Discovering the Ultimate Authority for Approving SSPs


Updated on:

As a career cyber security expert, I’ve seen a lot of changes in the industry over the years. One of the most important shifts has been the emphasis on developing systematic security programs (SSPs) as part of overall risk management strategies. SSPs are designed to help organizations identify and manage risks, ensuring the confidentiality, integrity, and availability of sensitive information and systems. But the big question on the minds of security professionals everywhere is this: who has the ultimate authority to approve SSPs?

This topic can be a real hot-button issue for many in the industry, and understandably so. The answer can vary depending on the organization, industry, or even specific regulations and best practices. But for those of us who work in cyber security day in and day out, understanding the ultimate authority for approving SSPs is critical to our success and the success of the organizations we serve.

So today, I want to dive deep into this topic and explore the many different factors that come into play when determining who holds that ultimate authority. From industry standards to government regulations, we’ll take a look at all the key issues and help you better understand this critical aspect of cyber security. Let’s get started!

Who approves the SSP?

The approval process for the Security Plan for ships (SSP) is a crucial step in ensuring that every ship that falls under the jurisdiction of the International Ship and Port Facility Security (ISPS) code is equipped with a security plan that is adequate to safeguard the lives of passengers, goods, and crew on board. So, who approves the SSP? The answer is simple. The SSP is approved by the Administration, which in most cases is the country where the vessel is registered.

  • Administration: The Administration is responsible for evaluating the security plan submitted by the ship operator or owner and approving the plan if it meets the guidelines provided by the International Maritime Organization (IMO).
  • Ship operator/owner: The ship operator or owner is responsible for developing the security plan for the vessel. This plan must be submitted to the Administration for approval.
  • Classification societies: Classification societies have a supporting role in the approval process as they provide the Administration with technical advice and expertise on the vessel’s safety and security systems.
  • Port facility operators: Port facility operators are required to consider the security arrangements of incoming ships and ensure that the vessels have a valid SSP before allowing them to dock or operate within the facility’s premises.
  • In summary, the crucial players in the SSP approval process are the Administration, the ship operator/owner, classification societies, and port facility operators. It is the joint responsibility of these players to ensure that every vessel is equipped with an approved SSP before it sails. This measure is critical to ensuring the safety and security of all those who rely on maritime transport.

    ???? Pro Tips:

    1. Know the organization’s hierarchy: It is important to know who the decision makers are in your organization. This will help you understand who has the authority to approve the SSP.

    2. Identify the stakeholders: Identify the stakeholders who are directly involved in the project and ensure they understand their roles. Ensure that their feedback on the SSP gets taken into account when it comes to approval.

    3. Follow industry standards: Follow the industry standards and best practices when creating your SSP. This will prevent any unnecessary delays in the approval process.

    4. Get buy-in from management: Get management buy-in to the SSP before presenting it for approval. A presentation that highlights the benefits of the SSP can help you gain management’s approval.

    5. Plan for contingencies: Plan for contingencies if SSP approval gets delayed. Identify the risks that could delay approval and have a plan in place to mitigate them.

    The ISPS Code and its Security Plan for Ships (SSP)

    The International Ship and Port Facility Security (ISPS) Code is an international maritime security framework that was developed by the International Maritime Organization (IMO) in response to the terrorist attacks that occurred in the United States on September 11, 2001. The ISPS Code aims to enhance the security of ships and port facilities, by establishing a set of mandatory minimum-security requirements for ships, ports, and terminals worldwide.

    One of the key components of the ISPS Code is the requirement for ships to have a Security Plan for Ships (SSP) that has been approved by the Administration. The SSP is an essential document for a ship, as it outlines the measures and procedures that the ship will take to ensure the safety and security of the ship and its crew, as well as preventing security-related incidents.

    The Importance of an Approved SSP

    An approved SSP is a legal requirement for ships that are bound by the ISPS Code. It is a critical document that outlines the security measures and procedures that will be put in place on board the ship to protect the crew, passengers, cargo, and other assets from security threats, such as piracy, terrorism, and other criminal activities.

    Clearly, an unapproved SSP is insufficient for a ship’s security needs. It would mean that the ship would be non-compliant with the ISPS Code, thus putting the ship and its crew at risk. Moreover, ships without an approved SSP may face delays in port clearances, hefty fines, and even detention. Therefore, obtaining an approved SSP is crucial for the safe and efficient operation of ships.

    Understanding the Approval Process for an SSP

    The approval process for an SSP involves several parties, including the shipowner, the flag state, and the port state. The following outlines the steps involved in the approval process for an SSP:

    1. The shipowner develops an SSP that meets the minimum requirements of the ISPS Code.
    2. The SSP is submitted to the flag state for review and approval. The flag state is responsible for verifying that the SSP meets the ISPS Code’s requirements and that it is appropriate for the ship’s operation.
    3. Once the flag state is satisfied with the SSP, it issues an approval certificate for the SSP. The captain of the ship must keep the approval certificate on board the ship at all times, and the port state may require proof of the SSP approval.

    The Role of the Shipowner in Obtaining Approval for the SSP

    The shipowner plays a significant role in obtaining approval for the SSP. The shipowner must first understand the ISPS Code’s requirements and the associated SSP’s procedures. The shipowner must then develop an SSP that meets the minimum requirements of the ISPS Code. The SSP must be appropriate for the ship’s operation and must be reviewed and updated as necessary.

    Furthermore, the shipowner must ensure that the ship’s crew is properly trained and familiar with the contents of the SSP. The training should cover the roles and responsibilities of each crew member in the event of a security-related incident and the procedures to follow in such situations.

    The Role of the Flag state in Approving the SSP

    The flag state is responsible for verifying that the SSP meets the ISPS Code’s requirements and that it is appropriate for the ship’s operation. To this extent, the flag state may conduct audits and inspections of the ship to verify the SSP’s implementation. In addition, the flag state may revoke the approval certificate if the SSP is found to be non-compliant with the ISPS Code’s requirements or if a security-related incident occurs.

    Note: The flag state is the state under whose laws the ship is registered.

    The Role of the Port State in Monitoring Compliance with the SSP

    The port state is responsible for ensuring that ships entering its ports comply with the ISPS Code’s requirements. To this extent, the port state may conduct inspections to verify that the ship has an approved SSP, that the SSP is implemented correctly, and that the ship’s crew is trained and familiar with the SSP.

    If a ship is found to be non-compliant with the ISPS Code’s requirements, the port state may detain the ship until the non-conformities are rectified. Moreover, the port state may impose fines or other sanctions on the ship and its operator.

    Common Issues that may Delay the SSP Approval Process

    The approval process for an SSP can be lengthy and complex, and several issues may delay the approval process. Some common issues that may delay the SSP approval process are:

    • Insufficient or poor quality of information submitted in the SSP
    • Inadequate risk assessment and security measures
    • Failure to provide adequate crew training and familiarisation with the SSP
    • Frequent updates and added information to the SSP
    • Flag state’s high volume of pending SSP submissions

    In conclusion, the approval of an SSP is crucial for a ship’s safe operation. The ISPS Code, together with the SSP approval process, ensures that ships and ports worldwide meet minimum-security standards, thereby enhancing maritime security. Therefore, it is essential for shipowners to understand, develop and obtain approval for SSPs adequately.