Risk Assessment Methodology

advertisement
ISPS
4. Ship Security Assessment
HZS ISPS 2006-2007
4.1
Ship Security Assessment
I.
II.
III.
IV.
V.
Risk Assessment Methodology
Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation
HZS ISPS 2006-2007
4.2
I. Risk Assessment Methodology
•
•
What is SSA: It is a process that identifies
weaknesses in physical structures, personnel
protection systems, processes, or other areas
that may lead to a security breach, and may
suggest options to eliminate or mitigate those
weaknesses.
Objective: Detect threats to critical assets of
the company and define preventive measures
against security incidents affecting the
company and the ships in order to prioritise
security measures.
HZS ISPS 2006-2007
4.3
I. Risk Assessment Methodology
• Must be carried out by: Persons With
Appropriate Skills To Evaluate The
Security of A Ship (see next)
• Under supervision of / assigned by:
Company Security Officer
• And this: In Accordance With Part A Of
The Code, Taking Into Account Part B Of
The Code.
HZS ISPS 2006-2007
4.4
I. Risk Assessment Methodology
Persons With Appropriate Skills
Remark by Classification Company:
We understand the CSO should decide who has the
appropriate skills although the Code does not stipulate
specifically who will evaluate the appropriate skills. We
also understand persons to carry out SSA may draw
upon expert assistance as in Code B/8.4 in addition to
his own skills. The specific ways to draw upon expert
assistance are considered to be security consultant,
literature, internet web site, services delivered by e-mail
and various information issued by each country. We
advise to make a list of those assistance methods to use
for carrying out SSA.
HZS ISPS 2006-2007
4.5
I. Risk Assessment Methodology
3 Key steps:
1. Identify the key ship board operations
important to protect. RISK
ASSESSMENT
2. Identify the possible threats to the ship
and their probability of occurrence
against the requirements of the ISPS
Code. THREAT ASSESSMENT
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.6
I. Risk Assessment Methodology
What is “RISK” & for “What”?
Risk
Lives
=
Estimated
likelihood
X
Estimated
impact
Property
Societal disruption
Image
Money
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.7
I. Risk Assessment Methodology
Sequence of activities:
• Define the system being studied
• Identify the hazards associated with that
system
• Assess the likelihood of the hazards
occurring
• Identify how each hazard might progress
to various outcomes
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.8
I. Risk Assessment Methodology
Sequence of activities (cont’d):
• Assess the likelihood of progression to each
outcome
• Asses the consequences associated with each
outcome
• Multiply likelihood and consequence to obtain
the risk associated with each outcome
• Sum the risks associated with the outcomes to
produce an overall risk
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.9
I. Risk Assessment Methodology
The Threats according to the ISPS Code are:
Damage to, or destruction of, the port facility or
of the ship (by explosive devices, arson,
sabotage, vandalism)
Hijacking or seizure of the ship or the persons
on board
Tampering with cargo, essential ship equipment
or systems or ship’s stores
Attacks whilst at sea or from seaward at berth
or at anchor
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.10
I. Risk Assessment Methodology
Threats according to the ISPS Code are: (Cont.)
• Unauthorized access or use including the
presence of stowaways
• Smuggling weapons or equipment
• Use of the ship to carry those intending to cause
a security incident and their equipment
• Use of the ship itself as a weapon or as means
to cause damage or destruction
• Blockage of port entrances, locks, approaches,
etc.
• Nuclear, biological and chemical attack
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.11
I. Risk Assessment Methodology
Security Objects according to the ISPS Code are:
•The port’s infrastructure, especially the port’s
accesses, entrances, approaches, etc
•The port’s facilities
•The port’s employees / the employees of the
port’s companies
•The cargo present at the port
•The port’s environment (surrounding areas, air,
water)
•The ships (and the passengers) in the port
•The IT systems
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.12
I. Risk Assessment Methodology
Items to be protected include:
• The ship’s personnel
• Passengers, visitors, vendors, repair
technicians, port facility personnel etc.
