1

RSO Instruction 1/2018

RECOGNISED SECURITY ORGANISATION (RSO) INSTRUCTION 1/2018

(APPOINTED UNDER SECTION 249x MSO 1952)

Recognized Security Organizations (RSOs) acting on behalf of Malaysia Marine Department

(MMD) as Designated Authority (DA), shall follow these instructions and procedures to carry out
security related activities as authorized under Section 249x Merchant Shipping Ordinance (MSO
1952).
 2
RSO Instruction 1/2018

TABLE OF CONTENT
1.0 RESPONSIBILITIES OF THE RECOGNIZED SECURITY Page 3
ORGANIZATIONS (RSOs)

2.0 APPLICABILITY OF THE ISPS CODE Page 3

3.0 VOLUNTARY COMPLIANCE Page 3

4.0 RESTRICTIONS OF THE RECOGNIZED SECURITY ORGANIZATION (RSOs) Page 4

5.0 EQUIVALENT SECURITY ARRANGEMENTS Page 4

6.0 AUDITOR Page 4

7.0 SCOPE OF APPOINTMENT FOR SHIPS

7.1 DA Requirement Page 5

7.2 RSO Responsibilities Page 5 - 6

7.3 International Ship Security Certificate Page 6 – 8

7.4 Additional Security Element in SSA and SSP Page 9

8.0 SCOPE OF APPOINTMENT FOR MARINE FACILITY

8.1 DA Requirement Page 9

8.2 RSO Responsibilities Page 9

9.0 MONITORING RSO Page 10

10.0 RSO REVOCATION Page 10

Appendix 1 Page 11 – 15
Appendix 2 Page 16 – 17
Appendix 3 Page 18
Attachment Page 19 - 21
 3
RSO Instruction 1/2018

1.0 RESPONSIBILITIES OF THE RECOGNIZED SECURITY ORGANIZATIONS (RSOs)

1.1 All Recognized Security Organizations (RSOs) acting on behalf of Malaysia Marine
Department (MMD) as Designated Authority (DA) should:
.1 Maintain a proper communication with the DA and ship owner/Company
Security Officer/Marine Facility Security Officer to make sure all the necessary
arrangements to complete all the ISPS verification during the established
windows in the ISPS Code Part/A 19.1 and this instructions.

.2 Complied with guidelines as Attachment 1.

2.0 APPLICABILITY OF THE ISPS CODE

2.1 The International Ship and Port Facility Security Code (ISPS Code) is implemented
through Part V, MSO 1952 and Chapter XI-2 of the SOLAS. The Code applies to
the following types of ships engaged on international voyages:

.1 Passenger ships, including high-speed passenger craft;

.2 Cargo ships, including high-speed craft, of 500 gross tonnage and
upwards; and
.3 Mobile offshore drilling units/ Mobile offshore units; and
.4 Marine facilities (including an offshore fixed/floating structure) serving
such ships in Malaysia, Malaysian waters, the exclusive economic zone
and continental shelf

2.2 For those Malaysian flag vessels operating in international jurisdictional waters
or international coastal voyage they must follow the national regulations of the
country where it is operating, in order to comply with the ISPS Code.

3.0 VOLUNTARY COMPLIANCE

3.1 Marine Facilities/Vessels not subject to mandatory compliance with the ISPS
Code may do so voluntarily. It is highly recommended that cargo ships 300 or
more but less than 500 gross tonnages, domestic trade passenger ships and
marine facilities serving such ship, voluntarily comply.
 4
RSO Instruction 1/2018

4.0 RESTRICTIONS OF THE RECOGNIZED SECURITY ORGANIZATION (RSOs)

4.1 All Recognized Security Organization (RSO) acting on behalf of Designated

Authority (DA) should not by any circumstance:

.1 Set the Security Level (SL).

