ISM Code and ship audits explained: how an SMS works, how DOC/SMC audits are conducted, and how to prepare for safe, compliant operations.
A ship can be technically perfect—new equipment, strong hull, skilled crew—and still suffer a serious accident because the system of work breaks down. The missing link is often not “knowledge” or “rules,” but how the company and ship consistently plan, communicate, control risk, and learn from mistakes.
That is the real purpose of the International Safety Management (ISM) Code: to make safety and pollution prevention a managed process, not a hope. The ISM Code is implemented through a company’s Safety Management System (SMS) and verified through audits that lead to certification (DOC and SMC). The strongest SMS is not a thick manual. It is a living routine onboard and ashore—supported by leadership, competent people, and honest reporting.
Why This Topic Matters for Maritime Operations
Marine casualties continue to show a heavy human element component, meaning that decision-making, procedures, communication, fatigue, competence, and organisational support often shape outcomes as much as weather or machinery.
The ISM Code sits exactly at this intersection: it is designed to ensure ships are operated safely and pollution is prevented through a structured management approach, backed by verification.
–
Key Developments, Principles and Practical Applications
The ISM Code in One Clear Idea: “Safety as a System”
The ISM Code is often explained in legal language, but its practical meaning is simple: the company must build a repeatable way to operate ships safely, and that way must be implemented, checked, and improved. The Code became mandatory through SOLAS Chapter IX, making safety management a core compliance requirement for most internationally trading ships.
A helpful analogy for non-native English readers is this:
-
The SMS is the ship’s operating system (like the software that runs a phone).
-
The procedures are the apps (permit to work, passage planning, enclosed space entry, etc.).
-
The audit is the security update and health check that confirms the system works as intended.
What “SMS” Really Means Onboard (Beyond Manuals)
An SMS is not only documents. In a good company, you can see the SMS in everyday behaviour:
-
The bridge team plans voyages systematically and manages deviations.
-
Risk assessments are used before non-routine work, not filled in after.
-
Near misses are reported without fear, and lessons are shared.
-
Maintenance is planned and verified, not improvised.
-
The master has real authority to make safety decisions, backed by shore management.
DOC and SMC: The Two Certificates That Prove ISM Compliance
The ISM regime uses two key certificates:
-
Document of Compliance (DOC) – issued to the company, showing the shore organisation and its SMS meet the ISM requirements for specified ship types.
-
Safety Management Certificate (SMC) – issued to the ship, showing the ship is operated in accordance with the company’s approved SMS.
In practice, the DOC proves the company system exists; the SMC proves the system is actually implemented on the vessel.
Audits as a Risk-Control Tool, Not a “Paper Exercise”
It is common to hear, “We passed the audit,” as if the audit is the goal. In mature safety cultures, the message is different: “The audit helped us find weak points before an accident did.”
Audits are designed to test whether the SMS is implemented and effective. They are based on sampling—interviews, records, observations, drills, and operational evidence. The system must work for the company and ship type.
From Traditional Audits to Remote and Hybrid Audits
The pandemic accelerated remote verification methods. Since then, regulators and industry have worked toward clearer governance for remote surveys, audits, and verifications, typically requiring flag State approval and appropriate audit planning.
Remote audits can add value when used carefully (e.g., document review, trend analysis, shore interviews). But they also have limitations: you cannot fully replace “walking the deck,” seeing real work practices, or observing safety behaviours during operations. For ships, a balanced approach is emerging: remote preparation plus focused onboard verification where risk is highest.
Cyber Risk Management Becomes Part of Safety Management
Modern ships depend on computer-based systems (navigation, engine automation, loading computers, ECDIS updates, communications). This creates cyber risk that can affect safety. Cyber risk management is increasingly incorporated into existing safety management processes.
For the SMS, the practical impact is straightforward: cyber risk is treated like other operational risks—identified, controlled, trained, and reviewed.
The EU and Regional Compliance Context
In European waters, the ISM framework is also reflected in EU law, reinforcing that ISM compliance is a serious governance expectation, not optional industry guidance.
In parallel, Port State Control (PSC) functions as a “second line of defence” against substandard shipping, and ISM-related deficiencies can trigger operational consequences during inspections.
