Loading (50 kb)...'

(continued) to loading, in accordance with the frequency required in the VSP; and

(4) Check, in liaison with the facility, seals or other methods used to prevent tampering.

(c) MARSEC Level 2. In addition to the security measures required for MARSEC Level 1 in this section, at MARSEC Level 2, the vessel owner or operator must also ensure the implementation of additional security measures, as specified for MARSEC Level 2 in the approved Vessel Security Plan (VSP). These additional security measures may include:

(1) Increasing the frequency and detail of checking cargo and cargo spaces for evidence of tampering;

(2) Intensifying checks to ensure that only the intended cargo, container, or other cargo transport units are loaded;

(3) Intensifying screening of vehicles to be loaded on car-carriers, RO-RO, and passenger vessels;

(4) In liaison with the facility, increasing frequency and detail in checking seals or other methods used to prevent tampering;

(5) Increasing the frequency and intensity of visual and physical inspections; or

(6) Coordinating enhanced security measures with the shipper or other responsible party in accordance with an established agreement and procedures.

(d) MARSEC Level 3. In addition to the security measures for MARSEC Level 1 and MARSEC Level 2, at MARSEC Level 3, the vessel owner or operator must ensure the implementation of additional security measures, as specified for MARSEC Level 3 in the approved VSP. These additional security measures may include:

(1) Suspending loading or unloading of cargo;

(2) Being prepared to cooperate with responders, facilities, and other vessels; or

(3) Verifying the inventory and location of any hazardous materials carried on board.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60514, Oct. 22, 2003]

§ 104.280 Security measures for delivery of vessel stores and bunkers.
top
(a) General. The vessel owner or operator must ensure that security measures relating to the delivery of vessel stores and bunkers are implemented to:

(1) Check vessel stores for package integrity;

(2) Prevent vessel stores from being accepted without inspection;

(3) Deter tampering; and

(4) Prevent vessel stores and bunkers from being accepted unless ordered. For vessels that routinely use a facility, a vessel owner or operator may establish and implement standing arrangements between the vessel, its suppliers, and a facility regarding notification and the timing of deliveries and their documentation.

(b) Maritime Security (MARSEC) Level 1. At MARSEC Level 1, the vessel owner or operator must ensure the implementation of measures to:

(1) Check vessel stores before being accepted;

(2) Check that vessel stores and bunkers match the order prior to being brought on board or being bunkered; and

(3) Ensure that vessel stores are controlled or immediately and securely stowed following delivery.

(c) MARSEC Level 2. In addition to the security measures required for MARSEC Level 1 in this section, at MARSEC Level 2, the vessel owner or operator must also ensure the implementation of additional security measures, as specified for MARSEC Level 2 in the approved Vessel Security Plan (VSP). These additional security measures may include:

(1) Intensifying inspection of the vessel stores during delivery; or

(2) Checking vessel stores prior to receiving them on board.

(d) MARSEC Level 3. In addition to the security measures for MARSEC Level 1 and MARSEC Level 2, at MARSEC Level 3, the vessel owner or operator must ensure the implementation of additional security measures, as specified for MARSEC Level 3 in the approved VSP. These additional security measures may include:

(1) Checking all vessel stores more extensively;

(2) Restricting or suspending delivery of vessel stores and bunkers; or

(3) Refusing to accept vessel stores on board.

§ 104.285 Security measures for monitoring.
top
(a) General. (1) The vessel owner or operator must ensure the implementation of security measures and have the capability to continuously monitor, through a combination of lighting, watchkeepers, security guards, deck watches, waterborne patrols, automatic intrusion-detection devices, or surveillance equipment, as specified in their approved Vessel Security Plan (VSP), the—

(i) Vessel;

(ii) Restricted areas on board the vessel; and

(iii) Area surrounding the vessel.

(2) The following must be considered when establishing the appropriate level and location of lighting:

(i) Vessel personnel should be able to detect activities on and around the vessel, on both the shore side and the waterside;

(ii) Coverage should facilitate personnel identification at access points;

(iii) Coverage may be provided through coordination with the port or facility; and

(iv) Lighting effects, such as glare, and its impact on safety, navigation, and other security activities.