.2 Issue an Interim /Full Term Statement of Compliance (SoC) for Marine
Facility;
.3 Approving a Marine Facility Security Assessment and subsequent
amendments to an approved assessment;
.4 Approving a Marine Facility Security Plan (MFSP) and subsequent
amendments to an approved plan;
.5 Issue a short term ISSC after carried out the initial verification.
.6 Issue the Interim ISSC if any major ISPS deficiency was found during the
ISPS verification and
.7 Compromises the ship´s ability to operate at Security Levels 1, 2 or 3.
5.0 EQUIVALENT SECURITY ARRANGEMENTS (SOLAS Chapter, XI-2, Regulation 12)
5.1 As a matter of principle it is believed that this should only be undertaken in
exceptional and unique circumstances. Close coordination with DA is necessary
for the evaluation and approval of any such equivalencies. RSO, Owners and
operators are cautioned that specific approval must be obtained from the DA
prior to the use, installation or activation of any systems or services intended to
serve as an equivalent to those prescribed by ISPS Code.
6.0 AUDITOR

6.1 Appointed auditor shall be:

.1 Permanent/Contracted Staff;
.2 Malaysian Citizen; and
.3 Foreign auditor should apply for approval from DA (Ship Only).

6.2 Registered auditors must:

.1 Be independent;
.2 Carry out their work with integrity;
.3 Be fit and proper;
.4 Keep to technical standards;
.5 B
claims against them that may arise from audit work.
6.3 Any changes number of auditor shall be notified to DA.
 5
RSO Instruction 1/2018

7.0 SCOPE OF APPOINTMENT FOR SHIPS

7.1 DA Requirement

.1 RSO may provide ISPS Code verification services to vessels for which the
parent RO also provides ship statutory certification services and/or ISM
Code certification, provided that, the ship safety management audits and
security assessments are conducted separately, and in addition to,
existing ship statutory certification and classification survey functions.

.2 If a RSO has been involved in either the conduct of the SSA or the
development of the SSP or any amendments for a specific ship, that RSO
shall not, due to potential conflict of interest, approve the SSP or conduct
verifications for the certification of the ship.

.3 Any Port State action taken upon to Malaysian flagged vessel by a

Contracting Government or its Designated Authority is to be immediately
reported by the ship’s Master or the CSO to DA and the RSO by whom the
ship’s ISSC was issued. There can be no satisfactory resolution of a
security issue unless the DA is directly involved.

.4 If there are “clear grounds” to believe that the ship is not in compliance
with the requirements of Part V, MSO 1952 or Chapter XI-2 or Part A of
ISPS Code, and the only means to verify or rectify the non-compliance is
to review the relevant requirements of the SSP, limited access to the
specific sections of the plan relating to the non-compliance is
exceptionally allowed, but only with the consent of the DA or the Master
of the ship concerned.

7.2 RSO Responsibilities:

.1 Verify that the CSO designated by the Ship Owner/Company Operator

shall indicate details of the CSO in the Audit Report, prior to issue the
ISSC interim or endorsement the Intermediate verification or complete
the renewal verification. List of CSO for each vessel shall be developed
and submit to DA (isps@marine.gov.my) monthly.

.2 RSO who carried out the interim verification must verify that the SSAS is
working properly, and shall performing a real test by sending it to
mmcc@marine.go.my, Malaysia Maritime Communication Centre will
confirms the reception of the test and from that date onwards, CSO
should perform SSAS test annually.
 6
RSO Instruction 1/2018

.3 The Ship Security Plan must be approved before carrying out the initial
verification. CSO shall ensure that the security measures included in the
(SSP) have been in place on the ship a sufficient period of time for the
SSO to develop sufficient evidence documenting implementation before
the verification audit is carried out.

.4 RSO shall submit to the DA yearly for the following:

.1 The Number of ISSC issued (Full Term, Short Term, Interim)

(Format for Statistic in Appendix 3)
.2 Type of ISPS Audits Conducted (Initial, Intermediate, Renewal,
Interim, Additional)

7.3 International Ship Security Certificate

.1 Initial Issuance Section 249K (1) Merchant Shipping Ordinance 1952
.1.1 The International Ship Security Certificate (ISSC) shall be issued in
a form corresponding to the template given in the Appendix 1 by
the RSO after the ship has successfully completed an Initial or
Renewal verification audit in compliance with the applicable
requirements of Chapter XI-2 and ISPS Code Parts A and relevant
provisions of Part B. The original ISSC must remain onboard the
vessel.
.1.2 An ISSC shall only be issued when:
i. the ship has an approved SSP;
ii. all technical equipment specified in the SSP is 100%
operational; and
iii. There is sufficient objective evidence found to the satisfaction
of the Administrator’s RSO through the verification audit that
the ship is operating in accordance with the provisions of the
approved SSP.
.1.3 Certificates shall not be issued in cases where minor deviations
from the approved plan or the requirements of SOLAS Chapter XI-
2 and Parts A and relevant provisions of Part B of the Code exist,
even if these deviations do not compromise the ship’s ability to
operate at Security Levels 1, 2 and 3.
.2 Validity
.1.1 The ISSC shall be valid for a period of five (5) years or a period
specified by the Administrator from the date of the Initial
Verification Audit and is subject to an Intermediate Audit between
 7
RSO Instruction 1/2018

