Insights · Regulation · Safety & security
Two short acronyms decide whether a ship can trade: ISM, the code that makes a company prove it manages safety, and ISPS, the code that makes it prove it manages security. Both live inside SOLAS, and both come down to a plan, a certificate and an accountable person.
For most of maritime history, safety lived in the equipment — the lifeboats, the fire pumps, the watertight doors of SOLAS. But accident investigations kept reaching the same conclusion: the hardware was fine; the organisation behind it had failed. The 1987 capsize of the Herald of Free Enterprise, with its bow doors left open, was the case that crystallised it. The response was a code that regulated not steel but management. That code is ISM.
The International Safety Management Code requires every company that operates a ship to establish, document and maintain a Safety Management System (SMS) — a written framework covering safe operating procedures, emergency preparedness, reporting of accidents and near-misses, maintenance, and the lines of authority that connect ship and shore. It is made mandatory by SOLAS Chapter IX.
Compliance is demonstrated by two certificates:
A key feature is the Designated Person Ashore (DPA) — a named individual at the company with a direct line to top management, responsible for monitoring safety and ensuring resources are provided. The ISM Code's enduring contribution is that idea: that safety is a continuously managed process, owned by an accountable person, not a box ticked at survey.
If ISM answers the question "can this ship be operated safely?", the ISPS Code answers a different one: "can this ship be protected against deliberate harm?" Drafted rapidly after the attacks of September 2001, the International Ship and Port Facility Security Code was made mandatory by SOLAS Chapter XI-2 and entered into force on 1 July 2004.
ISPS extends the same logic — plan, certificate, responsible person — to security. It requires:
It is easy to confuse the two because they share a structure and both sit inside SOLAS. The simplest way to keep them apart is by the risk they address.
| ISM | ISPS | |
|---|---|---|
| Answers | Safety — accidents, pollution | Security — deliberate threats |
| SOLAS chapter | IX | XI-2 |
| Ship certificate | SMC | ISSC |
| Company document | DOC | (Company Security Officer) |
| Responsible person | Designated Person Ashore | Ship / Company Security Officer |
ISM made the industry write down how it stays safe. ISPS made it write down how it stays secure. In both cases the document, and the named officer behind it, are the point. On the SOLAS management and security codes
A ship that cannot produce a valid DOC, SMC or ISSC is one a port state inspector can detain, and ISM and ISPS deficiencies are among the commonest grounds for detention. Because both codes attach responsibility to the company as well as the ship, they also reach into the question of who actually operates a vessel — the same chain that matters for sanctions. On Marifest you can search any of 97,000+ vessels in the registry, resolve the operating company behind the hull, and check the vessel's compliance standing across OFAC, EU, UN and UK. The terms used here are defined in the maritime glossary.
How Marifest uses it
ISM and ISPS hold the operating company to account, not just the ship. Marifest resolves that company on every file, so the management behind a vessel is visible alongside its specs.
ISM's DOC and ISPS's security officers sit with the company. The registry ties each ship to the operator and manager behind it.
ISM and ISPS deficiencies are common detention grounds. A vessel's port-state record is a direct read on its management standing.
Which ships fall under ISM and ISPS depends on type and size — both on every vessel file.
Specs, operator, flag and sanctions standing sit together, so the management question is answered in context.