• The capacity to maintain safe navigation
and emergency response
• The cargo, particularly dangerous goods
or hazardous supstances
• Ship’s stores
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.13
I. Risk Assessment Methodology
Items to be protected include: (Cont.)
• Any ship security communication
equipment and systems
• Any ship’s security surveillance equipment
and systems
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.14
I. Risk Assessment Methodology
Items to be taken into account that could create
vulnerabilities:
• Conflicts between safety and security measures
• Conflicts between shipboars duties and security
assignments
• Watchkeeping duties, number of ship’s
personnell, and any implications to crew fatigue,
alertness and performance
• Any identified security training dificiencies
• Any security equipment and systems , including
communication systems
HZS ISPS 2006-2007
1.
Risk Assessment
2.
Threat Assessment
4.15
Ship Security Assessment
I.
II.
III.
IV.
V.
Risk Assessment Methodology
Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation
HZS ISPS 2006-2007
4.16
II. Assessment Tools
• The Ship Security Officer must use
systematic and consistent approaches to
evaluate the security conditions and
vulnerabilities.
• The operational aspects will be the main
focus.
• A checklist can/will be used and must
include items like:
HZS ISPS 2006-2007
4.17
II. Assessment Tools
Minimum Checklist items:
• General layout of the ship
• Location of areas that should have restricted
access, such as the bridge, engine room, radio
room etc.
• Location and function of each or potential
access point to the ship
• Open deck arrangements including the height of
the deck above water
• Emergency and stand-by equipment available to
maintain essential services
HZS ISPS 2006-2007
4.18
II. Assessment Tools
Minimum Checklist items: (Cont.)
• Numerical strength, reliability, and security duties of the
ship’s crew
• Existing security and safety equipment for protecting the
passengers and crew
• Existing agreements with private companies for
providing ship an waterside security services
• Existing protective measures and procedures in practice,
uncluding inspection, control and monitoring equipment,
personnel identification documents and communication,
alarm, lighting, access control and other appropriate
systems
HZS ISPS 2006-2007
4.19
Ship Security Assessment
I.
II.
III.
IV.
V.
Risk Assessment Methodology
Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation
HZS ISPS 2006-2007
4.20
III. On-scene security surveys
• The on-scene security survey is an
integral part of any SSA.
• A SSA is not complete without an onscene security survey.
• A company can use 1 assessment for
different ships but the survey is unique for
every vessel.
HZS ISPS 2006-2007
4.21
III. On-scene security surveys
The survey should fulfill the following functions:
• Identification of existing security measures, procedures
and operations
• Identification and evaluation of key shipboard operations
that it is important to protect
• Identification of possible threats to the key shipboard
operations and the likelihood of their occurrence, in order
to establish and prioritize security measures
• Identification of weaknesses, including human factors in
the infrastructure, policies and procedures
HZS ISPS 2006-2007
4.22
III. On-scene security surveys
Min. items to be examined by On-scene security
survey:
• Ensuring the performance of all ship security
duties
• Monitoring restricted areas to endure that only
authorized persons have access
• Controlling access to the ship, including any
identification systems
• Monitoring of deck areas and areas surrounding
the ship
HZS ISPS 2006-2007
4.23
III. On-scene security surveys
Min. items to be examined by On-scene security
survey: (Cont.)
• Controlling the embarkation of persons and their
effects (accompanied and unaccompanied
baggage and ship’s personnel personal effects)
• Supervising the handling of cargo and the
delivery of ship’s stores
• Ensuring that ship security communication,
information, and equipment are readily available
HZS ISPS 2006-2007
4.24
III. On-scene security surveys
Threats...
May imply risks
for...
Security Objects.
HZS ISPS 2006-2007
Preventive
Measures
Detective Measures
Corrective
Measures
4.25
Ship Security Assessment
I.
II.
III.
IV.
V.
