-1-

GUIDELINES FOR THE PREPARATION OF A PORT AREA SECURITY PLAN

JABATAN LAUT SEMENANJUNG MALAYSIA IBU PEJABAT LAUT PETI SURAT 12 42007 PELABUHAN KLANG SELANGOR

<Restricted Level> This guide presents a template that could be used by Port Administrator to prepare a Port Area Security Plan. The template is provided as guidance only and each Port Administrator should consider the suitability of it for their local circumstances prior to adopting it for their own use. Text in Italics used in each section of the template describes the type of information expected under the subject headings. It is suggested that Port Administrator consider: What information the Port Administrator wishes to present to the Designated Authority in their plan? Who will be covered by the plan and who will use it? For example, the Port Administrator will be covering the operations of all the Port Facilities in their plan. Is the information presented likely to be changed frequently during the period of the plan? (if so, more generic information that is not a regulatory requirement may be needed)

<Restricted Level> Contact Details for the Port of <Port Name>

<Port Administrator> Details

Physical Address <Physical Address>

Mailing Address (if different) <Mailing Address (if different)> Port Area Security Officer <Name> Business Phone Number Fax Number Email Address Business Address <Phone> <Fax> <Email> <Address>

Mailing Address(if different) <Address>

24 Hour Port Security Duty Officer Contact Number <Duty Officer Contact Number>

<Restricted Level>

MARITIME SECURITY PLAN

For the Port of <PORT NAME> Prepared by <PORT ADMINISTRATOR NAME>

Date: DD/MM/YYYY

Submitted by <Name of authorised person> Position <> Signature .. Date . Revision Number Copy Number ..

<Restricted Level>
CONTENTS

<Restricted Level>

Section 1 - Administrative Details

1.1 Authority

This section must outline who has authorised the Port Area Security Plan on behalf of the Port Administrator. It may also include the organisations' security policy. The intention is to demonstrate that the organisation supports the implementation of this plan. 1.2 Document Protection

Outcome - effective protection of the Port Area Security Plan from unauthorised disclosure. This section must be used to explain how the Port Administrator will protect their security plan from unauthorised disclosure. It should refer to the security classification of the document for internal purposes and to specific procedures to be taken to prevent unauthorised access, amendment and disclosure of the document. 1.3 Document Control

The Port Administrator may wish to include a document control statement in their plan. This may include specific procedures for the revision and update of the plan should modification of the plan be required

<Restricted Level>

Section 2 - Scope
The Port Area Security Plan requires to cover all matters of ship/port interface: a) that are to be conducted within the security designated port area; and b) that are not covered by the port facility security plans in the security designated port area but which conducts operations within or in connection with, the security designated port area. 2.1 Port Administrator This section should describe what operations are covered in the plan. This section should also make reference to the Map of the Security Designated Port Area, which must be attached to the Plan. refer attachment 1. Port Administrator may wish to expand the coverage of their plan to include related operations and activities. 2.2 Port Facility Operators This section should provide a general overview of the Port Facility Operators within the security designated port area. It should clearly indicate the Port Facility Operators and their operations covered under this security plan and should be used to explain the scope of the Port Facility operations 2.3 Port Marine Service Providers This section should provide a general overview of the Port Marine Service Providers within the security designated port area. It should clearly indicate the Port Marine Service Providers and their operations covered under this security plan and should be used to explain the scope of the Port Marine Service Providers. The Port Administrator shall be responsible in ensuring that the Port Marine Service Providers have an adequate knowledge of the ISPS Code especially on the requirements of the Declaration of Security.

