The Port Security Regulations 2009

Regulation 4

SCHEDULE 1Port Related Area

Notification of port related area

1.—(1) Within 30 days of designating an area as a port related area the Secretary of State must give notice of the designation to the port security officer and—

(a)the principal operator of that port related area; or

(b)if there is no principal operator of that port related area, the owner of that area.

(2) The Secretary of State may, by notice in writing require any person the Secretary of State believes may—

(a)own land, a building or works within an area identified in the notice, or

(b)carry out operations in such an area,

to provide the Secretary of State with such information specified in the notice as the Secretary of State may require in order to determine whether that person is the principal operator or the owner of an area that the Secretary of State is considering designating as a port related area.

(3) A notice under paragraph (2)—

(a)must specify a date before which the information required by that notice is to be provided to the Secretary of State; and

(b)may at any time be—

(i)revoked by a notice in writing served on that person by the Secretary of State, or

(ii)varied by a further notice under paragraph (2).

Appointment of security manager

2.  Within 30 days of the notification under paragraph 1(1) of this Schedule—

(a)the principal operator of that port related area, or

(b)if there is no principal operator of that port related area, the owner of that area,

must appoint a security manager for that port related area.

Duties of security manager

3.  The security manager must—

(a)develop and maintain a port related area security plan;

(b)implement the port related area security plan;

(c)undertake regular security inspections of the port related area to ensure the continuation of appropriate security measures;

(d)recommend and incorporate, as appropriate, modifications to the port related area security plan in order to correct deficiencies and to update the plan to take into account relevant changes to the port related area or to the port, and to security issues affecting the port related area or the port;

(e)enhance security awareness and vigilance of the port related area’s personnel;

(f)ensure adequate training has been provided to personnel responsible for the security of the port related area;

(g)report to the UK control authorities and maintain records of occurrences which threaten the security of the port related area, and occurrences in the port related area which threaten the security of the port;

(h)coordinate implementation of the port related area security plan with the Port Security Authority, port security officer, port facility security officers, and security managers for other port related areas; and

(i)ensure that security equipment (if any) is properly operated, tested, calibrated and maintained.

Port related area security plan

4.  A port related area security plan must include—

(a)measures designed to prevent weapons or any other dangerous substances or devices intended for use against persons, ships or ports, where the carriage of these items is not authorised, from being introduced into the port related area or the port;

(b)measures designed to prevent unauthorised access to the port related area, to the port, and to any restricted areas or controlled buildings in the port or port facilities;

(c)procedures for responding to security threats or breaches of security, including provisions for maintaining critical operations of the port related area or the port;

(d)the duties of port related area personnel assigned security responsibilities;

(e)the duties in relation to security of other port related area personnel;

(f)procedures for interfacing port related area security activities with port security activities;

(g)procedures for the periodic review of that plan and updating of that plan;

(h)procedures for reporting security incidents;

(i)identification of the security manager including 24 hour contact details;

(j)measures to ensure the security of the information contained in that plan; and

(k)procedures for checking that the measures specified in that plan are carried out to the standards specified in that plan.

Regulation 5

SCHEDULE 2Port Security Authority

Information

1.  A Port Security Authority must retain—

(a)the port security plan in respect of each port for which it has been designated as the Port Security Authority,

(b)the port security assessment in respect of each port for which it has been designated as the Port Security Authority,

(c)minutes of meetings of the Port Security Authority, and

(d)accounts and accounting records created under paragraph 2 of this Schedule,

for not less than five years after the date of that document’s creation or latest amendment.

Accounts

2.  A Port Security Authority which charges fees under Regulation 8 must keep proper audited accounts and proper accounting records.

Duties of Port Security Authority members

3.  Each member of a Port Security Authority and, where a member of a Port Security Authority is acting as a representative of the owner or operator of a port facility, an AMSA facility or a port related area, or as a representative of any other person who has an interest in the security at a port, the person which the Port Security Authority member is representing, shall have a duty to ensure that the functions of the Port Security Authority under these Regulations are carried out.

Regulation 14

SCHEDULE 3Port Security Assessment

General

1.—(1) The port security assessment is the basis for the port security plan and its implementation.

(2) The port security assessment must cover at least—

(a)identification and evaluation of important assets and infrastructure which it is important to protect;

(b)identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritise security measures;

(c)identification, selection and prioritisation of counter-measures and procedural changes and their level of effectiveness in reducing vulnerability; and

(d)identification of weaknesses, including human factors in the infrastructure, policies and procedures.

