Another approach: The Port of Houston adopts ISO 28000.

For any port, the security of its facilities and the safety of the people who work in and around the port or live in its neighbouring communities is a top priority. The Port of Houston Authority (PHA) is a leader among international ports in the field of security management. The following is another model of how security is played out in a major U.S. port.

Port of Houston

In March 2008, the PHA’s security management system (SMS) was certified to ISO (International Organization of Standardization) 28000:2007, making Houston the first port authority in the world to receive this international security designation. The standard sets out stringent requirements for a SMS that incorporates all aspects of business management. ISO 28000:2007, in particular, was developed as a response to industry demands for enhanced supply chain security.

In April 2011, the PHA received a new three-year certification for ISO 28000 security management following the successful completion of its SMS audit.

The PHA owns and operates the public facilities located along the Port of Houston, a 25-mile-long complex of public and private facilities that handle general cargo, containers, grain and other dry bulk commodities, project and heavy-lift cargo, and other types of cargo.

The PHA’s ISO 28000 certification covers perimeter security at its Barbours Cut and Bayport container terminals and Manchester liquid bulk terminal.

“Through ISO 28000, we have vertical integration throughout the organization so everyone knows and understands their particular responsibilities with regard to security. And we can identify security issues more readily,” said Patricia Ramsey, senior administrative-security program manager of the PHA’s Health, Safety, Security and Environment branch.

“ISO is a great system to quantify and document what you need. All of our security procedures and processes are documented and our facilities security plan is implemented through ISO 28000.”

New branch for security and emergency operations

The port authority recently reorganized its port security and emergency operations under the newly created Health, Safety, Security and Environment umbrella.

“As ISO 28000 has been implemented and expanded, our organization has also grown,” Ms. Ramsey said. “We now have a higher visibility within the organization. People at all levels better understand what we are doing and where we are going.”

The branch now boasts an emergency management coordinator, as well as two facility security officers and one assistant facility security officer who manage a contract security force of more than 100 people.

The PHA maintains its commitment to safety and security in compliance with the U.S. Maritime Transportation Security Act (MTSA) of 2002. The U.S. Coast Guard and the Department of Homeland Security administer and enforce the regulations governing port security procedures.

The PHA’s ISO 28000 certification means that the port authority not only meets the requirements of MTSA regulations but goes above and beyond those requirements while still ensuring the efficient movement of commerce.

“One of our commitments in our security management policy is to maximize port security while expediting the flow of commerce,” Ms. Ramsey said. “This is key. We must have a robust security system without hindering the people who need to get into the port and who have a valid reason to work here.

“Anyone who crosses our perimeter is a stakeholder in the program, and we work closely with our stakeholders – trucking companies, shipping agents, etc. – when we develop new procedures or processes. We have programs they are enrolled in that help us manage our facility access.”

The port authority already had in place a strong SMS prior to 2008. Its challenge was to document the system in the language of the ISO standard and to identify and develop required improvements.

“We already had a good structure,” Ms. Ramsey said. “We documented it. When we saw places within our existing structure where we did not meet the standard, then we developed that structure to meet the standard.”

Patricia Ramsey, senior administrative-security
program manager of the PHA's Health, Safety,
Security and Environment branch.


easures developed by the port authority to meet the ISO standard included improvements in security processes, procedures and practices, more detailed and efficient monitoring and documentation, broader training of the PHA police force and security partners, and more efficient processing of vehicles through its gates.

Continual improvement a cornerstone goal

The process of achieving certification to the new standard for security helped the PHA to shape a set of policies and procedures geared toward developing a more secure port that is staffed by highly trained personnel. It provides a framework on which to build toward continual improvement – one of the cornerstone goals of the ISO standard –and the strengthening of its relationships with shippers and security partners.

“One of our security policy commitments is to be a model for continual improvement,” Ms. Ramsey said. “It was important to our management back in 2008 that we have that visibility.”

The PHA holds a semi-annual senior management security review, a requirement of the ISO standard. “We identify the things we would like to do for continual improvement,” Ms. Ramsey said.

On the current agenda is the implementation of a new electronic visitor management system (VMS).

“The new VMS is designed for the port environment, where people are going in and out all day and moving between terminals,” Ms. Ramsey said. “We have a common database of trusted partners who enter their gate lists and who have been vetted through security procedures. It is coordinated with our ship traffic so that visitors to ships – vendors, repairmen, suppliers – are managed through this system.

“We developed this based on our business model and not some off-the-shelf VMS that would not work for our environment. It has been very successful. We have over 400 users.”

Other current objectives are the certification of the PHA’s multipurpose Turning Basin Terminal; the establishment of computer-based training for personnel with security duties; and improving plans for emergency response and security recovery.

The port authority’s SMS was modelled after its environmental management system. In 2002, the PHA became the first U.S. port to attain ISO 14001 certification for its environmental management program. The port authority used lessons learned from ISO 14001, most notably in the areas of communication and documentation, to implement ISO 28000 more efficiently. ISO 28000 and ISO 14001 project managers also collaborated to communicate their programs jointly to port stakeholders.

The Port of Houston ranks first in the U.S. in foreign waterborne tonnage and second in overall total tonnage. More than 7,000 vessels call at the port annually, providing the stimulus for an economic impact of $178.5 billion and more than one million jobs in the State of Texas alone.