<Restricted Level>

Section 3 - Consultation, Communication and Coordination

Outcome - Effective consultation, communication and coordination of security measures and procedures across the security designated port area. The Port Area Security Plan shall set out a mechanism for consultation: a) Between the port Administrator and each of the stakeholders conducting operations within the security designated port area, for the purpose of coordinating their securityrelated activities; and b)between the port administrator and its personnel and contractors (or their representatives) regarding security measures and procedures to be implemented. 3.1 Port - Area Communication and Consultation It is critical that the operation of the Port Area Security Plan does not hinder or obstruct compliance with another Security Plan operating within the security designated port area. Similarly, Port Facility Security Plan should compliment the Port Area Security Plan. In this section of the plan the Port Administrator must explain the procedures taken to consult with the other stakeholders, within the security designated port area. This could be achieved via the formation of a Port Area Security Committee or other consultative forum prior to the development of individual security plans. Port Area Security Committee, chaired by the Port Administrator, should include representatives from port area security officer, port facility security officer, government institutions immigration, customs, quarantine, marine department, police, etc; port marine service providers, facility owner / facility operator and facility users key ship operators or agents. 3.2 Port Employees and Contractors As port employees and contractors will need to assist with the implementation of security measures and procedures, this section of the Port Area Security Plan must detail the mechanism by which the Port Administrator will consult with Port employees and contractors regarding security measures and procedures to be implemented. 3.3 Notification of a Change in Maritime Security Level and Security Directions From time to time, the Designated Authority may advise that the Security Level has changed. In this section of the Plan, the Port Administrator must describe how they will communicate this information to the Port Facilities covered by the Port Area Security Plan. 3.4 Declaration of Security The Declaration of Security (DOS) is an agreement between a Port Administrator and a Ship on the types of security measures and procedures that will be put in place upon arrival of that ship in port. It outlines who has responsibility for providing security measures required under the agreement. The requirements for a DOS can be found in Regulation 5 of Part A of the ISPS Code. A Port Area Security Plan must identify the circumstances where a Port Administrator will request a DOS with a visiting ship. For example when a ship at a higher security level wishes to enter port. The plan must also detail the procedures for negotiating the security measures and responsibilities in the DOS and must explain how the measures in the DOS will be implemented to ensure that both the Security Plan for the Ship and the Port Area Security Plan 8

<Restricted Level> and the DOS are complied with. A template for use between a port and ship is at attachment 3. The template has been adopted from Part B Appendix 1, of the ISPS code, pages 99 to 101. When a DOS is required during a ship to ship operations, the Port Area Security Officer (PASO) or the Port Facility Security Officer (PFSO) is responsible for the signing of the DOS when the ship to ship operation occurs within the Security Designated Port Area. The captain of the port marine service provider will be responsible for the signing of the DOS if the ship to ship operations occur outside of the Security Designated Port Area

<Restricted Level>

Section 4 - Operation of the Plan

4.1 Review and Audit Outcome - Effective audit and review procedures that ensure the security measures and procedures are adequate and that the plan has been implemented correctly. This section should be used to explain how the Port Administrator will ensure that the plan is effective and adequate and that the plan has been implemented correctly. The Port Area Security Plan must include: 4.1.1 4.1.2 4.1.3 4.1.4 A schedule of Internal and External Security Plan Audits. The circumstances in which a Security Plan Review will be conducted. This must include after a maritime transport security incident. The procedures for conducting a Security Plan Audit. This must include a procedure for selecting independent auditors. The Procedures for conducting a Security Plan Review. This must include a procedure for consultation to be undertaken to ensure security measures and procedures are adequate and the plan appropriately implemented.

It is suggested that for ease of maintaining audit and review procedures that they should be referenced in this section and specific details included at attachment 5. 4.2 Drills and Exercises The Port Area Security Plan shall include procedures for conducting drills and exercises associated with the plan. This should include a timetable of when the drills are to be conducted and how records of the results of drills and exercises will be kept and secured. 4.3 Responsibilities

The Port Area Security Plan must detail the specific duties and responsibilities of the Port Area Security Officer and other security personnel. For example the duties and responsibilities of any maritime security guards employed or contracted by the Port Administrator. A Table to record information on the responsibilities of security related positions could be formatted as follows:Position Responsibilities <insert the <insert the responsibilities > position title> Port Area Security Officer Port Facility Security Officer Security Guards

10

<Restricted Level> 4.4 Knowledge and Training Outcome - Port Area Security Officers and other security personnel have received appropriate training or have sufficient knowledge to perform their duties. The Port Administrator must ensure that personnel with responsibility for security have adequate knowledge, or have received appropriate training to be able to carry out their duties: the knowledge, skills and other requirements for the security related aspects of their position; the training or qualifications that satisfy those requirements; and the training that must be given to such personnel. The table below can be used to record the training requirements for each position. Position Required Knowledge or Training <Insert the <insert the knowledge and training requirements for the position Position title> here Port Area Knowledge / Skills Ability to conduct security patrols Security Ability to maintain access control points for pedestrians and Guards vehicles Ability to monitor and control peoples behaviour. Self defence and restraint skills Qualifications

Each plan should also include or make reference to a training register to record which staff have received appropriate training or have sufficient knowledge to perform their duties. Details of the training should be documented as well as how the Port Administrator has determined they have the required knowledge to undertake their security duties.

