Port (Enhancing Security) Rules 2008 (Gibraltar)

Port (Enhancing Security) Rules 2008

Published: 2008-08-14

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Unlimited Searches
Weekly Updates on New Laws
Access to 5,345,848 Global Laws from 110 Countries
View the Original Law Side-by-Side with the Translation

Subscribe Now for only USD$40 per month.

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
Subsidiary Legislation made under s. 19.

PORT (ENHANCING SECURITY) RULES 2008
(LN. 2008/062)
Commencement 14.8.2008
Amending enactments
Relevant current provisions
Commencement date
None
EU Legislation/International Agreements involved: Directive 2005/65/EC Regulation (EC) No 725/2004
______________________
ARRANGEMENT OF RULES
Rule 1. Title.
2. Interpretation.
3. Application of these Rules.
4. Focal point for port security.
5. Port security measures.
6. Coordination with measures taken in application of the EC Regulation.
7. Port security authority.
8. Port security assessment.
9. Port security plan.
10. Security levels.
11. Port security officer.
12. Reviews.
13. Recognised security organisation.
14. Implementation and conformity checking.
15. Confidentiality and dissemination of information.
16. Offence and penalty.
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
In exercise of the powers conferred on it by section 19 of the Port Act and all other powers enabling, the Government, for the purposes of transposing into the law of Gibraltar, Directive 2005/65/EC of the European Parliament and of the Council of 26 October 2005 on Enhancing Port Security and for the purpose of completing full implementation of Regulation (EC) No 725/2004 of the European Parliament and of the European Council of 31 March 2004 on enhancing ship and port facility security, has made the following Rules: Title.
1. These Rules may be cited as the Port (Enhancing Security) Rules 2008.
Interpretation.
2.(1) In these Rules, unless the context otherwise requires−
“Administration” means the Maritime Administrator in the case of Gibraltar, and in other cases the person in the relevant flag State holding equivalent responsibilities;
“Directive” means Directive 2005/65/EC of the European Parliament and
of the Council of 26 October 2005 on Enhancing Port Security;
“EC Regulation” means Regulation (EC) No 725/2004 of the European Parliament and of the European Council of 31 March 2004 on enhancing ship and port facility security;
“focal point for port security” means the body or person designated by
rule 4 to serve as contact point for the Commission and other Member States and to facilitate, follow up and provide information on the application of the port security measures laid down in these Rules;
“ISPS Code” means the International Ship and Port Facilities Security
Code as adopted by Resolution A.924(22) on 12 December 2002, in its up-to date version as in force at the time of reference;
“passenger” means every person carried on a ship other than−
(a) the master and the members of the crew or other persons
employed or engaged in any capacity on the business of the ship; and
(b) a child under one year of age;
“passenger ship” means a ship carrying more than 12 passengers;
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
“port” shall have the meaning assigned to “Port” by section 2 of the Gibraltar Port Authority Act 2005;
“port security authority” means the authority responsible for security
matters in the port; “port authority” means the Gibraltar Port Authority; “port facility” means a location as determined by the port authority
where interaction takes place between a ship and a port and this includes areas such as anchorages, waiting berths and approaches from seaward, as appropriate;
“recognised security organisation” means an organisation with expertise
in security and anti-terrorism matters recognised by the Administration and authorised by it for the purpose of carrying out survey, assessment, verification and certification activities, required by chapter XI-2 and the ISPS Code, on its behalf;
“security levels” means the description of the degree of risk associated
with the threat of an unlawful act against a ship, including a mobile offshore drilling unit, port facility or to areas adjacent to them;
“ship-port interface” means the interactions that occur when a ship is
directly and immediately affected by actions involving the movement of people, goods or the provisions of port services to or from the ship.
(2) Words and phrases used in these Rules but not defined in subrule (1), shall have the same meaning assigned to them by the Directive and the EC Regulation.
Application of these Rules.
3.(1) The security measures laid down by these Rules shall be observed in the port and the port authority may apply the provisions of these Rules to port-related areas as well.
(2) The measures laid down in these Rules shall apply to port facilities covered by an approved port facility security plan pursuant to the EC Regulation.
(3) These Rules shall not apply to military installations in the port.
(4) Where the boundaries of a port facility within the meaning of the EC Regulation have been defined by the port authority as effectively covering the port, the relevant provisions of the EC Regulation shall take precedence over those of these Rules.
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
Focal point for port security.
4. For the purposes of these Rules and the EC Regulation the Chief Secretary shall be the focal point for port security aspects of the port of Gibraltar.
Port security measures.
5.(1) The measures laid down by these Rules shall be applied in the port to enhance port security in the face of threats of security incidents and also to ensure that security measures taken pursuant to the EC Regulation benefit from enhanced port security.
(2) The measures referred to in subrule (1) shall consist of−
(a) common basic rules on port security measures; (b) an implementation mechanism for these Rules; (c) appropriate compliance monitoring mechanisms.
Coordination with measures taken in application of the EC Regulation.
6. The port authority shall ensure that port security measures introduced by these Rules are closely coordinated with measures taken pursuant to the EC Regulation.
Port security authority.
7.(1) The Captain of the Port is designated as the port security authority for the purposes of these Rules.
(2) The port security authority shall be responsible for the preparation and implementation of port security plans based on the findings of port security assessments.
Port security assessment.
8.(1) The Government shall ensure that port security assessments are carried out for the port and these assessments take due account of the specificities of different sections of the port and, where deemed applicable by the Government, of its adjacent areas if these have an impact on security in the port and shall take into account the assessments for port facilities within their boundaries as carried out pursuant to the EC Regulation.

