1 The Maritime Safety Committee at its seventy-seventh session
(28 May to 6 June 2003), bearing in mind the provisions of section 4.3 of Part A and sections
4.3 to 4.7 of part B of the International Ship and Port Facility Security Code (ISPS) on
Recognized Security Organization (RSO), developed the attached Interim guidelines for the
authorization of recognized security organizations acting on behalf of the administration and/or
designated authority of a contracting government.
2
The interim guidelines may be revised, based on the experience gained on the implementation of
the new SOLAS chapter XI-2 and the ISPS Code and, in particular, with the designation of RSOs
after 1 July 2004.
3 Member Governments and
international organizations concerned are recommended to bring this circular to the attention of
all parties concerned.
Annex Interim guidelines for the of recognized security organizations acting on behalf of the administration ...
INTERIM GUIDELINES FOR THE AUTHORIZATION OF RECOGNIZED SECURITY
ORGANIZATIONS ACTING ON BEHALF OF THE ADMINISTRATION AND/OR DESIGNATED AUTHORITY OF A CONTRACTING GOVERNMENT
General
1 Under the provisions of SOLAS regulation I/6 and,
inter alia , SOLAS regulation XI-2/1.16 "Special measures to enhance maritime security",
Recognized Security Organization (RSOs) may be delegated specific functions on behalf of the
Administration and/or the Designated Authority of the Contracting Government. The following
functions may be delegated in whole or in part to RSOs:
.1 approval
of ships security plans;
.2 verification for ships
.3 issuance and endorsement of International Ship Security Certificates; and
.4 development of port facility security assessments.
2 In no instance may the RSO approve, verify, or certify a work
product that it has developed (e.g. preparation ship security assessments, preparation ship
security plans or of amendments under review).
3
Control in the assignment of such authority is needed in order to promote uniformity of
assessments, verification, approval and certification activities required by SOLAS chapter XI-2
or by part A of the International Ship and Port Facility Security (ISPS) Code. Therefore, any
delegation of authority to RSO, should:
.1 determine that the
security organization has adequate resources in terms of technical, managerial and operational
capabilities to accomplish the tasks being assigned, in accordance with the interim guidelines
for RSOs acting on behalf of the Administration and/or Designated Authority as set out in
Appendix 1;
.2 have a formal written agreement between the
Administration or Designated Authority and the RSO being authorized;
.3
specify instructions detailing actions to be followed in the event that a ship is found
not in compliance with the relevant provisions of international requirements for which the RSO
has been delegated authority;
.4 provide the RSO with all
appropriate instruments of national law giving effect to the provisions of the conventions or
specify whether the Administration.s and/or Designated Authority.s standards go beyond
convention requirements in any respect; and
.5 specify that the RSO
maintain records that can provide the Administration and/or Designated Authority with data to
assist in interpretation and implementation of specific convention regulations.
Verification and monitoring
4 The Administration and/or Designated Authority
should establish a system to ensure the adequacy of work performed by the RSOs authorized to
act on its behalf. Such a system should, inter alia , include the following items:
.1 procedures for communication with the RSO;
.2
procedures for reporting from the RSO and processing of reports by the Administration
and/or Designated Authority;
.3 additional ship and port facility
inspections and audits by the Administration and/or Designated Authority or other delegated
organizations;
.4 the Administration.s and/or Designated Authority's
evaluation/acceptance of the certification of the RSO.s quality system by an independent body
of auditors recognized by the Administration and/or Designated Authority; and
.5 the Administration and/or Designated Authority should monitor and verify the
activities related to security delegated to the RSO as appropriate. The Administration and/or
Designated Authority maintain the ultimate authority continue or revoke delegations to RSOs.
Appendix 01 Interim guidelines for the of recognized security organizations acting on behalf of the administration ...
INTERIM GUIDELINES FOR AUTHORIZATION OF RECOGNIZED SECURITY ORGANIZATIONS ACTING ON BEHALF OF THE ADMINISTRATION AND/OR
DESIGNATED AUTHORITY OF A CONTRACTING GOVERNMENT
A Security Organization may be recognized by the
Administration and/or Designated Authority to perform statutory work on its behalf subject to
compliance with the following interim guidelines for which the recognised security organization
(RSO) should submit complete information and substantiation.
General
1 The relative size, structure, experience and
capability of the RSO commensurate with the type and degree of authority intended to be
delegated thereto should be demonstrated.
2 The RSO
should be able to document capability and experience in performing security assessments,
developing risk assessments, conducting maritime verification, approval and certification
activities for ships and/or for port facilities and their ancillary equipment, as appropriate.