the second and third anniversary date. However, the period of

validity may be shorter than five (5) years if so requested by the
CSO.
.1.2 Upon initial issue, the expiry date may be harmonized with the
ship’s SMC so that renewal and auditing may occur together.

.3 Interim ISSC Section 249K(4) Merchant Shipping Ordinance 1952

.1.1 A RSO may issue an Interim International Ship Security Certificate
in a form corresponding to the template given in the Appendix 2
for the purpose of:

i. a ship without a certificate, on delivery or prior to its entry or

re-entry into service;
ii. transfer of a ship from the flag of a Contracting Government to
the flag of another Contracting Government;
iii. transfer of a ship to the flag of a Contracting Government from
a State which is not a Contracting Government; or
iv. When a Company assumes the responsibility for the operation
of a ship not previously operated by that Company.

.1.2 An Interim International Ship Security Certificate shall only be

issued when a RSO has verified that:

i. the Ship Security Assessment required by Part A of the ISPS

Code has been completed;
ii. a copy of the Ship Security Plan meeting the requirements of
chapter XI-2 and Part A of the ISPS Code is provided on board,
has been submitted for review and approval, and is being
implemented on the ship;
iii. the ship is provided with a Ship Security Alert System meeting
the requirements of regulation XI-2/6 of SOLAS if required,
iv. the Company Security Officer:

a. has ensured:

1) the review of the ship security plan for compliance with

Part A of the ISPS Code;
2) that the plan has been submitted for approval; and
3) that the plan is being implemented on the ship.
 8
RSO Instruction 1/2018

b. has established the necessary arrangements, including

arrangements for drills, exercises and internal audits,
through which the company security officer is satisfied
that the ship will successfully complete the required
verification in accordance with section 19.1.1.1 Part A of
the ISPS Code within 6 months;

v. arrangements have been made for carrying out the required

verifications under section 19.1.1.1 Part A of the ISPS Code;

vi. the Master, the Ship Security Officer and other ship’s personnel
with specific security duties are familiar with their duties and
responsibilities as specified in this Part of the Code; and with
the relevant provisions of the ship security plan placed on
board; and have been provided such information in the
working language of the ship’s personnel or languages
understood by them; and

vii. The Ship Security Officer meets the requirements of Section

249J MSO 1952 and Part A of the ISPS Code.

viii. An Interim International Ship Security Certificate shall be valid

for 6 months, or until the certificate required by section 19.2 is
issued, whichever comes first, and may not be extended.

ix. A subsequent consecutive Interim ISSC shall not be issued to a

ship if, in the judgment of the Administrator or the RSO, the
purpose of requesting such Certificate by the ship or Company
is to avoid compliance with the ISPS Code beyond the period of
the initial issue of an Interim Certificate.

.4 Any Application of an extension from the company for ISSC Interim,

ISPS Code Part A -Para 19.4.4, it is stated that an Interim ISSC may not
be extended and shall only valid for 6 month. RSO should ensure the
company make a new application for Interim ISSC after approval
given by the Designated Authority.
 9
RSO Instruction 1/2018

7.4 Additional security element in SSA and SSP document in the event of a threat
of risk as follows (for vessel operating as a floating storage in Malaysia Water) :

.1 Monitoring and security control within 500 meters radius;

.2 Submission of Security Incident Report (SIR Form) in the event of security
threat;
.3 To include related agencies such as Designated Authority (DA), Malaysia
Maritime Enforcement Agency (MMEA) and etc in contact details;
.4 Ship Security Officer (SSO) must be a Malaysian Citizen and any change of
SSO shall notify the DA within 24 hours; and
.5 Ship Manager is a company registered and has an office in Malaysia.

