Example of Questions during an ISPS Security Audit

Following are example of questions as a guide that an auditor may ask during an ISPS
security audit. The list is not exhaustive and the auditor is free to add other security
related questions.

The inability to answer these questions DOES NOT means there is a Non-Conformance.

Non-Conformance is only issued when there is an uncorrectable situation

onboard where the security of the ship is or will be compromised.

SHIP SECURITY PLAN

Note : At the beginning of an audit, the auditor should review the SSP. The auditor
should not review the SSP as part of an interview.

Has SSP been developed based upon SSA? Can you show me the SSA.

Who approved the SSP?

Are all changes to the security plan approved by the Administration?

Does the SSP address the following items? :

1. Measures designed to prevent weapons, dangerous substances and devices
intended for use against persons, ships or ports and the carriage of which is not
authorized from being taken on board the ship
2. Identification of the restricted areas and measures for the prevention of
unauthorized access to them
3. Measures for the prevention of unauthorized access to the ship
4. Procedures for responding to security threats or breaches of security, including
provisions for maintaining critical operations of the ship or ship/port interface
5. Procedures for responding to any security instructions Contracting Governments
may give at security level 3
6. Procedures for evacuation in case of security threats or breaches of security
7. Duties of shipboard personnel assigned security responsibilities and of other
shipboard personnel on security aspects
8. Procedures for auditing the security activities
9. Procedures for training, drills and exercises associated with the plan
10. Procedures for interfacing with port facility security activities
11. Procedures for the periodic review of the plan and for updating
12. Procedures for reporting security incidents
13. Identification of the ship security officer
 14. Identification of the company security officer including 24-hour contact details
15. Procedures to ensure the inspection, testing, calibration, and maintenance of any
security equipment provided on board
16. Frequency for testing or calibration of any security equipment provided on board
17. Identification of the locations where the ship security alert system activation
points are provided
18. Procedures, instructions and guidance on the use of the ship security alert
system, including the testing, activation, deactivation and resetting and to limit
false alerts

In the case that the Plan is to be kept in an electronic format, is it to be protected by

procedures aimed at preventing its unauthorized deletion, destruction or amendment?

Is the security plan property protected from unauthorized access or disclosure?

Does the SSP include the following items?

1. Organizational structure of security for the ship
2. Details on the ship's relationships with the Company, port facilities, other ships
and relevant authorities with security responsibility
3. Details on the communication systems to other ships and to port facilities
4. Details on basic security measures for Security Level 1
5. Details on how to upgrade the ship to Security Level 2 without delay
6. Regular review and audit
7. Reporting procedures to appropriate Contracting Governments contact points

SHIP TOUR
Are security duties implemented in an appropriate manner?
(Verify the condition only. If there is a doubt, interview relevant personnel later)

Is the control of access implemented in an appropriate manner?

(Verify the condition only. If there is a doubt, interview relevant personnel later)

Are the visitors and their belongings controled in an appropriate manner?

• ID Checked?
• Body search area designated/established - search is carried out?
• Checked person/items segregated from unchecked?

Is the access to the restricted area is controlled in order to allow access to the duly
authorized person only?

Are the upper deck and surroundings of the ship monitored?

Is the handling of cargo and ship's store supervised?

Is the security communication readily available?

Are safety requirements ensured despite having security measures in place?

MASTER – During Interview

How do you contact the CSO? Where in the SSP gives such contact point?

Where in your SSP it is stipulated that the master has ultimate responsibility for the
safety and security of the ship?

Please explain the master's overriding authority and ultimate responsibility briefly.

Do you know that you may request assistance to the company and contracting
Government? Where is such described in you SSP?

Please indicate any evidence that you are given support from the company.

Please explain the duty of the SSO briefly.

SHIP SECURITY OFFICER - During Interview

Please show me the certificate of the training course you completed prior to your
assignment as SSO.

Who is the CSO of the company? Where is such description given in the SSP?

How do you contact CSO in charge of the ship? Where is such description given in the
SSP?

What is the duty and responsibility of the CSO / SSO in-charge of the ship? Where is
such description given in the SSP?

How do you obtain security information about a port?

How do you correct deficiencies and non-compliance found onboard? Please show me
the records on these matters if any.

How do you or the CSO enhance security awareness and vigilance to the crew
members of the ship. Please show me such training records.

When was the last time you conducted training for the person on-board who has
security duties. Pleas show me the record?

How does the communication / co-ordination with PFSO take place on implementation
of the SSP?
Please explain the procedure for exchanging Declaration of Security (DoS).
(SSP may be referred to)

Are DoS for the last 10 port visits kept onboard? Please show me the records.
[Are there signature by both port facility and the ship and date on the DoS?
Are the DoS entered in common language between ship & port facility, or English,
French or Spanish?]

Is there any case where the Flag Administration requires exchange of a DoS? If so, did
you acknowledged the receipt of such an instruction? Please show me the record.

When security level 2 or 3 were set by the Flag Administration or other contracting
government, did you acknowledge receipt of the instruction notifying the change?
Please show me the record.

When the security level of the ship is higher than that of the port facility, did you advise
the fact to the designated authority and Port Facility Security Officer? In such a case,
did SSO co-ordinate with the PFSO along with appropriate measures ? Please show us
the record.

