A.1118(30) Revised Guidelines on the Implementation of the International Safety Management (ISM) Code by Administrations

Resolution A.1118(30)

Adopted on 6 December 2017

(Agenda item 9)

Corrected by A 30/Res.1118/Corr.1

5 April 2018

REVISED GUIDELINES ON THE IMPLEMENTATION OF THE INTERNATIONAL SAFETY MANAGEMENT (ISM) CODE BY ADMINISTRATIONS

THE ASSEMBLY,

RECALLING Article 15(j) of the Convention on the International Maritime Organization concerning the functions of the Assembly in relation to regulations and guidelines concerning maritime safety and the prevention and control of marine pollution from ships,

RECALLING ALSO resolution A.741(18), by which it adopted the International Management Code for the Safe Operation of Ships and for Pollution Prevention (International Safety Management (ISM) Code),

RECALLING FURTHER resolution A.788(19), by which it adopted the Guidelines on implementation of the International Safety Management (ISM) Code by Administrations,

NOTING that the ISM Code became mandatory, under the provisions of chapter IX of the International Convention for the Safety of Life at Sea (SOLAS), 1974, as amended, for companies operating certain types of ships, on 1 July 1998, and for companies operating other cargo ships and mobile offshore drilling units propelled by mechanical means of 500 gross tonnage and upwards, on 1 July 2002,

NOTING ALSO that the Maritime Safety Committee, at its ninety-second session, adopted, by resolution MSC.353(92), amendments to the ISM Code,

NOTING FURTHER resolution A.1071(28), by which it adopted the Revised guidelines on the implementation of the International Safety Management (ISM) Code by Administrations,

RECOGNIZING that an Administration, in establishing that safety standards are being maintained, has a responsibility to ensure that Documents of Compliance and Safety Management Certificates have been issued in accordance with the ISM Code taking into account the aforementioned guidelines,

RECOGNIZING ALSO that there may be a need for Administrations to enter into agreements in respect of the issue of certificates by other Administrations in compliance with chapter IX of the 1974 SOLAS Convention and in accordance with resolution A.741(18),

RECOGNIZING FURTHER the need for uniform implementation of the ISM Code,

HAVING CONSIDERED the recommendations made by the Marine Environment Protection Committee, at its sixty-ninth session, and the Maritime Safety Committee, at its ninety-sixth session,

1 ADOPTS the Revised guidelines on the implementation of the International Safety Management (ISM) Code by Administrations, as set out in the annex to the present resolution;

2 URGES Governments, when implementing the ISM Code, to adhere to the revised guidelines;

3 REQUESTS Governments to inform the Organization of any difficulties they may experience when using the revised guidelines;

4 AUTHORIZES the Maritime Safety Committee and the Marine Environment Protection Committee to keep the revised guidelines under review and to amend or revise them as necessary in accordance with the rules and procedures of those Committees, for issuance as an MSC-MEPC circular;

