[F1Regulation 3A]

SCHEDULE 3U.K.Port Security Assessment

GeneralU.K.

1.—(1) The port security assessment is the basis for the port security plan and its implementation.

(2) The port security assessment must cover at least—

(a)identification and evaluation of important assets and infrastructure which it is important to protect;

(b)identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritise security measures;

(c)identification, selection and prioritisation of counter-measures and procedural changes and their level of effectiveness in reducing vulnerability; and

(d)identification of weaknesses, including human factors in the infrastructure, policies and procedures.

Detailed requirementsU.K.

2.  For this purpose the assessment must at least—

(a)identify all areas which are relevant to port security, [F2thus also identifying the boundaries to be defined, for the purposes of the definition in these Regulations of “port”, by the Secretary of State in [F3regulations made under regulation 2]]. This includes port facilities which are already covered by the EC Regulation and whose risk assessment will serve as a basis;

(b)identify security issues deriving from the interface between port facility and other port security measures;

(c)identify which [F4port facility locality personnel] will be subject to background checks and/or security vetting because of their involvement in high-risk areas;

(d)subdivide, if useful, the [F5port facility locality] according to the likelihood of security incidents. Areas are to be judged not only upon their direct profile as a potential target, but also upon their potential role of passage when neighbouring areas are targeted;

(e)identifying risk variations, e.g. those based on seasonality;

(f)identify the specific characteristics of each sub-area, such as location, accesses, power supply, communication system, ownership and users and other elements considered security-relevant;

(g)identify potential threat scenarios for the [F6port facility locality]. The entire [F6port facility locality] or specific parts of its infrastructure, cargo, baggage, people or transport equipment within the [F6port facility locality] can be a direct target of an identified threat;

(h)identify the specific consequences of a threat scenario. Consequences can impact on one or more sub-areas. Both direct and indirect consequences must be identified. Special attention must be given to the risk of human casualties;

(i)identify the possibility of cluster effects of security incidents;

(j)identify the vulnerabilities of each sub-area;

(k)identify all organisational aspects relevant to [F7overall security of the port facility locality], including the division of all security-related authorities, existing rules and procedures;

(l)identify vulnerabilities of [F8the overarching security of the port facility locality] related to organisational, legislative and procedural aspects;

(m)identify measures, procedures and actions aimed at reducing critical vulnerabilities. Specific attention must be paid to the need for, and the means of, access control or restrictions to [F9the entire port facility locality or to specific parts of the port facility locality], including identification of passengers, port employees or other workers, visitors and ship crews, area or activity monitoring requirements, cargo and luggage control. Measures, procedures and actions must be consistent with the perceived risk, [F10which may vary between port facility locality areas];

(n)identify how measures, procedures and actions will be reinforced in the event of an increase of security level;

(o)identify specific requirements for dealing with established security concerns, such as ‘suspect’ cargo, luggage, bunker, provisions or persons, unknown parcels and known dangers (e.g. bomb). These requirements must analyse desirability conditions for clearing the risk either where it is encountered or after moving it to a secure area;

(p)identify measures, procedures and actions aimed at limiting and mitigating consequences;

(q)identify task divisions allowing for the appropriate and correct implementation of the measures, procedures and actions identified;

(r)pay specific attention, where appropriate, to the relationship with other security plans (e.g. port facility security plans) and other existing security measures. Attention must also be paid to the relationship with other response plans (e.g. oil spill response plan, port contingency plan, medical intervention plan, nuclear disaster plan, etc);

(s)identify communication requirements for implementation of the measures and procedures;

(t)pay specific attention to measures to protect security-sensitive information from disclosure; and

(u)identify the need-to-know requirements of all those directly involved as well as, where appropriate, the general public.