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
(2) Each port security assessment shall be carried out taking into account as a minimum the detailed requirements laid down in Schedule 1 to these Rules.
(3) Port security assessments may be carried out by a recognised security organisation appointed under rule 13.
(4) Port security assessments shall be approved by the Government.
Port security plan.
9.(1) Subject to the findings of port security assessments, the port authority shall ensure that port security plans are developed, maintained and updated.
(2) Port security plans shall–
(a) adequately address the specificities of different sections of the port; and
(b) integrate the security plans for port facilities within its
boundaries established pursuant to the EC Regulation.
(3) Port security plans shall identify, for each of the different security levels referred to in rule 10−
(a) the procedures to be followed; (b) the measures to be put in place; (c) the actions to be undertaken.
(4) Each port security plan shall−
(a) take into account as a minimum the detailed requirements specified in Schedule 2 to these Rules;
(b) include, where, and to the extent appropriate, security
measures to be applied to passengers and vehicles set for embarkation on seagoing vessels which carry passengers and vehicles.
(5) In the case of international maritime transport services, the port authority shall cooperate in the security assessment.
(6) Port security plans may be developed by a recognized security organisation appointed under rule 13.

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
(7) Port security plans shall be approved by the Government before implementation.
(8) The port authority shall−
(a) ensure that the implementation of port security plans are monitored;
(b) the monitoring shall be coordinated with other control
activities carried out in the port; and (c) ensure that adequate exercises are performed, taking into
account the basic security training exercise requirements listed in Schedule 3 to these Rules.
Security levels.
10.(1) The Government shall introduce a system of security levels for the port.
(2) There shall be three security levels, as defined in the EC Regulation−
(a) ‘Security level 1’ means the level for which minimum appropriate protective security measures shall be maintained at all times;
(b) ‘Security level 2’ means the level for which appropriate
additional protective security measures shall be maintained for a period of time as a result of a heightened risk of a security incident; and
(c) ‘Security level 3’ means the level for which further specific
protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target.
(3) The Government shall determine the security levels in use for the port or part of the port and at each security level, the Government may determine that different security measures are to be implemented in different parts of the port depending on the findings of the port security assessment.
(4) The Government shall communicate to the appropriate person or persons the security level in force for the port or part of the port as well as any changes thereto.
Port security officer.