5 REVOKES resolution A.1071(28).

Annex

REVISED GUIDELINES ON THE IMPLEMENTATION OF THE INTERNATIONAL SAFETY MANAGEMENT (ISM) CODE BY ADMINISTRATIONS

Table of contents

1 INTRODUCTION

1.1 The ISM Code

1.2 Mandatory application of the ISM Code

1.3 Verification and certification responsibilities

2 SCOPE AND APPLICATION

2.1 Definitions

2.2 Scope and application

3 VERIFYING COMPLIANCE WITH THE ISM CODE

3.1 General

3.2 Ability of the safety management system to meet general safety management objectives

3.3 Ability of the safety management system to meet specific requirements of safety and pollution prevention

4 CERTIFICATION AND VERIFICATION PROCESS

4.1 Certification and verification activities

4.2 Interim verification

4.3 Initial verification

4.4 Annual verification of Document of Compliance

4.5 Intermediate verification of Safety Management Certificates

4.6 Renewal verification

4.7 Additional verification

4.8 Safety management audits

4.9 Application for audit

4.10 Preliminary review (Document review)

4.11 Preparing the audit

4.12 Executing the audit

4.13 Audit report

4.14 Corrective action follow-up

4.15 Company responsibilities pertaining to safety management audits

4.16 Responsibilities of the organization performing the ISM Code certification

4.17 Responsibilities of the verification team

Appendix – STANDARDS ON ISM CODE CERTIFICATION ARRANGEMENTS

1 INTRODUCTION

2 STANDARD OF MANAGEMENT

3 STANDARDS OF COMPETENCE

3.1 ISM Code certification scheme management

3.2 Basic competence for performing verification

3.3 Practical training for performing verification

4 QUALIFICATION ARRANGEMENTS

5 CERTIFICATION PROCEDURES AND INSTRUCTIONS

1 INTRODUCTION

1.1 The ISM Code

1.1.1 The International Management Code for the Safe Operation of Ships and for Pollution Prevention (International Safety Management (ISM) Code) was adopted by the Organization by resolution A.741(18) and became mandatory by virtue of the entry into force, on 1 July 1998, of SOLAS chapter IX on Management for the safe operation of ships. The ISM Code provides an international standard for the safe management and operation of ships and for pollution prevention.

1.1.2 The ISM Code requires that companies establish safety objectives as described in section 1.2 (Objectives) of the ISM Code and, in addition, that companies develop, implement and maintain a safety management system which includes functional requirements as listed in section 1.4 (Functional requirements for a safety management system (SMS)) of the Code.

1.1.3 The application of the ISM Code should support and encourage the development of a safety culture in shipping. Success factors for the development of a culture that promotes safety and environmental protection are, inter alia, commitment, values, beliefs, and clarity of the safety management system.

1.2 Mandatory application of the ISM Code

1.2.1 The appropriate organization of management, ashore and on board, is needed to ensure adequate standards of safety and pollution prevention. A systematic approach to management by those responsible for management of ships is therefore required. The objectives of the mandatory application of the ISM Code are to ensure:

.1 compliance with mandatory rules and regulations related to the safe operation of ships and protection of the environment; and

.2 the effective implementation and enforcement thereof by Administrations.

1.2.2. Effective enforcement by Administrations must include verification that the safety management system complies with the requirements as stipulated in the ISM Code, as well as verification of compliance with mandatory rules and regulations.

1.2.3 The mandatory application of the ISM Code should ensure, support and encourage the taking into account of applicable codes, guidelines and standards recommended by IMO, Administrations, classification societies and maritime industry organizations.

1.3 Verification and certification responsibilities

1.3.1 The Administration is responsible for verifying compliance with the requirements of the ISM Code and for issuing Documents of Compliance to companies and Safety Management Certificates to ships.

1.3.2 The Guidelines for the authorization of organizations acting on behalf of the Administration (resolution A.739(18)) and the Specifications on the survey and certification functions of recognized organizations acting on behalf of the Administration (resolution A.789(19)), which have been made mandatory by virtue of SOLAS regulation XI-1/1, and the IMO Instruments Implementation Code (III Code), as adopted by the Organization by resolution A.1070(28), the use of which has been made mandatory by virtue of SOLAS regulation XIII/2, are applicable when Administrations authorize organizations to issue Documents of Compliance and Safety Management Certificates on their behalf.

2 SCOPE AND APPLICATION

2.1 Definitions

The terms used in these revised guidelines have the same meaning as those given in the ISM Code.

2.2 Scope and application

These revised guidelines establish basic principles for:

.1 verifying that the safety management system of a company responsible for the operation of ships, or the safety management system for the ship or ships controlled by the company, complies with the ISM Code;

.2 carrying out the interim, initial, annual and renewal verification(s) of the Document of Compliance and the interim, initial, intermediate and renewal verification(s) of the Safety Management Certificate and the issuing/endorsement of the corresponding documents; and

.3 the scope of the additional verification.

