The Port Security Regulations 2009

Regulation 14

SCHEDULE 3Port Security Assessment

General

1.—(1) The port security assessment is the basis for the port security plan and its implementation.

(2) The port security assessment must cover at least—

(a)identification and evaluation of important assets and infrastructure which it is important to protect;

(b)identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, in order to establish and prioritise security measures;

(c)identification, selection and prioritisation of counter-measures and procedural changes and their level of effectiveness in reducing vulnerability; and

(d)identification of weaknesses, including human factors in the infrastructure, policies and procedures.

Detailed requirements

2.  For this purpose the assessment must at least—

(a)identify all areas which are relevant to port security, thus also defining the security relevant port areas. This includes port facilities which are already covered by the EC Regulation and whose risk assessment will serve as a basis;

(b)identify security issues deriving from the interface between port facility and other port security measures;

(c)identify which port personnel will be subject to background checks and/or security vetting because of their involvement in high-risk areas;

(d)subdivide, if useful, the port according to the likelihood of security incidents. Areas are to be judged not only upon their direct profile as a potential target, but also upon their potential role of passage when neighbouring areas are targeted;

(e)identifying risk variations, e.g. those based on seasonality;

(f)identify the specific characteristics of each sub-area, such as location, accesses, power supply, communication system, ownership and users and other elements considered security-relevant;

(g)identify potential threat scenarios for the port. The entire port or specific parts of its infrastructure, cargo, baggage, people or transport equipment within the port can be a direct target of an identified threat;

(h)identify the specific consequences of a threat scenario. Consequences can impact on one or more sub-areas. Both direct and indirect consequences must be identified. Special attention must be given to the risk of human casualties;

(i)identify the possibility of cluster effects of security incidents;

(j)identify the vulnerabilities of each sub-area;

(k)identify all organisational aspects relevant to overall port security, including the division of all security-related authorities, existing rules and procedures;

(l)identify vulnerabilities of the overarching port security related to organisational, legislative and procedural aspects;

(m)identify measures, procedures and actions aimed at reducing critical vulnerabilities. Specific attention must be paid to the need for, and the means of, access control or restrictions to the entire port or to specific parts of the port, including identification of passengers, port employees or other workers, visitors and ship crews, area or activity monitoring requirements, cargo and luggage control. Measures, procedures and actions must be consistent with the perceived risk, which may vary between port areas;

(n)identify how measures, procedures and actions will be reinforced in the event of an increase of security level;

(o)identify specific requirements for dealing with established security concerns, such as ‘suspect’ cargo, luggage, bunker, provisions or persons, unknown parcels and known dangers (e.g. bomb). These requirements must analyse desirability conditions for clearing the risk either where it is encountered or after moving it to a secure area;

(p)identify measures, procedures and actions aimed at limiting and mitigating consequences;

(q)identify task divisions allowing for the appropriate and correct implementation of the measures, procedures and actions identified;

(r)pay specific attention, where appropriate, to the relationship with other security plans (e.g. port facility security plans) and other existing security measures. Attention must also be paid to the relationship with other response plans (e.g. oil spill response plan, port contingency plan, medical intervention plan, nuclear disaster plan, etc);

(s)identify communication requirements for implementation of the measures and procedures;

(t)pay specific attention to measures to protect security-sensitive information from disclosure; and

(u)identify the need-to-know requirements of all those directly involved as well as, where appropriate, the general public.