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
11.(1) The Government shall appoint a person or designate an officer of the port to be the port security officer.
(2) The port security officer shall fulfill the role of point of contact for port security related issues.
(3) The port security officer appointed or designated by this rule shall also act as the port facility security officer under the EC Regulation.
Reviews.
12.(1) The port authority shall ensure that port security assessments and port security plans are reviewed as appropriate and they shall be reviewed at least once every five years.
(2) The scope of the review shall be that of rule 8 or 9, as appropriate.
Recognised security organisation.
13.(1) The Government may appoint recognised security organisations for the purposes specified in these Rules and such organisations shall fulfil the conditions set out in subrules (2) and (3).
(2) No recognised security organisation shall be appointed under these Rules unless it demonstrates−
(a) expertise in relevant aspects of port security; (b) an appropriate knowledge of port operations, including
knowledge of port design and construction; (c) an appropriate knowledge of other security relevant operations
potentially affecting port security; (d) the capability to assess the likely port security risks; (e) the ability to maintain and improve the port security expertise
of its personnel; (f) the ability to monitor the continuing trustworthiness of its
personnel; (g) the ability to maintain appropriate measures to avoid
unauthorised disclosure of, or access to, security-sensitive material;
(h) knowledge of relevant national and international legislation
and security requirements;
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
(i) knowledge of current security threats and patterns; (j) the ability to recognise and detect weapons, dangerous
substances and devices; (k) the ability to recognise, on a non-discriminatory basis,
characteristics and behavioural patterns of persons who are likely to threaten port security;
(l) knowledge of techniques used to circumvent security
measures; and (m) knowledge of security and surveillance equipment and systems
and their operational limitations.
(3) A recognised security organisation which has made a port security assessment or review of such an assessment for the port shall not be allowed to establish or review the port security plan for the port of Gibraltar.
Implementation and conformity checking.
14. The Government shall set up a system ensuring adequate and regular supervision of the port security plans and their implementation.
Confidentiality and dissemination of information.
15.(1) In applying these Rules, the port authority shall take appropriate measures to protect information subject to the requirement of confidentiality to which it has access or which is communicated to it.
(2) Any personnel carrying out security inspections, or handling confidential information related to these Rules, shall have an appropriate level of security vetting by the Government.
Offences and penalties.
16.(1) Where a ship, to which these Rules apply, fails to comply with any of the requirements of the security measures implemented in the port, the Administration may withdraw, suspend or cancel any certificate or document issued to that ship and in addition, the owner and the master of the ship shall each be guilty of an offence and liable, on summary conviction, to a fine not exceeding level 4 on the standard scale.
(2) A person who fails to comply with any of the requirements of the security measures implemented in the port under these Rules, is guilty of an offence and liable, on summary conviction, to fine not exceeding level 4 on the standard scale.
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062

SCHEDULE 1 Rule 8(2).

PORT SECURITY ASSESSMENT 1. The port security assessment is the basis for the port security plan and its implementation. The port security assessment will cover at least-
(a) identification and evaluation of important assets and infrastructure which it is important to protect;
(b) identification of possible threats to the assets and infrastructure
and the likelihood of their occurrence, in order to establish and prioritise security measures;
(c) identification, selection and prioritisation of counter-measures
and procedural changes and their level of effectiveness in reducing vulnerability; and
(d) identification of weaknesses, including human factors in the
infrastructure, policies and procedures.
2. For this purpose the assessment will at least−
(a) identify all areas which are relevant to port security, thus also defining the port boundaries. This includes port facilities which are already covered by Regulation (EC) No 725/2004 and whose risk assessment will serve as a basis;
(b) identify security issues deriving from the interface between
port facility and other port security measures; (c) identify which port personnel will be subject to background
checks and/or security vetting because of their involvement in high-risk areas;
(d) subdivide, if useful, the port according to the likelihood of
security incidents. Areas will be judged not only upon their direct profile as a potential target, but also upon their potential role of passage when neighbouring areas are targeted;
(e) identify risk variations, e.g. those based on seasonality; (f) identify the specific characteristics of each sub-area, such as
location, accesses, power supply, communication system,
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
ownership and users and other elements considered security- relevant;
(g) identify potential threat scenarios for the port. The entire port
or specific parts of its infrastructure, cargo, baggage, people or transport equipment within the port can be a direct target of an identified threat;
(h) identify the specific consequences of a threat scenario.
Consequences can impact on one or more sub-areas. Both direct and indirect consequences will be identified. Special attention will be given to the risk of human casualties;
(i) identify the possibility of cluster effects of security incidents; (j) identify the vulnerabilities of each sub-area; (k) identify all organisational aspects relevant to overall port
security, including the division of all security-related authorities, existing rules and procedures;
(l) identify vulnerabilities of the overarching port security related
to organisational, legislative and procedural aspects; (m) identify measures, procedures and actions aimed at reducing
critical vulnerabilities. Specific attention will be paid to the need for, and the means of, access control or restrictions to the entire port or to specific parts of a port, including identification of passengers, port employees or other workers, visitors and ship crews, area or activity monitoring requirements, cargo and luggage control. Measures, procedures and actions will be consistent with the perceived risk, which may vary between port areas;
(n) identify how measures, procedures and actions will be
reinforced in the event of an increase of security level; (o) identify specific requirements for dealing with established
security concerns, such as ‘suspect’ cargo, luggage, bunker, provisions or persons, unknown parcels, known dangers (e.g.
bomb). These requirements will analyse desirability conditions for either clearing the risk where it is encountered or after moving it to a secure area;
(p) identify measures, procedures and actions aimed at limiting
and mitigating consequences;
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
(q) identify task divisions allowing for the appropriate and correct implementation of the measures, procedures and actions identified;
(r) pay specific attention, where appropriate, to the relationship
with other security plans (e.g. port facility security plans) and other existing security measures. Attention will also be paid to the relationship with other response plans (e.g. oil spill response plan, port contingency plan, medical intervention plan, nuclear disaster plan, etc.);
(s) identify communication requirements for implementation of
the measures and procedures; (t) pay specific attention to measures to protect security-sensitive
information from disclosure; (u) identify the need-to-know requirements of all those directly
involved as well as, where appropriate, the general public.
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
SCHEDULE 2
Rule 9(4).

