What is ship safety management

The Security management leads, directs and coordinates an organization in relation to all security activities.

Safety management is synonymous with risk management (RM), which includes all measures for the systematic identification, analysis, assessment, monitoring and control of risks.

The use of the term security management in technology is explained by the general use of the term security in technology.

A functioning security management must be embedded in the existing management structures of every institution. It is therefore practically impossible to specify an organizational structure for security management that is directly applicable to every institution.

Rather, adjustments to specific circumstances will often be necessary.

Elements of security management

security concept

A security concept is a central component of security management.

All relevant framework conditions, the company's defined security goals and measures to achieve these goals are described or defined here.

The security concept accordingly represents the basis for the planning and implementation of individual security measures. The aim of creating and implementing a security concept is to achieve a planned security level and to minimize identified risks.

Security policy

The security policy includes goals and guidelines for security in companies.

The security policy should be in line with the company's mission statement and should be represented by the company's management and conveyed to the employees.

Security analysis

The security analysis is part of the security management activities in an organization or company.

The aim of the security analysis is to recognize threats, to assess their probability of occurrence and potential for damage, and from this to estimate the risk for the organization.

In particular, the "unsafe" parameters (weak points) of a system and their prioritization must be determined.

In practice, risks are assessed on the basis of experience or expert judgment.

Security analysis means are both technical (including vulnerability scan and penetration test) and process-oriented (discussions with responsible personnel or data protection officers, documentation analyzes or business process analysis).

Security report

The safety report must be prepared by the operator of the system and should contain the following elements (example from the field of chemistry):

  • Major Accident Prevention Concept;
  • Description of security management and its application;
  • Determination of the dangers of major accidents and the measures required to prevent them and to limit the consequences for people and the environment (e.g. by means of a hazard and risk analysis / safety analysis);
  • An explanation of the design, construction, operation and maintenance of the systems of the facility that are associated with the risk of major accidents and that the systems are sufficiently safe and reliable;
  • Description of the internal emergency plans and information on external emergency plans on how the necessary measures should be taken in the event of a serious accident.
  • Indication of the information provided to the competent authority.

Security indicators

Safety performance indicators are parameters derived from system operation that are easy to record and track.

They give a clear picture of the security status of the system operation.

At an early stage, they give operational management indications of a possible deterioration in system operation so that corrective measures can be initiated before an unacceptable risk occurs.

Safety culture

Safety culture is a behavioral characteristic of a group or organization in how safety issues are dealt with.

It is subject to a complex learning process in which common goals, interests, norms, values ​​and behavioral patterns develop.

Application areas of security management

Chemical industry

As a consequence of the chemical accident in the northern Italian city of Seveso in 1976, the European Commission issued the first accident directive (Seveso-I directive) in 1982. The accidents in Bhopal (1984) and Guadalajara, Mexico (1992) led to an update in the Seveso II directive in 1996, which for the first time required operators to create a safety management system.

With the publication of Directive 2012/18 / EU of the European Parliament and of the Council of July 4, 2012 on the control of major accident hazards involving dangerous substances, the Seveso II Directive is replaced by the Seveso III Directive. It was published with the regulations of the 12th BImSchV on January 13, 2017 in the Federal Law Gazette No. I No. 3 and came into force in Germany on January 14, 2017.

According to the Seveso III Directive (Annex III), operators should present a concept for the prevention of major accidents that includes a suitable safety management system for controlling the dangers of major accidents (following text somewhat abbreviated):

The safety management system is appropriate to the hazards, industrial activities and the complexity of the company organization and is based on a risk assessment.

The safety management should take the following aspects into account:

  • Organization and Personnel - roles and responsibilities of major accident surveillance personnel at all levels of the organization, along with actions taken to raise awareness of the need for continuous improvement
  • Identification and assessment of major accident hazards - assessment of the probability and severity of such accidents;
  • Operational Control - Establishing and implementing procedures and issuing instructions for safe operations, including maintenance
  • Safe implementation of changes - definition and application of procedures for planning changes to the plant
  • Emergency Planning - Establishing and applying procedures to identify foreseeable emergencies based on systematic analysis and to create, test and review emergency plans
  • Performance monitoring - continuous assessment of compliance with the objectives set in the operator's concept and safety management, as well as mechanisms for checking and initiating remedial measures in the event of non-compliance.
  • Reporting of major accidents or "near misses", especially those in which the protective measures have failed, safety-related performance indicators
  • Audit and review - definition and implementation of procedures for a regular, systematic assessment of the concept and the effectiveness and suitability of the safety management.