(b) Maritime Security (MARSEC) Level 1. At MARSEC Level 1, the vessel owner or operator must ensure the implementation of security measures, which may be done in coordination with a facility, to:

(1) Monitor the vessel, particularly vessel access points and restricted areas;

(2) Be able to conduct emergency searches of the vessel;

(3) Ensure that equipment or system failures or malfunctions are identified and corrected;

(4) Ensure that any automatic intrusion detection device sets off an audible or visual alarm, or both, at a location that is continuously attended or monitored;

(5) Light deck and vessel access points during the period between sunset and sunrise and periods of limited visibility sufficiently to allow visual identification of persons seeking access to the vessel; and

(6) Use maximum available lighting while underway, during the period between sunset and sunrise, consistent with safety and international regulations.

(c) MARSEC Level 2. In addition to the security measures required for MARSEC Level 1 in this section, at MARSEC Level 2, the vessel owner or operator must also ensure the implementation of additional security measures, as specified for MARSEC Level 2 in the approved VSP. These additional security measures may include:

(1) Increasing the frequency and detail of security patrols;

(2) Increasing the coverage and intensity of lighting, alone or in coordination with the facility;

(3) Using or increasing the use of security and surveillance equipment;

(4) Assigning additional personnel as security lookouts;

(5) Coordinating with boat patrols, when provided; and

(6) Coordinating with shoreside foot or vehicle patrols, when provided.

(d) MARSEC Level 3. In addition to the security measures for MARSEC Level 1 and MARSEC Level 2, at MARSEC Level 3, the vessel owner or operator must ensure the implementation of additional security measures, as specified for MARSEC Level 3 in the approved VSP. These additional security measures may include:

(1) Cooperating with responders and facilities;

(2) Switching on all lights;

(3) Illuminating the vicinity of the vessel;

(4) Switching on all surveillance equipment capable of recording activities on, or in the vicinity of, the vessel;

(5) Maximizing the length of time such surveillance equipment can continue to record;

(6) Preparing for underwater inspection of the hull; and

(7) Initiating measures, including the slow revolution of the vessel's propellers, if practicable, to deter underwater access to the hull of the vessel.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60514, Oct. 22, 2003]

§ 104.290 Security incident procedures.
top
For each Maritime Security (MARSEC) Level, the vessel owner or operator must ensure the Vessel Security Officer (VSO) and vessel security personnel are able to:

(a) Respond to security threats or breaches of security and maintain critical vessel and vessel-to-facility interface operations, to include:

(1) Prohibiting entry into affected area;

(2) Denying access to the vessel, except to those responding to the emergency;

(3) Implementing MARSEC Level 3 security measures throughout the vessel;

(4) Stopping cargo-handling operations; and

(5) Notifying shoreside authorities or other vessels of the emergency;

(b) Evacuating the vessel in case of security threats or breaches of security;

(c) Reporting security incidents as required in §101.305;

(d) Briefing all vessel personnel on possible threats and the need for vigilance, soliciting their assistance in reporting suspicious persons, objects, or activities; and

(e) Securing non-critical operations in order to focus response on critical operations.

§ 104.292 Additional requirements—passenger vessels and ferries.
top
(a) At all Maritime Security (MARSEC) Levels, the vessel owner or operator must ensure security sweeps are performed, prior to getting underway, after any period the vessel was unattended.

(b) As an alternative to the identification checks and passenger screening requirements in §104.265 (e)(1), (e)(3), and (e)(8), the owner or operator of a passenger vessel or ferry may ensure security measures are implemented that include:

(1) Searching selected areas prior to embarking passengers and prior to sailing; and

(2) Implementing one or more of the following:

(i) Performing routine security patrols;

(ii) Providing additional closed-circuit television to monitor passenger areas; or

(iii) Securing all non-passenger areas.

(c) Passenger vessels certificated to carry more than 2000 passengers, working in coordination with the terminal, may be subject to additional vehicle screening requirements in accordance with a MARSEC Directive or other orders issued by the Coast Guard.

(d) Owners and operators of passenger vessels and ferries covered by this part that use public access facilities, as that term is defined in §101.105 of this subchapter, must address security measures for the interface of the vessel and the public access facility, in accordance with the appropriate Area Maritime Security Plan.

(e) At MARSEC Level 2, a vessel owner or operator must ensure, in addition to MARSEC Level 1 measures, the implementation of the following:

(1) Search selected areas prior to embarking passengers and prior to sailing;

(2) Passenger vessels certificated to carry less than 2000 passengers, working in coordination with the terminal, may be subject to additional vehicle screening requirements in accordance with a MARSEC Directive or other orders issued by the Coast Guard; and

(3) As an alternative to the identification and screening requirements in §104.265(e)(3) and (f)(1), intensify patrols, security sweeps and monitoring identified in paragraph (b) of this section.

