This summer, the Norwegian Maritime Authority (NMA) published an article to inform of upcoming changes to test procedures for ship security alert systems (SSAS).
These changes are formalized in this Circular, which provides further guidance on how to conduct functional testing.
All vessels subject to the Regulations on security, anti-terrorism and anti-piracy measures and the use of force on board ships and mobile offshore drilling units (Security Regulations) (1) shall be provided with a ship security alert system, cf. section 7 of the Regulations.
This requirement originates from SOLAS Regulation XI-2/6.
Furthermore, the Security Regulations (1) implement in Norwegian legislation the requirement of the ISPS Code to develop a ship security plan (SSP).
The SSP must be developed and amended pursuant to Part A of the ISPS Code, cf. the Security Regulations section 9 first paragraph.
The plan must, among other things, include procedures for the testing of the security equipment, cf. Part A of the ISPS Code section 9.4 subsections .15 and .18, and the frequency of such testing, cf. subsection .16.
The SSP must be approved by the NMA or a recognized security organization (RSO), cf. the Security Regulations section 9 third paragraph.
The ISPS Code is a function-based code, which means that it defines functions that need to be fulfilled without describing in detail how this should be done.
Therefore, the Code does not include detailed rules on how and how often the SSAS should be tested, and it is up to the flag States to provide such guidance.
In December 2017, the NMA published Instructions to Class (IC) to give the recognized security organizations (RSO) instructions on specific topics and interpretations. (2)
According to this document, the NMA expects SSAS testing to be conducted on a regular basis, and that it would be sufficient to perform testing at 6-month intervals. (3)
Moreover, it is stated that the Joint Rescue Coordination Centre (JCCR) must be involved in at least one of the tests. (4)
Part A section 13 of the ISPS Code includes requirements for training, drills, and exercises.
In Part B sections 13.6 and 13.7, it is stipulated that drills testing individual elements of the ship security plan should be conducted at least once every three months, whereas more comprehensive exercises should be carried out annually.
Part B of the Code is non-binding in nature, but sections 13.6 and 13.7 have been made binding through the Security Regulations section 5.
A distinction is made between drills and exercises carried out in accordance with the ISPS Code Part A section 13 and functional testing of the ship security alert system.
Functional testing is conducted to make sure that the system works and transmits an alert.
Drills and exercises to be carried out pursuant to Part A section 13 of the Code are described in more detail in the binding sections 13.6 and 13.7 of part B.
Both are more comprehensive than the functional testing of the ship security alert system, and it is important not to mix them.
This means, among other things, that the frequencies of drills and exercises referred to in sections 13.6 and 13.7 do not apply to testing of the functionality only.
How well has the system worked?
The requirement for a ship security alert system was introduced in 2004 (5) and has thus been in force for nearly 20 years.
The Joint Rescue Coordination Centre has informed the NMA that they receive a large number of alerts from ship security alert systems as a result of on-board testing of the system.
Moreover, the JRCC reports that SSAS tests are being performed increasingly frequently.
The JRCC needs to spend a lot of time and resources on managing such alerts, even if they are not real alerts.
Both the JRCC and the NMA believe it is a good thing that ship security and testing of the ship security alert systems are taken seriously by the companies.
Nevertheless, it is our opinion that the purpose of functionality tests can be achieved even though the number of tests involving the JRCC is reduced.
How do we want the system to work?
The purpose of functional testing of the ship security alert system is to determine how well the system works and transmits alerts. This can be done without involving the Joint Rescue Coordination Centre in every test run.
During functional testing, the alert should be transmitted to the company security officer (CSO) and/or a defined point of contact in the company’s emergency response organization.
Such testing must be conducted at least every six months. The JRCC must only be involved in functional testing carried out in connection with renewal or intermediate surveys linked to the ship’s ISPS certificate. This means that the Joint Rescue Coordination Centre will only be involved every 2.5 years.
It is important that all parties involved are informed of functional testing in advance. If a sharp alert accidentally sets off during testing, it must be ensured that all parties involved are informed of this as soon as possible.
These measures need to be followed in order to avoid the unnecessary use of JRCC resources.
1 Regulations of 22 June 2004 No. 972 on security, anti-terrorism, and anti-piracy measures and the use of force on board ships and mobile offshore drilling units (Security Regulations)
2 IC 6-2017 Interpretations and requirements related to Security Rules and Regulations