ISPS Security Rounds and Access Control

The gangway log is not a formality. It is your evidence that you controlled the ship.

What the ISPS Code Actually Means on Deck

The International Ship and Port Facility Security Code came into force in 2004 and most people who have been at sea since know the acronym. Fewer of them can tell you, in plain terms, what it requires of the officer or rating standing gangway watch at 0200 in a container port. That is the gap this piece is trying to close.

The Code establishes a framework. Your company’s Ship Security Plan (SSP) translates that framework into the specific procedures your vessel is required to follow. The SSP is a controlled document and you may not have read the whole of it, but the gangway watchkeeper needs to know the access control sections cold. If you have not read them recently, do it before your next port call. The Port State Control officer who comes aboard has read them, and he will ask you questions that assume you have too.

Three things sit at the centre of practical ISPS work: knowing which security level you are operating at, controlling who comes aboard and recording it properly, and sweeping the vessel to detect anything that should not be there. Everything else is supporting structure.

Security Levels: What Each One Demands of the Watchkeeper

Security levels are set by flag state and port state. They do not always agree, and when they do not, you operate at the higher of the two. Your SSO should be telling you this before arrival. If they are not, ask.

Security Level 1 is normal operations. This does not mean relaxed. It means that the baseline measures in your SSP are in force: access control at all entry points, identification checks for all personnel, patrolling of deck and spaces, checking of deliveries. Level 1 is where most of your port time is spent, and most of the failures happen here precisely because it feels routine.

Security Level 2 is heightened threat. Additional measures come into force. In practical terms this means: restrict the number of access points to the vessel (often to a single gangway), increase the frequency of deck patrols, scrutinise unaccompanied movement on board more closely, and brief the crew. All visitors require prior notification to the Master or SSO. Your paperwork load goes up and your tolerance for informal arrangements goes down.

Security Level 3 is a specific threat. It is rare, but it is not theoretical. At Level 3 you are following instructions from authorities and your SSO simultaneously. The vessel may be instructed to suspend cargo operations, restrict all access, or muster in specific locations. The gangway watchkeeper’s job at Level 3 is to do exactly what the SSO says and to keep a contemporaneous record of everything they are told and every action taken.

Know which level you are at before you go on watch. Write it in the log at the start of every watch. It takes five seconds and it demonstrates intent.

The Gangway: Your Primary Vulnerability

Everything that threatens the vessel comes through the gangway or over the side. The side is harder to control and that makes the gangway the critical point. Most ports require a single-gangway watch, which means one access point and one person or team controlling it. That is not a weakness in the system; it is the system working as designed. The weakness is in how that control is exercised.

The gangway watchkeeper needs the following tools and must use them:

• The visitor/personnel access log, current and properly formatted
• Visitor passes or badges, numbered and tracked
• A copy of the crew list to verify returning crew
• A means of contacting the duty officer or SSO immediately
• Clear, illuminated sight of the gangway head and foot at all times

Anyone coming aboard who is not a crew member gets checked against an expected arrivals list or gets verified by the duty officer before they step aboard. Not after. The discipline here is non-negotiable: once someone is on the vessel, the control has already partly failed. Your job is at the top of the gangway, not on the main deck.

Crew members returning aboard who are not carrying their Seafarer Identity Document or Continuous Discharge Book should not be waved through because you recognise their face. You can recognise a face and still require them to call down a senior crew member to vouch for them formally. Faces change after a run ashore. Attitudes should not.

Access Control Registers, Visitor Badges and Contractor Escorting

The visitor log is a legal document in the context of a PSC inspection or a security incident investigation. Treat it accordingly. Every entry requires: full name, organisation, purpose of visit, time of arrival, time of departure, name of escorting crew member or host, badge number issued.

Rubber-stamped logs are easy to spot. Identical handwriting for multiple visitors, times entered in blocks rather than as arrivals happen, no departures recorded — these are the signs of a log that was filled in after the fact. PSC officers see them constantly. The consequence is not just a deficiency notice; it calls into question the entire security regime on the vessel.

Badges must be numbered and the numbers must correspond to entries in the log. When a visitor leaves, you get the badge back and you record the time. If a badge is not returned, you raise it immediately with the duty officer. A badge still circulating inside the vessel is an access control failure until it is recovered.