The explosion of the Piper Alpha oil platform on July 6, 1988, in which 167 people were killed, led to a fundamental reorientation of safety measures in the petrochemical industry.

In his accident investigation (1990), Lord Cullen comes to the conclusion that the prevailing safety regime in the offshore industry (Present offshore Regime) is inadequate and the licensing procedure (in UK) needs a fundamental overhaul.

Every offshore company should have a formalized safety management system (SMS) in which the company's safety objectives are identified and how these safety objectives are achieved and demonstrated in safety standards.

The task of security management is to guarantee the security goals both in the system design and in the operation of the system.

The implemented SMS must be presented to the competent authority.

In detail, the SMS should contain the following elements:

  • Creating an organizational structure
  • Standards for the management staff
  • Training for operations and emergencies
  • Security analysis
  • Design procedures.
  • Procedures for operation, maintenance, changes and emergencies
  • Security management of subcontractors regarding their work
  • Involvement of the operating staff and that of the subcontractors in the safety management
  • Accident and incident reporting, incident analysis and action tracking
  • Monitoring and auditing of the functionality of the SMS
  • Systematic re-evaluation of the SMS in relation to operator and industry experience.

Elements of the SMS have been adopted and specified in the international standard ISO 45001.

Railway systems

According to Directive 2004/49 / EC, superseded and expanded by Directive (EU) 2016/798 with effect from May 11, 2016, of the European Parliament and the Council on railway safety in the Community (directive on railway safety) are the essential components of the safety management system:

  • a security policy approved by the company manager and communicated to the staff
  • Company-related qualitative and quantitative goals with a view to maintaining and improving safety, as well as plans for the achievement of these goals
  • Procedure for compliance with existing, new and changed technical and operational standards
  • Procedures for carrying out risk assessments and applying risk control measures in the event that changes in operating conditions or new material present new risks to the infrastructure or operations
  • Personnel training programs and procedures to ensure that personnel are properly qualified and performed accordingly
  • Provision for a sufficient flow of information within the organization and, if necessary, between organizations that use the same infrastructure
  • Procedures and formats for documenting security information and determining control procedures to secure the configuration of critical security information
  • Procedures to ensure that accidents, incidents, near misses and other dangerous events are reported, investigated and evaluated and that the necessary preventive measures are taken
  • Provision of deployment, alarm and information plans in consultation with the responsible authorities
  • Provisions on regular internal reviews of the safety management system.

The safety management measures are supplemented by the determination of safety indicators (accidents caused by collisions, train derailments, accidents at level crossings, accidents with personal injury, suicides, vehicle fires), indicators relating to disruptions, near-misses and indicators on the effectiveness of safety management (with reference to on the audits carried out).

As proof of the effectiveness of the safety management system in use, all infrastructure managers and railway undertakings must submit a safety report to the safety authority every year. This must include information on how the company-related safety goals were achieved, how the recorded safety indicators have developed, the results of the internal safety reviews and defects and disruptions in railway operations.

Evidence of safety for all elements of the safety management process must be provided in a safety management report in accordance with EN 50129 over the entire life cycle from creation, operation and disposal of a system.

In all cases, hazard analyzes and risk assessment processes, as defined in EN 50126, are necessary.

Nuclear technology

The use of safety management systems in nuclear power plants has meanwhile become an international standard.

The main basis for this is the report by the International Atomic Energy Agency (IAEA) Management of Operational Safety in Nuclear Power

Plants - INSAG-13 there.

The report gives a detailed description of safety management for nuclear power plants and points out the very close connection between safety management and safety culture, according to which both are mutually dependent.

An organization with a strong safety culture has effective safety management, which in turn creates the working conditions that reinforce the behavior and attitudes of staff towards safety.

The SMS is also defined accordingly.