(f) At MARSEC Level 3, a vessel owner or operator may, in addition to MARSEC Levels 1 and 2 measures, as an alternative to the identification checks and passenger screening requirements in §104.265(e)(3) and §104.265(g)(1), ensure that random armed security patrols are conducted, which need not consist of vessel personnel.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60514, Oct. 22, 2003]

§ 104.295 Additional requirements—cruise ships.
top
(a) At all MARSEC Levels, the owner or operator of a cruise ship must ensure the following:

(1) Screen all persons, baggage, and personal effects for dangerous substances and devices;

(2) Check the identification of all persons seeking to board the vessel; this check includes confirming the reason for boarding by examining joining instructions, passenger tickets, boarding passes, government identification or visitor badges, or work orders;

(3) Perform security patrols; and

(4) Search selected areas prior to embarking passengers and prior to sailing.

(b) At MARSEC Level 3, the owner or operator of a cruise ship must ensure that security briefs to passengers about the specific threat are provided.

§ 104.297 Additional requirements—vessels on international voyages.
top
(a) An owner or operator of a U.S. flag vessel, which is subject to the International Convention for Safety of Life at Sea, 1974, (SOLAS), must be in compliance with the applicable requirements of SOLAS Chapter XI–1, SOLAS Chapter XI–2 and the ISPS Code, part A (Incorporated by reference, see §101.115 of this subchapter).

(b) Owners or operators of U.S. flag vessels that are required to comply with SOLAS, must ensure an International Ship Security Certificate (ISSC) as provided in 46 CFR §2.01–25 is obtained for the vessel. This certificate must be issued by the Coast Guard.

(c) Owners or operators of vessels that require an ISSC in paragraph (b) of this section must request an inspection in writing, at least 30 days prior to the desired inspection date to the Officer in Charge, Marine Inspection for the Marine Inspection Office or Marine Safety Office of the port where the vessel will be inspected to verify compliance with this part and applicable SOLAS requirements. The inspection must be completed and the initial ISSC must be issued on or before July 1, 2004.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60515, Oct. 22, 2003]

Subpart C—Vessel Security Assessment (VSA)
top
§ 104.300 General.
top
(a) The Vessel Security Assessment (VSA) is a written document that is based on the collection of background information and the completion and analysis of an on-scene survey.

(b) A single VSA may be performed and applied to more than one vessel to the extent that they share physical characteristics and operations.

(c) Third parties may be used in any aspect of the VSA if they have the appropriate skills and if the Company Security Officer (CSO) reviews and accepts their work.

(d) Those involved in a VSA should be able to draw upon expert assistance in the following areas:

(1) Knowledge of current security threats and patterns;

(2) Recognition and detection of dangerous substances and devices;

(3) Recognition of characteristics and behavioral patterns of persons who are likely to threaten security;

(4) Techniques used to circumvent security measures;

(5) Methods used to cause a security incident;

(6) Effects of dangerous substances and devices on vessel structures and equipment;

(7) Vessel security requirements;

(8) Vessel-to-vessel activity and vessel-to-facility interface business practices;

(9) Contingency planning, emergency preparedness and response;

(10) Physical security requirements;

(11) Radio and telecommunications systems, including computer systems and networks;

(12) Marine engineering; and

(13) Vessel and port operations.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60515, Oct. 22, 2003]

§ 104.305 Vessel Security Assessment (VSA) requirements.
top
(a) Background. The vessel owner or operator must ensure that the following background information is provided to the person or persons who will conduct the on-scene survey and assessment:

(1) General layout of the vessel, including the location of:

(i) Each actual or potential point of access to the vessel and its function;

(ii) Spaces that should have restricted access;

(iii) Essential maintenance equipment;

(iv) Cargo spaces and storage;

(v) Storage of unaccompanied baggage; and

(vi) Vessel stores;

(2) Threat assessments, including the purpose and methodology of the assessment, for the area or areas in which the vessel operates or at which passengers embark or disembark;

(3) The previous VSA, if any;

(4) Emergency and stand-by equipment available to maintain essential services;

(5) Number of vessel personnel and any existing security duties to which they are assigned;

(6) Existing personnel training requirement practices of the vessel;

(7) Existing security and safety equipment for the protection of personnel, visitors, passengers, and vessels personnel;

(8) Escape and evacuation routes and assembly stations that have to be maintained to ensure the orderly and safe emergency evacuation of the vessel;

(9) Existing agreements with private security companies providing waterside or vessel security services; and

(10) Existing security measures and procedures, including:

(i) Inspection and control procedures;

(ii) Identification systems;

(iii) Surveillance and monitoring equipment;

(iv) Personnel identification documents;

(v) Communication systems;

(vi) Alarms;

(vii) Lighting;

(viii) Access control systems; and

(ix) Other security systems.