Detailed requirements

2.  For this purpose the assessment must at least—

(a)identify all areas which are relevant to port security, thus also defining the security relevant port areas. This includes port facilities which are already covered by the EC Regulation and whose risk assessment will serve as a basis;

(b)identify security issues deriving from the interface between port facility and other port security measures;

(c)identify which port personnel will be subject to background checks and/or security vetting because of their involvement in high-risk areas;

(d)subdivide, if useful, the port according to the likelihood of security incidents. Areas are to be judged not only upon their direct profile as a potential target, but also upon their potential role of passage when neighbouring areas are targeted;

(e)identifying risk variations, e.g. those based on seasonality;

(f)identify the specific characteristics of each sub-area, such as location, accesses, power supply, communication system, ownership and users and other elements considered security-relevant;

(g)identify potential threat scenarios for the port. The entire port or specific parts of its infrastructure, cargo, baggage, people or transport equipment within the port can be a direct target of an identified threat;

(h)identify the specific consequences of a threat scenario. Consequences can impact on one or more sub-areas. Both direct and indirect consequences must be identified. Special attention must be given to the risk of human casualties;

(i)identify the possibility of cluster effects of security incidents;

(j)identify the vulnerabilities of each sub-area;

(k)identify all organisational aspects relevant to overall port security, including the division of all security-related authorities, existing rules and procedures;

(l)identify vulnerabilities of the overarching port security related to organisational, legislative and procedural aspects;

(m)identify measures, procedures and actions aimed at reducing critical vulnerabilities. Specific attention must be paid to the need for, and the means of, access control or restrictions to the entire port or to specific parts of the port, including identification of passengers, port employees or other workers, visitors and ship crews, area or activity monitoring requirements, cargo and luggage control. Measures, procedures and actions must be consistent with the perceived risk, which may vary between port areas;

(n)identify how measures, procedures and actions will be reinforced in the event of an increase of security level;

(o)identify specific requirements for dealing with established security concerns, such as ‘suspect’ cargo, luggage, bunker, provisions or persons, unknown parcels and known dangers (e.g. bomb). These requirements must analyse desirability conditions for clearing the risk either where it is encountered or after moving it to a secure area;

(p)identify measures, procedures and actions aimed at limiting and mitigating consequences;

(q)identify task divisions allowing for the appropriate and correct implementation of the measures, procedures and actions identified;

(r)pay specific attention, where appropriate, to the relationship with other security plans (e.g. port facility security plans) and other existing security measures. Attention must also be paid to the relationship with other response plans (e.g. oil spill response plan, port contingency plan, medical intervention plan, nuclear disaster plan, etc);

(s)identify communication requirements for implementation of the measures and procedures;

(t)pay specific attention to measures to protect security-sensitive information from disclosure; and

(u)identify the need-to-know requirements of all those directly involved as well as, where appropriate, the general public.

Regulation 15

SCHEDULE 4Port Security Plan

General

1.—(1) The port security plan sets out a port’s security arrangements.

(2) A port security plan must have the following features—

(a)it must be based on the findings of the port security assessment;

(b)it must clearly set out detailed measures; and

(c)it must contain a control mechanism allowing, where necessary, for appropriate corrective measures to be taken.

(3) The port security plan must be based on the following general aspects—

(a)defining all areas relevant to port security. Depending on the port security assessment, measures, procedures and actions may vary from sub-area to sub-area. Indeed, some sub-areas may require stronger preventive measures than others. Special attention must be paid to the interfaces between sub-areas, as identified in the port security assessment;

(b)ensuring coordination between security measures for areas with different security characteristics;

(c)providing, when necessary, for varying measures both with regard to different parts of the port, changing security levels, and specific intelligence;

(d)identifying an organisational structure supporting the enhancement of port security.

Tasks and work plans

2.  Based on the general aspects set out in paragraph 1(3), the port security plan must attribute tasks and specify work plans in the following fields—

(a)access requirements. For some areas, requirements must only enter into force when security levels exceed minimal thresholds. All requirements and thresholds must be comprehensively included in the port security plan;

(b)ID, luggage and cargo control requirements. Requirements may or may not apply to sub-areas; requirements may or may not apply in full to different sub-areas. Persons entering or within a sub-area may be liable to control. The port security plan must appropriately respond to the findings of the port security assessment, which is the tool by which the security requirements of each sub-area and at each security level must be identified. When dedicated identification cards are developed for port security purposes, clear procedures must be established for the issue, the use-control and the return of such documents. Such procedures must take into account the specificities of certain groups of port users allowing for dedicated measures in order to limit the negative impact of access control requirements. Categories must at least include seafarers, authority officials, people regularly working in or visiting the port, residents living in the port and people occasionally working in or visiting the port;

