1、BRITISH STANDARDBS ISO 20858:2007Ships and marine technology Maritime port facility security assessments and security plan development ICS 47.020.99g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39
2、g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58BS ISO 20858:2007This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 December 2007 BSI 2007ISBN 978 0 580 58901 0National forewordThis British Standard is the UK implementation of ISO 20858:2007.
3、 It supersedes PD ISO/PAS 20858:2004 which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee SME/32, Ships and marine technology Steering committee.A list of organizations represented on this committee can be obtained on request to its secretary.This publicati
4、on does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard cannot confer immunity from legal obligations.Amendments issued since publicationAmd. No. Date CommentsReference numberISO 20858:2007(E)INT
5、ERNATIONAL STANDARD ISO20858First edition2007-10-15Ships and marine technology Maritime port facility security assessments and security plan development Navires et technologie maritime valuation de la scurit des installations portuaires maritimes et ralisation de plans de scurit BS ISO 20858:2007ii
6、iiiContents Page 1 Scope . 1 1.1 General. 1 1.2 Conformance. 1 2 Terms and definitions. 1 3 Performance of the security assessment 3 3.1 Overview of the security assessment. 3 3.2 Personnel conducting the security assessment . 4 4 Security assessment procedures . 4 4.1 General. 4 4.2 Scope of the se
7、curity assessment 4 4.3 Current status of security at the port facility. 5 4.3.1 Identification of assets and infrastructure. 13 4.3.2 Consultations 13 4.4 Threat scenarios and security incidents 13 4.5 Classification of consequences 15 4.6 Classification of likelihood of security scenarios . 15 4.7
8、 Security incident scoring. 15 4.8 Countermeasures . 16 4.8.1 General. 16 4.8.2 Countermeasure exceptions . 16 5 Port Facility Security Plan (PFSP). 16 5.1 General. 16 5.2 Prioritization of countermeasures 16 5.3 Port Facility Security Plan contents . 17 5.3.1 General. 17 5.3.2 Table of contents 17
9、5.3.3 Items in facility plot plan 17 5.3.4 Security administration and organization of the port facility. 17 5.3.5 Port Facility Security Officer . 17 5.3.6 Changes in security levels. 18 5.3.7 Procedures for interfacing with ships 18 5.3.8 Declaration of Security (DoS) 18 5.3.9 Additional requireme
10、nts for port facility receiving passenger ship at Security Level 1. 18 5.3.10 Communications. 18 5.3.11 Security systems and equipment maintenance 18 5.3.12 Security measures for access control, including designated public access areas 18 5.3.13 Security measures for access control, including design
11、ated public access areas at Security Level 2. 20 5.3.14 Security measures for access control, including designated public access areas at Security Level 3. 20 5.3.15 Security measures for restricted areas 20 5.3.16 Access to restricted areas . 20 5.3.17 Security measures for handling cargo at Securi
12、ty Level 2 21 5.3.18 Security measures for delivery of ships stores/spare parts and bunkers. 22 5.3.19 Security measures for monitoring 22 5.3.20 Security incident procedures 22 5.3.21 Additional requirements for passenger and ferry port facilities . 23 5.3.22 Additional requirements at cruise ship
13、terminals . 23 5.3.23 Audits and security plan amendments. 24 5.3.24 Skills, knowledge and competencies of security and port facility personnel 24 BS ISO 20858:2007iv 5.3.25 Drills and exercises 26 5.4 Execution of the supply chain security plan 26 6 Documentation 26 6.1 Safeguarding the documents.
14、26 6.2 Port Facility Security Assessment Report . 26 6.3 Marine Port Facility Security Plan . 27 6.4 Security operations and security training records 27 6.5 Retention of records . 28 Annex A (informative) Guidance for obtaining advice and certification. 29 A.1 General . 29 A.2 Demonstrating conform
15、ance with ISO 20858 by audit 29 A.3 Certification of ISO 20858 by third party certification bodies 29 BS ISO 20858:2007vForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International St
16、andards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also
17、 take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committee
18、s is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possib
19、ility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 20858 was prepared by Technical Committee ISO/TC 8, Ships and marine technology. This first edition of ISO 20858 cancels and repl
20、aces ISO/PAS 20858:2004, which has been technically revised. BS ISO 20858:2007vi Introduction This International Standard addresses the execution of marine port facility security assessments, marine port facility security plans (including countermeasures) and the skills and knowledge required of the
21、 personnel involved. This International Standard is designed to ensure that the completed work meets the requirements of the International Maritime Organization (IMO) International Ships and Port Facility Security Code (ISPS) and the appropriate maritime security practices that can be verified by an
22、 outside auditor. Since other ISO standards may address non-marine port facilities the word “marine” usually appears before port facilities in this standard. This standard is intended to address port facilities as defined in the ISPS. BS ISO 20858:20071Ships and marine technology Maritime port facil
23、ity security assessments and security plan development 1 Scope 1.1 General This International Standard establishes a framework to assist marine port facilities in specifying the competence of personnel to conduct a marine port facility security assessment and to develop a security plan as required b
24、y the ISPS Code International Standard, conducting the marine port facility security assessment, and drafting/implementing a Port Facility Security Plan (PFSP). In addition, this International Standard establishes certain documentation requirements designed to ensure that the process used in perform
25、ing the duties described above was recorded in a manner that would permit independent verification by a qualified and authorized agency (if the port facility has agreed to the review). It is not an objective of this International Standard to set requirements for a contracting government or designate
26、d authority in designating a Recognized Security Organization (RSO), or to impose the use of an outside service provider or other third parties to perform the marine port facility security assessment or security plan if the port facility personnel possess the expertise outlined in this specification
27、. Ship operators may be informed that marine port facilities that use this document meet an industry-determined level of compliance with the ISPS Code. Port infrastructure that falls outside the security perimeter of a marine port facility might affect the security of the facility/ship interface. Th