(b) On-scene survey. The vessel owner or operator must ensure that an on-scene survey of each vessel is conducted. The on-scene survey is to verify or collect information required in paragraph (a) of this section. It consists of an actual survey that examines and evaluates existing vessel protective measures, procedures, and operations for:

(1) Ensuring performance of all security duties;

(2) Controlling access to the vessel, through the use of identification systems or otherwise;

(3) Controlling the embarkation of vessel personnel and other persons and their effects, including personal effects and baggage whether accompanied or unaccompanied;

(4) Supervising the handling of cargo and the delivery of vessel stores;

(5) Monitoring restricted areas to ensure that only authorized persons have access;

(6) Monitoring deck areas and areas surrounding the vessel; and

(7) The ready availability of security communications, information, and equipment.

(c) Analysis and recommendations. In conducting the VSA, the Company Security Officer (CSO) must analyze the vessel background information and the on-scene survey, and while considering the requirements of this part, provide recommendations for the security measures the vessel should include in the Vessel Security Plan (VSP). This includes but is not limited to the following:

(1) Restricted areas;

(2) Response procedures for fire or other emergency conditions;

(3) Security supervision of vessel personnel, passengers, visitors, vendors, repair technicians, dock workers, etc.;

(4) Frequency and effectiveness of security patrols;

(5) Access control systems, including identification systems;

(6) Security communication systems and procedures;

(7) Security doors, barriers, and lighting;

(8) Any security and surveillance equipment and systems;

(9) Possible security threats, including but not limited to:

(i) Damage to or destruction of the vessel or an interfacing facility or vessel by dangerous substances and devices, arson, sabotage, or vandalism;

(ii) Hijacking or seizure of the vessel or of persons on board;

(iii) Tampering with cargo, essential vessel equipment or systems, or vessel stores;

(iv) Unauthorized access or use, including presence of stowaways;

(v) Smuggling dangerous substances and devices;

(vi) Use of the vessel to carry those intending to cause a security incident and/or their equipment;

(vii) Use of the vessel itself as a weapon or as a means to cause damage or destruction;

(viii) Attacks from seaward while at berth or at anchor; and

(ix) Attacks while at sea; and

(10) Evaluating the potential of each identified point of access, including open weather decks, for use by individuals who might seek to breach security, whether or not those individuals legitimately have access to the vessel.

(d) VSA report. (1) The vessel owner or operator must ensure that a written VSA report is prepared and included as part of the VSP. The VSA report must contain:

(i) A summary of how the on-scene survey was conducted;

(ii) Existing security measures, procedures, and operations;

(iii) A description of each vulnerability found during the assessment;

(iv) A description of security countermeasures that could be used to address each vulnerability;

(v) A list of the key vessel operations that are important to protect;

(vi) The likelihood of possible threats to key vessel operations; and

(vii) A list of identified weaknesses, including human factors, in the infrastructure, policies, and procedures of the vessel.

(2) The VSA report must address the following elements on board or within the vessel:

(i) Physical security;

(ii) Structural integrity;

(iii) Personnel protection systems;

(iv) Procedural policies;

(v) Radio and telecommunication systems, including computer systems and networks; and

(vi) Other areas that may, if damaged or used illicitly, pose a risk to people, property, or operations on board the vessel or within a facility.

(3) The VSA report must list the persons, activities, services, and operations that are important to protect, in each of the following categories:

(i) Vessel personnel;

(ii) Passengers, visitors, vendors, repair technicians, facility personnel, etc.;

(iii) Capacity to maintain safe navigation and emergency response;

(iv) Cargo, particularly dangerous goods and hazardous substances;

(v) Vessel stores;

(vi) Any vessel security communication and surveillance systems; and

(vii) Any other vessel security systems, if any.

(4) The VSA report must account for any vulnerabilities in the following areas:

(i) Conflicts between safety and security measures;

(ii) Conflicts between vessel duties and security assignments;

(iii) The impact of watch-keeping duties and risk of fatigue on vessel personnel alertness and performance;

(iv) Security training deficiencies; and

(v) Security equipment and systems, including communication systems.

