Introduction: Three Roles, Three Different Obligations
The ISPS Code creates three distinct maritime security officer roles — the Port Facility Security Officer (PFSO), the Ship Security Officer (SSO, also designated as VSO under US regulations), and the Company Security Officer (CSO). Each has a different scope of responsibility, a different training and certification pathway, and a different regulatory basis in the United States. Choosing the wrong certification — or not obtaining the right one — creates compliance gaps that can result in vessel detention, port state control deficiencies, and legal liability for the individuals and organisations involved.
In the US, maritime security certification sits at the intersection of international ISPS obligations and domestic regulations administered by the United States Coast Guard (USCG). The Maritime Transportation Security Act of 2002 (MTSA) — which predates the ISPS Code and was in many respects its precursor — establishes the national framework within which USCG-approved training and certification requirements operate. Understanding this dual framework is essential for US maritime professionals seeking to obtain or maintain the right qualifications.
This comparison guide is designed for US maritime professionals, port security officers, fleet managers, and shipping company employees who need to understand the differences between the three ISPS security officer roles and identify the correct certification pathway for their position.
1. Port Facility Security Officer (PFSO)
What Does a PFSO Do?
The PFSO is responsible for the security of a specific port facility — a defined area within or adjacent to a port where ships call on international voyages. The PFSO’s responsibilities are port-side only and include: developing, implementing, and maintaining the Port Facility Security Plan (PFSP); conducting or coordinating the Port Facility Security Assessment (PFSA); ensuring that appropriate security measures are in place at all three ISPS security levels; liaising with Ship Security Officers and Company Security Officers on security matters; and ensuring that port facility security personnel receive the training required by the ISPS Code.
Who Needs a PFSO Certification?
Any individual designated as the PFSO for a US port facility handling international vessel traffic must hold a recognised PFSO qualification. This includes port security managers, facility security coordinators, and in smaller facilities, the individuals who hold the PFSO designation as part of a broader operational role.
US Regulatory Framework for PFSOs
In the US, PFSO training and certification requirements are governed by 33 CFR Part 105 (Facility Security) under the MTSA framework, which mirrors and incorporates the ISPS Code’s requirements for port facilities. USCG-approved PFSO training (identified as the Facility Security Officer or FSO role in US regulations) must meet the competency standards in 33 CFR 105.205 and the IMO’s 2015 Port Facility Security Officer Model Course.
Neptune P2P Group’s PFSO training course, delivered by our US team, is USCG-approved and meets all requirements under 33 CFR 105.205 and the ISPS Code Part A/17.
2. Ship Security Officer (SSO) / Vessel Security Officer (VSO)
What Does an SSO Do?
The Ship Security Officer — designated as the Vessel Security Officer (VSO) under USCG regulations — is responsible for the security of a specific vessel. The SSO is accountable to the master and is responsible for: implementing the Ship Security Plan (SSP); ensuring that the ship’s security equipment is properly operated, tested, and maintained; conducting security inspections of the ship; and liaising with the PFSO at each port call and the CSO within the company.
Unlike the PFSO, who manages a fixed facility, the SSO operates in a dynamic environment that changes with every port call and voyage. The SSO must be capable of adapting the ship’s security posture to the threat level at each port of call and in each transit environment, and must maintain a clear understanding of the Declaration of Security (DoS) process and when it should be invoked.
Who Needs an SSO Certification?
Any crew member designated as the Ship Security Officer — typically the Chief Officer or First Mate on merchant vessels, or a dedicated security officer on vessels with a large crew — must hold a recognised SSO qualification. The SSO qualification is required for an STCW endorsement on a merchant mariner’s credential.
US Regulatory Framework for SSOs
SSO training requirements under US regulations are found in 33 CFR Part 104 (Vessel Security) and must satisfy STCW Table A-VI/5 competency standards. USCG-approved VSO training must meet the requirements in 33 CFR 104.215. The MTSA’s requirement for vessels operating in US waters or calling at US ports adds an additional layer of US-specific compliance that foreign-flagged vessels must satisfy in addition to their flag state ISPS requirements.
