Anatomy of the maritime security – theoretical and practical approach

Captain Daniel Musafia, AFNI
After 26 years at sea and completing an internationally recognized professional development course Diploma in Marine Surveying, an one year Lloyds Academy learning program,  2010 Captain Daniel Musafia  “landed” ashore and is presently employed, by the major ship management company in the role of the  Company Security Officer and Office Security Officer. Daniel studied Nautical School – Bakar and Nautical Studies at Faculty of Maritime Studies University Rijeka.
Over the last 10 years, the industry got very sensible on the security matters and particularly on piracy-related cases. Because of additional industry requirements and besides ensuring that the ships are complying with the SOLAS Chapter XI and the comprehensive mandatory security regime  under the provisions of the  ISPS Code, some of Daniel’s main task are; updating and implementing security-related documentation for the fleet, security clearances with the Oil Majors, issuing of the Transit and Port Risk Assessment, vetting of the  Private Maritime Security Companies in order to meet the security standards related to the  Tanker Management and Self-Assessment programme (abbreviated as TMSA programme).

Anatomy of the maritime security – theoretical and practical approach
Written and compiled by the Capt. Daniel Musafia

“Even the smallest leak can sink the mightiest ship”.

–    Benjamin Franklin FRS (January 17, 1706 [O.S. January 6, 1705] – April 17, 1790) was one of the Founding Fathers of the United States

Spoken decades ago, these words are still true, and with an ever more globalized world perhaps more than ever before.
How we can define and perceive Maritime Security?  What it is that indeed? It seems like a pretty simple question, but indeed it is a complex and rather layered topic.
Not only that pirates, terrorist, drug smugglers and robbers are part of the Maritime Security, but there is much more to Maritime Security than may first meet the eye. Aim of this article compiled from various sources is to address and explain some critical points of the structured approach towards the Risk Management, using guidance laid in ISO 31000 requirements and Tanker Management and Self-Assessment programme (TMSA), as well as to address the practical approach within the shipping security domain.
The definition set in ISO Guide 73  states that the risk is: “effect of uncertainty on objectives”.  To mitigate and reduce the risks and its uncertainties the following has to be accomplished; Risk Identification, Risk Analysis and Risk Evaluation process.




Pic. No.1 Risk Management process based on ISO 31000

Implementing successfully risk management in the organization can deliver benefits, better strategic decisions, bring successful change in the management and improve operational efficiency.

To have effective risk management in place the human factor play a critical role to ensure that the best solutions are achieved.

To understand overall and the most significant risk is a challenge and expert knowledge is required in the organization. For that an organization shall be “Resilient”. Resilience can be defined; “as adoptive capacity of an organization in complex and changing environment. ”
Human factor plays a critical role in effective management. It could be described as the Affective Domain. The affective domain involves the human factor which includes how we deal with things emotionally, such as feelings, values, appreciation, enthusiasms, motivations, and attitudes.

Therefore risk management is a commitment, must be integrated into the culture of an organization and it’s procedures. Procedures without the culture to follow them or culture without the written procedures will not bring required objectives and benefits.



Practical implementation of the Risk Management Process requires risk architecture, strategy and protocols.
Risk architecture specifies the roles, responsibilities, communication and risk reporting structure. That can be embodied in one men / risk champion, up to complete department dealing on daily basis with the risks. The initial component of the ISO  31000 is “mandate and commitment “ by the board and this is followed by the:
    design of framework;
    implement risk management;
    monitor and review framework;
    improve framework .

3Pic. 2 – ISO 31000 –processes, framework and principles

The focus and fundamentally important part of the risk management process is the risk assessment.  Risk Assessment will encompass and evaluate the magnitude of the significant hazards as well as the implementation of suitable mitigation and control measures to bring the risk into the tolerable level.
To be successful in assessing the risks in the everlasting dynamic environment, intimate knowledge of the social, legal, political and cultural environment is of utmost importance. That will enable an organization to understand the limits including strategic and operational objectives.
Some organizations have developed written risk appetite or risk tolerance statements. Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings. The ISO 31000 risk management standard refers to risk appetite as the – “Amount and type of risk that an organization is prepared to pursue, retain or take”. This concept helps guide an organization’s approach to risk and risk management.
Understanding above elements of the risk management process, gives the possibility to analyze TMSA’s Module 13 main objectives and security management requirements.
Main Objective of the TMS Module 13 is to provide a safe and secure working environment by developing a proactive approach to security Management.

Security Management seeks effectiveness. To achieve that it requires the systematic identification of threats in all areas of the company’s business, with measures implemented to mitigate risks to the lowest practicable level.

Additionally TMSA Module 13 is requesting to have travel policy in place, based on the risk assessment, with the appropriate restrictions and guidance to minimize security threats to the personnel.

In the next article I will briefly touch upon practical approach on travelling risk assessment, issuing Quantitative and Qualitative Risk Assessment and its differences, monitoring, risk classifications and data analysis, including implementation of the control measures to mitigate and reduce the risk e.g. implementation of Best Management Practices.




kraljica mora logo

kraljica mora

pomorski rječnik

facebook kraljica mora



sindikat pomoraca hrvatske


pomorski fakultet rijeka

pomorsko dobro

rijeka klik

korana stojčić

tiskara sušak