ISPS Annual Agreement

Nordic Crisis Management AS has entered into ISPS annual agreements with appx. 200 port facilities in Norway and Sweden. The purpose of the Annual Agreement is to ensure that the port facility meets all the authorities’ requirements for the ongoing security work.

Internal Audit

Nordic Crisis Management AS offers internal audits and a review of plans. We can do this independently of agreements which have been made already. We have carried out numerous internal audits on different port facilities.

Vulnerability Assesment and Security Plan

It is only the Norwegian Coastal Administration or approved Recognized Security Organizations (RSO) who can prepare a vulnerability assessment. If it is an RSO which prepares the vulnerability assessment, then this must be approved by the Coastal Administration.

• 9 of the Regulations for Securing of the Port Facility state the following regarding the preparation of a vulnerability assessment:

By a vulnerability assessment is meant the process for identifying and assessing vulnerability for infrastructure and assets which are important to protect, and then determine the correct security measures.

A vulnerability assessment is to be carried out for each port facility.

Vulnerability assessments can be carried out by the Coastal Administration or approved security company. A vulnerability assessment which has been carried out by an approved security company must be approved by the Coastal Administration.

The vulnerability assessment is to satisfy at least the requirements depicted in the ISPS Code Part A Chapter 15 and Part B 15.3. To meet the requirements of the Regulations and ISPS Code, the Coastal Administration prepared a template which came into force on 28 March 2017 and which is to be used for preparing a vulnerability assessment. This template is prepared with a background in Norwegian Standard (NS) 5832. In the latter standard the following formula is used:

Risk = threat x value/consequence x vulnerability. Threat and values are relatively constant, while there are possibilities to reduce the vulnerability thus reducing the risk that something could occur in the port facility. The process is divided into seven steps. The vulnerability assessment is prepared for the port facility’s normal operational pattern at the point in time it is carried out. It is to be limited to apply to the port facility, restricted by the property boundary and eventual other areas that the port facility owns, as well as conditions and infrastructure in the port facility’s immediate proximity. It must be built upon available sources and information obtained in dialogue with representatives of the port facility and other resource persons. The assessment is to be revised and updated regularly, at a minimum every fifth year by renewed approval, and always with major changes in the port facility or other conditions which are significant for the port facility’s risk.