Contractors need escorting — not being pointed in the right direction and told to find their own way. An escort means a crew member who is with them, or who has positively handed them to another crew member, for the duration of their time on board. Access doors to machinery spaces, cargo control rooms, and accommodation are controlled spaces. A contractor going into one without escort is a security failure, full stop.

The common failure here is the partially escorted visit: a crew member brings contractors aboard, shows them to the work area, and then leaves them to get on with it while the crew member goes back to their own task. This is not escorting. If you cannot spare a crew member to escort properly, the work does not start until you can.

Deck Security Sweeps: Technique and What You Are Looking For

A security sweep is not a walk around the deck to get some fresh air. It is a systematic check of defined areas against a defined checklist, conducted at intervals specified in your SSP, and recorded in the security log.

On the sweep, you are looking for:

• Unattended bags, packages or equipment that does not belong to an identified work party
• Open or unlocked access points that should be secured: store doors, bosun’s store hatches, emergency exits from accommodation, engine room escape hatches on deck
• Signs of tampering with fittings, valves, or mooring arrangements
• Persons in spaces without an obvious legitimate reason to be there
• Vessels or floating objects in close proximity to the hull, particularly at night
• Any lighting deficiencies that create unobserved areas

The crew-only access door propped open with a fire extinguisher is one of the most common security lapses you will find on any vessel in port. The person who propped it open was carrying something heavy and did not want to swipe their card twice. The consequence is an unsupervised entry point from the port facility into the ship’s accommodation for however long it stayed propped. That is not a theoretical risk; it is an open door.

When you find something anomalous on a sweep, you do not touch it and you do not try to move it. You isolate the area, report to the duty officer and SSO, and record the time you found it and the action you took. The SSP will have a response procedure. Follow it.

The Declaration of Security

The Declaration of Security (DoS) is the formal agreement between the ship and the port facility, or between two ships in a ship-to-ship operation, setting out the security responsibilities each party will meet during the interface. It is signed by the Master or SSO and the Port Facility Security Officer (PFSO).

In practice, the DoS tells you what the port is doing and what you are doing. If the port is checking everyone leaving the facility before they approach the vessel, that changes your posture at the gangway. If the port is not conducting vehicle checks, that increases your scrutiny of deliveries coming alongside. The DoS is not a bureaucratic exchange of paper; it is operational information.

Read it before the watch starts. If the SSO has not made it available or has not briefed the gangway watchkeeper on its contents, ask. You are entitled to know what security measures are in place around your vessel.

Port-Specific Requirements and the SSO Briefing

Different ports carry different requirements. High-risk ports in some regions will mandate armed guards on the gangway; other ports will require all visitors to have pre-cleared identification through the port authority before they approach. Some ports use standardised access passes that must be checked against a port-issued list. Some do not.

This is why the SSO briefing before arrival is not optional. The SSO has received the port security information and has the current MARSEC or equivalent threat-level data. They should be briefing the gangway watch team before arrival on:

• Current security level for the flag state and the port state
• Any specific port requirements for visitor ID or access control
• Whether a DoS has been agreed and what its terms are
• Any specific threats or advisories relevant to the port or region
• Expected visitors, contractors, or authority boardings during the stay

If you receive no briefing, you follow your SSP baseline and you ask until you get answers. Uninstructed watchkeepers are the product of an SSO who is not doing the job. That is a management failure, but it does not reduce your responsibility to control your gangway.

In Practice

• Check the current security level before going on watch. Write it in the log.
• Read the DoS. If you have not seen it, ask the SSO before the watch starts.
• Every visitor gets logged on arrival and on departure. No exceptions.
• Badges are numbered, tracked, and recovered. A missing badge is an incident, not an inconvenience.
• Contractors are escorted from arrival to departure. Pointing the way is not escorting.
• Conduct sweeps on schedule and record them. A sweep that was not recorded was not, in legal terms, done.
• Crew-only access points are checked on every sweep. If one is propped open, you close it and you find out who did it.
• Anything unattended and unexplained: do not touch, isolate the area, report immediately.
• When in doubt about whether someone should be aboard, the default answer is no, not yes. The duty officer can sort it out from there.