ISM SMS Audit

Do you operate a Domestic Commercial Vessel (DCV) in accordance with the National Law 2012? If so then why not consider using our ISM SMS Development, Review & Audit service. We can develope a Safety Management System (SMS) for you (maybe you are purchasing a commercial vessel and need to have an SMS), we can review your current SMS or we can conduct and audit on your systems. Below you will see that items 9 & 10 of the International Ship Management (ISM) Code require, on an annual basis, an audit and verification of your SMS as part of your continuous improvement procedures.

You can be assured that our ISM SMS Auditor is well qualified and experienced. Please see experience and qualifications below.

In a career spanning over 40 years our Maritime Tutor has experience on a wide rage of vessels such as merchant ships, tugs, ferries, rescue vessels, charter boats, dredging vessels and much more. He has performed duty in the roles of deck crew, Engineer and Master. He holds current qualifications to the Master <45 and MED II level. Please feel free to contact our ISM SMS Auditor directly at truenorthmarine.com@gmail.com or on 0434803687 should you have any questions regarding the ISM SMS Auditor service.

In accordance with the ISM (International Ship Management) Code, an SMS (Safety Management System) is a structured framework designed to ensure the safe and efficient operation of ships and the prevention of accidents and pollution at sea. It’s a mandatory requirement under the International Maritime Organisation’s (IMO) ISM Code.
Here’s what an ISM SMS typically consists of:
1. Safety Management Manual (SMM):
The core of an ISM SMS is the Safety Management Manual.
This document outlines the company’s policies, procedures, and guidelines for safe vessel operations and pollution prevention. It includes information on safety responsibilities, emergency procedures, and compliance with relevant regulations.
2. Objectives and Goals: An ISM SMS establishes clear objectives and goals for the company’s safety and environmental performance. These objectives provide a framework for continuous improvement.
3. Designated Person Ashore (DPA): The DPA is a key individual responsible for overseeing the implementation of the ISM Code within the company. They act as a liaison between the company and the vessel and ensure that safety standards are maintained.
4. Procedures and Instructions: The SMS includes detailed procedures and instructions for various aspects of ship operations, including navigation, maintenance, emergency response, and crew training. These procedures are designed to mitigate risks and promote safety.
5. Emergency Preparedness: The SMS includes comprehensive plans for dealing with emergencies at sea, such as fire, collision, grounding, and oil spills. These plans ensure that the crew is well-prepared to respond effectively to any crisis.
6. Risk Assessment: An essential part of the SMS is a risk assessment process. This involves identifying potential hazards, evaluating associated risks, and implementing measures to control and mitigate those risks.
7. Training and Competence: The SMS outlines requirements for crew training and competence, ensuring that all personnel have the necessary skills and knowledge to perform their duties safely.
8. Reporting and Record-Keeping: The SMS includes procedures for reporting incidents, accidents, and near-misses. It also mandates the maintenance of records related to safety, maintenance, and crew qualifications.
9. Auditing and Verification: The company conducts regular internal audits to verify compliance with the SMS. Additionally, external audits by flag state authorities or classification societies ensure that the company’s SMS meets international standards.
10. Continuous Improvement: The ISM SMS promotes a culture of continuous improvement in safety and environmental performance. Companies are expected to learn from incidents and near-misses, update procedures as needed, and strive for better safety outcomes.Overall, the ISM SMS is a comprehensive system that focuses on safety and pollution prevention in maritime operations. It provides a structured approach to managing risks and ensuring the well-being of crew, vessels, and the environment. Compliance with the ISM Code and the implementation of a robust SMS are essential for the safe and responsible operation of ships.

An ISM SMS audit is a comprehensive examination of an organization’s information security practices and processes to assess their compliance with the ISM standard. Here are the typical components of an ISM SMS audit:

1. Pre-Audit Planning: The audit process begins with planning, which includes defining the scope of the audit, identifying key stakeholders, and determining the audit objectives and criteria. This phase also involves selecting the audit team and scheduling the audit.
2. Documentation Review: Auditors will review all relevant documentation related to the organization’s ISM SMS, including policies, procedures, risk assessments, incident reports, and other records. They will verify that these documents align with ISM requirements.
3. On-Site Assessment: This phase involves on-site visits to the organization’s facilities to observe security practices and interview employees. Auditors will assess whether the documented procedures are being followed in practice and if security controls are effectively implemented.
4. Risk Assessment: Auditors will evaluate the organization’s risk management processes to ensure they align with ISM requirements. This includes assessing how risks are identified, assessed, and mitigated.
5. Compliance Verification: Auditors will verify compliance with ISM controls, which cover various aspects of information security, such as access control, physical security, incident response, and more. They will check if controls are effectively implemented and monitored.
6. Incident Response Evaluation: The audit will assess the organization’s incident response capabilities, including how incidents are detected, reported, and managed. Auditors will also check if lessons learned from previous incidents are incorporated into improvements.
7. Security Awareness and Training: Auditors will assess the organization’s efforts to promote security awareness and provide security training to employees. This includes evaluating training programs and their effectiveness.
8. Testing and Assessment: Depending on the audit scope, auditors may conduct penetration testing, vulnerability assessments, or other technical assessments to identify vulnerabilities in the organization’s information systems.
9. Documentation of Findings: Auditors will document their findings, including any non-compliance issues, weaknesses, and areas for improvement. These findings will be used to generate an audit report.
10. Audit Report: The audit report summarizes the findings, identifies areas of non-compliance, and provides recommendations for improvement. It may also include an assessment of the overall maturity of the organization’s ISM SMS.
11. Follow-up and Corrective Action: The organization is typically required to address any identified non-compliance issues and weaknesses and provide evidence of corrective actions taken. The audit team may conduct a follow-up review to ensure these actions are effective.
12. Certification (Optional): Depending on the organization’s goals, it may seek ISM certification or compliance. If the audit is successful, the organization may receive certification or a statement of compliance, which can be used to demonstrate adherence to ISM standards.

It’s essential to note that the specific steps and requirements of an ISM SMS audit may vary depending on the organization’s size, industry, and the auditors’ expertise. The goal of the audit is to ensure that an organization’s information security practices align with the ISM standard and are effectively protecting sensitive information and systems.

Auditor Experience and Qualifications: