Functional testing of the ship security alert system

In the summer of 2023, the Norwegian Maritime Authority (NMA) published an article to inform of upcoming changes to test procedures for ship security alarm systems (SSAS). These changes are formalised in this Circular, which provides further guidance on how to conduct functional testing.

Legislation

All vessels subject to the Security Regulations¹ shall be provided with a ship security alarm system, cf. section 7 of the Regulations. This requirement originates from SOLAS Regulation XI-2/6. Furthermore, the Security Regulations implement in Norwegian legislation the requirement of the ISPS Code to develop a ship security plan (SSP). The SSP must be developed and amended pursuant to Part A of the ISPS Code, cf. the Security Regulations section 9 first paragraph. The plan must, among other things, include procedures for the testing of security equipment, cf. Part A of the ISPS Code section 9.4 subsections .15 and .18, and the frequency of such testing, cf. subsection .16. The SSP must be approved by the NMA or a recognised security organisation (RSO), cf. the Security Regulations section 9 third paragraph.

The ISPS Code is a function-based code, which means that it defines functions that need to be fulfilled without describing in detail how this should be done. Therefore, the Code does not include detailed rules on how and how often the SSAS should be tested, and it is up to the flag States to provide such guidance.

In December 2017, the NMA published instructions to Class (IC) to give the recognised security organisations (RSO) instructions on specific topics and interpretations². According to this document, the NMA expects SSAS testing to be conducted on a regular basis, and that it would be sufficient to perform testing at 6-month intervals³. Moreover, it is stated that the Joint Rescue Coordination Centre (JCCR) must be involved in at least one of the tests⁴.

Part A section 13 of the ISPS Code includes requirements for training, drills and exercises. In Part B sections 13.6 and 13.7, it is stipulated that drills testing individual elements of the ship security plan should be conducted at least once every three months, whereas more comprehensive exercises should be carried out annually. Part B of the Code is non-binding in nature, but sections 13.6 and 13.7 have been made binding through the Security Regulations section 5.

A distinction is made between drills and exercises carried out in accordance with the ISPS Code Part A section 13 and functional testing of the ship security alert system. Functional testing is conducted to make sure that the system works and transmits an alert. Drills and exercises to be carried out pursuant to part A section 13 of the Code are described in more detail in the binding sections 13.6 and 13.7 of Part B. Bothe are more comprehensive than the functional testing of the ship security alert system, and it is important not to mix them. This means, among other things, that the frequencies of drills and exercises referred to in sections 13.6 and 13.7 do not apply to testing of functionality only.

How well has the system worked?

The requirement for a ship security alert system was introduced in 2004⁵ and has thus been in force for nearly 20 years. The Joint Rescue Coordination Centre (JRCC) has informed the NMA that they receive a large number of alerts from ship security alert systems as a result of on-board testing of the system. Moreover, the JRCC reports that SSAS tests are being performed increasingly frequently. The JRCC needs to spend a lot of time and resources on managing such alerts, even if they are not real alerts. Both the JRCC and the NMA believe it is a good thing that ship security and testing of the ship security alert systems are taken seriously by the companies. Nevertheless, it is our opinion that the purpose of functionality tests can be achieved even though the number of tests involving the JRCC is reduced.

How do we want things to work?

The purpose of functional testing of the ship security alert system is to determine how well the system works and transmits alerts. This can be done without involving the Joint Rescue Coordination Centre in every test run. During functional testing, the alert should be transmitted to the company security officer (CSO) and/or a defined point of contact in the company's emergency response organisation. Such testing must be conducted at least every six months.

The JRCC must only be involved in functional testing carried out in connection with interim, initial, intermediate and renewal surveys linked to the ship's ISPS certificate, cf. the Security Regulations sections 10 and 11. This means that that the Joint Rescue Coordination Centre will as a maximum be involved every 2.5 years after the issuance of a full-term certificate. We are not introducing a requirement for the JRCC to be involved at all certificate surveys. The purpose of this circular is rather to limit the number of tests where the JRCC is involved.

It is important that all parties involved are informed of functional testing in advance. If a sharp alert accidentally sets off during testing, it must be ensured that all parties involved are informed of this as soon as possible.

It is important that these measures are followed in order to avoid the unnecessary use of JRCC resources.

¹ Regulations of 22 June 2004 No. 972 on security, anti-terrorism and anti-piracy measures and the use of force on board ships and mobile offshore drilling units (Security Regulations)

² IC 6 - 2017 Interpretations and requirements related to Security Rules and Regulations

³ IC 6 - 2017 item 1.5

⁴ IC 6 - 2017 item 1.5

⁵ For Class A passenger ships 1 July 2005