Is there any other measure ship may take if there is a change in the security level?
• Do you have procedure in place for a quick response when there is change in
security levels?
• Could you explain some examples?

How do you conduct regular security inspection? Please show us the record.

How do you oversee and ascertain the implementation SSP?

How do you co-ordinate handling of cargoes and ship's store with crew and PFSO?

Do you propose amendments to the SSP?

How do you report deficiencies, non-compliance and security incidents? Please show
us the record.

If there is a case of security incident, what actions will the ship take. Do these actions
conform to the SSP?

Please show me the record of corrective actions.

How do you promote awareness and vigilance on security onboard?

Please explain flag or port facility requirements or national regulation on security briefly.

How do you review your ship security assessment?

How do you conduct security inspection?

Please explain operation and condition of this port facility briefly.

Please explain security measures implemented onboard briefly.

Please explain security measures implemented in this port facility briefly.

Do you have procedure in place to evacuate the vessel, if the magnitude of security
breach or threat justifies this action?
• If so, How do you ensure visitors are accounted for?
• How do you interface with port facility and contracting government during such
an incident?

Please explain the techniques for training and education (including security measures
and procedure) briefly.

Please explain the way you handle security related sensitive information or security
related communication.

Please explain the recent threat and pattern on concerning security.

Please explain the way to recognize and detect weapons, dangerous substances and
devices?

Please explain the way to recognize characteristics and behavioral patters of person
who are likely to threaten security.

Please explain techniques for circumventing security measures.

Please explain the way you operate security equipment and system

Please explain the procedures to test, calibrate and carry out the maintenance of
security equipment and system during voyage.

Please explain the operational limitation of security equipment and system.

Please explain the way you conduct audit, inspection, control and monitoring.

Please explain the way you conduct physical search and non-intrusive inspection.

Please explain how you conduct security drill & exercise briefly.

Please explain the layout of the ship briefly.

Have you received support from the company concerning ship security matters?

SHIP'S PERSONNEL WITH SECURITY DUTIES

Note: Interview should be conducted for at least one person other than master/SSO.

Please explain the company's security policy briefly.

Who is designated as a Ship Security Officer of this ship?

Please explain the measure adopted onboard for controlling external access.
• How do you segregate checked persons and their personal effects from
unchecked persons and their personal effect?
• How do you identify persons coming onboard and ensure they have valid reason
for being onboard?
• How do you intensify such screening activities related to personal identification
and valid reason to be onboard as the security level increased?
• How do you identify the access points to the vessel when it is moored and how
do you protect these areas against unauthorized access?

When was the last time you participated in a security drill, training session, or exercise?

How do you report security breaches or incidents?

What do you do if someone tries to bring an unauthorized weapon, dangerous

substance on board the vessel?

How do you prevent unauthorized persons from coming on board?

What do you do to search persons and their belongings when they come on board?

How do you carry out the screening of baggage and persons coming onboard who may
bring unauthorized weapons onboard?

What are your procedures to search unaccompanied baggage?

How do you monitor the security of the ship when underway? while at berth? while
anchored?

Please tell me the various restricted area of this ship.

Please explain the security measures taken for the restricted area.

What methods do you use to prevent unauthorized individuals from accessing restricted
areas?

How do you intensify actions to prevent unauthorized access to restricted area as the
security level increased?

What do you do if there is a security breach? Or security threat?

Do you have procedure in place for security threats including bomb threats,
unauthorized access to the ship or its restricted areas, sabotage, or terrorist or criminal
activity?

What may happen, if someone attempts to gain unauthorized access to the bridge?
SHIP'S PERSONNEL WITHOUT SECURITY DUTIES
Note: Interview should be conducted for at least one person other than master/SSO and
other than the person interviewed above.

Please decribe the company's security policy.

Who is the Ship Security Officer of this ship?

What do you do if there is a security breach? Or security threat?

SECURITY RECORDS
(minimum period for record keeping is to be specified by the Administration)

Are records of training, drills and exercises kept onboard?

Is the drill conducted at least once every 3 months? In case the drill has been
conducted, what kind of drill? When was the last drill conducted.

In cases, where more than 25 percent of the ship's personnel have been changed at
any given time, the personnel who have not previously participated in any drill on that
ship within the last 3 months, Is the drill conducted within one week of the change?

Has the SSO participated in an exercise? If so, what kind of exercise, and who initiated
the exercise?

Are records on reports of security incidents kept onboard? If there are records of
security incident, is the CSO informed?

Are records on breaches of security kept onboard?

Are records on changes in security level kept onboard?

Are records on communications relating to the security of the ship are kept onboard?

Are records on internal audits and reviews of security activities kept onboard?

Has the internal audit been conducted by the person who is independent of the activities
being audited?

Are records on periodic review of the ship security assessment kept onboard?

Are records on periodic review of the SSP kept on board?

Are records on implementation of any amendments to the SSP kept on board?

Are records on maintenance, calibration and testing of security measures and related
equipment kept onboard?
Are the records being kept in the working languages of the ship? If the language or
languages used are not English, French or Spanish, does a translation into one of these
languages being included?

In the case that the records are to be kept in an electronic format, are they protected by
procedures aimed at preventing unauthorized deletion, destruction or amendment?