3 VERIFYING COMPLIANCE WITH THE ISM CODE

3.1 General

3.1.1 To comply with the requirements of the ISM Code, companies should develop, implement and maintain a documented safety management system to ensure that the safety and environmental protection policy of the company is implemented. The company policy should include the objectives defined by the ISM Code.

3.1.2 Administrations should verify compliance with the requirements of the ISM Code by determining:

.1 the conformity of the company's safety management system with the requirements of the ISM Code; and

.2 that the safety management system ensures that the objectives defined in paragraph 1.2.3 of the ISM Code are met.

3.1.3 Determining the conformity or non-conformity of safety management system elements with the requirements specified by the ISM Code may demand that criteria for assessment be developed. Administrations are recommended to limit the development of criteria in the form of prescriptive management system solutions. Criteria for assessment in the form of prescriptive requirements may have the effect that safety management in shipping results in companies implementing solutions prepared by others and it may then be difficult for a company to develop the solutions which best suit that particular company, operation or ship. Therefore, particular operations should be ship-specific and fully reflected in manuals, procedures and instructions.

3.1.4 Therefore, Administrations are recommended to ensure that these assessments are based on determining the effectiveness of the safety management system in meeting specified objectives, rather than conformity with detailed requirements in addition to those contained in the ISM Code, so as to reduce the need for developing criteria to facilitate assessment of companies' compliance with the Code.

3.2 Ability of the safety management system to meet general safety management objectives

The ISM Code identifies general safety management objectives in paragraph 1.2.2. The verification should support and encourage companies in achieving these objectives, which provide clear guidance to companies for the development of safety management system elements in compliance with the ISM Code. However, the ability of the safety management system to achieve these objectives cannot be determined beyond whether the safety management system complies with the requirements of the ISM Code. Therefore, the objectives should not form the basis for establishing detailed interpretations to be used for determining conformity or non-conformity with the requirements of the ISM Code.

3.3 Ability of the safety management system to meet specific requirements of safety and pollution prevention

3.3.1 The main criterion that should govern the development of interpretations needed for assessing compliance with the requirements of the ISM Code should be the ability of the safety management system to meet the specific requirements defined by the ISM Code in terms of specific standards of safety and pollution prevention. The specific standards of safety and protection of the environment are specified in paragraph 1.2.3 of the ISM Code.

3.3.2 All records having the potential to facilitate verification of compliance with the ISM Code should be open to scrutiny during an examination. These may include records from delegated SMS tasks. For this purpose, the Administration should ensure that the company provides auditors with statutory and classification records relevant to the actions taken by the company to ensure that compliance with mandatory rules and regulations is maintained. In this regard, the records may be examined to substantiate their authenticity and veracity.

3.3.3 Some mandatory requirements may not be subject to statutory or classification surveys, such as:

.1 maintaining the condition of ship and equipment between surveys; and

.2 certain operational requirements.

3.3.4 Specific arrangements, such as the following, may be required to ensure compliance with the ISM Code and to provide the objective evidence needed for verification in the above-mentioned cases:

.1 documented procedures and instructions;

.2 documentation of the verification carried out by senior officers of day-to-day operations when relevant to ensure compliance; and

.3 relevant records of the ships being operated by the company, e.g. flag State records, port State control reports, class and accident reports.

3.3.5 The verification of compliance with mandatory rules and regulations, which is part of the ISM Code certification, neither duplicates nor substitutes surveys for other maritime certificates. The verification of compliance with the ISM Code does not relieve the company, the master or any other entity or person involved in the management or operation of the ship of their responsibilities.

3.3.6 Administrations should ensure that the company has:

.1 taken into account the recommendations, as referred to in paragraph 1.2.3.2 of the ISM Code, when establishing and maintaining the safety management system; and

.2 developed procedures to ensure that those recommendations are implemented ashore and on board.

4 CERTIFICATION AND VERIFICATION PROCESS

4.1 Certification and verification activities

4.1.1 The certification process relevant to a Document of Compliance for a company and to a Safety Management Certificate for a ship will normally involve the following steps:

.1 interim verification;

.2 initial verification;

.3 annual or intermediate verification;

.4 renewal verification; and

.5 additional verification.