(5) The VSA report must discuss and evaluate key vessel measures and operations, including:

(i) Ensuring performance of all security duties;

(ii) Controlling access to the vessel, through the use of identification systems or otherwise;

(iii) Controlling the embarkation of vessel personnel and other persons and their effects (including personal effects and baggage whether accompanied or unaccompanied);

(iv) Supervising the handling of cargo and the delivery of vessel stores;

(v) Monitoring restricted areas to ensure that only authorized persons have access;

(vi) Monitoring deck areas and areas surrounding the vessel; and

(vii) The ready availability of security communications, information, and equipment.

(e) The VSA must be documented and the VSA report retained by the vessel owner or operator with the VSP. The VSA, the VSA report, and VSP must be protected from unauthorized access or disclosure.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60515, Oct. 22, 2003]

§§ 104.310 Submission requirements.
top
(a) A completed Vessel Security Assessment (VSA) report must be submitted with the Vessel Security Plan (VSP) required in §104.410 of this part.

(b) A vessel owner or operator may generate and submit a report that contains the VSA for more than one vessel subject to this part, to the extent that they share similarities in physical characteristics and operations.

(c) The VSA must be reviewed and revalidated, and the VSA report must be updated, each time the VSP is submitted for reapproval or revisions.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60515, Oct. 22, 2003]

Subpart D—Vessel Security Plan (VSP)
top
§ 104.400 General.
top
(a) The Company Security Officer (CSO) must ensure a Vessel Security Plan (VSP) is developed and implemented for each vessel. The VSP:

(1) Must identify the CSO and VSO by name or position and provide 24-hour contact information;

(2) Must be written in English, although a translation of the VSP in the working language of vessel personnel may also be developed;

(3) Must address each vulnerability identified in the Vessel Security Assessment (VSA);

(4) Must describe security measures for each MARSEC Level;

(5) Must state the Master's authority as described in §104.205; and

(6) May cover more than one vessel to the extent that they share similarities in physical characteristics and operations, if authorized and approved by the Commanding Officer, Marine Safety Center.

(b) The VSP must be submitted to the Commanding Officer, Marine Safety Center (MSC) 400 Seventh Street, SW., Room 6302, Nassif Building, Washington, DC 20590–0001, in a written or electronic format. Information for submitting the VSP electronically can be found at http://www.uscg.mil/HQ/MSC. Owners or operators of foreign flag vessels that are subject to SOLAS Chapter XI–1 or Chapter XI–2 must comply with this part by carrying on board a valid International Ship Security Certificate that certifies that the verifications required by Section 19.1 of part A of the ISPS Code (Incorporated by reference, see §101.115 of this subchapter) have been completed. As stated in Section 9.4 of the ISPS Code, part A requires that, in order for the ISSC to be issued, the provisions of part B of the ISPS Code need to be taken into account.

(c) The VSP is sensitive security information and must be protected in accordance with 49 CFR part 1520.

(d) If the VSP is kept in an electronic format, procedures must be in place to prevent its unauthorized deletion, destruction, or amendment.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60515, Oct. 22, 2003; USCG–2004–18057, 69 FR 34925, June 23, 2004]

§ 104.405 Format of the Vessel Security Plan (VSP).
top
(a) A vessel owner or operator must ensure that the VSP consists of the individual sections listed in this paragraph (a). If the VSP does not follow the order as it appears in the list, the vessel owner or operator must ensure that the VSP contains an index identifying the location of each of the following sections:

(1) Security organization of the vessel;

(2) Personnel training;

(3) Drills and exercises;

(4) Records and documentation;

(5) Response to change in MARSEC Level;

(6) Procedures for interfacing with facilities and other vessels;

(7) Declarations of Security (DoS);

(8) Communications;

(9) Security systems and equipment maintenance;

(10) Security measures for access control;

(11) Security measures for restricted areas;

(12) Security measures for handling cargo;

(13) Security measures for delivery of vessel stores and bunkers;

(14) Security measures for monitoring;

(15) Security incident procedures;

(16) Audits and Vessel Security Plan (VSP) amendments; and

(17) Vessel Security Assessment (VSA) Report.

(b) The VSP must describe in detail how the requirements of subpart B of this part will be met.