Challenges and Practical Solutions
A strong SMS must work under real conditions: short port stays, mixed crews, high paperwork pressure, and commercial urgency. The following challenges are common across ship types, and the solutions focus on what actually works onboard and ashore.
Challenge 1: “Paper SMS” vs. Real Work
Many companies have good procedures that are not used correctly at sea. This gap often appears during audits when crew cannot explain procedures, records look perfect but practices are inconsistent, or risk assessments are generic.
A practical solution is to build the SMS around real ship routines. Procedures should match the vessel’s actual operation and be written in clear, simple language. Companies that reduce unnecessary complexity usually see better compliance, because the crew can understand and apply the system under pressure.
Challenge 2: Weak Reporting Culture and Fear of Blame
The ISM Code depends on learning from non-conformities, near misses, and hazards. If crew believe that reporting will create punishment, the company loses its most valuable safety information.
A practical solution is to formalise a just culture approach: focus on learning and systemic fixes, while still addressing wilful violations when necessary. Management should visibly support reporting, close feedback loops quickly, and share learning across the fleet.
Challenge 3: Corrective Actions That Fix Symptoms, Not Root Causes
A common audit finding is repetitive non-conformities: the same problem returns every year, only the date on the corrective action changes. This usually indicates that root cause analysis is shallow.
A practical solution is to treat corrective action like engineering troubleshooting: define the problem precisely, identify contributing factors (people, procedures, equipment, supervision, workload, competence), then build controls that prevent recurrence.
Challenge 4: Overreliance on “Compliance Events” Instead of Continuous Control
Some ships become highly organised only before an external audit. Safety becomes seasonal—excellent in audit month, weaker later. This is risky, because accidents do not wait for audit schedules.
A practical solution is to convert the SMS into a continuous management rhythm: meaningful onboard inspections by senior officers, regular drills linked to real risks, internal audits that focus on operational effectiveness, and management reviews that use trends and performance indicators.
Challenge 5: Integration with Occupational Safety and High-Risk Work (PTW, Enclosed Spaces)
Workplace safety is where an SMS becomes real. Permit to work (PTW) systems, enclosed space entry controls, lock-out/tag-out, and isolation procedures are high-risk areas where small failures can kill people quickly.
A practical solution is to train PTW as a control process, not a form. The permit should demonstrate hazard identification, isolations, testing, supervision, and communication—then be checked by leadership onboard.
Challenge 6: Remote Audits and the Risk of “Invisible Reality”
Remote audits can miss informal behaviour, workarounds, and physical conditions (poor housekeeping, unsafe rigging practices, weak isolation controls). If a company relies heavily on remote methods, it must compensate.
A practical solution is to use remote audits for preparation and trend analysis, then target onboard verification on the highest-risk activities and areas.
Challenge 7: Cyber Risk and Third-Party Access
Cyber risk is often introduced through vendors, remote maintenance, removable media, and weak access control. A cyber incident can disable critical systems or corrupt data used for navigation and operations.
A practical solution is to embed cyber controls in the SMS: asset inventory, patching routines, access management, crew awareness training, incident response, and vendor control.
–
Case Studies and Real-World Applications
Case Study 1: “The Audit Found Nothing—Then the Near Miss Happened”
A common pattern in accident learning is this: a ship passes an audit with minor observations, then experiences a serious near miss within months—because the audit evidence was mostly documents, not operational reality.
In a well-functioning SMS, a near miss is treated like a free warning. The response is not only “remind the crew,” but to check whether procedures are usable, whether supervision is adequate, whether workload and fatigue are unmanaged, and whether equipment or training creates pressure to shortcut the rules.
Case Study 2: Port State Control and the “Operational Test” of ISM
PSC is often described as document-heavy, but experienced inspectors tend to test whether the system is real: do crew understand emergency roles, are drills meaningful, are maintenance controls effective, do officers know critical procedures, and are defects managed.
When PSC findings link to ISM failures—poor familiarisation, weak risk assessment, inconsistent drills—the operational consequences can be severe: delays, detentions, reputational impact, and increased scrutiny.