4.1.2 These verifications are carried out, at the request of the company, by the Administration or the organization recognized by the Administration to perform certification functions under the ISM Code, or, at the request of the Administration, by another Contracting Government to the SOLAS Convention. The verifications will include an audit of the safety management system.

4.2 Interim verification

4.2.1 Interim certification may be issued under certain conditions, as specified by the ISM Code, and should facilitate the implementation of a safety management system.

4.2.2 The company should apply for interim certification to the Administration.

4.2.3 The process of interim verification for the issuance of an Interim Document of Compliance undertaken by the Administration would require an assessment at the company's offices in accordance with paragraph 14.1 of the ISM Code.

4.2.4 On satisfactory completion of the assessment of the shoreside safety management system, arrangements/planning may commence for the assessment of applicable ships in the company's fleet.

4.2.5 The process of interim verification of the ship should be undertaken by the Administration to ensure that the ship is provided with a safety management system, in accordance with paragraph 14.4 of the ISM Code.

4.2.6 On satisfactory completion of the interim verification, an Interim Document of Compliance will be issued to the company; copies should be made available by the company to each shoreside premises and each applicable ship in the company's fleet. As each ship is assessed and issued with an Interim Safety Management Certificate, a copy of the certificate should also be forwarded to the company's head office.

4.3 Initial verification

4.3.1 The company should apply to the Administration for ISM Code certification.

4.3.2 An assessment of the shoreside management system undertaken by the Administration would necessitate assessment of the offices where such management is carried out and possibly of other locations that may perform delegated safety management system tasks, depending on the company's organization and the functions at the various locations.

4.3.3 On satisfactory completion of the assessment of the shoreside safety management system, arrangements/planning may commence for the assessment of the company's ships.

4.3.4 On satisfactory completion of the assessment, a Document of Compliance will be issued to the company, copies of which should be made available to each shoreside premises and each ship in the company's fleet. As each ship is assessed and issued with a Safety Management Certificate, a copy of that certificate should also be forwarded to the company's head office.

4.3.5 In cases where certificates are issued by a recognized organization, copies of all certificates should also be sent to the Administration.

4.3.6 The safety management audit for the company and for a ship will involve the same basic steps. The purpose is to verify that a company or a ship complies with the requirements of the ISM Code. The audits include:

.1 verification of the conformity of the company's safety management system with the requirements of the ISM Code, including objective evidence demonstrating that the company's safety management system has been in operation for at least three months and that the safety management system has been in operation on board at least one ship of each type operated by the company for at least three months; and

.2 verification that the safety management system ensures that the objectives defined in paragraph 1.2.3 of the ISM Code are met. This includes verification that the Document of Compliance for the company responsible for the operation of the ship is applicable to that particular type of ship, and also includes assessment of the shipboard safety management system to verify that it complies with the requirements of the ISM Code and that it is implemented. Objective evidence demonstrating that the company's safety management system has been functioning effectively for at least three months on board the ship and ashore should be available, including records from the internal audit performed by the company.

4.4 Annual verification of Document of Compliance

4.4.1 Annual safety management audits are to be carried out to maintain the validity of the Document of Compliance and should include examining and verifying the correctness of the statutory and classification records presented for at least one ship of each type to which the Document of Compliance applies. The annual verification will address all the elements of the safety management system and the activities to which the requirements of the ISM Code apply. The purpose of these audits is to verify that the safety management system is functioning effectively and that any modifications made to the safety management system comply with the requirements of the ISM Code.

4.4.2 Annual verification is to be carried out within three months before or after each anniversary date of the Document of Compliance.

4.4.3 Where the company has more than one shoreside premises and/or the company delegates safety management system tasks, the annual assessments should endeavour to ensure that all sites are assessed during the period of validity of the Document of Compliance.

4.4.4 During the annual verification, Administrations should verify whether the company is operating all the ship types stated on the Document of Compliance. Appropriate action should be taken if the company has stopped operating a particular ship type.