8.0 SCOPE OF APPOINTMENT FOR MARINE FACILITY

8.1 DA Requirements
.1 RSO must incorporate in Malaysia.
.2 RSO should advice Marine facilities to have a:
.1.1 Marine Facility Security Officer (MFSO) – should be citizen of
Malaysia;
.1.2 Assistant Marine Facility Security Officer (AMFSO);
.1.3 Marine Facility Security Assessment (MFSA) ; and
.1.4 Marine Facility Security Plan (MFSP) as per Mardept Guidelines.

8.2 RSO Responsibilities

.1 RSO shall notify and get approval from DA (isps@marine.gov.my) before

the development of MFSA/MFSP.
.2 Statistic of consultancy done by RSO shall be submitted to DA
yearly. (December)
.3 RSO to provide security management training for MFSOs, port staff
and the company management team.
 10
RSO Instruction 1/2018

9.0 MONITORING RSO

9.1 Since this instruction require RSO to comply with the auditing, ethical and quality
control standards, then the monitoring required by this instruction should also
include how the RSO is complying with those standards.
9.2 Unscheduled Security Verification (USV)

.1 DA will carry out an USV to examine and verify the RSO performance in
order to ensure the compliance to this instructions and any other related
instructions as and when deemed necessary by the DA as stated under
Section 249x (3) MSO 1952.

9.3 Ship Sampling

.1 RSO and DA shall conduct a jointly ship verification as and when deemed
necessary by DA.

10.0 RSO REVOCATION

10.1 Under Section 249X (3) MSO 1952; Designated Authority may revoke the
appointment of a security organization under subsection 249X(1) if he is satisfied
that the security organization fails to meet the conditions as imposed by him.

For further assistance and/or inquiries regarding of this RSO instructions, please contact directly
Principal Assistant Director
ISPS Code Enforcement Unit
Industrial Control Division
Malaysia Marine Department
Marine Headquarters
P/O Box 12,Jalan Limbungan
42007 Port Kelang
Selangor, Malaysia
isps@marine.gov.my
 11
RSO Instruction 1/2018

APPENDIX 1
Form of the International Ship Security Certificate

INTERNATIONAL SHIP SECURITY CERTIFICATE

Certificate Number ………………………

Issued under the provisions of the

INTERNATIONAL CODE FOR THE SECURITY OF SHIPS AND OF PORT FACILITIES
(ISPS CODE)

Under the authority of the Government of

MALAYSIA
(Section 249K MSO 1952)

by ___________________________________________
(persons or organization authorized)

Name of ship :...........................................................................................................................

Distinctive number or letters :....................................................................................................

Port of registry :.........................................................................................................................

Type of ship :.............................................................................................................................

Gross tonnage :.........................................................................................................................

IMO Number :............................................................................................................................

Name and address of the Company :........................................................................................

THIS IS TO CERTIFY:

1 that the security system and any associated security equipment of the ship has been
verified in accordance with section 19.1 of part A of the ISPS Code;

2 that the verification showed that the security system and any associated security
equipment of the ship is in all respects satisfactory and that the ship complies with the
applicable requirements of chapter XI-2 of the Convention and part A of the ISPS Code;

3 that the ship is provided with an approved Ship Security Plan.

 12
RSO Instruction 1/2018

Date of initial / renewal verification on which this certificate is based........................................

This Certificate is valid until............................subject to verifications in accordance with section

19.1.1 of part A of the ISPS Code.

Issued at....................................................................................................................................
(place of issue of the Certificate)

Date of issue................................ ……………………………………………...

(signature of the duly authorized official
issuing the Certificate)

(Seal or stamp of issuing authority, as appropriate)

 13
RSO Instruction 1/2018

ENDORSEMENT FOR INTERMEDIATE VERIFICATION

THIS IS TO CERTIFY that at an intermediate verification required by section 19.1.1 of part A of

the ISPS Code the ship was found to comply with the relevant provisions of chapter XI-2 of the
Convention and part A of the ISPS Code.

Intermediate verification Signed........................................................

(Signature of authorized official)

Place.........................................................

Date...........................................................

(Seal or stamp of the authority, as appropriate)

ENDORSEMENT FOR ADDITIONAL VERIFICATIONS*

Additional verification Signed........................................................

(Signature of authorized official)

Place..........................................................

Date............................................................

