Security level for ships flying the Norwegian flag

This page contains instructions from the Norwegian Maritime Authority on security levels on ships flying the Norwegian flag.

The instructions relate to elevation of security levels from 1 to 2 or 3, as well as recommendations on actions to be taken on board the ship in defined areas.

The information is updated as of March 1st 2016. The information is valid until further notice, and supersedes all other previously issued security level instruction issued by NMA.


 BMP   Best Management Practice as defined by the Industry Standard and published  by ICS, BIMCO, Intertanko and OCIMF
 HRA  High Risk Area as defined in BMP
 SSP  Ship Security Plan

Current security levels set by NMA

Vessels flying the Norwegian flag shall implement measures as described in the SSP for the different MarSec levels, when arriving mentioned areas below.

Security level 1:

All areas not mentioned below, if not requested by Designated Authority for the intended port of arrival.

Security level 2:

Strait of Hormuz (as illustrated in picture 3 below)

Vessels are advised to minimize transit in Iranian territorial waters. Vessels passing through Strait of Hormuz within the boundaries of N25° - N28° and E054° - E058° as shown in illustration below are requested to implement security measures as described in their SSP according to ISPS/MarSec level #2.

East Africa (as illustrated in picture I below)

 In the Red Sea

 From Suez and southwards

 In the Gulf of Oman 

 Northern limit: Latitude N 22° 

 Eastern limit

 Longitude E 006°

 Southern limit

 Latitude S 05°

West Africa (as illustrated in picture II below)

 Southern limit 

 N 02°40’

 Western limit

 From N 02°40’ and directly to the border of Togo

 Eastern limit

 From N 02°40’ and directly to the border of Cameroun 

Current areas recommended to implement measure from the SSP

Vessels trading the below mentioned areas are strongly advised to consider implementing security measures in their SSP as if the vessel had been operating on MarSec level #2 while inside these areas. Security records on board should not indicate that the actual security level has been raised, only that those measures found necessary by Master/SSO has been implemented.

West Africa (illustrated in appendix II)

“Southern part”

 Southern point 

 S 17°17’  E 006°35’ and directly to the border of Angola 

 Congo point

 S 04°00’  E 006°35’

 Western point

 S 01°00’  E 004°05’

 Northern point

 N 02°40  E 004°05’ and directly to the border of Nigeria

“Western part”

 Western point 

 N 02°40  W 007°29’ and directly to the border of Cote d’Ivoire 

 Eastern point

 N 02°40  E 002°58’ and directly to the border of Togo

 Sikkerhetsnivå 2 Øst-Afrika

Sikkerhetsnivå 2 Vest-Afrika


ISPS certificate – ISSC

The ISPS Code was adopted during the fall session of MSC in 2002 (IMO) with entry into force on 1 July 2004. The ISPS Code has been made applicable to all EU and EEA countries by EC Regulation (EC) 725/2004 and nationally by the Norwegian Regulations 972/2004 (the Security Regulations).

The following ships shall according to the national Regulations hold an International ship security certificate (ISSC) (see the Security Regulations for definitions and exemptions, if any):

  • passenger ships, including high-speed passenger craft, certified for international trade, and passenger ships certified as class A passenger ships;
  • cargo ships, including high-speed cargo craft, of 500 gross tonnage and upwards, certified for international trade;
  • mobile offshore drilling units.

The Norwegian Maritime Authority (NMA) has prepared some guidelines where Norway's interpretations as flag State within certain areas are made clear. These have been published under the menu point "Guidelines".

The access to ISPS information on board ships is limited. The NMA is considered the "owner" of ship security plans (SSP) of Norwegian-flagged ships. Representatives from the NMA who shall have access to the ISPS-related information, will have an endorsement on their official ID cards stating "ISPS control" and/or "Duly Authorized", as shown in the illustration below. The validity of the ID card can be verified by calling the NMA's switchboard or emergency preparedness number.

The ISPS Code requires a ship to operate in compliance with the requirements laid down in the Code. In the cases where a verification establishes non-conformities in the system, measures must be implemented that ensure that the ship satisfies the requirements of the Code before the ships is allowed to sail again.

Certificate of proficiency

There are three levels of certificate of proficiency:

  1. certificate of proficiency for ship security officers (SSO);
  2. certificate of proficiency for seafarers with designated security duties;
  3. certificate of proficiency in security awareness.

On 1 July 2013 it became a requirement that the SSO must hold a certificate of proficiency for ship security officers.

Certificate of proficiency is issued by the maritime training centers.


Within the field of maritime security there are several types of supervision that may be conducted by the Norwegian Maritime Authority. The most common are described below:

Unscheduled ISPS inspection

Unscheduled inspection on board Norwegian-flagged ships with ISSC in order to verify compliance with the requirements of the Code.

Expanded ISPS inspection

Inspection carried out on board a ship flying a foreign flag on its way to, or in, a Norwegian port. Conducted by a Duly Authorized Officer upon suspicion that a ship is not operating in compliance with the requirements of the ISPS Code.

Vertical and horizontal audit of the classification societies

Audits of the classification societies are carried out in order to monitor and verify that they perform their delegated tasks in accordance with the descriptions. Such audits are supported by unscheduled supervision on board vessels.


Interim, initial, intermediate, renewal and additional verifications are carried out on ships with ISSC issued by the NMA directly.

ISPS pre-arrival information

ISPS notices of arrival at a Norwegian port are reported via SafeSeaNet Norway (SSN) at


Records as mentioned in Part A of the ISPS Code, Section 10.1 (Records) shall be kept on board for the last 3 years and for at least the last 10 ports of call.

All records shall be kept in the working language of the ship. If the language used is not English, a translation into English shall be available on board.

Declaration of security (DoS)

A declaration of security (DoS) shall be completed and be kept as a part of the ship's records when:

  • the ship operates at a higher level of security than that of the port or the ship with which it interacts;
  • there has been a relevant threat or incident concerning the security of the ship or the port facility;
  • the ship is at a port facility that does not have an approved security plan.