(c)liaison with cargo control, baggage and passenger control authorities. Where necessary, the plan is to provide for the linking up of the information and clearance systems of these authorities, including possible pre-arrival clearance systems;

(d)procedures and measures for dealing with suspect cargo, luggage, bunker, provisions or persons, including identification of a secure area; as well as for other security concerns and breaches of port security;

(e)monitoring requirements for sub-areas or activities within sub-areas. Both the need for technical solutions and the solutions themselves will be derived from the port security assessment;

(f)signposting. Areas with access and/or control requirements must be properly signposted. Control and access requirements must appropriately take into account all relevant existing law and practices. Monitoring of activities must be appropriately indicated;

(g)communication and security clearance. All relevant security information must be properly communicated according to security clearance standards included in the plan. In view of the sensitivity of some information, communication must be based on a need-to know basis, but it must include where necessary procedures for communications addressed to the general public. Security clearance standards must form part of the plan and are aimed at protecting security sensitive information against unauthorised disclosure;

(h)reporting of security incidents. With a view to ensuring a rapid response, the port security plan must set out clear reporting requirements to the port security officer of all security incidents and/or to the Port Security Authority;

(i)integration with other preventive plans or activities. The plan must specifically deal with integration with other preventive and control activities in force in the port;

(j)integration with other response plans and/or inclusion of specific response measures, procedures and actions. The plan must detail interaction and coordination with other response and emergency plans. Where necessary conflicts and shortcomings must be resolved;

(k)training and exercise requirements;

(l)operational port security organisation and working procedures. The port security plan must detail the port security organisation, its task division and working procedures. It must also detail the coordination with port facility and ship security officers, where appropriate. It must delineate the tasks of the port security committee, if this exists; and

(m)procedures for adapting and updating the port security plan.

Regulation 19

SCHEDULE 5Basic security training exercise requirements

Frequency and participants

1.—(1) Various types of training exercises (which may involve participation of port facility security officers, in conjunction with the UK control authorities, company security officers, and ship security officers, if available) must be carried out at least once in each calendar year with no more than 18 months elapsing between the training exercises.

(2) Requests for the participation of company security officers or ship security officers in joint training exercises must be made bearing in mind the security and work implications for the ship.

(3) In this paragraph—

(a)“company” means the owner of the ship or any other organisation or person such as the manager, or the bareboat charterer, who has assumed the responsibility for operation of the ship from the owner of the ship and who on assuming such responsibility has agreed to take over all the duties and responsibilities imposed by the International Safety Management (ISM) Code 2002(1);

(b)“company security officer” means a person designated by the company in accordance with the ISPS Code for ensuring that a ship security assessment is carried out; that a ship security plan is developed, submitted for approval, and thereafter implemented and maintained, and for liaison with port facility security officers and the ship security officer (as defined in section 2.1.7 of Part A of the ISPS Code);

(c)“ship security officer” means the person on board a ship, accountable to the master, who has been designated by the company as responsible for the security of the ship, including implementation and maintenance of the ship security plan, and for liaison with the company security officer and port facility security officers (as defined in section 2.1.6 of Part A of the ISPS Code).

Nature of training exercises

2.—(1) These training exercises must test communication, coordination, resource availability and response.

(2) These training exercises may be—

(a)full scale or live;

(b)tabletop simulation or seminar;

(c)combined with other exercises held such as emergency response exercises or other exercises involving ports.

Regulation 23

SCHEDULE 6Conditions to be fulfilled by a recognised security organisation

A recognised security organisation must be able to demonstrate—

(a)expertise in relevant aspects of port security;

(b)appropriate knowledge of port operations, including knowledge of port design and construction;

(c)appropriate knowledge of other security relevant operations potentially affecting port security;

(d)capability to assess the likely port security risks;

(e)ability to maintain and improve the port security expertise of its personnel;

(f)ability to monitor the continuing trustworthiness of its personnel;

(g)the ability to maintain appropriate measures to avoid unauthorised disclosure of, or access to, security-sensitive material;

(h)knowledge of relevant national and international legislation and security requirements;

(i)knowledge of current security threats and patterns;

(j)ability to recognise and detect weapons, dangerous substances and devices;

(k)ability to recognise, on a non-discriminatory basis, characteristics and behavioural patterns of persons who are likely to threaten port security;

(l)knowledge of techniques used to circumvent security measures; and

(m)knowledge of security and surveillance equipment and systems and their operational limitations.