4.5 Intermediate verification of Safety Management Certificates

4.5.1 Intermediate safety management audits should be carried out to maintain the validity of the Safety Management Certificate. The intermediate verification will address all the elements of the safety management system and the activities to which the requirements of the ISM Code apply. The purpose of these audits is to verify that the safety management system is functioning effectively and that any modifications made to the safety management system comply with the requirements of the ISM Code. In certain cases, particularly during the initial period of operation under the safety management system, the Administration may find it necessary to increase the frequency of the intermediate verification. Additionally, the nature of non-conformities may also provide a basis for increasing the frequency of intermediate verifications.

4.5.2 If only one intermediate verification is to be carried out, it should take place between the second and third anniversary date of the issue of the Safety Management Certificate.

4.6 Renewal verification

Renewal verifications are to be performed before the validity of the Document of Compliance or the Safety Management Certificate expires. The renewal verification will address all the elements of the safety management system and the activities to which the requirements of the ISM Code apply. Renewal verification may be carried out within three months before the date of expiry of the Document of Compliance or the Safety Management Certificate, and should be completed before the date of expiry.

4.7 Additional verification

4.7.1 The Administration may, where there are clear grounds, require an additional verification to check if the safety management system still functions effectively. Additional verifications may be carried out following situations beyond normal procedures such as port State control detentions, or in the case of reactivation after the interruption of operations due to a period out of service, or in order to verify that effective corrective actions have been taken and/or are being properly implemented. Additional verifications may affect the shore-based organization and/or the shipboard management system. The Administration should determine the scope and depth of the verification, which may vary from case to case. The additional verifications should be completed within the time period agreed, taking into account the guidelines developed by IMO. The Administration should follow up on the results of the verification and take appropriate measures, as necessary.

4.7.2 On satisfactory completion of the shipboard assessment, the Safety Management Certificate should be endorsed for additional verification.

4.8 Safety management audits

The procedure for safety management audits outlined in the following paragraphs includes all steps relevant for all verifications, even if the scope of the audits for interim and additional verification may be different from that of the audits for initial, annual, intermediate and renewal verification.

4.9 Application for audit

4.9.1 The company should submit a request for audit to the Administration or to the organization recognized by the Administration for issuing a Document of Compliance or a Safety Management Certificate on behalf of the Administration.

4.9.2 The Administration or the recognized organization should then nominate the lead auditor and, if relevant, the audit team.

4.10 Preliminary review (Document review)

As a basis for planning the audit, the auditor should review the safety management manual to determine the adequacy of the safety management system in meeting the requirements of the ISM Code. If this review reveals that the system is not adequate, the audit will have to be delayed until the company undertakes corrective action.

4.11 Preparing the audit

4.11.1 The auditor should review the relevant safety performance records of the company, for example flag State records, port State control reports and class and accident reports, and take them into consideration when preparing the audit plan.

4.11.2 The nominated lead auditor should liaise with the company and produce an audit plan.

4.11.3 The auditor should provide the working documents that are to govern the audit with a view to facilitating the assessments, investigations and examinations in accordance with the standard procedures, instructions and forms that have been established to ensure consistent auditing practices.

4.11.4 The audit team should be able to communicate effectively with auditees.

4.12 Executing the audit

4.12.1 The audit should start with an opening meeting to introduce the audit team to the company's senior management, summarize the methods for conducting the audit, confirm that all agreed facilities are available, confirm the time and date for a closing meeting and clarify any unclear details concerning the audit.

4.12.2 The audit team should assess the safety management system on the basis both of the documentation presented by the company and of objective evidence of the effectiveness of its implementation.

4.12.3 The objective evidence should be collected through interviews and through the examination of documents. Observation of activities and conditions may also be included, where necessary, to determine the effectiveness of the safety management system in meeting the specific standards of safety and protection of the environment required by the ISM Code.

4.12.4 Audit findings should be documented. After activities have been audited, the audit team should review the objective evidence collected. This should then be used to determine what is to be reported as major non-conformities, non-conformities or observations, which should be done in terms of the general and specific provisions of the ISM Code.

