Security

ISPS in Practice: Restricted-Area Visitor Logs and Security Levels on Cruise Ships

April 16, 2026 · 6 min read · The Henley Franc team

The International Ship and Port Facility Security (ISPS) Code asks a ship to do two things: have a security plan, and be able to prove it is following it. The plan is the easy part. The proof - the records that show who entered which restricted space, under what authority, at which security level - is where a lot of vessels are still relying on a clipboard by a door. When the Company Security Officer (CSO) or a Port Facility Security Officer comes looking, that clipboard is not a strong position.

Here is how ISPS works in practice, and what good records look like.

Restricted areas and who may enter them

A ship has spaces not everyone should enter: the bridge, the engine control room, certain stores, security and crew-only areas. ISPS expects you to control and record access. A restricted-area visitor log does this across the access levels a security plan actually uses:

  • crew only,
  • escorted visitors,
  • permit required, and
  • SSO-only (Ship Security Officer).

The point is not just to record entries; it is to enforce the rules - an escorted visitor who has no escort, or a permit-required entry with no permit, should be caught at the door, not discovered later. And the resulting log should be something the SSO can produce on demand, not reconstruct from memory.

Security levels, and what changes when they rise

ISPS defines three security levels. Level 1 is normal operations; levels 2 and 3 are heightened states declared in response to a specific threat. The obligation is twofold: manage the change, and record it - who raised the level, when, and why.

Security-level management handles both. Every change is logged automatically for the audit trail the PFSO and flag state expect, and raising the level can tighten restricted-area access and prompt the required actions, rather than relying on someone to remember the procedure under pressure.

The records that hold it together

ISPS is a documentation regime as much as an operational one. Alongside the visitor log and security-level audit, a credible security posture usually includes a CCTV camera registry - so you know what is watched and what is down - and door-access control tied to the same guest and crew credentials that drive the gangway and folio. One credential, many doors, fully revocable, every access recorded.

Why integration matters here too

Ship security is not a standalone system; it touches the gangway, the crew roster and the guest credential. When restricted-area access, door control and badge printing all use the same card a guest or crew member already carries, security stops being a parallel process and becomes part of how the ship already works. That is what makes the records consistent - and consistency is exactly what an auditor is checking for.

What to ask

  • Is restricted-area access enforced (escort, permit, sealed-bag), or only logged?
  • Are security-level changes recorded automatically, with who and why?
  • Can the SSO produce the visitor log on demand?
  • Do door access, gangway and badges share one credential, or several?

The bottom line

The ISPS Code rewards operators who can prove their plan is live, not just written. Digital restricted-area visitor logs and security-level management replace the clipboard with an enforced, auditable record - so when the question comes, the answer is a clean export rather than an awkward silence.

See Restricted Area Visitor Log in action

This article touches on Restricted Area Visitor Log, part of HF Property Management. Book a walkthrough tailored to your operation.

Request a demo Explore Restricted Area Visitor Log

Keep reading

Hotel Operations

Multi-Property Hotel PMS: Connecting Operations Across a Group

A multi-property hotel PMS should connect local operations with central finance, oversight and configuration w...

Hotel Operations

Hotel Housekeeping and Maintenance Software: From Room Status to Resolution

Connect housekeeping, maintenance and guest requests around one live room status so arrivals are protected and...

Cruise Compliance

Cruise Manifest Software: Passenger, Crew and Pre-Arrival Data

Cruise manifest software should build authority-ready passenger and crew submissions from the same records use...