(Seal or stamp of the authority, as appropriate)

Additional verification Signed.........................................................

(Signature of authorized official)

Place...........................................................

Date............................................................

(Seal or stamp of the authority, as appropriate)

Additional verification Signed........................................................

(Signature of authorized official)

Place..........................................................

Date............................................................
(Seal or stamp of the authority, as appropriate)
 14
RSO Instruction 1/2018

Additional verification in accordance with section A/19.3.7.2 of the ISPS Code

THIS IS TO CERTIFY that at an additional verification required by section 19.3.7.2 of part A of

the ISPS Code the ship was found to comply with the relevant provisions of chapter XI-2 of the
Convention and part A of the ISPS Code.

Signed..................................................................
(Signature of authorized official)

Place....................................................................

Date..............

(Seal or stamp of the authority, as appropriate)

Endorsement to extend the certificate if valid for less than 5 years where section A/19.3.3
of the ISPS Code applies

The ship complies with the relevant provisions of part A of the ISPS Code, and the Certificate
shall, in accordance with section 19.3.3 of part A of the ISPS Code, be accepted as valid
until……………………………………………………………………………………….........

Signed…....................................................
(Signature of authorized official)

Place..........................................................

Date............................................................
(Seal or stamp of the authority, as appropriate)

Endorsement where the renewal verification has been completed and section A/19.3.4 of
the ISPS Code applies

The ship complies with the relevant provisions of part A of the ISPS Code, and the Certificate
shall, in accordance with section 19.3.4 of part A of the ISPS Code, be accepted as valid
until……………………………………………………………………………………............

Signed.......................................................
(Signature of authorized official)

Place.........................................................

Date...........................................................
 15
RSO Instruction 1/2018

(Seal or stamp of the authority, as appropriate)

Endorsement to extend the validity of the certificate until reaching the port of verification
where section A/19.3.5 of the ISPS Code applies or for a period of grace where section
A/19.3.6 of the ISPS Code applies

This Certificate shall, in accordance with section 19.3.5 / 19.3.6* of part A of the ISPS Code, be
accepted as valid until...........................................................................................................

Signed......................................................
(Signature of authorized official)

Place.......................................................

Date.............. ……………………………..
(Seal or stamp of the authority, as appropriate)

Endorsement for advancement of expiry date where section A/19.3.7.1 of the ISPS Code
applies

In accordance with section 19.3.7.1 of part A of the ISPS Code, the new expiry date** is

...................................................................................................................................................

Signed.....................................................
(Signature of authorized official)

Place.......................................................

Date.........................................................
(Seal or stamp of the authority, as appropriate)

* Delete as appropriate.
** In case of completion of this part of the certificate the expiry date shown on the front of the
certificate shall also be amended accordingly.
 16
RSO Instruction 1/2018

APPENDIX 2
Form of the Interim International Ship Security Certificate

INTERIM INTERNATIONAL SHIP SECURITY CERTIFICATE

Certificate No…………………………….

Issued under the provisions of the

INTERNATIONAL CODE FOR THE SECURITY OF SHIPS AND OF PORT FACILITIES

(ISPS CODE)

Under the authority of the Government of

MALAYSIA
(Section 249K MSO 1952)

by _______________________________________________________________________
(persons or organization authorized)

Name of ship : ...........................................................................................................................

Distinctive number or letters : ...................................................................................................

Port of registry : .........................................................................................................................

Type of ship : ............................................................................................................................

Gross tonnage : ........................................................................................................................

IMO Number : ...........................................................................................................................

Name and address of company : ..............................................................................................

Is this a subsequent, consecutive interim certificate? Yes/ No*

If Yes, date of issue of initial interim certificate..........................................................................

THIS IS TO CERTIFY THAT the requirements of section A/19.4.2 of the ISPS Code have been
complied with.

This Certificate is issued pursuant to section A/19.4 of the ISPS Code.

 17
RSO Instruction 1/2018

This Certificate is valid until........................................................................................................

Issued at....................................................................................................................................
(place of issue of the certificate)

Date of issue .................................... ..............................................................