4.12.5 At the end of the audit, prior to preparing the audit report, the audit team should hold a meeting with the senior management of the company and those responsible for the functions concerned. The purpose is to present the observations in such a way as to ensure that the results of the audit are clearly understood.

4.13 Audit report

4.13.1 The audit report should be prepared under the direction of the lead auditor, who is responsible for its accuracy and completeness.

4.13.2 The audit report should include the audit plan, identification of audit team members, dates and identification of the company, and observations on any non-conformities and on the effectiveness of the safety management system in meeting the specified objectives.

4.13.3 The company should receive a copy of the audit report. The company should be advised to provide the ship with a copy of the shipboard audit reports.

4.14 Corrective action follow-up

4.14.1 The company is responsible for determining and initiating the corrective action needed to correct a non-conformity or to correct the cause of a non-conformity. Failure to correct non-conformities with specific requirements of the ISM Code may affect the validity of the Document of Compliance and related Safety Management Certificates.

4.14.2 Corrective actions and any subsequent audits should be completed within the time period agreed. For corrective actions this should not normally exceed three months. The company should apply for the follow-up audits as agreed.

4.14.3 Failure to take adequate corrective actions in compliance with the ISM Code, including measures to prevent recurrence, may be considered as a major non-conformity.

4.15 Company responsibilities pertaining to safety management audits

4.15.1 The verification of compliance with the ISM Code does not relieve the company, management, those undertaking delegated safety management system tasks, officers or seafarers of their obligations to comply with national and international legislation related to safety and protection of the environment.

4.15.2 The company is responsible for:

.1 informing relevant employees and those undertaking delegated safety management system tasks about the objectives and scope of the ISM Code certification;

.2 appointing responsible members of staff to accompany members of the team performing the certification;

.3 providing the resources needed by those performing the certification to ensure an effective and efficient verification process;

.4 providing access and evidential material as requested by those performing the certification; and

.5 cooperating with the verification team to enable the certification objectives to be achieved.

4.15.3 Where major non-conformities are identified, Administrations and recognized organizations should comply with the procedures stated in the Procedures concerning observed ISM Code major non-conformities (MSC/Circ.1059-MEPC/Circ.401).

4.16 Responsibilities of the organization performing the ISM Code certification

The organization performing the ISM Code certification is responsible for ensuring that the verification and certification process is performed according to the ISM Code and these revised guidelines. This includes management control of all aspects of the certification in accordance with the appendix to these revised guidelines.

4.17 Responsibilities of the verification team

4.17.1 Whether or not the verifications involved with certification are performed by a team, one person should be in charge of the verification. The leader should be given the authority to make final decisions regarding the conduct of the verification and any observations. His or her responsibilities should include:

.1 preparation of a plan for the verification; and

.2 submission of the report of the verification.

4.17.2 Personnel participating in the verification are responsible for complying with the requirements governing the verification, ensuring confidentiality of documents pertaining to the certification and treating privileged information with discretion.

APPENDIX

STANDARDS ON ISM CODE CERTIFICATION ARRANGEMENTS

1 INTRODUCTION

The audit team involved with ISM Code certification and the organization under which it may be managed should comply with the specific requirements stated in this appendix.

2 STANDARD OF MANAGEMENT

2.1 Organizations managing verification of compliance with the ISM Code should have, in their own organization, competence in relation to:

.1 ensuring compliance with the rules and regulations, including certification of seafarers, for the ships operated by the company;

.2 approval, survey and certification activities;

.3 the terms of reference that must be taken into account under the safety management system as required by the ISM Code; and

.4 practical experience of ship operation.

2.2 The Convention requires that organizations recognized by Administrations for issuing a Document of Compliance and a Safety Management Certificate at their request should comply with the Guidelines for the authorization of organizations acting on behalf of the Administration (resolution A.739(18)) and the Specifications on the survey and certification functions of recognized organizations acting on behalf of the Administration (resolution A.789(19)).