned tasks, MSA should have a clear
definition of objective. The main objective is to aim that the following preventive security measures are provided
and maintained at all security level of risks:
(a) Legal or illegal access to the port facility from land or sea for the purpose of committing unlawful acts is
prevented.
(b) Unauthorized weapons, dangerous or hazardous substances and devices brought in or smuggled into the port
or from vessel using the port are prevented.
(c) Personal injury or death or damage to the port facility, ships and infrastructures by explosive or other devices
is prevented.
(d) Tampering with cargo, essential and important equipment, utilities, protection system, procedures and
communication system is prevented.
(e) Smuggling of contraband, drugs, narcotics, prohibited material and other illegal substances is prohibited.
(f) Other criminal activities, such as theft and robbery is prevented
(g) Unauthorized disclosure of classified material, commercially proprietary information or security sensitive
information is prohibited.
It is also important to remember that when carrying out the tasks, the MSA shall address and/or consider the
following elements:
2.5.1 Port Security Assessment
(a) Identification and evaluation of important assets and infrastructures that is important to be protected.
(b) Identification of possible threats to the assets and infrastructures and the likelihood of their occurrence in
order to establish and prioritize security measures.
(c) Identification, selection and prioritization of counter measures and procedures and effectiveness in reducing
vulnerabilities.
(d) Identification of weaknesses, including human factors in the infrastructures, policies and procedures.
2.5.2 Plan Development
(a) It has reference and close link to the valid PASA/PFSA.
(b) It has taken into consideration all the recommendation set in the PASA/PFSA.
(c) It shall be written in the working language or working languages of the port, if the working language(s) used
is not English/French/Spanish.
(d) It has addressed all the identified list of risks.
(e) It has taken into consideration of ISPS Code Part B.
5. SCM Research, Development and Planning Unit Page 5 of 7
(f) It allows for a full redundancy and contingency in the port security system and security equipment
(g) It contains procedures stating what to do, when, how and by whom.
(h) Threat and vulnerability assessment in SSA has been used as a basis in deciding the security measures.
2.5.3 Plan Implementation
(a) The PASO/PFSO and port personnel having a specified security duty shall have sufficient knowledge and
have received appropriate training.
(b) To conduct a drills and should test individual element of the PASP/PFSP with regard to the identified
potential threats.
(c) To conduct a full scale/live and tabletop simulation/seminar or a combined exercise with the other port state
authority exercises.
(d) To request and include involvement and participation from PASO/PFSO, PASC, CSO and SSO in joint
exercise.
(e) To test efficiency of communication, coordination, participation, availability of resources and response during
the drills and exercises.
2.5.4 Plan Audit Verification
(a) Verify that the approved PASP/PFSP is available and approval comments if any from DA have been dealt
with.
(b) Verify that the PASP/PFSP has been satisfactorily and effectively implemented including drills, exercises and
training.
(c) Verify through an audit sampling that the port security system is being fully implemented and objective
evidence demonstrating the effectiveness of the documented procedures.
(d) Verify that all security and monitoring equipment specified in the PASP/PFSP complies with applicable
requirements and is satisfactorily working.
For the port assessment, any observation made to be reported in the comments column of the PASA/PFSA
checklist and later on will be used as an input to develop the PASP/PFSP. For the threat and vulnerability risk
assessment, guidance from the International Labor Organization and International Maritime Organisation to be
used.
Each item in the plan implementation/plan audit verification checklist should be filled in the finding column
denote as “OK/NC/NA/OBS”. Any remarks made to the findings should be then noted in the “comments” column.
There is also a column where a cross-reference to the PASA/PFSA and PASP/PFSP should be noted.
v OK : if the PASP/PFSP conforms to the requirement of ISPS code Part A and B and additional requirements
set by SCM
v NC: non-conformance to the requirement of ISPS code Part A
v NA: not applicable e.g. specific ship types, trading pattern etc.
v OBS: observation non-mandatory recommendation if any, made based on the requirement of ISPS Part B and
requirement set by SCM in order to improve the documented security system of PASP/PFSP.
The port assessment, plan development, plan implementation and plan audit review may be carried out
individually or in a group of MSAs assigned by Head of MSU (HMSU). If carry out in group, an opening meeting
in SCM office chaired by the HMSU should be established in order to discuss and assign responsibilities and
communication.
2.6 Reporting
A complete draft report of port assessment, plan implementation and plan audit verification are to be forwarded to
HMSU for verification prior to preparing final report for submission to PFO/PA .If found necessary and if time
permits, the reports should be verified by means of communication between the assigned MSA(s) and HMSU in a
so call preclosing meeting. The PASO/PFSO of that particular PFO/PA may participate in the meeting if a request
is received.
On satisfactory verification of draft reports by the HMSU, a final report and PASP/PFSP (see App. 6 – forms to be
used) to be prepared by the assigned MSA(s) with assistance from SMSU (SMSU) for submission to company.
No changes shall be made to the procedures and in the plan or equipment and implemented unless approved by the
DA.
2.7 Submission
On satisfactory completion of plan and reports, either preliminary or final, SMSU shall forward them to the
company attention to PASO/PFSO.
6. SCM Research, Development and Planning Unit Page 6 of 7
3 DOCUMENTATION
3.1 Archiving
As a minimum requirement, the following copies would be retained securely in MSU office.
(a) Working checklists
(b) PASP/PFSP title page
(c) PASP/PFSP index page
(d) Revision history of the PASP/PFSP
3.2 Confidentiality
In order to maintain and control authenticity and unauthorised changes, it is recommended that each page of the
PASP/PFSP should be stamped and initialled by PASO/PFSO, on completion of final plan.
SCM shall stamp “CONFIDENTIAL” and seal the entire postal document.
4.0 REFERENCE
· International Ship and Port Facility Security Code 2003 Edition, International Maritime Organization
· SOLAS Amendment 2003, International Maritime Organisation
· Code of Practice On Security in Ports, Geneva 2003, International Labor Organization and International
Maritime Organisation
· Implementation Guidelines, Malaysia Marine Department
7. SCM Research, Development and Planning Unit Page 7 of 7
Appendix I
SCM Port Security Assessment, Security Plan Development, Security Plan Implementation and
Security Plan Audit Verification Process
Responsibilities Reference
Order request from PFO/PA
Confirmed order request
(Quotation if necessary)
Assign MSA (s)
Conduct Port Assessment
(PASA/PFSA)
Develop PASP/PFSP
Assist PASP/PFSP
Implementation
Assist PASP/PFSP Audit
DA conduct verification
SMSU
HMSU
HMSU
MSA
MSA
MSA
MSA
Letter from owner or
SCM application form
Letter of confirmation
from SCM with fee if
necessary
SCM PASA/PFSA
checklist
SCM to revise
PASA/PFSA based on
input from DA and if
necessary perform re-
assessment
HMSU to verify draft
report
SCM PASP/PFSP report
template
SCM to revise
PASP/PFSP based on the
input from approval
comment and if necessary
perform re-assessment
PFO/PA to re-implement
PFO/PA to perform
preventive and corrective
action if any
START
END
PASO/PFSO submit PASP/PFSP
to DA for approval
PASO/PFSO submit
PASA/PFSA to DA for Approval
NO
NO
NO
NO
Correct
Correct
Correct
Correct
DA issue Statement of
Compliance
YESNO
YES
YES
YES
YES