International Safety Management (ISM) Code – 2018 Edition: Comprehensive Study Notes

Foreword & Publication Information

2018 marks the 5th IMO edition of the ISM Code (first published 1997)
Developed by the International Maritime Organization (IMO); address: 4 Albert Embankment, London
ISBN: 978-92-801-1696-0; Sales No: ID117E; printed by CPI Group (UK)
Copyright © IMO 2018; reproduction requires written permission
Entry-into-force milestones:
- Original SOLAS Ch. IX amendments: 1 July 1998
- Subsequent amendments via resolutions: MSC.99(73) (2002), MSC.194(80) (2009), MSC.104(73) (2002), MSC.179(79) (2006), MSC.195(80) (2009), MSC.273(85) (2010), MSC.353(92) (2015)
Historical roots: 1987 Assembly res A.596(15) (ro-ro ferry management), 1989 Guidelines A.647(16), 1991 Revised A.680(17)

SOLAS Convention Chapter IX – Management for Safe Operation of Ships

Establishes mandatory compliance with the ISM Code for:
- Passenger ships & passenger HSC – by $1\;July\;1998$
- Oil, chemical, gas tankers, bulk carriers & cargo HSC ≥ 500 GT – by $1\;July\;1998$
- All other cargo ships & MODUs ≥ 500 GT – by $1\;July\;2002$
Key regulatory anchors:
- Regulation 1 – Definitions (Company, ISM Code, tanker types, etc.)
- Regulation 3 – SMS made mandatory; ship must be operated by a company with a valid Document of Compliance (DoC)
- Regulation 4 – Certification framework (DoC & Safety Management Certificate – SMC)
- Regulation 6 – Ongoing verification & port-State control linkage (XI/4)

ISM Code – Preamble & Purpose

Provides an international standard for safe ship management & pollution prevention
Emphasises management commitment, competence, attitude & motivation as safety cornerstones
Designed to be:
- Principle-based, adaptable to diverse companies/ships
- Expressed in broad terms to enable scalability
Stresses protection of the master’s authority (res A.443(XI))

Definitions (Part A §1.1)

Company, Administration, Safety Management System (SMS), DoC, SMC, Objective Evidence, Observation, Non-conformity, Major Non-conformity (poses serious threat or systemic failure), Anniversary Date, Convention

Objectives (§1.2)

Ensure:
- Safety at sea, $\text{injury} \to 0$ , $\text{loss of life} \to 0$
- Prevention of pollution & property damage
Company safety-management objectives:
- Provide safe practices & safe working environment
- Assess all risks to ships/personnel/environment & establish safeguards
- Continuously improve safety skills & emergency preparedness
SMS must assure:
- Compliance with mandatory rules/regs
- Consideration of relevant IMO/flag/class/industry guidelines

Functional Requirements for an SMS (§1.4)

Bullet-point core:
- Safety & environmental-protection policy
- Instructions/procedures for safe operation & legal compliance
- Defined authority lines (shore–ship)
- Accident & non-conformity reporting
- Emergency preparedness procedures
- Internal audit & management-review procedures

Safety & Environmental-Protection Policy (Section 2)

Must describe how §1.2 objectives are achieved
Company responsible for implementation & maintenance at all organisational levels

Company Responsibilities & Authority (Section 3)

Owner must notify flag if operational control is delegated
Responsibilities/authority/interrelations of relevant personnel documented
Company must ensure adequate resources & shore support for designated person(s)

Designated Person(s) – DP (Section 4)

Acts as safety link between ship & shore; has direct access to highest management
Duties: monitor safety/pollution aspects, ensure resources/support
Quals/experience: see MSC-MEPC.7/Circ.6 (tertiary education OR STCW officer cert. + ISM/ audit training)

Master’s Responsibility & Authority (Section 5)

Implement company policy, motivate crew, issue clear orders, verify compliance, review SMS
Overriding authority for safety & pollution prevention; may request company assistance as needed

Resources & Personnel (Section 6)

Company must:
- Provide qualified, certificated, medically fit crew (per STCW & safe manning principles – res A.1047(27))
- Ensure new/relocated personnel receive proper familiarisation
- Identify & deliver necessary training; maintain language competency & effective communication

Shipboard Operations (Section 7)

Establish documented procedures, plans & checklists for key operations; allocate tasks to qualified personnel

Emergency Preparedness (Section 8)

Identify potential emergency situations and create response procedures
Programme drills/exercises
Ensure 24/7 organisational response capability (refer A.852(20) contingency guidelines)

Reporting & Analysis of Non-conformities, Accidents, Hazardous Occurrences (Section 9)

Mandatory internal reporting, investigation & analysis
Implement corrective & preventive actions
Near-miss culture promoted (MSC-MEPC.7/Circ.7)

Maintenance of Ship & Equipment (Section 10)

Procedures to keep vessel in class & statutory compliance
Ensure:
- Regular inspections
- Reporting & correction of non-conformities
- Record-keeping
Identify critical equipment; test stand-by & fail-safe arrangements; integrate with maintenance routine

Documentation (Section 11)

Control of all SMS documents & data; ensure validity, revision control, removal of obsolete docs
Safety Management Manual – ship to carry all relevant docs
Aligns with IMO list of certificates & publications $\text{FAL.2/Circ.131}$ etc.

