HelmOps
HelmOps
SolutionsSystemSecurity
Member LoginStart Free Trial
  1. Home
  2. /Glossary
  1. Home
  2. /Glossary
  3. /ISPS Code

ISPS Code

The ISPS Code (International Ship and Port Facility Security Code) is the IMO security framework mandatory under SOLAS Chapter XI-2. It requires a Ship Security Plan, a Ship Security Officer (SSO), and compliance with one of three security levels set by flag and port states. All commercial vessels over 500 GT on international voyages must hold a valid International Ship Security Certificate (ISSC).

Track certificates, crew documents, and deadlines in one placeStart Free Trial

Definition

Semantic definition

Subject
ISPS Code
Predicate
is the IMO security framework that
Object
requires a Ship Security Plan, Ship Security Officer, and ISSC certificate for commercial vessels over 500 GT on international voyages.

ISPS Code is the IMO security framework that requires a Ship Security Plan, Ship Security Officer, and ISSC certificate for commercial vessels over 500 GT on international voyages.

Contents

  1. 1What the ISPS Code Is
  2. 2Ship Security Plan
  3. 3Ship Security Officer and Company Security Officer
  4. 4Security Levels 1, 2, and 3
  5. 5Declaration of Security
  6. 6International Ship Security Certificate

What the ISPS Code Is

The ISPS Code is the International Ship and Port Facility Security Code. It is part of the SOLAS Chapter XI-2 security framework and entered into force on 1 July 2004 as the IMO response to the September 2001 attacks. The code applies to cargo ships of 500 GT and above engaged in international trade, all passenger ships, and port facilities serving those ships. Most commercial superyachts above 500 GT engaged internationally must comply. The core idea is structured security management: identify threats, control access, train crew, coordinate with ports, and prove through audit that the vessel can operate at declared security levels. ISPS is not a general anti-theft checklist; it is a statutory security management system tied to certificates, drills, records, and port state expectations.

Ship Security Plan

The Ship Security Plan, or SSP, is the confidential vessel-level plan that describes security threats, vulnerabilities, protective measures, access controls, restricted areas, communications, drill requirements, and escalation procedures. It must be approved by the flag state or a Recognised Security Organisation. Because the SSP contains sensitive information, it is not disclosed in full to Port State Control officers. Inspectors normally confirm that an approved plan exists, that relevant crew know their duties, and that security records support implementation. A yacht SSP should be realistic for yacht operations: guest movements, marina access, tenders, contractors, provisioning, events, and high-profile owner privacy create different risk patterns from cargo terminals. A copied generic SSP is weak evidence if the crew cannot explain how it works on board.

Track certificates, crew documents, and deadlines in one placeStart Free Trial

Ship Security Officer and Company Security Officer

The Ship Security Officer, or SSO, is the designated officer responsible for implementing the SSP on board. On many yachts this is the captain or a senior officer, and the SSO must hold appropriate ISPS or SSO training. The role is continuous: access control, visitor logs, security rounds, crew awareness, drills, contractor supervision, and response to port security instructions sit within the SSO function. The Company Security Officer, or CSO, is the shore-based counterpart. The CSO develops and maintains the SSP, coordinates with Port Facility Security Officers, supports audits, tracks threats, and ensures the vessel has guidance when security levels change. Effective ISPS compliance depends on this ship-shore relationship. If the SSO is left alone without shore support, records and decisions quickly become inconsistent.

Security Levels 1, 2, and 3

ISPS uses three security levels. Level 1 is normal operation, with minimum protective measures active at all times. Level 2 is heightened threat, requiring additional measures such as tighter access checks, more frequent patrols, restricted visitor movement, increased monitoring, or extra coordination with the port facility. Level 3 is a specific or imminent threat and requires maximum protective measures, often directed by a government or port authority. A vessel must respond when a port state or flag state declares a changed level. For yachts, this means the crew need practical checklists, not only policy text. The SSO should know how to brief crew, control guests and contractors, secure tenders, communicate with the PFSO, and document the change without creating panic or service confusion.

Declaration of Security

A Declaration of Security, or DoS, is a formal interface document between the vessel and a port facility or another ship. It defines which party is responsible for specific security measures during the interface, such as access control, monitoring, baggage checks, restricted area protection, communications, and incident reporting. A DoS is required when a risk assessment or applicable authority calls for it, and it is frequently used in sensitive ports, heightened security levels, unusual operations, or locations with poor security infrastructure. It is not mandatory for every port call. Yacht crews sometimes treat DoS paperwork as an agent problem, but the SSO should verify that the agreed measures match the actual operation. Signing a DoS that the crew cannot implement creates audit and liability exposure.

International Ship Security Certificate

The International Ship Security Certificate, or ISSC, is issued by the flag state or an authorised Recognised Security Organisation after audit. It confirms that the SSP is approved and implemented. A full ISSC is valid for five years with intermediate verification, and it must be kept on board for inspection. Port State Control commonly checks the certificate, security level records, drill records, SSO training, and evidence that the crew understand their duties. An Interim ISSC, usually valid for six months, may be issued after an initial audit when a vessel changes flag, changes management, is newly delivered, or enters ISPS scope for the first time. The interim certificate is not a paperwork shortcut; it is a transition tool while full implementation evidence is built.

Frequently Asked Questions

Manage ISPS Code with HelmOps

Purpose-built for yacht operations — offline-first, compliance-ready.

HelmOps Compliance TrackingRequest a Demo

Track certificates, crew documents, and deadlines in one place

30-day free trial. No credit card required.

Start Free Trial

Verified reference

https://www.imo.org/en/OurWork/Security/Pages/ISPS-Code.aspx(opens in new tab)

Related terms

  • SOLAS
  • Port State Control
  • Flag State

Last updated: 28 May 2026

← All glossary

HelmOps
HelmOps

The definitive operating system for modern superyachts. Engineered for absolute control, financial clarity, and operational excellence.

Resources

  • HelmOps solutions overview
  • Features
  • Maritime Intel
  • Glossary
  • Compare
  • Locations
  • Yacht Fleet
  • Tools
  • For Captains
  • For Owners
  • The Log

Fleet Support

  • About
  • Start Free Trial
  • Book a Demo
  • Concierge Setup
  • System Status
  • Maritime Compliance

Institutional

  • Privacy Charter
  • Terms of Command
  • Cookie Policy
  • Security Center
  • Security
  • Compliance

© 2026 HELMOPS MARITIME TECHNOLOGIES. ALL RIGHTS RESERVED.

GLOBAL SYSTEMS OPERATIONAL