Port Security and Maritime Infrastructure: ISPS Code Compliance and Operational Safety | CloseProtectionHire

Port facilities occupy a specific place in the security landscape: they are critical national infrastructure, industrial hazard environments, and points where goods and people entering or leaving a country can be most efficiently observed and interfered with. They are also among the most challenging environments to operate in safely – physically dangerous, often in parts of cities with elevated crime profiles, and regulated by a compliance framework (the ISPS Code) that sets a minimum standard but does not guarantee operational security quality.

This guide covers the ISPS Code compliance framework, port-specific threat categories, the security requirements for executive visits to working port facilities, and the security environment at major P1 city ports.

The ISPS Code framework

The International Ship and Port Facility Security Code (ISPS Code) was adopted by the IMO in December 2002 in response to the September 11 attacks and entered into force on 1 July 2004. It applies to port facilities that handle international shipping traffic.

The Code’s core requirements for port facilities:

Port Facility Security Assessment (PFSA). An analysis of the facility’s threat profile, vulnerabilities, and required protective measures. Conducted by the national maritime administration or an approved security organisation.

Port Facility Security Plan (PFSP). A documented plan covering access control, cargo handling, delivery of ship’s stores, monitoring, and procedures for escalating through the three Security Levels.

Port Facility Security Officer (PFSO). A designated individual responsible for implementing and maintaining the PFSP, liaising with the ship’s security officer during port calls, and coordinating with national authorities.

Security Levels. Level 1 (normal operations), Level 2 (heightened threat – additional access controls and monitoring), Level 3 (specific threat or incident – extraordinary measures, possible port closure for non-essential traffic).

In the UK, the Maritime and Coastguard Agency (MCA) is responsible for ISPS Code verification and compliance. Compliance is also monitored by port state control during vessel inspections at port calls.

The ISPS Code creates a minimum international standard. Implementation quality varies significantly between jurisdictions and individual port facilities. A port that holds a valid Statement of Compliance is not necessarily a port that meets the security standard implied by that document – the compliance verification process assesses documentation quality more thoroughly than it assesses operational implementation.

Port-specific threat categories

Container fraud and drug concealment. INTERPOL’s Operation Lionfish (targeting narcotics concealment in shipping containers) and Operation SECAN (targeting container fraud) have documented large-scale operations in which contraband is introduced into legitimate cargo streams, sometimes with insider facilitation. For organisations with complex supply chains using containerised shipping through high-risk ports, cargo security standards and integrity monitoring at the port and freight station level are operational requirements.

Cargo theft. TT Club’s annual cargo crime reports consistently identify port and terminal environments as high-theft locations, with organised theft operations specifically targeting high-value loads. Inside information – knowledge of which containers hold high-value cargo, and of security schedules that permit access – is the primary enabler. Structural countermeasures (information segregation, anomaly monitoring, schedule variation) address the insider dimension that perimeter security alone does not.

Terrorism threat at port infrastructure. Post-9/11 threat intelligence has consistently included scenarios involving the use of containerised cargo to deliver a chemical, radiological, or conventional explosive device. US CBP’s Container Security Initiative (CSI) and the IMO’s ISPS Code were both developed in response to this threat category. For corporate travel security purposes, port facilities in cities with elevated terrorism threat are in the enhanced-duty venue category for the purposes of Martyn’s Law analysis in England and Wales.

Sabotage of critical infrastructure. Port facilities are designated critical national infrastructure in most jurisdictions. State-actor and organised crime sabotage risk – particularly for energy infrastructure (LNG terminals, fuel storage, pipeline connections at port) – is a live threat assessment category for ports in geopolitically active regions.

Shore-based crime affecting seafarers. ITF and ISWAN data document robbery, assault, and other offences against seafarers ashore at port, with particular concentrations at ports in West Africa, parts of South Asia, and Latin America. The security environment affecting seafarers is a reliable indicator of the general shore-side security context around a port facility.

Executive visits to port facilities

A working port is not a corporate campus. Access, physical hazard, and the general security environment require specific planning that differs from an office or conference venue visit.

Access and authorisation. ISPS-regulated ports require visitor authorisation in advance. Unannounced access to secure port areas is refused. Pre-visit administration includes the security pass application, vehicle pass if driving into the facility, and identification of the relevant PFSO or facility contact.

Personal protective equipment. Hard hat, hi-vis vest, and safety boots are mandatory in most working port areas. Eye protection, gloves, and hearing protection may be required for specific areas. A CP officer or executive who arrives without PPE cannot access operational areas.

Escort requirement. Visitor escorts are required in secure areas of ISPS-regulated facilities. The escort provides navigational guidance in a complex industrial environment and serves as the liaison with port security staff. Self-navigation in a working port is both prohibited and physically hazardous.

Advance work. For executives with elevated threat profiles visiting port facilities in P1 cities, advance work should include: route assessment to the facility (not just within it), current threat intelligence for the specific port (OSAC country reports contain port-specific entries), the facility’s PFSO contact, and the local emergency services contact within the port authority.

P1 city port security context

Lagos (Apapa Port, Tin Can Island Port). The Apapa corridor is one of the most challenging road environments in West Africa, with severe chronic congestion, carjacking documented in the queuing lorry approach routes, and cargo theft with documented insider involvement at the terminal. Executive visits to Lagos port facilities require: vetted ground transport with a driver experienced in the Apapa corridor, pre-trip timing assessment (avoid peak congestion periods which extend exposure time), and physical security support for the duration of the facility visit.

Karachi (Port of Karachi, Port Qasim). Both facilities are ISPS-compliant but the approach routes pass through parts of Karachi with elevated security risk. Port Qasim, south-east of Karachi city, is accessed via routes that require security assessment. Professional ground transport and pre-advance route planning are standard requirements.

Manila (Manila International Container Terminal, South Harbour). The Manila port area operates within Metro Manila’s general security environment. The approach routes through the port district require standard Manila security precautions – vetted driver, no stopping.

Mombasa Port (Kenya). The main East Africa hub for container traffic, serving the DRC, Uganda, Rwanda, and Ethiopia in addition to Kenya. Manageable by international shipping standards with standard Kenya security precautions. Ground transport from Nairobi to Mombasa (and the port visit itself) requires pre-trip planning that accounts for the Nairobi-Mombasa highway security environment.

For the vessel-at-sea security operations that operate alongside port security, see our maritime security and vessel personnel guide. For supply chain security across port and inland transportation segments, see our security for supply chain and logistics guide. For organised cargo crime in the port-adjacent freight environment – TAPA FSR/TSR warehouse and trucking standards, FreightWatch/Overhaul US 692 incidents (2023), INTERPOL Operation Pandora cargo crime, and the specific risk environment at Lagos Apapa, Manila, and Sao Paulo port corridors – see our security for cargo theft and freight logistics guide.

Sources

IMO: International Ship and Port Facility Security Code (ISPS Code), International Maritime Organization, 2003. Maritime and Coastguard Agency: Port Facility Security – Guidance and Verification, MCA, 2024. INTERPOL: Operation SECAN and Container Crime Reporting, 2024. TT Club: Cargo Crime – Annual Intelligence Report 2024. OSAC: Nigeria Security Report 2024, Pakistan Security Report 2024, Philippines Security Report 2024, Kenya Security Report 2024. US CBP: Container Security Initiative, Customs and Border Protection, 2024. ITF: Seafarers’ Rights International – Shore-Based Crime Reporting, International Transport Workers’ Federation, 2024. ISWAN: Seafarer Welfare Ashore, International Seafarers’ Welfare and Assistance Network, 2024. BIMCO: Port Security and Ship Security Officer Guidance, 2024.