77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide
civac.
ENDE
Get started
All officer roles
SSO

Ship Security Officer

Implementation of the ship security plan, access control, security drills and threat-level response on board. Liaison with the company and port facility security officers per ISPS Code.

Focus areas
ISPS CodeAccess controlDrillsThreat level
Legal basis

ISPS Code · SOLAS Ch. XI-2 · Reg. (EC) 725/2004

Quick contact

Talk to us about Ship Security Officer

Three lines and you are in our inbox. We reply within one business day.

By sending you agree to our privacy notice. We use the data only to reply to you.

What is a Ship Security Officer?

A Ship Security Officer (SSO) is the person on board a ship accountable to the master for the implementation and maintenance of the ship security plan (SSP). The role exists to protect the ship, its crew, passengers and cargo against unlawful acts such as terrorism, piracy, stowaways and sabotage. The SSO is the operational point of maritime security on board.

The legal anchor is the International Ship and Port Facility Security (ISPS) Code, made mandatory through chapter XI-2 of the SOLAS Convention. In the European Union, Regulation (EC) No 725/2004 on enhancing ship and port facility security brings the ISPS Code and the relevant SOLAS provisions into directly applicable EU law and extends parts of them to domestic shipping. National implementation in Germany sits with the flag-state and port-state authorities.

The SSO works within a three-tier structure. The Company Security Officer (CSO) is responsible at company level for the ship security assessment and the SSP. The Port Facility Security Officer (PFSO) is responsible ashore for the port facility. The SSO is responsible on board for putting the plan into practice, day to day and at each security level.

The ISPS Code defines three security levels. Security level 1 is normal operation, level 2 a heightened threat, level 3 an exceptional and probable or imminent threat. The SSO adjusts access control, restricted areas, monitoring and crew duties to the level set by the administration or the company. The SSO holds a recognised SSO qualification and maintains familiarity with the ship, its security equipment and the SSP.

Core duties of the Ship Security Officer

  • Implement and maintain the ship security plan (SSP) on board and propose amendments to the CSO
  • Control access to the ship and manage restricted areas, persons, baggage and stores
  • Adjust security measures to the prevailing security level 1, 2 or 3 set by the administration or company
  • Conduct regular security drills and participate in security exercises
  • Inspect the ship's security and ensure the security equipment is operational
  • Report and record security incidents, breaches and non-conformities
  • Liaise with the Company Security Officer (CSO) and the Port Facility Security Officer (PFSO)
  • Enhance security awareness and vigilance of the crew through briefings and training
  • Ensure adequate training of personnel with security duties on board
  • Maintain the records and the Continuous Synopsis Record relevant to ship security

When must a Ship Security Officer be designated?

The ISPS Code requires a Ship Security Officer to be designated on every ship to which the Code applies. Through SOLAS chapter XI-2 this covers passenger ships and cargo ships of 500 gross tonnage and upwards engaged on international voyages, as well as mobile offshore drilling units. Within the EU, Regulation (EC) No 725/2004 extends the requirements and allows member states to apply parts of the regime to domestic passenger ships of certain classes.

The shipping company designates the SSO for each of its ships as part of meeting its obligations under the ISPS Code and operating the SSP approved for that ship. Designation is a company responsibility alongside the appointment of the Company Security Officer, who oversees security across the fleet. One person may, where appropriate and depending on fleet size and ship type, be designated as SSO for more than one ship, provided the duties can be fulfilled effectively on each.

The designated SSO must hold a recognised qualification and be familiar with the specific ship and its SSP. The administration or recognised security organisation verifies compliance through the issue of an International Ship Security Certificate (ISSC). Without a designated and competent SSO and an approved SSP, a ship cannot hold a valid ISSC and may be detained or refused entry under port-state control.

  • Passenger and cargo ships of 500 GT and above on international voyages
  • Mobile offshore drilling units covered by SOLAS chapter XI-2
  • Ships flagged in an EU state under Regulation (EC) No 725/2004
  • Domestic passenger ships where the member state extends the regime
  • Issue or renewal of the International Ship Security Certificate (ISSC)
  • Operation under an approved ship security plan (SSP)

Where Ship Security Officers operate

  • Container and general cargo shipping
  • Tanker and bulk-carrier operators
  • Passenger ferries and cruise lines
  • Offshore drilling and support vessels
  • Ro-ro and short-sea shipping
  • Specialised and heavy-lift carriers
  • Ship management companies
  • Maritime training and certification providers
  • Flag-state and port-state authorities
  • Offshore energy and supply operators
CIVAC

How CIVAC supports the Ship Security Officer role

CIVAC gives the operator a structured place for the security obligations the SSO carries. The ship security plan, the approved version history, the International Ship Security Certificate and the SSO's qualification certificate are stored together in the documentation pillar, linked to the specific ship. Recurring security drills required by the ISPS Code become repeating tasks with due dates and an owner, so the drill cadence does not slip before a port-state inspection. Security incidents, breaches and corrective actions can be logged against the ship and tracked to closure. When an ISSC audit or port-state control asks for evidence of drills, training and incident handling, the records are exportable from one role view rather than reconstructed from logbooks and emails.

Frequently asked questions about the Ship Security Officer

Need this officer role for your organisation?

Appoint our experts as your external officer or license CIVAC for your in-house team. Get in touch and we walk you through the right setup.

Talk to CIVACSee all 77 roles
Other officer roles