hzs isps 2006-20074.1 isps 4. ship security assessment

HZS ISPS 2006-2007 4.1

ISPS

4. Ship Security Assessment

HZS ISPS 2006-2007 4.2

Ship Security Assessment

I. Risk Assessment Methodology

II. Assessment Tools

III. On-scene security surveys

IV. Practical steps to conduct a SSA

V. Security assessment documentation

HZS ISPS 2006-2007 4.3


• What is SSA: It is a process that identifies weaknesses in physical structures, personnel protection systems, processes, or other areas that may lead to a security breach, and may suggest options to eliminate or mitigate those weaknesses.

• Objective: Detect threats to critical assets of the company and define preventive measures against security incidents affecting the company and the ships in order to prioritise security measures.

HZS ISPS 2006-2007 4.4


• Must be carried out by: Persons With Appropriate Skills To Evaluate The Security of A Ship (see next)

• Under supervision of / assigned by: Company Security Officer

• And this: In Accordance With Part A Of The Code, Taking Into Account Part B Of The Code.

HZS ISPS 2006-2007 4.5


Persons With Appropriate SkillsRemark by Classification Company:We understand the CSO should decide who has the

appropriate skills although the Code does not stipulate specifically who will evaluate the appropriate skills. We also understand persons to carry out SSA may draw upon expert assistance as in Code B/8.4 in addition to his own skills. The specific ways to draw upon expert assistance are considered to be security consultant, literature, internet web site, services delivered by e-mail and various information issued by each country. We advise to make a list of those assistance methods to use for carrying out SSA.

HZS ISPS 2006-2007 4.6


3 Key steps:

1. Identify the key ship board operations important to protect. RISK ASSESSMENT

2. Identify the possible threats to the ship and their probability of occurrence against the requirements of the ISPS Code. THREAT ASSESSMENT

1. Risk Assessment

2. Threat Assessment

HZS ISPS 2006-2007 4.7


What is “RISK” & for “What”?

Estimated

impactX=

Estimated

likelihoodRisk

Lives

Property

Societal disruption

Image

Money

1.1. Risk AssessmentRisk Assessment


HZS ISPS 2006-2007 4.8


Sequence of activities:• Define the system being studied• Identify the hazards associated with that

system• Assess the likelihood of the hazards

occurring• Identify how each hazard might progress

to various outcomes



HZS ISPS 2006-2007 4.9


Sequence of activities (cont’d):• Assess the likelihood of progression to each

outcome• Asses the consequences associated with each

outcome• Multiply likelihood and consequence to obtain

the risk associated with each outcome• Sum the risks associated with the outcomes to

produce an overall risk



HZS ISPS 2006-2007 4.10


The Threats according to the ISPS Code are:The Threats according to the ISPS Code are:

Damage to, or destruction of, the port Damage to, or destruction of, the port facility or of the ship (by explosive devices, facility or of the ship (by explosive devices, arson, sabotage, vandalism)arson, sabotage, vandalism)Hijacking or seizure of the ship or the Hijacking or seizure of the ship or the persons on boardpersons on boardTampering with cargo, essential ship Tampering with cargo, essential ship equipment or systems or ship’s storesequipment or systems or ship’s storesAttacks whilst at sea or from seaward at Attacks whilst at sea or from seaward at berth or at anchorberth or at anchor

1. Risk Assessment

2.2. Threat AssessmentThreat Assessment

HZS ISPS 2006-2007 4.11


Threats according to the ISPS Code are: (Cont.)• Unauthorized access or use including the

presence of stowaways• Smuggling weapons or equipment• Use of the ship to carry those intending to cause

a security incident and their equipment• Use of the ship itself as a weapon or as means

to cause damage or destruction• Blockage of port entrances, locks, approaches,

etc.• Nuclear, biological and chemical attack

1. Risk Assessment


HZS ISPS 2006-2007 4.12

Security Objects according to the ISPS Code are:Security Objects according to the ISPS Code are:•The port’s infrastructure, especially the port’s accesses, entrances, approaches, etc

•The port’s facilities•The port’s employees / the employees of the port’s companies

•The cargo present at the port•The port’s environment (surrounding areas, air, water)

•The ships (and the passengers) in the port•The IT systems

1. Risk Assessment



HZS ISPS 2006-2007 4.13


Items to be protected include:• The ship’s personnel• Passengers, visitors, vendors, repair

technicians, port facility personnel etc.• The capacity to maintain safe navigation

and emergency response• The cargo, particularly dangerous goods

or hazardous supstances• Ship’s stores

1. Risk Assessment


HZS ISPS 2006-2007 4.14


Items to be protected include: (Cont.)

• Any ship security communication equipment and systems

• Any ship’s security surveillance equipment and systems

1. Risk Assessment


HZS ISPS 2006-2007 4.15


Items to be taken into account that could create vulnerabilities:

• Conflicts between safety and security measures• Conflicts between shipboars duties and security

assignments• Watchkeeping duties, number of ship’s

personnell, and any implications to crew fatigue, alertness and performance

• Any identified security training dificiencies• Any security equipment and systems , including

communication systems

1. Risk Assessment


HZS ISPS 2006-2007 4.16







HZS ISPS 2006-2007 4.17


• The Ship Security Officer must use systematic and consistent approaches to evaluate the security conditions and vulnerabilities.

• The operational aspects will be the main focus.

• A checklist can/will be used and must include items like:

HZS ISPS 2006-2007 4.18


Minimum Checklist items:• General layout of the ship• Location of areas that should have restricted

access, such as the bridge, engine room, radio room etc.