11

<Restricted Level>

Section 5 - Security Measures and Procedures

5.1 Port Area Security Assessment Outcome - An understanding of security risks and possible preventive security measures and procedures to treat risks that have been identified. Each port area security plan must include a security assessment. The completed security assessment must be attached to the plan at attachment 4. 5.2 Security Measures and Procedures

Outcomes Effective measures and procedures to treat security risks and to control access within the security designated port area Effective measures and procedures for implementing security directions and for responding to maritime transport security incidents or other security matters. This section must be used to identify each security measure and/or procedure to be implemented under the plan. However the specific details of each security measure and/or procedure could be included in Attachment 5 - Details of Security Measures and Procedures. It is expected that each Port Area Security Plan will include security arrangements to treat a range of different security risks and that individual measures and procedures may address a number of the risks that have been identified by the Port Administrator. As the Port Area Security Plan will cover the operations of the Port Facilities in its port area, this section should identify who is responsible for the measures and procedures of its respective area. The following items below should be addressed in the Security Measures and Procedures. In general it would be expected that measures and procedures addressing these items would be listed for maritime security levels 1, 2 and 3. a) Measures to prevent unauthorised access to the port designated security areas established, or ship security area declared in the security designated port area These measures could include but are not limited to: Clear identification of local water-side security area access prevention arrangements e.g. arrangements with marine police regarding patrols and response; procedures for reporting unauthorised access into Port Designated Security Areas; Land based observation of water-side security areas. b) Procedures for responding to security threats or breaches of security, including provisions for maintaining critical operations in the port area; These procedures could include but are not limited to: Procedures for the handling of bomb and other threats.

12

<Restricted Level> c) Procedures for responding to any Security Directions given by the Designated Authority; The Designated Authority will on occasions issue certain security directions. The Port Administrator will be required to pass on the security direction to other stakeholders who operate within the port. These procedures could include but are not limited to: Management procedures that will be taken to ensure that a security direction is implemented as soon as possible after the direction is given. Procedures for communicating the security direction within the Security Designated Port and externally where necessary. d) Procedures for evacuation of the port in case of security threats or breaches of security; This should include reference to a current evacuation plan. The evacuation plan does not need to be included with the port area security plan. e) Procedures for reporting occurrences which threaten the security of the port area; The Port Area Security Plan shall have procedures for reporting occurrences which threaten the security of the port to the Designated Authority The Royal Malaysian Police; and And where applicable to a person in control of part of the port area, or a person who conducts operations in the port or the ship operator or master of a security designated ship. These measures could include but are not limited to: Procedures for reporting of Security Incidents as above Internal procedures for employees to report security incidents to management or the Port Area Security Officer. Procedures for raising the awareness of staff of their responsibilities for reporting incidents. f) Procedures for responding in case the ship security alert system of a ship in the security designated port area has been activated. The ship security alert system of a ship may be activated in the event of a security incident occurring on board the ship. This alert will be received by the ship operator and the alert will be passed on to the appropriate authorities in the country where the ship is located. The Port Administrator may be asked to assist the authorities in dealing with a ship that has activated its security alert system. The security plan should include measures to ensure that the Port Administrator will cooperate with authorities in dealing with this situation. 5.2.1 Maritime Security Level 1

In this section, the Port Area Security Plan must identify the specific security measures and procedures to be undertaken or implemented by the Port Administrator for Maritime security level 1. Maritime Security level 1 measures are those that will be in operation at all times within the port.

13

<Restricted Level> This table can be used to record the security measures. SECURITY MEASURES AND PROCEDURES AT SECURITY LEVEL 1 Description of security measure or procedure. Person or Organisation with Responsibility for implementing the measure or procedure Eg, Perimeter Fencing, staff security clearances, Eg, Port Facility Operator, Port Area security guard patrols etc Security Officer, etc This section should also include an implementation timetable to meet the requirements of the ISPS Code. This table must show which measures and procedures are already in place and if not in place indicate when they will be implemented, and what interim measures will be put in place until they are ready. A sample table for this purpose is provided on the next page. 5.2.2 Maritime Security Levels 2 and 3 The Port Area Security Plan shall include a list of the additional security measures that the Port Administrator will implement if the Designated Authority raises the Maritime Security Level to 2 or 3. Port Administrator should give consideration to the ISPS Code Part B, Sections 16.19 and 16.20 when considering appropriate measures and procedures to implement at security levels 2 and 3. The following tables can be used to record the security measures and procedures. SECURITY MEASURES AND PROCEDURES AT SECURITY LEVEL 2 Description of security measure or procedure. Person or Organisation with responsibility for implementing the measure or procedure Eg, increased number of security guard patrols, limit Eg, Port Area Security Officer / Port access to port for non essential personnel, Facility Security Officer Note. Security Level 2 measures or procedures are in addition to all of the measures and procedures in force at security level 1. SECURITY MEASURES AND PROCEDURES AT SECURITY LEVEL 3 Description of security measure or procedure. Person or Organisation with Responsibility for implementing the measure or procedure Eg, advise shipping to delay entry to port during level 3 period if possible, assist port facility operators in evacuation of port facilities where threat has been identified. Note. Security Level 3 measures or procedures are in addition to all of the measures and procedures in force at security levels 1 and 2.

