MASS UK Industry Conduct Principles and Code of Practice 2022 (V6)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
17.3.2 The <strong>MASS</strong> should be provided with a <strong>MASS</strong> Security Alert System.<br />
17.3.3 The <strong>MASS</strong> Security Alert System, when activated, should transmit a <strong>MASS</strong>-to-shore security alert to a competent<br />
authority designated by the Administration, identifying the <strong>MASS</strong>, its location <strong>and</strong> indicating that the security <strong>of</strong><br />
the <strong>MASS</strong> has been compromised.<br />
17.5 <strong>MASS</strong> SECURITY PLAN<br />
17.5.1 The <strong>MASS</strong> Owner/Operator should ensure that each vessel has a <strong>MASS</strong> Security Plan approved by the<br />
Administration.<br />
17.3.4 The <strong>MASS</strong> Security Alert System should be capable <strong>of</strong> being activated from the control station immediately by<br />
personnel charged with the <strong>MASS</strong>’s navigation or supervision.<br />
17.5.2 The submission <strong>of</strong> the <strong>MASS</strong> Security Plan for approval should be accompanied by the <strong>MASS</strong> Security<br />
Assessment on the basis <strong>of</strong> which the plan has been developed.<br />
17.3.5 There should be protection from third-party interference with <strong>MASS</strong> communications.<br />
17.5.3 The plan should be in the working language <strong>of</strong> the <strong>MASS</strong> RCC <strong>and</strong> should include the following:<br />
17.3.6 There should be a mechanism by which, in the event <strong>of</strong> third party communications interception, either the<br />
comm<strong>and</strong> <strong>of</strong> the <strong>MASS</strong>’s shore-based personnel may reassume communications or, alternatively, shut down the<br />
<strong>MASS</strong>’s operations, where it is thought safe to do so by the Master.<br />
17.3.7 There should also be a mechanism for safely shutting <strong>MASS</strong> communications down when the security <strong>of</strong> the<br />
control station centre has been compromised.<br />
17.3.8 The <strong>MASS</strong> hull/chassis must have a means <strong>of</strong> indicating:<br />
n That it is certified as compliant with the security requirements <strong>of</strong> the issuing authority;<br />
n The means by which the <strong>MASS</strong>’s Remote Control Centre may be contacted;<br />
n Any other practical security-related information.<br />
17.3.9 The <strong>MASS</strong> Remote Control Station should be secure. Reference should be made to the relevant guidance <strong>and</strong><br />
regulations <strong>of</strong> ensuring the security <strong>of</strong> l<strong>and</strong> facilities.<br />
17.4 <strong>MASS</strong> OWNER/OPERATOR OBLIGATIONS<br />
17.4.1 The <strong>MASS</strong> Owner/Operator should undertake a <strong>MASS</strong> security assessment. The <strong>MASS</strong> security assessment<br />
should include a security survey <strong>of</strong> both the <strong>MASS</strong> hull itself but also the <strong>MASS</strong> Control Station. It must include:<br />
n Identification <strong>of</strong> existing security measures, procedures <strong>and</strong> operations in respect <strong>of</strong> both physical <strong>and</strong> cyber<br />
intrusion;<br />
n Identification <strong>and</strong> evaluation <strong>of</strong> critical <strong>MASS</strong> <strong>and</strong> shore-based operations that it is important to protect;<br />
n Identification <strong>of</strong> possible threats, both physical <strong>and</strong> cyber, to the key <strong>MASS</strong> operations <strong>and</strong> the likelihood<br />
<strong>of</strong> the occurrence in order to prioritise security measures;<br />
n Identification <strong>of</strong> weakness, including human factors, in the infrastructure, policies <strong>and</strong> procedures.<br />
17.4.2 The <strong>MASS</strong> security assessment should be documented, reviewed, accepted <strong>and</strong> retained by the <strong>MASS</strong><br />
Owner/Operating Company.<br />
n Measures to prevent dangerous substances being taken on board the <strong>MASS</strong> or into its RCC;<br />
n Identification <strong>of</strong> the restricted areas <strong>and</strong> measures for the prevention <strong>of</strong> unauthorised access to those areas,<br />
both on the vessel <strong>and</strong> in the <strong>MASS</strong> control station;<br />
n Measures to reduce the risk <strong>of</strong> compromise <strong>of</strong> <strong>MASS</strong> cyber-security;<br />
n Measures to prevent unauthorised access to restricted areas on the vessel or at the control station;<br />
n Procedures for responding to threats <strong>of</strong> security breaches, including provisions for maintaining critical<br />
operations <strong>of</strong> the <strong>MASS</strong> or, as the case may be, shutting them down;<br />
n Procedures for responding to any security instructions made by port authorities;<br />
n Duties <strong>of</strong> shore-based personnel assigned security responsibilities;<br />
n Procedures for auditing the <strong>MASS</strong> security activity;<br />
n Procedures for training, drills <strong>and</strong> exercises associated with the plan;<br />
n Procedures for the interfacing with port facility security activities;<br />
n Procedures for periodic review <strong>of</strong> the plan;<br />
n Procedures for reporting security incidents;<br />
n Identification <strong>of</strong> the <strong>MASS</strong> security <strong>of</strong>ficer;<br />
n Identification <strong>of</strong> the Company security <strong>of</strong>ficer, including 24-hour contact details;<br />
n Procedure for ensuring, testing, calibration <strong>and</strong> maintenance <strong>of</strong> security equipment on the <strong>MASS</strong> <strong>and</strong> that<br />
located in the control station;<br />
n Frequency for testing, calibration <strong>and</strong> maintenance <strong>of</strong> security equipment on the <strong>MASS</strong> <strong>and</strong> that located in<br />
the control station;<br />
n Procedures, instructions <strong>and</strong> guidance on the use <strong>of</strong> the ship security alert system, including the testing,<br />
activation, deactivation <strong>and</strong> resetting <strong>of</strong> that system.<br />
17.6 RECORDS<br />
17.6.1 Records <strong>of</strong> the following activities should be maintained at the control station as follows:<br />
n Training drills <strong>and</strong> exercises;<br />
n Security threats <strong>and</strong> incidents;<br />
n Breaches <strong>of</strong> security;<br />
n Changes in security level set by the Administration;<br />
n Communications relating to the direct security <strong>of</strong> the <strong>MASS</strong> such as the specific threats to the <strong>MASS</strong><br />
or its RCC;<br />
n Internal audits <strong>and</strong> reviews <strong>of</strong> security activities;<br />
n Periodic review <strong>of</strong> the ship’s security activities;<br />
n Periodic review <strong>of</strong> the ship security assessment;<br />
n Periodic review <strong>of</strong> the ship security plan;<br />
n Implementation <strong>of</strong> any amendments to the plan;<br />
126<br />
<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6<br />
<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6 127