28、is International Standard does not address the requirements of the ISPS Code relative to such infrastructures. State governments have a duty to protect their populations and infrastructures from marine incidents occurring outside their marine port facilities. These duties are outside the scope of th
29、is International Standard. 1.2 Conformance While compliance with the ISPS Code is internationally mandated for all signatory countries, the use of this International Standard is voluntary. If a contracting government establishes requirements that preclude the use of this International Standard, loca
30、l law takes precedence and compliance with this International Standard should not be claimed. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 cargo items that are placed on the ship to be transported to another port, such as boxes, pallets, c
31、argo transport units, and bulk liquid and non-liquid matter 2.2 consequence loss of life, damage to property or economic disruption, including disruption to transport systems that can reasonably be expected as a result of an attack on or at the marine port facility BS ISO 20858:20072 2.3 Internation
32、al Maritime Organization IMO specialized agency of the United Nations whose purpose is “to provide machinery for cooperation among governments in the field of governmental regulation and practices relating to technical matters of all kinds affecting shipping engaged in international trade; to encour
33、age and facilitate the general adoption of the highest practicable standards in matters concerning maritime safety, efficiency of navigation, and prevention and control of marine pollution from ships” 2.4 ISPS Code international code for the security of ships and port facilities consisting of Part A
34、 (the provisions of which shall be treated as mandatory), and Part B (the provisions of which shall be treated as recommendatory), as adopted on 12 December 2002 by Resolution 2 of the Conference of Contracting Governments to the International Convention for the Safety at Sea, 1974, as may be amende
35、d by the Organization 2.5 likelihood probability of a threat scenario becoming a security incident, considering the resistance the physical and operational security measures in place at the marine port facility 2.6 management system organizations structure for managing its processes or activities th
36、at transform inputs of resources into a product or service, which meet the organizations objectives NOTE It is not the intent of this document to specify a specific management system or require the creation of a separate security management system. ISO 9001 (Quality Management Systems), ISO 14001 (E
37、nvironmental Management Systems), ISO 28000 (Supply Chain Security Management Systems) and the International Maritime Organizations International Safety Management (ISM) Code are examples of management systems. 2.7 marine port facility those areas of the port and harbour where the ship/port interfac
38、e takes place NOTE The ship/port interface means the interactions that occur when a ship is directly and immediately affected by actions involving the movement of persons and/or goods, or the provisions of port services to and from the ship. This includes areas such as anchorages, waiting berths, an
39、d approaches from seaward. The marine port facility extends landside to the security perimeter. Note that, for the purposes of this International Standard, there can be more than one marine port facility in a harbour. In that case, only the anchorages, waiting berths, and approaches from seaward tha
40、t are used to service the marine port facility using this document are included. There can be areas of ports and harbours that are addressed in the ISPS Code, but that are not addressed in this International Standard. 2.8 Port Facility Security Plan PFSP plan to ensure the application of measures de
41、signed to protect the people, port facility, ships, cargo, cargo transport units, and ship stores within the port facility from the risks of a security incident 2.9 risk chance of injury, damage or loss postulated by considering the consequence of a threat and the likelihood of its occurrence 2.10 s
42、ecurity resistance to intentional, unauthorized acts designed to cause harm or damage to ships and ports BS ISO 20858:200732.11 security crisis management team group of people who have the knowledge and authority to bring the necessary resources to bear in the event of an imminent security threat or
43、 actual security incident 2.12 security incident suspicious act or circumstance threatening the security of a ship or port facility 2.13 security personnel individuals who have assigned security duties defined in the port facility and who may or may not be employees 2.14 ships stores supplies and sp
44、are parts intended for use by a ship calling on a marine port facility 2.15 target personnel, ships, cargo, physical assets, and control/documentation systems within a marine port facility 2.16 security threat scenario means by which a potential security incident might occur NOTE Because attack meth
45、ods are nearly infinite, several general postulated security threat scenarios are specified to address the full range of attack scenarios. Local authorities, port facility management and personnel conducting the security assessment could add more specific security threat scenarios to the list of gen
46、eral security threat scenarios, depending on local circumstances. 3 Performance of the security assessment 3.1 Overview of the security assessment The port facility implementing this International Standard shall conduct a security assessment or draw upon existing security assessments that are valid,
47、 documented and meet the requirements of this International Standard. The assessment shall consider security threat scenarios, consequences of a successful attack on the port facility, and the likelihood of each security threat scenario being successful given the security measures in place. Based on
48、 these considerations, a determination shall be made if additional security countermeasures are required. NOTE The authorized maritime security group convened to compose the PFSA needs to be collectively knowledgeable in port/facility operations, security and the potential security threats that coul
49、d occur at the specific site. From their experience and training, they review current conditions (using a provided Performance Review) and produce a realistic list of security threat scenarios that could adversely affect the facility. These potential security incidents are thoroughly studied, and then charted with regard to the likelihood of an occurrence and subsequent consequences, if it occurs. The resultant security risk chart for each of these incidents indicates which are of such gravity as to need effective human and/or physical countermeasures. The formulating tea