3. Company Security Officer (CSO)
What Does a CSO Do?
The Company Security Officer is the company-level maritime security role — the individual responsible for security across the entire fleet operated by a shipping company. The CSO’s responsibilities include: ensuring that Ship Security Assessments (SSAs) are carried out for each vessel; overseeing the development, implementation, and maintenance of Ship Security Plans; providing a link between the company, the SSOs on individual vessels, and the PFSOs at the ports they call at; and ensuring that adequate maritime security training is provided to all relevant company personnel.
The CSO role is the most senior of the three ISPS security officer positions and requires the broadest understanding of the ISPS Code’s requirements — including fleet-wide security assessment methodology, multi-vessel SSP management, and company-level liaison with flag state and port state control authorities.
Who Needs a CSO Certification?
Any individual designated as the Company Security Officer for a shipping company with vessels on international voyages must hold a recognised CSO qualification. In practice, CSOs are typically senior maritime managers, fleet security coordinators, or designated persons ashore (DPAs) who hold the CSO designation as part of a broader maritime operations role.
US Regulatory Framework for CSOs
CSO training requirements are found in 33 CFR 104.210 and must satisfy the STCW Code Table A-VI/5 competency framework. In the US context, the CSO role may also encompass responsibilities under the MTSA’s requirements for Company Security Plans and vessel-specific security documentation submitted to the USCG.
4. Side-by-Side Comparison
The following summarizes the key differences between the three certifications:
- Scope: PFSO = port facility only. SSO/VSO = one specific vessel. CSO = entire company fleet.
- US regulation: PFSO: 33 CFR 105.205. SSO/VSO: 33 CFR 104.215. CSO: 33 CFR 104.210.
- STCW requirement: SSO/VSO requires an STCW endorsement (Table A-VI/5). PFSO and CSO qualifications do not require an STCW endorsement but must meet IMO model course standards.
- Who typically holds it: PFSO: port/facility security manager. SSO: Chief Officer or dedicated vessel security officer. CSO: Fleet security manager or senior maritime operations manager.
- Training duration: All three can typically be completed in a combined 2-3 day USCG-approved course, or as individual standalone courses. Neptune P2P Group offers combined and individual certification pathways.
- TWIC requirement: US-based PFSOs and facility security personnel typically require a Transportation Worker Identification Credential (TWIC) card for unescorted access to secure areas of maritime facilities.
5. Can You Hold Multiple Certifications?
Yes — and in many organisations, it is operationally efficient to do so. Neptune P2P Group’s USCG-approved combined course (equivalent to MASSHA-578) delivers SSO/VSO, CSO, and PFSO qualifications in a single 2-3 day programme. This is particularly valuable for small shipping companies where one individual may hold multiple security officer designations, and for maritime security professionals seeking the broadest possible qualification portfolio.
For individual maritime professionals, holding all three certifications signals comprehensive ISPS competency and significantly broadens employment options across the port operations, fleet management, and vessel security sectors.
Conclusion: Get the Right Certification for Your Role
The PFSO, SSO, and CSO certifications each serve a distinct function within the ISPS compliance framework, and selecting the right one — or combination — for your role is a compliance requirement, not a box-ticking exercise. With the USCG actively enforcing MTSA and ISPS requirements across US ports and vessels, the consequences of holding an incorrect or lapsed qualification can be severe.
Neptune P2P Group’s maritime security training team in the USA can advise you on the correct certification pathway for your role, your company’s fleet profile, and your regulatory obligations. Contact our US training academy to discuss enrolment.
About Neptune P2P Group
Neptune P2P Group is a global security risk solutions company founded in 2009 and owned by former British and French Special Forces personnel. With over 8,500 completed security tasks across the AMEA region and a 100% success record for anti-piracy operations, Neptune P2P Group delivers maritime security services, ports and terminal security, protective security, maritime security training, and travel risk management to shipping companies, port operators, corporations, and governments worldwide.