PORT SECURITY PLAN 1. The port security plan sets out the port's security arrangements. It will be based on the findings of the port security assessment. It will clearly set out detailed measures. It will contain a control mechanism allowing, where necessary, for appropriate corrective measures to be taken.
2. The port security plan will be based on the following general aspects−
(a) defining all areas relevant to port security. Depending on the port security assessment, measures, procedures and actions may vary from sub-area to sub-area. Indeed, some sub-areas may require stronger preventive measures than others. Special attention will be paid to the interfaces between sub-areas, as identified in the port security assessment;
(b) ensuring coordination between security measures for areas
with different security characteristics; (c) providing, where necessary, for varying measures both with
regard to different parts of the port, changing security levels, and specific intelligence;
(d) identifying an organisational structure supporting the
enhancement of port security.
3. Based on those general aspects, the port security plan will attribute tasks and specify work plans in the following fields−
(a) access requirements. For some areas, requirements will only enter into force when security levels exceed minimal thresholds. All requirements and thresholds will be comprehensively included in the port security plan;
(b) ID, luggage and cargo control requirements. Requirements may
or may not apply to sub-areas; requirements may or may not apply in full to different sub-areas. Persons entering or within a sub-area may be liable to control. The port security plan will appropriately respond to the findings of the port security assessment, which is the tool by which the security requirements of each sub-area and at each security level will be identified. When dedicated identification cards are developed for port security purposes, clear procedures will be established for the issue, the use-control and the return of such documents.
Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
Such procedures will take into account the specificities of certain groups of port users allowing for dedicated measures in order to limit the negative impact of access control requirements. Categories will at least include seafarers, authority officials, people regularly working in or visiting the port, residents living in the port and people occasionally working in or visiting the port;
(c) liaison with cargo control, baggage and passenger control
authorities. Where necessary, the plan is to provide for the linking up of the information and clearance systems of these authorities, including possible pre-arrival clearance systems;
(d) procedures and measures for dealing with suspect cargo,
luggage, bunker, provisions or persons, including identification of a secure area; as well as for other security concerns and breaches of port security;
(e) monitoring requirements for sub-areas or activities within sub-
areas. Both the need for technical solutions and the solutions themselves will be derived from the port security assessment;
(f) signposting. Areas with access and/or control requirements will
be properly signposted. Control and access requirements will appropriately take into account all relevant existing law and practices. Monitoring of activities will be appropriately indicated if national legislation so requires;
(g) communication and security clearance. All relevant security
information will be properly communicated according to security clearance standards included in the plan. In view of the sensitivity of some information, communication will be based on a need-to-know basis, but it will include where necessary procedures for communications addressed to the general public. Security clearance standards will form part of the plan and are aimed at protecting security sensitive information against unauthorised disclosure;
(h) reporting of security incidents. With a view to ensuring a rapid
response, the port security plan will set out clear reporting requirements to the port security officer of all security incidents and/or to the port security authority;
(i) integration with other preventive plans or activities. The plan
will specifically deal with integration with other preventive and control activities in force in the port;

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
(j) integration with other response plans and/or inclusion of specific response measures, procedures and actions. The plan will detail interaction and coordination with other response and emergency plans. Where necessary conflicts and shortcomings will be resolved;
(k) training and exercise requirements; (l) operational port security organisation and working procedures.
The port security plan will detail the port security organisation, its task division and working procedures. It will also detail the coordination with port facility and ship security officers, where appropriate. It will delineate the tasks of the port security committee, if this exists;
(m) procedures for adapting and updating the port security plan.

Port PORT (ENHANCING SECURITY) RULES 2008
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
1960-16 Subsidiary 2008/062
SCHEDULE 3 Rule 9(8)(c).
BASIC SECURITY TRAINING EXERCISE REQUIREMENTS
Various types of training exercises which may involve participation of port facility security officers, in conjunction with the relevant authorities, company security officers, or ship security officers, if available, will be carried out at least once each calendar year with no more than 18 months elapsing between the training exercises. Requests for the participation of company security officers or ships security officers in joint training exercises will be made bearing in mind the security and work implications for the ship. These training exercises will test communication, coordination, resource availability and response. These training exercises may be-
(a) full scale or live; (b) tabletop simulation or seminar; or (c) combined with other exercises held such as emergency
response or other port State authority exercises.