Responsibilities of the Contracting Government

Similar documents
Port Facility Security Assessments & Port Facility Security Plans

Port Facility Cyber Security

Port Facility Cyber Security

Development Authority of the North Country Governance Policies

Instructions for Participating in ASHRAE s. Commissioning Process Management Professional (CPMP) Certification Program

Port Facility Cyber Security

STORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)

DEFINITIONS AND REFERENCES

SAI GLOBAL PRODUCT SERVICES

FOOD SAFETY SYSTEM CERTIFICATION Part III: Requirements for Certification Process

Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors

Certified information Systems Security Professional(CISSP) Bootcamp

Information Security Policy

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Google Cloud & the General Data Protection Regulation (GDPR)

Timber Products Inspection, Inc.

RÉPUBLIQUE D HAÏTI Liberté Egalité - Fraternité

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Enabling Efficient, Consistent Certification and Accreditation Enterprise-Wide

Compliance with ISPS and The Maritime Transportation Security Act of 2002

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

ITG. Information Security Management System Manual

Cyber Risk in the Marine Transportation System

_isms_27001_fnd_en_sample_set01_v2, Group A

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

ISO27001:2013 The New Standard Revised Edition

MEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY

Updating MACS documentation

The Texas A&M University System. Internal Audit Department. Fiscal Year 2014 Audit Plan

Standard COM-002-2a Communications and Coordination

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Superannuation Transaction Network

AUDIT PROGRAM. Revision 6 Dated September 29, Management Systems Analysis, Inc. P.O. Box 136, Royersford, PA

Procedure for Network and Network-related devices

Evaluation Criteria. 1) Evidence of Credentials / Certifications in all 4 Fields (Energy, GIS, Master Planning, and Real Property): 10 PTS

HUMBOLDT COUNTY Website Accessibility Policy

GUIDELINES FOR APPROVAL OF CONTINUING EDUCATION COURSES and SEMINARS. Accredited Course Providers

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

HIPAA RISK ADVISOR SAMPLE REPORT

OPERATIONS SEAFARER CERTIFICATION STANDARD OF TRAINING & ASSESSMENT. Security Awareness STCW A-VI/6-1

HISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security

ADIENT VENDOR SECURITY STANDARD

THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:

LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION 2018 CANADIAN PAYMENTS ASSOCIATION

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

CANADIAN PAYMENTS ASSOCIATION LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION

How AlienVault ICS SIEM Supports Compliance with CFATS

Information Technology General Control Review

Checklist: Credit Union Information Security and Privacy Policies

EXAM PREPARATION GUIDE

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Audit Report. The Prince s Trust. 27 September 2017

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

ALGORITHMIC TRADING AND ORDER ROUTING SERVICES POLICY

FSC STANDARD. Standard for Multi-site Certification of Chain of Custody Operations. FSC-STD (Version 1-0) EN

Sample Exam Privacy & Data Protection Foundation

ISO/IEC INTERNATIONAL STANDARD

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Certification Report

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

Discussion on MS contribution to the WP2018

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015

Trimble Certified Trainer Guide

St. Joseph s General Hospital LOCKDOWN EMERGENCY RESPONSE PLAN

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

ITG. Information Security Management System Manual

Contracting in the Dark World: Special Considerations for Classified Contracting

Asda. Privacy and Electronic Communications Regulations audit report

COMMISSION ON FIRE PROTECTION PERSONNEL STANDARDS AND EDUCATION COMMONWEALTH OF KENTUCKY FIRE INSTRUCTOR 2 COMPETENCY EVALUATION

South African Forestry Assurance Scheme SAFAS 6:2018. Certification and Accreditation Procedures. Issue SAFAS Council SAFAS

Data Processing Amendment to Google Apps Enterprise Agreement

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

APPENDIX B STATEMENT ON STANDARDS FOR CONTINUING PROFESSIONAL EDUCATION (CPE) PROGRAMS

POWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS

David Missouri VP- Governance ISACA

CORRECTIVE ACTIONS USER GUIDE FOR SUPPLIERS

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Republic of the Philippines Department of Transportation and Communications MARITIME INDUSTRY AUTHORITY STCW OFFICE

Process for the Evaluation and Acceptance of Building Products in the USA

April Appendix 3. IA System Security. Sida 1 (8)

Summary of FERC Order No. 791

COMMON CRITERIA CERTIFICATION REPORT

Certification. Causes of Reduction of Scope of Certification

During each cycle of three years every installer must accumulate CPD Points to qualify for designation renewal of his/her registration.

Transcription:

International Port Security Program Port Facility Security Audit Seminar Responsibilities of the MAR'01 1

Purpose The goal of this lesson is to provide a general understanding of the responsibilities s have for auditing port facilities and their compliance with the ISPS Code.

Important! The IPS Audit Seminar is not a certification program. Participation in and completion of the seminar in no way provides any official certification credentials.

1. How important are Port Facility Security audits to ensuring security? 2. What implications exist for facilities that do not regularly audit their security procedures?

The basis for any port facility security audit is the port facility security plan (PFSP). According to the ISPS Code, Contracting Governments have specific responsibilities related to auditing the PFSP.

The ISPS Code states that: s shall, to the extent they consider appropriate, test the effectiveness of ship security plans or the port facility security plans, or of amendments to such plans, they have approved. (ISPS Code Part A, Section 4.4)

Testing the effectiveness of security plans includes conducting an audit of the PFSP and the security measures outlined in the plan.

The Code specifically states that the PFSP shall address procedures for auditing. (ISPS Code, Part A, Section 16.3.13)

Since the PFSP is the guiding security document for a facility s security measures, the PFSO must be responsible for facilitating a review or audit of the plan.

The PFSP should establish how the PFSO intends to facilitate an audit of the continued effectiveness of the PFSP and the procedures to follow to review, update or amend the PFSP. (Part B, Section 16.58)

It is important to note the difference between the s responsibility to conduct a port facility security audit and their responsibility to conduct an assessment. Assessment Audit

When conducting a port facility security assessment (PFSA), the main focus is on identifying threats, vulnerabilities and consequences, all of which are incorporated into the PFSP.

Port facility security audits help to determine if the PFSP is adequately addressing those critical areas, if the PFSP addresses all appropriate requirements of the ISPS Code, and if procedures outlined in the PFSP are in practice.

A s responsibility for auditing the security of port facilities is directly related to compliance with the ISPS Code and ensuring the effectiveness of PFSPs.

Summary What are the main points that you will take away from our discussion today regarding the Contracting Government s responsibility when it comes to auditing PFSPs? Main Points

Summary The ISPS Code list specific Contracting Government responsibilities related to auditing the PFSP. ISPS Code Part A Sections 4.4 and 16.3.13

Summary There is a difference between the s responsibility to conduct a port facility security audit and their responsibility to conduct a Port Facility Security Assessment.

Summary There is a difference between the s responsibility to conduct a PFSP audit and a facility s responsibility to conduct an assessment.

Summary Audits help to determine if the PFSP addresses vulnerable areas identified in the PFSA and if procedures outlined in the PFSP are being followed.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback