A Security Organization may be recognized by the Administration
and/or Designated Authority to perform statutory work on its behalf
subject to compliance with the following interim guidelines for which
the recognised security organization (RSO) should submit complete
information and substantiation.
1 The relative size, structure, experience and
capability of the RSO commensurate with the type and degree of authority
intended to be delegated thereto should be demonstrated.
2 The RSO should be able to document capability
and experience in performing security assessments, developing risk
assessments, conducting maritime verification, approval and certification
activities for ships and/or for port facilities and their ancillary
equipment, as appropriate.
3 The following should apply for the purpose of
delegating authority to perform port facility security assessment
and ship verification, and certification services of a statutory nature
in accordance with regulatory instruments which require the ability
to integrate ship and port interface operational considerations with
maritime security threats, and to develop, verify and audit specific
requirements:
-
3.1 The RSO should provide for the publication
and systematic maintenance of procedures in the English language for
the conduct of activities to ensure compliance with delegated authorities
pursuant to SOLAS chapter XI-2. Updating
of these procedures should be done on a periodic basis at intervals
acceptable to the Administration.
-
3.2 The RSO should allow participation in the
development of its procedures by representatives of the Administration
and/or Designated Authority and other parties concerned.
-
3.3 The RSO should be established with:
-
.1 an adequate technical, managerial and support
staff capable of developing and maintaining its procedures; and
-
.2 a qualified professional staff to provide the
required service representing an adequate geographical coverage as
required by the Administration and/or Designated Authority.
-
3.4 The RSO should be governed by the principles
of ethical behaviour, which should be contained in a Code of Ethics
and as such recognize the inherent responsibility associated with
a delegation of authority to include assurance as to the adequate
performance of services as well as the confidentiality of related
information as appropriate.
-
3.5 The RSO should demonstrate the technical,
administrative and managerial competence and capacity to ensure the
provision of quality services in a timely fashion.
-
3.6 The RSO should be prepared to provide relevant
information to the Administration and/or Designated Authority, as
necessary.
-
3.7 The RSO's management should define and document
its policy and objectives for, and commitment to, quality and ensure
that this policy is understood, implemented and maintained at all
levels in the RSO.
-
3.8 The RSO should be subject to certification
of its quality system by an independent body of auditors recognized
by the Administration and/or Designated Authority. The Administration
and/or Designated Authority may serve as the auditor.
-
3.9 The RSO should develop, implement and maintain
an effective internal quality system based on appropriate parts of
internationally recognized quality standards no less effective than
the ISO 9000-2000 series, and which, inter alia, ensures
that:
-
.1 the RSO's procedures are established and maintained
in a systematic manner;
-
.2 the RSO's procedures are complied with;
-
.3 the requirements of the statutory work for
which the RSO is authorized, are satisfied;
-
.4 the responsibilities, authorities and interrelation
of personnel whose work affects the quality of the RSO's services,
are defined and documented;
-
.5 a supervisory system is in place that monitors
the actions and work carried out by the RSO;
-
.6 a system for qualification of assessors, surveyors,
and auditors and continuous updating of their knowledge is implemented;
-
.7 records are maintained, demonstrating achievement
of the required standards in the items covered by the services performed,
as well as the effective operation of the quality system;
-
.8 a comprehensive system of planned and documented
internal audits of the quality related activities in all locations
is implemented;
-
.9 the RSO has established a process and procedures
to assess and monitor at periodic intervals the trustworthiness of
its personnel;
-
.10 the RSO has established processes and procedures
to ensure that appropriate measures are in place to avoid unauthorized
disclosure of, or access to, security sensitive materials relating
to ship security assessments, ship security plans, port facility security
assessments and port facility security plans, and to individual assessments
or plans; and
-
.11 a procedure for providing feed back and information,
as appropriate, to its customers.
4 The following should, in addition, apply for
the purpose of delegating authority to perform certification services
of a statutory nature in accordance with regulatory instruments.
-
.1 the provision and application of proper procedures
to assess the degree of compliance of the applicable shipboard maritime
security measures and management systems:
-
.2 the provision of a systematic training and
qualification regime for its professional personnel engaged in the
maritime security management system certification process to ensure
proficiency in the applicable quality and security management criteria
as well as adequate knowledge of the technical and operational aspects
of maritime security management; and
-
.3 the means of assessing through the use of qualified
professional staff the application and maintenance of the security
management system both shore based as well as on board ships intended
to be covered in the certification.
5 Each RSO shall be able to demonstrate by means
of established process, procedures, and relevant documentation the
following minimum capabilities following the guidance in paragraph 4.5 of part B of the ISPS Code:
-
.1 expertise in relevant aspects of security;
-
.2 appropriate knowledge of ship and port operations,
including knowledge of ship design and construction if providing services
in respect of ships and port design and construction if providing
services in respect of port facilities;
-
.3 their capability to assess the likely security
risks that could occur during ship and port facility operations including
the ship/port interface and how to minimize such risks;
-
.4 their ability to maintain and improve the expertise
of their personnel;
-
.5 their ability to monitor the continuing trustworthiness
of their personnel;
-
.6 their ability to maintain appropriate measures
to avoid unauthorized disclosure of, or access to, security-sensitive
material;
-
.7 their knowledge of the requirements of SOLAS chapter XI-2 and part
A of the ISPS Code and the guidance contained in part B of the Code and relevant national
and international legislation and security requirements;
-
.8 their knowledge of current security threats
and patterns;
-
.9 their knowledge of recognition and detection
of weapons, dangerous substances and devices;
-
.10 their knowledge of recognition, on a non-discriminatory
basis, of characteristics and behavioural patterns of persons who
are likely to threaten security;
-
.11 their knowledge of techniques used to circumvent
security measures; and
-
.12 their knowledge of security and surveillance
equipment and systems and their operational limitations.