14

<Restricted Level>

IMPLEMENTATION TIMETABLE Security Measure or Status (Operational / To be established) Procedure Security fencing around To be established common ship/port interface. Date of expected implementation Interim measures / procedures (if status is to be established) Fencing to be in place by Temporary barriers and signs September 2004 installed to identify the restricted area. Additional guard patrols to monitor and deter any unauthorised access. Additional security sweeps of the berth prior to ship arrival.

15

<Restricted Level>

5.3 Maritime Security Areas Port Administrators shall submit the maritime security areas within the boundaries of the designated security port area. Port Administrators are encouraged to discuss the proposed arrangements for restricted water areas with port facility operators and port marine service providers. 5.3.1 Restricted Water Areas The Port Area Security Plan should identify a) The boundaries of restricted water area for each Port Facility, (to be included on the Maps at attachment 1); 5.3.2 Ship Security Areas The Port Area Security Plan shall include the security measures and procedures that the Port Administrator will put in place to monitor and control access to ship security areas, including measures to detect and deter unauthorised access to the ships security areas.

16

<Restricted Level>

Attachment 1 - Map of the Security Designated Port Area

The map showing the boundaries of the security designated port area and outlining the boundaries of port facilities within the port must be of a suitable scale and size. For large ports, it may be necessary to provide a series of maps to enable enough detail to be provided. To define the boundaries of a security designated port area, port administrator will also need to consult with port facility operator and other stakeholders to determine that the area adequately covers areas of land and water that are to be security controlled. It is also expected that the area defined take into account the results of the port area security assessment.

17

<Restricted Level>

Attachment 2 - Contact Details for the Port of <Port Name>

This attachment is provided to assist Port Administrator in completing Section 3 of the plan template. It is suggested that the following contact lists be completed to demonstrate that the consultation mechanism implemented by the Port Administrator is adequate. Port Facility Contact Details For the purposes of communication, consultation and implementation of security measures and procedures and in the event of a security incident the port operator may need to contact Port Facility Operators within their Security Designated Port Area. For this reason Port Operator Security Plans must include contact details for each of the Port Facilities within the boundaries of the security designated port area. A contact list could be formatted as follows: Port Facility Name <Port Name> Port Facility Security Business Officer Phone Facility <Name> 24 Hour Duty Officer Contact Number

Other Stakeholders Contact Details Similarly for the purposes of communication, consultation and implementation of security measures and procedures and in the event of a security incident. The port administrator may need to contact other stakeholders including port marine service providers within the Security Designated Port Area. A contact list may be formatted as follows: Srakeholders Name <Stakeholder Name> Contact Officer <Name> Contact Phone <phone> Fax Number <fax>

Note. The Port Facility contact details list and other stakeholder contact details list could be combined if considered appropriate.

18

<Restricted Level>

Attachment 3 Declaration of Security (Sample only)

(for use between a ship and port or port facility operator)* Name of Ship: Port of Registry: IMO Number: Name of Port/ Port Facility: This Declaration of Security is valid from until , for the following activities (list the activities with relevant details) under the following security levels Security level(s) for the ship: Security level(s) for the port facility: The port facility and ship agree to the following security measures and responsibilities to ensure compliance with the requirements of part A of the International Code for the Security of Ships and Port Facilities. The affixing of the initials of the SSO or PSO/ PFSO under these columns indicates that the activity will be done, in accordance with relevant approved plan, by Activity Ensuring the performance of all security duties Monitoring restricted areas to ensure that only authorised personnel have access Controlling access to port/ port facility Controlling access to the ship Monitoring of port/ port facility, including berthing areas and areas surrounding the ship Monitoring of the ship, including berthing areas and areas surrounding the ship Handling of cargo Delivery of ships stores Handling unaccompanied baggage Controlling the embarkation of persons and their effects Ensuring that security communication is readily available between the ship and port/ port facility The port facility: The ship:

19

<Restricted Level>
The signatories to this agreement certify that security measures and arrangements for both the port/ port facility and the ship during the specified activities meet the provisions of part A of the International Code for the Security of Ships and Port Facilities and will be implemented in accordance with the provisions already stipulated in their approved plan(s) or the specific arrangements agreed to and set out in the attached annex. Dated at on the Signed for and on behalf of the port/ port facility: the ship:

(Signature of Port Area Port Facility Security Officer) Name: Title:

Security

Officer/

(Signature of Master or Ship Security Officer)

Name and title of person who signed Name: Title

Contact Details (to be completed as appropriate) (indicate the telephone numbers or the radio channels or frequencies to be used) for the port/ port facility: Port/ Port Facility ................................................................................ Port Area Security Officer/ Port Facility Security Officer ................................................................................ Company ................................................................................. Company Security Officer ................................................................................. for the ship: Master ................................................................................. Ship Security Officer .................................................................................