"The safety management system comprises the organizational measures of a company with regard to safety in order to achieve a strong safety culture and good safety performance."

From experience with the use of SMS, the following system weaknesses could be identified:

  • Insufficient identification of the fundamental causes of malfunctions (real root causes)
  • Lack of management engagement in solving identified problems
  • Insufficient attention in planning and implementing remedial actions and prioritizing them
  • Lack of conviction among employees to respond to planned changes
  • Insufficient resources to implement improvement measures.

In Germany in 2004 the BMU required the introduction of safety management systems for all nuclear power plants, the principles of which are described in.

Civil aviation

The safety management system (SMS), known as the safety management system in civil aviation, is mandatory by the International Civil Aviation Organization (ICAO) and must be implemented by its 190 contracting states, including Germany, Austria and Switzerland.

The basic idea of ​​the SMS is to understand safety as a management task, i.e. to proactively recognize latent dangers in order to prevent them at an early stage. Errors made should be reported retrospectively so that the risk of repetition is largely eliminated.

The ICAO SMS concept contains two addressees, namely on the one hand the ICAO contracting states themselves, each of which is to create its own comprehensive State Safety Program (SSP).

On the other hand, it is aimed at airport operators, airlines, maintenance companies and training facilities in the aviation industry, each of which is to introduce an internal SMS and is to be monitored by the competent authorities of the contracting states.

Maritime shipping

A number of serious shipping accidents in the 1980s, in particular the disaster of the Herald of Free Enterprise, manifested human errors combined with management errors as the triggering causes.

The International Maritime Organization (IMO) then developed the Guidelines on Management for the Safe Operation of Ships and for Pollution Prevention, in which the goals of safety management, the provision of resources for their implementation and the creation of a safety management system (SMS) are specified.

The necessary safety measures should be presented in a safety management manual, with a copy on board the ship. The tasks of the SMS also include reporting accidents and dangerous situations to ship owners.

A study by the ADAC from May 2012 on the safety of cruise ships with 3,000 to 7,000 passengers on board came to the conclusion that 4 out of 9 ships were rated “poor” and only in one case were rated “very good”. were issued.

Water management

The "Technical Safety Management" (TSM) guideline created by the German Association for Water Management, Sewage and Waste (DWA) is used for water management companies and is intended to keep and check the level of knowledge of employees and the organizational structures of the technical area.

The guidelines "TSM Abwasser" for wastewater and sewer companies, "TSM Water Maintenance" for water associations and "TSM Reservoirs" for dam operators are used for voluntary self-control, which is checked every six years.

Information security

In the field of information technology (IT), IT security management is an ongoing process within a company or organization to ensure IT security. Its task is to systematically secure an information-processing IT network in order to avoid dangers to information security or threats to data protection To prevent or fend off a company or organization.

According to the BSI standard 200-1 Management Systems for Information Security (ISMS), the top management level of a company must initiate, control and monitor the security process. This includes the following tasks:

  • An information security strategy and security goals must be adopted and communicated.
  • The effects of security risks on business activity or the performance of tasks must be examined.The operational task of "information security" is usually carried out by an information security officer (ISB).
  • The organizational framework for information security must be created, responsibilities and authorities assigned and communicated.
  • Sufficient resources must be made available for information security.
  • The security strategy must be regularly checked and evaluated, identified weaknesses and errors must be corrected.
  • Employees need to be made aware of security issues and view information security as an important aspect of their job.

Degree in safety management

The safety management course usually deals with the following subjects:

  • Operational management
  • Tax law
  • Risk management
  • Financial aspects
  • Conflict management and communication
  • Aspects of crime
  • Risks in a political and social context - at the state level.
  • Security and risk in a political and social context - on a private level.
  • Legal Doctrine and Powers.
  • Economic basics of safety management.
  • Psychology for safety management.
  • Marketing and management in security companies.
  • Human resource management.
  • Crisis management.
  • Security of supply.
  • Security policy
  • Security technology.
  • Occupational and operational safety.
  • Crime control as a task of security management.
  • Information protection and information security.

and should enable students to develop holistic security concepts and to implement them in companies, authorities, national and international institutions.

Source:Wikipedia · Text is subject to the CC-BY-SA license