Risk Assessment Methodology
Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation
HZS ISPS 2006-2007
4.26
IV. Practical steps to conduct a SSA
Overall
steps to
produce a
SSA
HZS ISPS 2006-2007
4.27
IV. Practical steps to conduct a SSA
Step 1: Obtain and record the following information
required to conduct an assessment:
1. Ship and company documentation as detailed in
section 1 (should contribute to the threat evaluation
phase)
2. Record and document the following in detail
a)
b)
c)
d)
Authorised access points as detailed in section 4
Restricted areas as detailed within section 5
Escape and evacuation routes as detailed in section 6
Existing security equipment/systems as detailed in section 7
HZS ISPS 2006-2007
4.28
IV. Practical steps to conduct a SSA
3. A copy of the ships general arrangement
plan annotated with:
a) Authorised access points as detailed in section 4
b) Restricted areas as detailed within section 5
c) Escape and evacuation routes as detailed in
section 6
d) Existing security equipment/systems as detailed
in section 7
This gathered information will be used in the
following steps.
HZS ISPS 2006-2007
4.29
IV. Practical steps to conduct a SSA
Step 2: Conduct and document a detailed
threat evaluation and risk assessment for
the ship as detailed in section 8. Assess
for any weaknesses, note them and
address them in the on-scene security
survey. Keep a copy of this documentation
and add them to the final SSA.
HZS ISPS 2006-2007
4.30
IV. Practical steps to conduct a SSA
Step 3: Conduct the on-scene security
survey during which all previous
information gathered must be confirmed
and any weaknesses identified as detailed
in section 9. Keep a copy of this survey in
the final SSA
HZS ISPS 2006-2007
4.31
IV. Practical steps to conduct a SSA
Step 4: If any ammendments are to be made
to one of the previous documents, due to
the making of the security survey, it must
be done at this point. All additions and
ammendments must be documented and
copied in the ship security plan. They must
also be retained in the SSA.
HZS ISPS 2006-2007
4.32
IV. Practical steps to conduct a SSA
Step 5: Present the SSA to the company for
review and acceptance. The SSP will be
finalised with the SSA.
Step 6: The SSP, accompanied with the
assessment, is put forward for approval by
the Administration or Recognised Security
Organisation (RSO)
HZS ISPS 2006-2007
4.33
IV. Practical steps to conduct a SSA
Practical steps for the mitigation of different
threats/ scenario’s:
 Step 1: Scenario Selection
 Step 2: Evaluate/score the scenario in terms of
potential consequences
 Step 3: Evaluate/score the scenario in terms of
ship’s vulnerability
 Step 4: Determine if the scenario requires a
mitigation strategy
 Step 5: Implement mitigation strategy
HZS ISPS 2006-2007
4.34
IV. Practical steps to conduct a SSA
Potential
Threat
Scenario’s
HZS ISPS 2006-2007
4.35
IV. Practical steps to conduct a SSA
Step 1:
Scenario
Selection
HZS ISPS 2006-2007
4.36
IV. Practical steps to conduct a SSA
Step 2: Evaluate, score the scenario in terms of
potential consequences
HZS ISPS 2006-2007
4.37
IV. Practical steps to conduct a SSA
Step 3:
Evaluate, score
the scenario in
terms of ship’s
vulnerability
HZS ISPS 2006-2007
4.38
IV. Practical steps to conduct a SSA
Step 4:
Determine if
the scenario
requires a
mitigation
strategy
HZS ISPS 2006-2007
4.39
IV. Practical steps to conduct a SSA
Step 5:
Implement
mitigation
strategy
HZS ISPS 2006-2007
4.40
IV. Practical steps to conduct a SSA
Exercise: Restricted Area’s
Sum up the restricted area’s o/b
Read & Comment
HZS ISPS 2006-2007
4.41
Ship Security Assessment
I.
II.
III.
IV.
V.
Risk Assessment Methodology
Assessment Tools
On-scene security surveys
Practical steps to conduct a SSA
Security assessment documentation
HZS ISPS 2006-2007
4.42
V. Security assessment
documentation
• After completion of the SSA a report must
be prepared, consisting of a summary of
how the assessment was cinducted, a
description of each vernerability found
during the assessment, and a description
of counter measures thet could be used to
address each vulnerability.
• This report must be protected from
unautherized access or disclosure.
HZS ISPS 2006-2007
4.43
Download