<%@page contentType="text/html; charset=utf-8"%> VPA - ISPS Code
To download an overview or view, use the right mouse button and choose the "save target as" option on the links below.
You will need Adobe Acrobat and Powerpoint to read the files.
Hướng dẫn của CHHVN
World Bank Guide to Supply Chain Security 
ISPS Code (716kb)
ISPS Code Introduction (807kb)
IMO ISPS Code - Security Assessments and Plans (Powerpoint)
The role of Customs (Powerpoint)
Code of Practice of Security in Ports (152kb)
Example from ISPS Practical Pack Section 5 - Restricted Areas (257kb)
ISPS ship advisory services factsheet (33kb)
ISPS port advisory services factsheet (33kb)
 

Port security assessment (PSA)


The port security assessment should be carried out by persons with the appropriate skills and should include the following:

  1. Identification and evaluation of critical assets and infrastructure that it is important to protect.
  2. Identification of threats to assets and infrastructure in order to establish and prioritize security measures.
  3. Identification, selection and prioritization of measures and procedural changes and their level of acceptance in reducing vulnerability.
  4. Identification of weaknesses, including human factors, in the infrastructure, policies and procedures.
  5. Identification of perimeter protection, access control and personnel clearance requirements for access to restricted areas of the port.
  6. Identification of the port perimeter and, where appropriate, the identification of measures to control access to the port at various security levels.
  7. Identification of the nature of the expected traffic into or out of the port (e.g. passengers, crew, ship/cargo type).

************

Sample Port Security Assessment (PSA)

    Introduction
  1. The “Threat and Risk Analysis Matrix” (TRAM) is a simplified risk-based method and tool to assist in carrying out a PSA. It is but one of a number of tools and is given here by way of example.
  2. Its purpose is to identify threats with a view to initiating and recommending countermeasures to deter, detect and reduce the consequence of any potential incident should it occur. Such an analysis may be a valuable aid to allocating resources, forward planning, contingency planning and budgeting.
  3. The TRAM should be updated as often as changing circumstances may dictate to maintain its effectiveness. This task would, normally, fall under the remit of the designated authority who should establish and maintain close links with security committees, and key commercial and industrial service partners and customers.
  4. In addition to the more obvious threats, the list of potential targets should be as comprehensive as possible with due regard to the function(s) of the port, legal, political, social, geographic and economic environment of the country and the security environment specific to the port.

    Assessment process

  5. Table 1 is a blank version of the TRAM. The object is to compare/evaluate security measures that will reduce, independently, the vulnerability or impact and collectively reduce the overall risk score. It should be borne in mind that introducing a security measure for one threat may increase the risk of another.
  6. Potential targets (PT). (There should be a separate table for each potential target.) Identify PT through assessment of functions and operations, vulnerable areas, key points or persons in the port and in the immediate environs that may, if subject to an unlawful act, detrimentally impact on the security, safety of personnel or function of the port.

    6.1. Establish “ownership” of the identified PT. For example:
    6.1.1. directly owned and controlled by the port operator or member State;
    6.1.2. directly owned by the port operator or member State but rented, leased, occupied and controlled by other parties;
    6.1.3. owned, controlled and operated by other parties;
    6.1.3.1. represented on the PSAC;
    6.1.3.2. not represented on the PSAC (consider whether membership would be appropriate and/or beneficial to the port community).
  7. Establish if there are any existing security measures, such as a perimeter fence, access control and/or security patrol or monitoring of the PT. If so, are they effective, can improvements be made?
  8. Threat scenario (columns A and B of table 1). Consider threat scenarios from both internal and external sources to which the identified PT may be vulnerable (input from police, security and intelligence services is essential).

    8.1. Threat scenarios (amongst many) that it may be appropriate to consider:
    8.1.1.
    direct attack to cause injury and loss of life or destroy functions and infrastructure of the port. To take over vehicles/vessels as means to inflict damage by ramming. Release of noxious or hazardous material either from vehicles/vessels or storage areas and so on;
    8.1.2. sabotage;
    8.1.3. kidnap and ransom (for reward, extortion or coercion).
  9. Threat (column C of table 1). The probability of an incident occurring should be assessed on the following scale:
    3 = high;
    2 = medium;
    1 = low.
    The allocation of a particular threat score may be based on specific information received or the known characteristics of the potential target.
  10. Vulnerability (column D of table 1). The vulnerability of the PT to each threat may be assessed as follows:
    4 = No existing security measures/existing security measures are not effective (e.g. unrestricted access to target, target not monitored; personnel untrained; target easily damaged);
    3 = Minimal security measures (e.g. restricted areas not clearly identified; inadequate access control procedures; sporadic monitoring; no formal security training programme; target susceptible to certain types of damage);
    2 = Satisfactory security measures (e.g. restricted areas clearly identified and access is controlled; formal security training programme; adequate monitoring and threat awareness; target not easily damaged);
    1 = Fully effective security measures (e.g. all of “2” plus, capable of promptly scaling to higher security level as needed; target difficult to damage or has sufficient redundancy to prevent disruption if certain functions are damaged).
  11. Impact. Assess the impact (consequence) of each potential incident on the PT and port should it occur. Specific “impacts” and priorities for a particular port may be substituted by the designated authority to meet the national security profile and requirements.
    5 = Detrimental to security and safety (likely to cause loss of life, serious injuries and/or create widespread danger to public health and safety).
    4 = Detrimental to public safety and/or national prestige (likely to cause significant environmental damage and/or localized public health and safety).
    3 = Detrimental to the environment and/or economic function of the port (likely to cause sustained port-wide disruption and/or significant economic loss and/or damage to national prestige).
    2 = Detrimental to assets, infrastructure, utility and cargo security (likely to cause limited disruption to an individual asset, infrastructure or organization).
    1 = Detrimental to customer/port community confidence.
  12. Risk score. Score is the product of threat x vulnerability x impact.
    12.1. The highest score scenario will be:

