Home / Articles / Energy / maritime terminals and monobuoys

ISPS Code: Key to global maritime and cyber security

The ISPS Code strengthens maritime security and maritime cyber security, protecting ships and ports in accordance with the SOLAS Convention.
By Mario Toyo on October 7, 2025
ISPS Code: Key to global maritime and cyber security
Table of Contents
  1. What is the ISPS Code and how does it work?
  2. Origin and international regulatory framework
  3. Objectives and principles of the ISPS Code
  4. Essential components for its application
  5. ISPS in terminals and port vessels
  6. Security levels and response protocols
  7. Physical, operational, and cyber measures
  8. Physical vs. cyber security in the ISPS Code
  9. Real case: Cyberattack on the Port of San Diego
  10. Current challenges in implementation
  11. Key benefits for the maritime industry
  12. Downloadable ISPS 2025 checklist
  13. Conclusions
  14. References
  15. Frequently Asked Questions (FAQs)
    1. Which vessels must comply?
    2. What is its relationship with SOLAS?
    3. Does it include cybersecurity?
    4. What documents does a ship require?
    5. What happens if it does not comply?

The ISPS Code: Key to Global Maritime and Cyber Security is a mandatory international framework, part of the SOLAS regulations, which protects ships and port terminals from physical and digital threats. It establishes security requirements, designates responsible officers, and requires protection plans approved by competent authorities.

Beyond physical measures such as fences, video surveillance, and access controls, the ISPS Code incorporates maritime cybersecurity, which is crucial in the face of digital attacks. This hybrid approach makes the International Ship and Port Facility Security Code a key instrument for global resilience.

What is the ISPS Code and how does it work?

The ISPS Code is an international IMO regulation that was incorporated into the SOLAS Convention after 9/11. It establishes mandatory measures to protect ships, crew, passengers, and port facilities, preventing terrorist acts and ensuring the continuity of global maritime trade.

It may interest you
Mooring systems: Evaluation, modernization, and requalification
SLOM 2025: Innovation and humanism in maritime oil terminals

This code consists of two parts:

  • Part A (mandatory): establishes minimum protection requirements, such as risk assessment, security plans, and the appointment of protection officers.
  • Part B (recommendatory): provides practical guidelines to facilitate compliance with mandatory requirements.

Compliance is not optional. Ships and terminals that do not demonstrate compliance with international port security standards cannot operate internationally, which could disrupt the global logistics chain and cause millions in losses.

Origin and international regulatory framework

International regulations for the protection of ships and port facilities were developed after the attacks of September 11, 2001, which revealed the vulnerabilities of global logistics. In December 2002, during the Diplomatic Conference on Maritime Security, the IMO approved the ISPS Code as a mandatory amendment to the SOLAS treaty (1974).

Since its entry into force in July 2004, the code has been mandatory for all IMO member states. It applies to:

  • Ships over 500 GT on international voyages.
  • Port terminals that receive international ships.

In this way, the ISPS Code has become the most influential regulatory framework in the field of security and an essential instrument for global trade.

Objectives and principles of the ISPS Code

The central objectives of the maritime security system are clear and practical:

  1. International cooperation framework
    • Create a coordinated system between governments, local authorities, and the shipping and port sectors.
    • Detect and assess threats to maritime security.
    • Take preventive measures against events affecting ships and port facilities.
  2. Definition of roles and responsibilities
    • Clearly establish the responsibilities of each actor (governments, agencies, companies, and ports).
    • Coordinate both nationally and internationally to maintain maritime protection.
  3. Agile information exchange
    • Ensure fast and reliable data flow on threats or security incidents.
    • Facilitate cooperation between countries and port authorities.
  4. Method for protection assessments
    • Provide a system for conducting maritime risk assessments.
    • Have plans and procedures that can be adapted to different levels of protection.
    • Ensure that measures are adequate, proportionate, and reliable.

In summary, the ISPS code seeks to coordinate internationally, define clear roles, improve information sharing, and ensure that robust plans are in place to respond to threats to maritime and port transport.

Essential components for its application

The correct application of maritime safety regulations is based on three main components:

  1. Port Facility Security Assessment (PFSA): analysis of vulnerabilities, access points, and critical risks at the terminal.
  2. Port Facility Security Plan (PFSP): official document defining security, communication, and emergency protocols, approved by the competent authority.
  3. Port Facility Security Officer (PFSO): responsible for coordinating the implementation of the plan, training personnel, and maintaining direct contact with maritime authorities.

Thanks to these pillars, the implementation of measures such as the following is guaranteed:

  • Access controls to restricted areas.
  • Video surveillance and alarm systems.
  • Emergency protocols and security patrols.
  • Cargo and baggage inspection.

ISPS in terminals and port vessels

In practice, the mandatory port security framework translates into physical and operational actions at terminals:

  • Physical measures: perimeter fences, reinforced lighting, watchtowers, intrusion sensors, and CCTV.
  • Operational measures: card identification, container inspection, visitor registration, loading and unloading control.

Its implementation not only improves maritime protection, but also forms part of security strategies at maritime terminals and monobuoys, increasing the competitiveness of ports and generating trust among shipping companies, governments, and international customers.

A notable example of this application was presented at the SLOM 2025 conference, where Transpetro explained how it implements the ISPS Code at its terminals in Brazil, strengthening maritime and port security in one of Latin America’s most strategic logistics hubs.

Security levels and response protocols

The ISPS Code defines three security levels:

  1. Level 1: normal conditions, with minimum permanent security measures (Normal).
  2. Level 2: increased threats, applying additional controls and more inspections (Reinforced).
  3. Level 3: imminent threat, with partial closure of access points and maximum coordination with security forces (Exceptional).