* This form of Declaration of Security is for use between a ship and a port or port facility. If the Declaration of Security is to cover two ships, this model should be appropriately modified.

20

<Restricted Level>

Attachment 4 - Port Area Security Assessment

The Port Administrator must complete a Port Area Security Assessment which includes the security assessment of all the port facilities within the port area.

21

<Restricted Level>

Attachment 5 - Security Measures and Procedures

For each of the security measures to be implemented, specific details of the security measure or procedure should be provided. These details may include the physical and or operational requirements of each particular security measure and procedure. For example, if the security measure to be implemented is for perimeter fencing then the port Administrator would describe where the fencing has been or is to be erected and what design is to be used. This section should be used to describe how the particular security measure or procedure will be carried out. It is entirely appropriate to reference national or international standards, where they exist. Where there is no recognised standard, or the organisation wishes to implement a different approach, then this section should include a thorough operational description such that it is clear how the measure or procedure is to be implemented. Further, where the procedure or measure involves particular qualifications training or prior knowledge, this section should be used to describe that knowledge, training or qualifications.

22

<Restricted Level>

Attachment 6 - Port Facility Security Plans

The Port Area Security Plan shall include the security plan of all its port facilities within the security designated port area. This section should give particular attention to the requirements of Port Facility Security Plans.

23

<Restricted Level>

ANNEX 1 Definitions & Abbreviations

baggage means: (a) possessions of a passenger or crew member: (i) that are carried, or intended to be carried, on board a ship; and (ii) to which the passenger or crew member will have general access while on board the ship; and (b) possessions of a visitor to a ship: (i) that are taken, or intended to be taken, on board the ship; and (ii) to which the visitor will have general access while on board the ship. cargo means goods, other than baggage or stores, that are transported, or intended to be transported, by ship. cargo ship includes a tanker.
Note: A cargo ship may also be a passenger ship.

crew, in relation to a ship, includes any person employed on the ship. declaration of security means an agreement reached between a ship and another party (a ship or PASO/PFSO), that identifies the security activities or measures that each party will undertake or implement in specified circumstances. Stakeholders means: (a) a port administrator; or (b) a port facility operator; or (c) the ship operator for a designated Malaysian ship; or (d) the ship operator for a designated foreign ship; or (e) a contractor who provides services to a person mentioned in paragraphs (a) to (d); or (f) a person who conducts a maritime-related enterprise; port facility is a location determined by the Designated Authority where ship/port interface takes place which may include an area of land or water, or land and water, anchorages, waiting berths and approaches from seaward within a security designated port (including any buildings, installations or equipment in or on the area) used either wholly or partly in connection with the loading or unloading of ships. The port facility area shall encompass the restricted water area and the restricted land area. port facility operator means an organisation who operates a port facility. Port Facility Security Officer (PFSO) means a suitably qualified officer designated by the port facility operator to facilitate the development, implementation, revision and maintenance of the port facility security plan and liaison with ship security officers, company security officers the Port Area Security Officer (PASO) and other Port Facility Security Officers (PFSO). Port Area Security Officer (PASO) means a suitably qualified officer designated by the port administrator to facilitate the development, implementation, review and maintenance of a port area security plan and for liaison with Designated Authority, port facility security officers and ship security officers, where appropriate.

24

<Restricted Level>
Port Marine Service Provider (PMSP) means any marine service which interface with the ship and may include tug/towage operator; water/bunker/provision operator; lighter/stevedore operator; pilot boat operator; or line handling operator. Launch service operator Ship/port interface - means the interactions that occur when a security designated ship is directly and immediately affected by actions involving the movement of persons, goods or the provisions of port services to or from the ship. Restricted Water area - means an area of water within a security designated port area, including at and below the water level, that is a place where a security designated ship may berth or moor to which access is to be controlled. The restricted water area extends down to the sea bed and under the wharf.

25

<Restricted Level>

ANNEX 2 Maritime Security Incident Report Form

26