    Threat – High ………………………………….……… 3
    Vulnerability – No existing countermeasure…………. 4
    Impact – Potential loss of life/injury ………..………... 5
    Risk score …………..……………………………….… 60

    12.2. The lowest score scenario will be:

    Threat – Low ………..……………………………….. 1
    Vulnerability – Fully compliant ………………….….. 1
    Impact – Little ……………………………………….. 1
    Risk score …………...…………………………….…. 1
  13. Action priority (column G of table 1). Tabulating and listing the scores for each threat against each PT will assist in assessing the priority in which to deal with each potential incident. The process should lead to indications of actions required to deter, detect and mitigate the consequences of potential incidents, resources available or required and appropriate security measures.
  14. In assessing likely scenarios the history and modus operandi of illegal groups most likely to operate in the area should be considered when identifying the PT and determining and assessing the most appropriate security measures.
  15. This is an assessed reduction of the score for each scenario based on the perceived effectiveness of the security measures when they have been put into effect. The result should give some guidance as to which actions and resources will have the greatest benefit in deterring attack of the PT. It may also indicate that some targets or threats do not need to be considered or that the security measure is not achievable because of resource or other constraints.
  16. The TRAM for every potential target should be collated into one master matrix of similar threat scenarios and common security measures identified to give the maximum benefit. It may also be that some PT may be grouped together under one security measure. For example one or more PT close together may be contained within one perimeter fence with one gate controller. It may be that a vulnerable operation in a remote part of the port can be moved into a more secure area. Every possible realistic action should be considered.
  17. The completed TRAM together with a consolidated summary of all security measures that have been devised and are able to be implemented should form the basis from which the port security plan can be developed.


    Assessment example


The following ten-step example is used to illustrate the possible working of a security assessment using the TRAM for a specific threat scenario – destroy port authority’s communication tower by explosives.

Potential target: Person/place/location (identify each PT in the port area not covered by the PFSP or other official subordinate plan)

Scenario
No.
Threat scenario
Threat
Vulnerability
Impact
Risk score
Action priority
A
B
C
D
E
F
G
1
2
3
4
5
6
7
8
9

(1) Threat scenario – destroy port authority's communication tower by explosives.

Initial assessment:

Scenario

No.

Threat scenario

Threat

Vulnerability

Impact

Risk score

Action priority

A

B

C

D

E

F

G

1

Destroy port authority's communication
tower by explosives

2

2

3

12

(2 x 2 x 3)

Implementing measures to reduce vulnerability (2 --> 1):

Scenario

No.

Threat scenario

Threat

Vulnerability

Impact

Risk score

Action priority

A

B

C

D

E

F

G

1

Destroy port authority's communication
tower by explosives

2

1

3

6

(2 x 1 x 3)


The tower is protected from casual access or interference by a 2-metre high razor wire fence of 15 metre diameter and is located in a non-restricted area approximately 200 metres from the Harbour Master's Office. The facility is positioned on flat ground approachable from all sides, and a service road, that is accessible from the public area roads, passes within 20 metres of the perimeter fence. Access to the compound is limited to maintenance and servicing of the tower components as required and seasonal ground maintenance including grass cutting by regular port approved contractors. There is a mobile security patrol that visits and checks for signs of damage or intrusion once by day and once by night. With these measures, vulnerability was scored as “2”. However, if additional vulnerability reduction measures, such as a full-time on-site security force, or, changing the non-restricted area to a restricted area, the vulnerability score may be reduced from “2” to “1” fully effective security measures. Thus, with vulnerability in column D reduced from “2” to “1”, as shown below, a new risk score of “6” is produced.

Implementing measures to reduce impact (3 ® 2):

Scenario

No.

Threat scenario

Threat

Vulnerability

Impact

Risk score

Action priority

A

B

C

D

E

F

G

1

Destroy port authority's communication
tower by explosives

2

2

2

8

(2 x 2 x 2)

Reducing the impact will alter the figure in column E and reduce the overall risk score. Recall that the tower is a critical component of port operational and commercial communications. It also supports booster stations for local police and emergency service communications. In addition the mast supports mobile telephone repeater services for the area. Assuming that there is no back-up communications tower, the impact of losing this tower was initially calculated as “3” in column E. However, if a back-up facility was available, it would create some redundancy, thereby reducing the impact of a loss. Thus, with impact reduced from “3” to “2” limited disruption to port organization due to communications redundancy, as shown below, produces a new risk score of “8”. While this is an improvement from “12”, the persons responsible for port security could then decide whether additional measures were needed.

Implementing measures to reduce vulnerability (2 ® 1) and impact (3 ® 2):

Scenario

No.

Threat scenario

Threat

Vulnerability

Impact

Risk score

Action priority

A

B

C

D

E

F

G

1

Destroy port authority's communication
tower by explosives

2

1

2

4

(2 x 1 x 2)

If both the vulnerability reduction measures and impact reduction measures discussed in this example were taken together, the total risk score would be reduced to “4”, well below the initial score of “6”.

The persons doing the security assessment and persons charged with implementing security measures must determine the effectiveness of various vulnerability or impact reduction measures for their ports.

Source :
IMO/ILO
Code of practice on security in ports
Tripartite Meeting of Experts on Security, Safety and Health in Ports

Geneva, 2003



Copyright@ 2003 by Saigon Port
www.csg.com.vn
The Permit No. 127/GP-BVHTT dated 16/04/2003 of Ministry of Culture and formation.
| Home | Members | Organization Profile | Information Service | Standard | Regulations
| Jobs & Training | Refreshing Pictures | Maritime Terms | Forum | Email