These levels allow security measures to be dynamically adjusted based on actual risk, ensuring flexibility and effectiveness in port protection.

Want to learn more? Watch the video courtesy of QuickTech Master Mariner, and join us as we explore this fascinating topic from the maritime world. Leave us your comments and tell us what other topics you would like us to cover. Thank you for watching!

ISPS security levels.
play-rounded-outline

ISPS security levels.

Physical, operational, and cyber measures

The key instrument of the SOLAS treaty integrates three broad categories of measures:

  • Physical: fences, video surveillance, restricted areas.
  • Operational: identification of crew and visitors, cargo inspection.
  • Cyber: vulnerability audits, malware detection, firewalls, and digital monitoring.

The inclusion of maritime cyber protection responds to the growing technological dependence of navigation and port logistics.

Physical vs. cyber security in the ISPS Code

AspectPhysical securityMaritime cybersecurity
Protected itemShips, terminals, cargoNavigation and data systems
Main risksSabotage, theft, terrorismHacking, ransomware, AIS manipulation
ToolsCCTV, inspections, patrolsFirewalls, SIEM, digital audits
Applicable regulationsISPS Code, SOLASISPS Code Part B, ISO/IEC 27001, BIMCO

Real case: Cyberattack on the Port of San Diego

In September 2018, the Port of San Diego in the United States was the victim of a ransomware cyberattack that temporarily paralyzed its administrative and commercial services systems. Essential processes such as permit management and registration requests were interrupted, forcing the activation of alternative protocols.

Port of San Diego in California, United States, aligned with the ISPS Code.
Port of San Diego in California, United States, aligned with the ISPS Code.

Although maritime operations continued as normal and ship access was not halted, the need to resort to manual methods highlighted the digital vulnerability of port management. This episode demonstrated that a cyberattack can affect efficiency and confidence in the maritime sector, even without halting physical activity.

The case of the Port of San Diego aligns with the purpose of the ISPS Code, which not only establishes physical control measures but also integrates maritime cybersecurity as a fundamental pillar. This hybrid approach reinforces global resilience, reminding us that port protection must encompass both tangible and digital risks.

In this context, Inspenet reinforces its commitment to the community by highlighting the relationship between international regulations and the processes that enable their effective implementation. Reporting on the origin, application, and enforcement of these regulations is essential to strengthening safety and sustainability in the maritime sector, raising awareness of the importance of comprehensive protection that ensures coexistence in an increasingly interconnected global environment.

Inspenet present at the SLOM 2025 event.
Inspenet present at the SLOM 2025 event.

Editorial note: The images used in this article are for educational purposes and are included solely as a reference to reinforce the focus of the content.

Current challenges in implementation

The maritime sector faces several challenges in implementing ISPS in a globalized environment:

  • Adapt the code to hybrid threats that combine physical and digital risks.
  • Integrate emerging technologies such as maritime IoT, artificial intelligence, and blockchain.
  • Provide ongoing training for technical and operational staff.
  • Maintain the balance between security and efficiency in port operations.

Key benefits for the maritime industry

Effective implementation of the code brings significant benefits:

  • International reliability: certified ships are accepted in global ports.
  • Loss prevention: reduction of financial risks from sabotage or cyberattacks.
  • Regulatory compliance: alignment with SOLAS treaty and ISO standards.
  • Corporate reputation: companies with solid plans convey trust and credibility.

Compliance with the ISPS Code is strengthened when terminals align themselves with standards promoted by associations such as ILTA in the United States and SLOM in Latin America. Both offer security statistics, specialized training, and best practice frameworks that serve as key indicators in maritime security audits.

Integrating these international and regional standards reinforces the credibility of terminals, reduces operational incidents, and improves resilience against physical and digital threats. In this way, ISPS is not limited to regulatory requirements, but is supported by knowledge networks that provide prestige and global confidence.

Downloadable ISPS 2025 checklist

Download our free ISPS 2025 Compliance Checklist, with 20 key points for auditing ships and port facilities. It includes sections on physical, operational, and cyber security that are ready to be implemented.

Checklist-ISPS-PDFDownload

Conclusions

The ISPS Code is more than a regulatory manual: it is the foundation of modern maritime security and a dynamic framework that evolves in the face of new threats. Integrating physical measures with advanced maritime cyber protection strategies is essential to ensuring operational continuity and the resilience of global trade.

For professionals, engineers, and port managers, mastery of the International Ship and Port Facility Security Code is a key requirement for operating successfully in an increasingly demanding and digitized environment.

Share this article and join the global debate on maritime and cyber security under the ISPS Code.

References

  1. Inter – American Committee On Ports (CIP): Easy Guide for Beginners ISPS Code
  2. International Maritime Organization (IMO): SOLAS XI-2 and the ISPS Code
  3. CAPIO – Port of San Diego Cyberattack Report (2018)
  4. The Maritime Executive – Port of San Diego Hit by Cyberattack
  5. GovTech – Port of San Diego Falls Victim to Cyberattack
  6. StateTech Magazine – Port of San Diego Continues to Recover from Ransomware Attack

Frequently Asked Questions (FAQs)

Which vessels must comply?

All vessels over 500 GT on international voyages.

What is its relationship with SOLAS?

It is part of Chapter XI-2 of the SOLAS Convention.

Does it include cybersecurity?

Yes, since 2017, the IMO requires maritime cyber protection to be integrated into protection plans.

What documents does a ship require?

The approved Ship Security Plan (SSP) and a designated Security Officer.

What happens if it does not comply?

It may be rejected at international ports, affecting operations and finances.

Report
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware
Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report
You have already reported this .
Hide picture