Maritime security (MARSEC) levels are the common language that tells a ship and a port facility how much protective security to apply at any given moment. There are three of them, set under the International Ship and Port Facility Security (ISPS) Code, and they escalate from routine operations to imminent threat. For anyone planning a port call, the level in force shapes access control, cargo handling, manning of the gangway and the paperwork the master must hold. Get the level wrong, or fail to match a port's heightened posture, and a vessel risks delay, detention or a refused entry. This guide explains what each level means, who sets it, the measures that step up at each one, and how it all connects to the Ship Security Plan.
The legal framework: SOLAS XI-2 and the ISPS Code
The security regime sits inside the International Convention for the Safety of Life at Sea (SOLAS), specifically chapter XI-2, "Special measures to enhance maritime security". That chapter brings in the ISPS Code, which entered into force on 1 July 2004 and applies to ships on international voyages and the port facilities that serve them. The Code has two parts. Part A is mandatory and sets out the detailed requirements that flag states, port authorities and shipping companies must meet. Part B is recommendatory guidance on how to meet Part A. Three named officers run the system in practice: the Company Security Officer (CSO) at the shipping company, the Ship Security Officer (SSO) on board, and the Port Facility Security Officer (PFSO) ashore.
What the three MARSEC levels mean
The Code defines three security levels, each describing the assessed likelihood of a security incident rather than a fixed list of tasks. The exact measures behind each level live in the Ship Security Plan and the Port Facility Security Plan.
- Security level 1 is the normal, day-to-day level at which a ship or port facility operates. Minimum appropriate protective security measures are maintained at all times.
- Security level 2 applies for as long as there is a heightened risk of a security incident. It triggers additional protective measures, sustained for the duration of the elevated risk.
- Security level 3 applies for the period when a security incident is probable or imminent, even if a specific target cannot be identified. It brings further, more intrusive measures and is intended to be used only for a limited time.
Level 3 is exceptional. It assumes reliable intelligence that an attack on the ship, the port or the waters in question is likely, and it should not be a standing posture.
Who sets the level
Contracting Governments, the states party to SOLAS, are responsible for setting security levels. A flag state sets the level for ships entitled to fly its flag and communicates any change to them, as required by SOLAS regulation XI-2/3. A port state sets the level for the port facilities in its territory and for ships in, or about to enter, its ports. The practical rule for a visiting vessel is straightforward: if the port's level is higher than the level the ship is currently operating at, the ship must raise its own measures to meet the port before it enters or while alongside. A ship can never operate below the level set by the port state whose waters it is in.
Levels can be raised quickly in response to a specific threat, a regional pattern of attacks, or wider geopolitical tension. Notification reaches ships through flag administrations, port authorities and, in some regions, recognised reporting and coordination centres. Operators transiting higher-risk waters such as the Gulf of Guinea or the wider Indian Ocean will also be familiar with regional reporting centres, for example the Maritime Domain Awareness for Trade Gulf of Guinea (MDAT-GoG) and the United Kingdom Maritime Trade Operations (UKMTO) cell, which inform threat awareness even though they do not themselves set the MARSEC level.
How measures escalate at each level
The Code does not prescribe identical actions for every ship. Instead, the Ship Security Plan lists what the vessel will do at each level, and the measures are cumulative: level 2 adds to level 1, and level 3 adds to both. Typical measures that escalate include the following.
| Area | Level 1 (normal) | Level 2 (heightened) | Level 3 (imminent) |
|---|---|---|---|
| Access control | Check identity of all boarding; control access points | Limit access points; increase checks; deter waterside approach | Restrict access to a single controlled point; suspend non-essential access |
| Restricted areas | Maintain and mark restricted areas | Increase frequency and intensity of monitoring | Set up additional restricted areas; prepare for or assist a search |
| Cargo and stores | Routine checking of cargo and ship's stores | Detailed checking; verify against manifest; escort movements | Suspend cargo and stores handling, or do so only under direction |
| Deck and watch | Standard watchkeeping and lighting | Increased patrols, lookouts and lighting | Continuous watch; full lighting; ready response measures |
At level 3 a ship operates everything from levels 1 and 2 plus the specific incremental measures in its plan, and it will normally act on direction from those responding to the threat.
What it means for a port call and the Ship Security Plan
The Ship Security Plan (SSP) is the approved, confidential document that turns these levels into concrete actions for a specific vessel. It is built from a Ship Security Assessment and is kept on board, protected from unauthorised access. The SSO is responsible for implementing it and for putting the right measures in place when the level changes. Before and during a port call, several practical duties flow from the level in force:
- Confirm the port facility's current security level in advance and ensure the ship is operating at least at that level on arrival.
- Exchange a Declaration of Security (DoS) with the port facility or another ship where required, recording who is responsible for which security measures during the interface. A DoS is more likely to be required at higher levels or where the ship and facility operate at different levels.
- Keep the required security records, including past Declarations of Security and a log of security level changes, available for inspection by port state control or a Designated Authority.
- Maintain the ship's International Ship Security Certificate, Continuous Synopsis Record and a functioning Ship Security Alert System, all of which a port state may verify.
A vessel that cannot meet a port's heightened level, or whose documentation does not stand up to inspection, can face additional control measures: extra inspection, delay, restriction of movement or, in the most serious cases, denial of entry. Planning the level into the port call, rather than discovering it at the pilot station, is what keeps a call on schedule.
Where Verihelm helps
MARSEC levels tell a crew how to respond, but they do not explain why a level has moved or what threat sits behind it. That context is where decisions are made. Verihelm is Dryad Global's analyst-verified intelligence platform: it gives security officers, masters and shore teams a current, evidence-backed picture of the threat at a specific port and along a planned route, so a change in security posture is understood, not just complied with. Verified incident history, port-level risk and regional threat reporting come together in one place, helping operators anticipate when a port's level may rise and prepare the right measures before arrival. To see how this supports a structured port call decision, explore Verihelm's port risk assessment capability.