ISPS Code requires from a shipping organization to conduct security internal audits in an effort to monitor and assess the level of managed vessels’ compatibility to security regulations and the effectiveness of the implemented Ship Security Plan.
In general, internal audits should be carried out by independent personnel who have received appropriate training. The audit is carried out at the workplace, with the use of checklist(s) for recording appropriate items; however, the auditor may deviate from the list to include additional items and important issues which emerge as the audit progresses.
As far it concerns security internal audits, Company Security Officer (CSO) is responsible for the schedule of internal audits onboard, ensuring that every part of the ship security plan on board vessels is audited once per calendar year, and at any other greater frequency, as deemed necessary. However, the CSO may initiate unscheduled audits if any serious deficiency becomes apparent from dangerous occurrences, review of records or during routine operations. Additionally, it is CSO’s responsibility to assign an auditor at a convenient time prior to the audit.
Key focus areas of security internal audits
There are some major areas on which the security auditors should focus on during internal audits:
- Auditors need to check the approval letter of SSP and ensure that it is valid. Status of SSP should be reviewed to be made sure that ship’s related personnel is familiar with it. Also, procedures should be in place for establishing and maintaining contact with shore management in an emergency. The master should provide documented proof of his responsibilities and authority, which must include his overriding authority. In addition, there should be checked if non-conformities are reported to the Company and which are the corrective actions been taken by the Company, regarding each non-conformity. It is essential to be checked if the security filling system is in place and properly implemented.
- As long as Ship Security Plan is based on the results of the Security Assessment, auditors should review the status of the Ship Security Assessment conducted to guide the construction of the SSP and also, should be made sure that SSA has been accepted by the CSO.
- Regarding the Company’s Security Officer, it is important to be checked if the crew is aware who the CSO is and if his/her contact numbers are available on board. CSO certificate should be valid and copies are placed on board.
- There should also be made sure that the Ship Security Officer is aware of all his duties and responsibilities and his/ her certificates are valid and placed on board.
- During a Security audit, all documents and records related to the ship security should be inspected, in order to be checked if the amendments/ revisions been performed to the plan have been reported accordingly and if prior to any revision the appropriate assessment been performed. Revisions and amendments should be approved by the administration. Also, there should be made sure that all documents concerning security issues are confidentially kept in restricted places on board.
- As for the security drills and related training, auditors should check if the drills program is followed as required and so does the training program establish by the company. Moreover, during an ISPS audit there should be checked if Safety Drills reports are completed properly and if they have been forwarded to the Head Office at the required intervals.
- By the time the auditor board on vessel, he/she will have the opportunity to check weather all the appropriate measures are followed accordingly. There should be checked if all access points are covered by patrols and watchman and if there is a log keeping for the visitors. Boundaries are placed where it is important and access onboard is properly secured.
- SSP requires the statement of vessel’s restricted areas and it is required to ensure that these places are searched as required, doors are properly maintained and locked. If suspected stuff has been found, should be reported and the handling of such incidents should be communicated to the company.
- Lights, projectors and other signs should be checked in order to be made sure that are in a good working condition and ready to be used during emergency situations.
- Security equipment should be maintained and tested to ensure that it works efficiently. Security auditor is checking the relevant maintenance logs and whether the Security Equipment Reports are properly performed and forwarded to the Company.
On completion of the audit, the auditor completes the relevant checklist form where he shall indicate the audit findings, any Non Conformities raised and any other critical observations. The report shall be forwarded to the Company Security Officer who reviews it and records any Non Conformities may raised.
One of the most important issues of the security auditing procedure is the audit results to be communicated to all employees, onboard vessels and ashore. The CSO is responsible to ensure that all Department Staff related to the system problem identified, is kept updated and informed. Besides, the scope of the whole procedure is to prevent any unfavorable situations and focus on future improvements.
Read in the series
- Security Measures: A brief review of ISPS Code implementation
- Security Measures: Putting the ISPS Code into practice
- Security Measures: Tips for a successful security internal audit