Case Study 3: Cyber Incident as an SMS Failure, Not an “IT Problem”
A ship experiences abnormal ECDIS behaviour after a software update performed under time pressure. The crew does not know the fallback navigation procedure because the SMS training focused mainly on normal operation. The result is confusion and elevated risk in confined waters.
A robust SMS treats such events as operational risk: clear update procedures, competence checks, fallback plans, and drills that prepare the bridge team for loss or degradation of digital tools.
–
Future Outlook and Maritime Trends
Trend 1: “Evidence-Based SMS” Using Data and Trends
SMS performance is moving toward measurable indicators: near-miss trends, audit recurrence rates, maintenance backlogs, training effectiveness, and operational incident patterns. This does not mean “more KPIs.” It means using a small number of meaningful metrics that show whether risk controls work in practice.
Trend 2: Human-Centred Auditing and Safety Culture
Audits are increasingly expected to assess not only whether procedures exist, but whether they are understood, applied, and supported by leadership.
Trend 3: Hybrid Audits and Regulatory Clarity on Remote Verification
Guidance development around remote audits is maturing, with emphasis on flag approval, audit planning, and proper scope definition. In the long term, hybrid models may become standard: remote review of trends and records combined with targeted onboard observation.
Trend 4: Cyber Risk Embedded into Safety and Compliance
Cyber resilience is moving from optional best practice to a standard expectation in management systems and safety governance.
Trend 5: SMS Integration Across Safety, Quality, Environment, and Security
Companies increasingly integrate ISM with ISO-style management systems (quality, environment, OH&S) and with security frameworks (ISPS), to avoid duplication and manage risk holistically. The most effective integrated systems stay operationally focused and avoid becoming administrative burdens.
–
FAQ Section
1) What is the ISM Code in simple words?
It is an IMO safety management standard that requires shipping companies to run ships using a structured Safety Management System to prevent accidents and pollution.
2) What is the difference between DOC and SMC?
DOC is for the company (shore organisation and its SMS). SMC is for the ship (proof the ship applies the SMS in real operations).
3) Who performs ISM audits?
Audits are carried out by the flag Administration or a Recognized Organization (often a classification society acting on behalf of the flag).
4) What are the most common reasons ships “fail” an ISM audit?
Usually not because of one missing paper, but because of weak implementation: poor familiarisation, ineffective risk assessments, repeated non-conformities, weak maintenance control, and drills that do not reflect real risks.
5) Can Port State Control inspect ISM compliance?
PSC can verify operational readiness and management effectiveness and may identify ISM-related deficiencies as part of broader safety inspections.
6) Are remote ISM audits allowed?
They may be allowed subject to flag Administration approval and proper planning, but they cannot fully replace onboard verification for many risks.
7) Why is cyber risk now mentioned in relation to ISM/SMS?
Because cyber incidents can affect safe ship operation, and cyber risk management is increasingly integrated into safety management processes.
–
Conclusion
The ISM Code is not a paperwork requirement; it is the maritime industry’s method for turning safety into daily practice. A Safety Management System succeeds when it shapes real decisions on the bridge and in the engine room, supports masters and crews with resources and clarity, and learns honestly from what goes wrong. Audits—internal and external—are valuable when they test reality, drive improvement, and prevent recurrence, rather than simply confirming documents exist.
For shipping companies, the commercial value is also clear: fewer incidents, fewer delays, better inspection outcomes, and stronger reputation. For seafarers, a well-run SMS is more than compliance—it is a safer working life at sea.
–
References
International Maritime Organization (IMO). The International Safety Management (ISM) Code.
IMO. Resolution A.1118(30): Revised guidelines on the implementation of the ISM Code by Administrations.
European Maritime Safety Agency (EMSA). Annual Overview of Marine Casualties and Incidents (Annual publications).
Marine Accident Investigation Branch (MAIB). Safety Digest (Annual issues).
UK Maritime and Coastguard Agency (MCA). Code of Safe Working Practices for Merchant Seafarers (COSWP).
IMO. Guidelines on maritime cyber risk management (MSC-FAL circulars).
International Association of Classification Societies (IACS). Recommendation on Cyber Resilience (Rec. 166).
EUR-Lex. EU legal texts reflecting the ISM Code framework.