§ 104.410 Submission and approval.
top
(a) In accordance with §104.115, on or before December 31, 2003, each vessel owner or operator must either:

(1) Submit one copy of their Vessel Security Plan (VSP), in English, for review and approval to the Commanding Officer, Marine Safety Center (MSC) and a letter certifying that the VSP meets applicable requirements of this part; or

(2) If intending to operate under an Approved Security Program, a letter signed by the vessel owner or operator stating which approved Alternative Security Program the owner or operator intends to use.

(b) Owners or operators of vessels not in service on or before December 31, 2003, must comply with the requirements in paragraph (a) of this section 60 days prior to beginning operations or by December 31, 2003, whichever is later.

(c) The Commanding Officer, Marine Safety Center (MSC), will examine each submission for compliance with this part, and either:

(1) Approve it and specify any conditions of approval, returning to the submitter a letter stating its acceptance and any conditions;

(2) Return it for revision, returning a copy to the submitter with brief descriptions of the required revisions; or

(3) Disapprove it, returning a copy to the submitter with a brief statement of the reasons for disapproval.

(d) A VSP may be submitted and approved to cover more than one vessel where the vessel design and operations are similar.

(e) Each company or vessel, owner or operator, that submits one VSP to cover two or more vessels of similar design and operation must address vessel-specific information that includes the physical and operational characteristics of each vessel.

(f) A plan that is approved by the MSC is valid for 5 years from the date of its approval.

[USCG–2003–14749, 68 FR 39302, July 1, 2003, as amended at 68 FR 60515, Oct. 22, 2003; USCG–2004–19963, 70 FR 74669, Dec. 16, 2005]

§ 104.415 Amendment and audit.
top
(a) Amendments. (1) Amendments to a Vessel Security Plan that are approved by the Marine Safety Center (MSC) may be initiated by:

(i) The vessel owner or operator; or

(ii) The Coast Guard upon a determination that an amendment is needed to maintain the vessel's security. The Coast Guard will give the vessel owner or operator written notice and request that the vessel owner or operator propose amendments addressing any matters specified in the notice. The company owner or operator will have at least 60 days to submit its proposed amendments. Until amendments are approved, the company owner or operator shall ensure temporary security measures are implemented to the satisfaction of the Coast Guard.

(2) Proposed amendments must be sent to the MSC at the address shown in §104.400(b) of this part. If initiated by the company or vessel, owner or operator, the proposed amendment must be submitted at least 30 days before the amendment is to take effect unless the MSC allows a shorter period. The MSC will approve or disapprove the proposed amendment in accordance with §104.410 of this part.

(3) Nothing in this section should be construed as limiting the vessel owner or operator from the timely implementation of such additional security measures not enumerated in the approved VSP as necessary to address exigent security situations. In such cases, the owner or operator must notify the MSC by the most rapid means practicable as to the nature of the additional measures, the circumstances that prompted these additional measures, and the period of time these additional measures are expected to be in place.

(4) If the owner or operator has changed, the Vessel Security Officer (VSO) must amend the Vessel Security Plan (VSP) to include the name and contact information of the new vessel owner or operator and submit the affected portion of the VSP for review and approval in accordance with §104.410 of this part.

(b) Audits. (1) The CSO or VSO must ensure an audit of the VSP is performed annually, beginning no later than one year from the initial date of approval and attach a letter to the VSP certifying that the VSP meets the applicable requirements of this part.

(2) The VSP must be audited if there is a change in the company's or vessel's ownership or operator, or if there have been modifications to the vessel, including but not limited to physical structure, emergency response procedures, security measures, or operations.

(3) Auditing the VSP as a result of modifications to the vessel may be limited to those sections of the VSP affected by the vessel modifications.

(4) Unless impracticable due to the size and nature of the company or the vessel, personnel conducting internal audits of the security measures specified in the VSP or evaluating its implementation must:

(i) Have knowledge of methods of conducting audits and inspections, and control and monitoring techniques;

(ii) Not have regularly assigned security duties; and

(iii) Be independent of any security measures being audited.

(5) If the results of an audit require amendment of either the VSA or VSP, the VSO or CSO must submit, in accordance with §104.410 of this part, the amendments to the MSC for review and approval no later than 30 days after completion of the audit and a letter certifying that the amended VSP meets the applicable requirements of this part.

[USCG–2003–14749, 68 FR 39302, July 1, 2003; 68 FR 41915, July 16, 2003, as amended at 68 FR 60515, Oct. 22, 2003]