Cyprus issues comprehensive maritime security guidelines

The Shipping Deputy Ministry of Cyprus has issued Circular No. 35/2024, superseding Circular No. 24/2015, to provide updated and consolidated maritime security instructions. These instructions align with Regulation (EC) 725/2004, SOLAS Chapter XI-2, and the ISPS Code, ensuring a standardized approach to maritime security for Cyprus-flagged vessels. Compliance is mandatory for all stakeholders, with clear guidelines for Recognized Security Organizations (RSOs), shipping companies, and ship operators.

Key Updates and Responsibilities:

Recognized Security Organizations (RSOs): RSOs are tasked with approving Ship Security Plans (SSPs), conducting verifications, and issuing or renewing International Ship Security Certificates (ISSCs). Consecutive interim ISSCs (valid for 6 months) require SDM approval, and RSOs must adhere to strict compliance protocols. ISSCs must not be issued if major security deficiencies persist. RSOs are also expected to classify deficiencies accurately and oversee corrective actions. Communication with SDM must follow formal channels, avoiding the use of personal emails.
SDM Monitoring: The SDM actively monitors compliance through its surveyors, who may attend ISPS verifications, particularly in Cyprus, Greece, the Netherlands, and Germany. Companies must provide verification schedules to SDM at least four days in advance.
Communication and Resources: The SDM provides dedicated email addresses for maritime security correspondence and has made all security-related updates, forms, and resources available on its website under the “Security” and “Documents / Application forms / Maritime Security” sections.

Ship Security Plan (SSP) Requirements:

SSPs are critical documents that must:

Be written in Greek, English, or the ship's designated working language.
Be securely maintained in the company office managing the ship and protected from unauthorized access.
Be standalone documents, separate from the Safety Management System, ensuring their security-specific focus.

SSPs must include measures for interfacing with non-ISPS-compliant ships or ports to mitigate potential risks. Significant changes, such as ship conversions, alterations to restricted areas, or new surveillance equipment, require prior RSO approval. Minor updates, such as contact information for the Company Security Officer (CSO), can be handled without formal approval if they are annexed.

Appointment and Training of Security Officers:

Shipping companies must appoint trained and certified Company Security Officers (CSOs) and Ship Security Officers (SSOs), along with alternates. These officers must meet STCW certification requirements. CSO details, including changes, must be promptly reported to the SDM using the ISPS C-1 form.

Security Exercises and Systems:

Annual Exercises: Cyprus-flagged vessels must conduct annual ship-to-shore security exercises, which involve different scenarios and vessels each year. Companies are required to notify the SDM about these exercises and submit evaluations to highlight lessons learned, particularly concerning communication effectiveness and Ship Security Alert System (SSAS) performance.
SSAS Requirements: All Cyprus-flagged ships must be equipped with a compliant SSAS capable of transmitting real-time alerts, including ship details and location, to the management company and SDM. Annual SSAS tests are mandatory, and activations due to actual threats must be reported immediately. False activations require detailed explanations.

Incident Reporting:

Security incidents must be reported promptly to the SDM using designated ISPS incident report forms. These incidents may include breaches, threats, or other situations affecting the ship's security posture.