Company Verification, Review & Evaluation (Section 12)

Internal audits (ship & shore) ≤ 12 months (max +3 months extension)
Verify performance of delegated tasks
Evaluate SMS effectiveness; auditors independent where practicable
Document audits, disseminate results, and ensure timely corrective action

Certification & Verification (Part B)

Company must hold DoC; ships must hold SMC
Validity periods:
- DoC: $\le 5$ years; annual verification (±3 months)
- SMC: $\le 5$ years; one intermediate verification (between 2nd–3rd anniversaries)
Renewal timing rules (§13.10-13.14) define early/late completion & extension windows (max 3 months voyage allowance; 5-month endorsement option)
Interim certificates:
- Interim DoC ≤ 12 months (new company or new ship types)
- Interim SMC ≤ 6 months (new ship, change of flag/company); one extra 6-month extension possible
Additional verification may be required on “clear grounds” (PSC detention, major NC, reactivation, etc.)

Forms of Certificates & Appendices

IMO-prescribed templates for DoC, SMC, Interim versions; include endorsement sections for annual/intermediate/additional verifications
Require company IMO Identification Number & ship IMO Number

Guidelines & Resolution Framework Overview

Res A.741(18) – Original ISM Code text (amended by MSC.104, 179, 195, 273, 353)
Res A.1118(30) – 2017 Revised Guidelines on Implementation by Administrations (replaces A.1071(28))
MSC-MEPC.7/Circ.8 – Revised Guidelines for Operational Implementation by Companies
MSC-MEPC.7/Circ.6 – DP qualification guidance
MSC-MEPC.7/Circ.7 – Near-miss reporting guidance
MSC.428(98) – Cyber Risk Management in SMS (compliance required by first DoC annual verification after $1\;Jan\;2021$ )
MSC-FAL.1/Circ.3 – High-level Maritime Cyber Risk Management Guidelines

Key Points from Revised Guidelines on Implementation by Administrations (Res A.1118(30))

Emphasises risk-based, non-prescriptive audits focusing on SMS effectiveness
Outlines certification processes: interim, initial, annual, intermediate, renewal, additional
Details auditor competence standards: ≥ 5 years relevant experience; formal education + ISM/audit training; participation in ≥ 4 tutored audits (≥ 1 company & ≥ 1 ship)
Clarifies responsibilities of Administrations, recognised organisations (ROs), companies & audit teams

Operational Implementation by Companies (MSC-MEPC.7/Circ.8)

Highlights importance of management review, DP monitoring, internal audit rigour
Encourages just-culture reporting, data analysis, and SMS continual improvement

Designated Person Qualifications (MSC-MEPC.7/Circ.6)

Education routes:
- Tertiary management/engineering/physical science degree, OR
- STCW-certificated officer + sea service, OR
- Other education + ≥ 3 years senior-level ship-management experience
Training topics: ISM Code, mandatory rules, risk assessment, audit techniques, ship operations, communication
Experience: Ability to present to top management, verify SMS compliance, analyse data & promote safety culture

Near-Miss Reporting Essentials (MSC-MEPC.7/Circ.7)

Defines near miss: sequence that could have caused loss but didn’t
Promotes “Just Culture” – non-punitive, confidential environment
Investigation steps: gather info (who/what/when/where), analyse, identify causal factors, recommend & implement actions, archive for trend analysis

Maritime Cyber Risk Management Highlights

Cyber risk = threat to tech assets that may impair operational safety/security
Vulnerable systems list: bridge, cargo, propulsion, access control, comms, admin, etc.
Five functional elements (align with NIST): Identify, Protect, Detect, Respond, Recover
IMO encourages inclusion of cyber risk in SMS by 2021
Reference industry standard: “Guidelines on Cyber Security Onboard Ships” (BIMCO et al.) & ISO/IEC 27001

Corrigendum (2018)

A.1118(30) §4.3.4: deletion of words “of the ships” for clarity in text regarding initial verification

Connections, Foundational Principles & Real-World Relevance

ISM Code operationalises SOLAS safety philosophy via management systems akin to ISO 9001
Builds continuous-improvement loop (Plan-Do-Check-Act) into maritime operations
Enhances Flag-State/Port-State oversight through objective evidence & audit trails
Supports environmental conventions (MARPOL) by embedding pollution-prevention culture
Cyber, near-miss & DP guidelines demonstrate IMO’s adaptive approach to emerging risks & human factors
Ethical implications: fosters transparency, accountability, crew empowerment, and protection of the marine environment

Numerical & Statistical References / Formula Recap

Certificate validity $\le 5\;\text{years}$
Annual verification window: $\pm 3\;\text{months}$ around anniversary
Intermediate SMC audit between $2^{nd}$ & $3^{rd}$ anniversary dates
Interim DoC $\le 12\;\text{months}$ ; Interim SMC $\le 6\;\text{months}$ (+ $6$ -month extension possible)
Cyber-risk inclusion deadline: first DoC annual verification after $1\;January\;2021$

Practical Study Tips

Map each ISM section to real shipboard procedures you’ve seen (e.g., lifeboat drill ↔ §8 drills)
Memorise certificate timelines using “5-3-1” rule: $5$ yrs validity, $3$ months annual window, $1$ intermediate audit window
Use DP guidance as a checklist if asked to evaluate a candidate’s suitability
Relate cyber guidance to everyday tools (ECDIS USB use, satellite comms firewall)
Practice drafting a near-miss report to demonstrate understanding of §9 & Circ.7 requirements