Measures to deter and respond to piracy attacks are part of a company's management system
Measures to deter and respond to piracy attacks are, like any other security-related procedure or equipment, part of a company's management system. It is for the Company to decide what those measures should be based on an assessment of the risks to which its ships are exposed.
As a result of recent events in the Indian Ocean and the Arabian Sea, piracy has become an increasingly controversial and politically sensitive topic. Ship operators, flag administrations, insurers and others are struggling to formulate their responses in the face of a rapidly evolving and increasing threat. Questions concerning the installation and use of citadels and the employment of armed guards are especially contentious.
All this is taking place within much wider, complex political and military contexts and, here too, policy-makers are finding it difficult to keep up with events. While debates continue about whether attempts to deal with underlying social and economic factors in adjacent countries should take precedence over the deployment of naval forces, the pirates are becoming much better organised, trained and funded. Last year's pirates are this year's investors in piracy and there is evidence that large-scale organised crime has spotted an opportunity to expand and diversify. Poverty and idleness among young Somali men can no longer be regarded as the only causes.
The pirates are also becoming more ruthless and violent. At one time, it was fairly safe to assume that, once on board, they would wait until the ransom was paid and then leave without harming anyone. This is no longer the case and many operators are coming to the conclusion that the only sensible response is to make sure that the attackers cannot get onto the ship in the first place.
Lloyd's Register's Involvement
Lloyd's Register, both as a classification society and in its role as a recognised security organisation, is being drawn into these controversies by shipping companies seeking information and advice on how to avoid or prepare for an attack and by other industry bodies that are attempting to develop coherent approaches of their own. The questions being raised often go beyond purely technical and operational concerns to include the possible insurance and legal implications of proposed courses of action.
There are circumstances in which Lloyd's Register can assist companies with their technical and regulatory queries but, before we do so, and before we make any public statements on such matters, we must understand the part that recognised security organisations play in enhancing maritime security and the limits that this places on what we can say and do. This, in turn, requires a brief explanation of the way in which the International Ship and Port Facility Security (ISPS) Code operates.
The ISPS Code
The first step in achieving compliance, and the one on which all else depends, is for the company to undertake a thorough ship security assessment. This is a security risk assessment that begins by identifying all the possible security threats that the ship may encounter. These will vary depending on the areas in which the ship is trading, the cargoes it carries, the flag it flies, the nationalities of the seafarers it employs, and so on. The vulnerability of the ship to those threats is evaluated and any existing security arrangements are reviewed, all of which enables the company to decide what further measures are required.
The output from this exercise forms the basis of the ship security plan. This addresses the threats and vulnerabilities identified by the assessment and contains the procedures and instructions necessary for the ship to operate at security levels one, two and three. Elements of the ship security plan include the protection of restricted areas and critical operations; control of access to the ship; the operation and maintenance of security equipment; the conduct of security drills and exercises; security patrols, and so on.
The ISPS Code makes it clear that the company is responsible for conducting, documenting, reviewing and accepting the ship security assessment. The resulting ship security plan, accompanied by the ship security assessment, must be submitted to the flag administration (or a recognised security organisation) for approval.
Although the company may employ another organisation to assist in carrying out the ship security assessment or drafting the ship security plan, it is essential, in accordance with well established management principles, that the company retain responsibility for the adequacy of the work, any technical or operational decisions that arise from the assessment and the content and effective implementation of the plan.
An organisation that has assisted in the ship security assessment or in the development of the ship security plan is forbidden from undertaking the review and approval of the plan and the subsequent verification audits.
The Role of the Recognised Security Organisation
Lloyd's Register's role as a recognised security organisation is to review and approve a company's ship security plan and to audit its effective implementation on behalf of the flag state. To be able to do so, Lloyd's Register staff must have had no involvement in the conduct of the ship security assessment or the development of the plan. In other words, as a recognised security organisation, Lloyd's Register should not participate in the detailed assessment of security risks and must not give specific advice on what operational measures should be introduced or what items of security equipment should be deployed.
This applies to the installation of citadels and the employment of armed guards just as it does to any other operational procedure or item of security equipment. If the company has carried out a ship security assessment and, based on that assessment, it has decided that a citadel or armed guards have a part to play in its planned responses that is a matter for the company.
The recognised security organisation's task is to ensure that the ship security plan arises genuinely from the ship security assessment; that any arrangements are in accordance with flag-state requirements; that adequate procedures are in place; that crewmembers understand what they have to do; that emergency responses have been exercised; that emergency communications have been established and tested, and so on. The company decides what responses are appropriate, based on the results of the ship security assessment, and the auditor verifies that they are being managed effectively.
However, none of this prevents Lloyd's Register from providing technical support to ship operators provided that it does not amount to specific advice on which measures to adopt or the expression of opinions concerning the usefulness and effectiveness of particular alternatives.
For example, once the company has chosen to install a citadel, it is perfectly proper for Lloyd's Register to provide technical support in relation to, for example, the structural aspects of the installation; its wiring, ventilation and control systems; potential conflicts with class and statutory requirements; how to avoid such conflicts and what exemptions may be needed.
Similarly, even while the company is considering its choices, general guidance may be given on the factors that should be taken into account when coming to a decision. Have they consulted any guidance that might have been published by the International Maritime Organisation, the flag administration or other industry bodies (especially the best management practices contained in IMO Circular MSC.1/Circ.1337)? Are any of the options available to them subject to mandatory regulations?
When contemplating the employment of armed guards, for instance, companies need to bear in mind that their ships are subject to the flag-state's domestic laws relating to firearms. They need to consider the applicable IMO guidance (in particular MSC.1/Circ.1405); the secure storage of arms and ammunition; the establishment of rules concerning the deployment of the weapons; reporting and record-keeping requirements and the laws of the states at whose ports the ship is likely to call.
Lloyd's Register can play a valuable part in helping companies to deter and respond to attacks by pirates, provided that it is done in a way that is not incompatible with its role as a recognised security organisation acting on behalf of flag administrations.
Lloyd's Register's Principal Specialist, ISM, ISPS and ILO Regulatory Affairs
This is an edited version of an article first appeared in LR Horizons