(Signature of the duly authorized official
issuing the Certificate)

(Seal or stamp of issuing authority, as appropriate)

 18
RSO Instruction 1/2018

APPENDIX 3
Format for the International Ship Security Certificate Statistic

MALAYSIA INTERNATIONAL SHIP SECURITY CERTIFICATE (ISSC)

JAN FEB MARCH APR MAY JUNE JULY AUG SEP OCT NOV DEC TOTAL
1. TYPE ISPS AUDITS CONDUCTED
INTIAL AUDIT
INTERMEDIATE
AUDIT
RENEWAL
INTERIM
AUDIT
ADDITIONAL
AUDIT
2. THE NUMBER OF ISSCs ISSUED
FULL TERM
ISSC
SHORT TERM
ISSC
INTERIM ISSC
YEAR XXXX
 19
RSO Instruction 1/2018

ATTACHMENT 1
A Security Organization recognized by the Designated Authority to perform statutory work on
its behalf subject to compliance with the following guidelines for which the Recognized Security
Organization (RSO) should submit complete information and substantiation.
1.0 General

1.1 The relative size, structure, experience and capability of the RSO commensurate
with the type and degree of authority intended to be delegated thereto should
be demonstrated.
1.2 The RSO should be able to document capability and experience in performing
security assessments, developing risk assessments, conducting maritime
verification, approval and certification activities for ships and/or for port facilities
and their ancillary equipment, as appropriate.

2.0 Specific Provisions

2.1 The following should apply for the purpose of delegating authority to perform
port facility security assessment and ship verification, and certification services
of a statutory nature in accordance with regulatory instruments which require
the ability to integrate ship and port interface operational considerations with
maritime security threats, and to develop, verify and audit specific requirements:
.1 RSO should provide publication and systematic maintenance of
procedures in the English language for the conduct of activities to ensure
compliance with delegated authorities pursuant to Part V, MSO 1952
and SOLAS Chapter XI2. Updating of these procedures should be done on
a periodic basis at intervals acceptable to the Administration.
.2 RSO should allow participation in the development of its procedures by
representatives of the Administration and/or Designated Authority and
other parties concerned.
.3 RSO should be established:
.1 an adequate technical, managerial and support staff capable of
developing and maintaining its procedures; and
.2 a qualified professional staff to provide the required service
representing an adequate geographical coverage as required by
the Administration and/or Designated Authority.
.4 RSO should be governed by the principles of ethical behavior, which
should be contained in a Code of Ethics and as such recognize the
 20
RSO Instruction 1/2018

inherent responsibility associated with a delegation of authority to

include assurance as to the adequate performance of services as well as
the confidentiality of related information as appropriate.
.5 RSO should demonstrate the technical, administrative and managerial
competence and capacity to ensure the provision of quality services in a
timely fashion.
.6 RSO should be prepared to provide relevant information to the
Designated Authority, as necessary.
.7 RSO's management should define and document its policy and objectives
for, and commitment to, quality and ensure that this policy is
understood, implemented and maintained at all levels in the RSO.
.8 RSO should be subject to certification of its quality system by an
independent body of auditors recognized by the Administration and
Designated Authority.
.9 RSO should develop, implement and maintain an effective internal quality
system based on appropriate parts of internationally recognized quality
standards no less effective than the ISO 9000-2000 series, and which,
inter alia, ensures that:
.1 RSO's procedures are established and maintained in a systematic
manner;
.2 RSO's procedures are complied with;
.3 The requirements of the statutory work for which the RSO is
authorized, are satisfied;
.4 The responsibilities, authorities and interrelation of personnel
whose work affects the quality of the RSO's services, are defined
and documented;
.5 a supervisory system is in place that monitors the actions and
work carried out by the RSO;
.6 a system for qualification of auditors and continuous updating of
their knowledge is implemented;
.7 records are maintained, demonstrating achievement of the
required standards in the items covered by the services
performed, as well as the effective operation of the quality
system;
.8 a comprehensive system of planned and documented internal
audits of the quality related activities in all locations is
implemented;
.9 RSO has established a process and procedures to assess and
monitor at periodic intervals the trustworthiness of its personnel;
 21
RSO Instruction 1/2018

.10 RSO has established processes and procedures to ensure that

appropriate measures are in place to avoid unauthorized
disclosure of, or access to, security sensitive materials relating to
ship security assessments, ship security plans, port facility security
assessments and port facility security plans, and to individual
assessments or plans; and
.11 a procedure for providing feedback and information, as
appropriate, to its customers.