• Location and function of each or potential access point to the ship

• Open deck arrangements including the height of the deck above water

• Emergency and stand-by equipment available to maintain essential services

HZS ISPS 2006-2007 4.19


Minimum Checklist items: (Cont.)• Numerical strength, reliability, and security duties of the

ship’s crew• Existing security and safety equipment for protecting the

passengers and crew• Existing agreements with private companies for providing

ship an waterside security services• Existing protective measures and procedures in practice,

uncluding inspection, control and monitoring equipment, personnel identification documents and communication, alarm, lighting, access control and other appropriate systems

HZS ISPS 2006-2007 4.20







HZS ISPS 2006-2007 4.21


• The on-scene security survey is an integral part of any SSA.

• A SSA is not complete without an on-scene security survey.

• A company can use 1 assessment for different ships but the survey is unique for every vessel.

HZS ISPS 2006-2007 4.22

The survey should fulfill the following functions:• Identification of existing security measures, procedures

and operations• Identification and evaluation of key shipboard operations

that it is important to protect• Identification of possible threats to the key shipboard

operations and the likelihood of their occurrence, in order to establish and prioritize security measures

• Identification of weaknesses, including human factors in the infrastructure, policies and procedures


HZS ISPS 2006-2007 4.23


Min. items to be examined by On-scene security survey:

• Ensuring the performance of all ship security duties

• Monitoring restricted areas to endure that only authorized persons have access

• Controlling access to the ship, including any identification systems

• Monitoring of deck areas and areas surrounding the ship

HZS ISPS 2006-2007 4.24


Min. items to be examined by On-scene security survey: (Cont.)

• Controlling the embarkation of persons and their effects (accompanied and unaccompanied baggage and ship’s personnel personal effects)

• Supervising the handling of cargo and the delivery of ship’s stores

• Ensuring that ship security communication, information, and equipment are readily available

HZS ISPS 2006-2007 4.25


Threats...

May imply risks for...

Security Objects.

Preventive Preventive MeasuresMeasures

Detective Detective MeasuresMeasures

Corrective Corrective MeasuresMeasures

HZS ISPS 2006-2007 4.26







HZS ISPS 2006-2007 4.27

Overall steps to

produce a SSA


HZS ISPS 2006-2007 4.28


Step 1: Obtain and record the following information required to conduct an assessment:

1. Ship and company documentation as detailed in section 1 (should contribute to the threat evaluation phase)

2. Record and document the following in detaila) Authorised access points as detailed in section 4

b) Restricted areas as detailed within section 5

c) Escape and evacuation routes as detailed in section 6

d) Existing security equipment/systems as detailed in section 7

HZS ISPS 2006-2007 4.29

3. A copy of the ships general arrangement plan annotated with:a) Authorised access points as detailed in section 4b) Restricted areas as detailed within section 5c) Escape and evacuation routes as detailed in

section 6d) Existing security equipment/systems as detailed

in section 7

This gathered information will be used in the following steps.


HZS ISPS 2006-2007 4.30

Step 2: Conduct and document a detailed threat evaluation and risk assessment for the ship as detailed in section 8. Assess for any weaknesses, note them and address them in the on-scene security survey. Keep a copy of this documentation and add them to the final SSA.


HZS ISPS 2006-2007 4.31


Step 3: Conduct the on-scene security survey during which all previous information gathered must be confirmed and any weaknesses identified as detailed in section 9. Keep a copy of this survey in the final SSA

HZS ISPS 2006-2007 4.32


Step 4: If any ammendments are to be made to one of the previous documents, due to the making of the security survey, it must be done at this point. All additions and ammendments must be documented and copied in the ship security plan. They must also be retained in the SSA.

HZS ISPS 2006-2007 4.33


Step 5: Present the SSA to the company for review and acceptance. The SSP will be finalised with the SSA.

Step 6: The SSP, accompanied with the assessment, is put forward for approval by the Administration or Recognised Security Organisation (RSO)

HZS ISPS 2006-2007 4.34


Practical steps for the mitigation of different threats/ scenario’s:

Step 1: Scenario Selection Step 2: Evaluate/score the scenario in terms of

potential consequences Step 3: Evaluate/score the scenario in terms of

ship’s vulnerability Step 4: Determine if the scenario requires a

mitigation strategy Step 5: Implement mitigation strategy

HZS ISPS 2006-2007 4.35

Potential Threat

Scenario’s


HZS ISPS 2006-2007 4.36

Step 1: Scenario Selection


HZS ISPS 2006-2007 4.37

Step 2: Evaluate, score the scenario in terms of potential consequences


HZS ISPS 2006-2007 4.38

Step 3: Evaluate, score the scenario in terms of ship’s

vulnerability


HZS ISPS 2006-2007 4.39

Step 4: Determine if the scenario requires a mitigation strategy


HZS ISPS 2006-2007 4.40

Step 5: Implement mitigation strategy


HZS ISPS 2006-2007 4.41


Exercise: Restricted Area’s

Sum up the restricted area’s o/b

Read & Comment

HZS ISPS 2006-2007 4.42







HZS ISPS 2006-2007 4.43


• After completion of the SSA a report must be prepared, consisting of a summary of how the assessment was cinducted, a description of each vernerability found during the assessment, and a description of counter measures thet could be used to address each vulnerability.

• This report must be protected from unautherized access or disclosure.

hzs isps 2006-20074.1 isps 4. ship security assessment

Documents

risk assessmentidentify

security measures

security consultant

security incidents

security breach

isps code

company security officer

code b8