Specific Provisions
3 The following should apply for the purpose of
delegating authority to perform port facility security assessment and ship verification, and
certification services of a statutory nature in accordance with regulatory instruments which
require the ability to integrate ship and port interface operational considerations with
maritime security threats, and to develop, verify and audit specific requirements:
3.1 The RSO should provide for the publication and
systematic maintenance of procedures in the English language for the conduct of activities to
ensure compliance with delegated authorities pursuant to SOLAS chapter XI-2. Updating of these
procedures should be done on a periodic basis at intervals acceptable to the Administration.
3.2 The RSO should allow participation in the
development of its procedures by representatives of the Administration and/or Designated
Authority and other parties concerned.
3.3 The RSO
should be established with:
.1 an adequate technical, managerial and
support staff capable of developing and maintaining its procedures; and
.2
a qualified professional staff to provide the required service representing an adequate
geographical coverage as required by the Administration and/or Designated Authority.
3.4 The RSO should be governed by the principles of
ethical behaviour, which should be contained in a Code of Ethics and as such recognize the
inherent responsibility associated with a delegation of authority to include assurance as to
the adequate performance of services as well as the confidentiality of related information as
appropriate.
3.5 The RSO should demonstrate the
technical, administrative and managerial competence and capacity to ensure the provision of
quality services in a timely fashion.
3.6 The RSO
should be prepared to provide relevant information to the Administration and/or Designated
Authority, as necessary.
3.7 The RSO's management
should define and document its policy and objectives for, and commitment to, quality and ensure
that this policy is understood, implemented and maintained at all levels in the RSO.
3.8 The RSO should be subject to certification of its
quality system by an independent body of auditors recognized by the Administration and/or
Designated Authority. The Administration and/or Designated Authority may serve as the auditor.
3.9 The RSO should develop, implement and maintain
an effective internal quality system based on appropriate parts of internationally recognized
quality standards no less effective than the ISO 9000-2000 series, and which, inter alia,
ensures that:
.1 the RSO.s procedures are established and maintained
in a systematic manner;
.2 the RSO.s procedures are complied with;
.3 the requirements of the statutory work for which the RSO is
authorized, are satisfied;
.4 the responsibilities, authorities and
interrelation of personnel whose work affects the quality of the RSO.s services, are defined
and documented;
.5 a supervisory system is in place that monitors the
actions and work carried out by the RSO;
.6 a system for
qualification of assessors, surveyors, and auditors and continuous updating of their knowledge
is implemented;
.7 records are maintained, demonstrating achievement
of the required standards in the items covered by the services performed, as well as the
effective operation of the quality system;
.8 a comprehensive system
of planned and documented internal audits of the quality related activities in all locations is
implemented;
.9 the RSO has established a process and procedures to
assess and monitor at periodic intervals the trustworthiness of its personnel;
.10 the RSO has established processes and procedures to ensure that appropriate
measures are in place to avoid unauthorized disclosure of, or access to, security sensitive
materials relating to ship security assessments, ship security plans, port facility security
assessments and port facility security plans, and to individual assessments or plans; and
.11 a procedure for providing feed back and information, as appropriate,
to its customers.
4 The following should, in
addition, apply for the purpose of delegating authority to perform certification services of a
statutory nature in accordance with regulatory instruments.
.1 the
provision and application of proper procedures to assess the degree of compliance of the
applicable shipboard maritime security measures and management systems:
.2 the provision of a systematic training and qualification regime for its professional
personnel engaged in the maritime security management system certification process to ensure
proficiency in the applicable quality and security management criteria as well as adequate
knowledge of the technical and operational aspects of maritime security management; and
.3 the means of assessing through the use of qualified professional
staff the application and maintenance of the security management system both shore based as
well as on board ships intended to be covered in the certification.
Specialized expertise
5 Each RSO shall be able to demonstrate by means of
established process, procedures, and relevant documentation the following minimum capabilities
following the guidance in paragraph 4.5 of part B of the ISPS Code:
.1
expertise in relevant aspects of security;
.2 appropriate
knowledge of ship and port operations, including knowledge of ship design and construction if
providing services in respect of ships and port design and construction if providing services
in respect of port facilities;
.3 their capability to assess the
likely security risks that could occur during ship and port facility operations including the
ship/port interface and how to minimize such risks;
.4 their ability
to maintain and improve the expertise of their personnel;
.5 their
ability to monitor the continuing trustworthiness of their personnel;
.6
their ability to maintain appropriate measures to avoid unauthorized disclosure of, or
access to, security-sensitive material;
.7 their knowledge of the
requirements of SOLAS chapter XI-2 and part A of the ISPS Code and the guidance contained in
part B of the Code and relevant national and international legislation and security
requirements;
.8 their knowledge of current security threats and
patterns;
.9 their knowledge of recognition and detection of weapons,
dangerous substances and devices;
.10 their knowledge of recognition,
on a non-discriminatory basis, of characteristics and behavioural patterns of persons who are
likely to threaten security;
.11 their knowledge of techniques used
to circumvent security measures; and
.12 their knowledge of security
and surveillance equipment and systems and their operational limitations.