The ISM Code is the operating system of safe shipping. Adopted by IMO in 1993, brought into SOLAS Chapter IX in 1998, and substantially refined through 2015, it requires every shipping company to operate a documented Safety Management System with a Designated Person Ashore, defined master's authority, controlled documentation, non-conformity tracking, and verified audits. The Document of Compliance issued to the company and the Safety Management Certificate issued to each vessel are not paperwork — they are the operating licence for international shipping. A major non-conformity can withdraw both. The 2026 audit environment is sharper. Recognized Organizations expect documented evidence rather than asserted compliance. Major non-conformities must be corrected within 3 months or the DOC and SMC withdraw. Spreadsheet-based SMS administration cannot survive a serious audit. ISM Code compliance tracking software replaces spreadsheet drift with native 12-element coverage, document-cascade control, audit scheduling, non-conformity workflow, and DPA dashboards. Book a DPA-led ISM walkthrough demo to see your SMS evaluated against the 12 ISM elements on real fleet data.
ISM Code Compliance Tracking Software · 2026
Run A Real SMS. Defend It At Every Audit.
12 ISM elements covered · DOC + SMC tracking · audit scheduling · non-conformity workflow · DPA dashboard.
M/V Pacific Star · ISM Status
May 2026
94
/ 100
SMS Health
DOC
VALID
SMC
VALID
Open NCs
0
Next Audit
142d
12 of 12 ISM elements compliant · Internal audit current · Master + DPA signed
Book DPA Demo
30 min · with ISM specialist · bring your SMS
Start Free Trial
14 day evaluation · no credit card · full features
The Twelve ISM Code Elements Your SMS Must Cover
The ISM Code Part A specifies twelve elements that every Safety Management System must implement, document, and verify. Each element generates inspection items, procedural records, audit verification points, and non-conformity exposure. A credible compliance platform maps every element to specific operational workflows.
01
General
Application, scope, definitions, and overarching SMS framework. ISM applies to all SOLAS-covered vessels and their operating companies.
02
Safety & Environmental Policy
Documented company policy on safety and environmental protection. Endorsed by senior management. Communicated to all shore and shipboard personnel.
03
Company Responsibility & Authority
Identification of the company in the SMC. Defined responsibilities, lines of authority, and communication between shore and ship.
04
Designated Person Ashore
DPA appointment with direct access to highest level of management. Qualifications and experience per MSC-MEPC.7/Circ.6. Resources for safe operation.
05
Master's Responsibility & Authority
Master's overriding authority and responsibility to make decisions in the interest of safety and pollution prevention. Documented authority.
06
Resources & Personnel
Qualified, certificated, medically fit crew. Familiarisation. Training. Effective communication. Working language. STCW alignment.
07
Shipboard Operations Plans
Documented procedures for key shipboard operations — navigation, cargo, machinery, mooring. Plans, instructions, checklists. Identified critical operations.
08
Emergency Preparedness
Identified emergency situations. Procedures to respond. Drills and exercises. Coordinated shore-ship response. Per A.1072(28) contingency planning.
09
Reports & NC Analysis
Reporting and analysis of non-conformities, accidents, hazardous occurrences. Root cause analysis. Corrective and preventive actions. Lessons learned.
10
Maintenance Of Ship & Equipment
Planned maintenance system. Critical equipment identification. Inspections at appropriate intervals. Records of maintenance operations.
11
Documentation
SMS documents controlled, current, available, reviewed. Obsolete documents removed. Document control procedure. Accessible to all relevant personnel.
12
Verification, Review & Audit
Internal audits at intervals not exceeding 12 months. Management reviews. Results communicated to personnel. Corrective actions verified.
The SMS Document Cascade From DOC To Records
The SMS is structured as a five-tier document cascade from the Document of Compliance at the top to operational records at the bottom. Each tier serves a specific function in the audit chain. PSC inspectors and Recognized Organization auditors verify upward from records to procedures to manual to certificates.
Tier 1
Document Of Compliance (DOC)
Issued to the company by flag state or Recognized Organization. Certifies the company's SMS meets ISM Code requirements. Specific to ship types. Valid 5 years with annual verification. Interim DOC valid 12 months.
Tier 2
Safety Management Certificate (SMC)
Issued to each vessel after initial verification confirming the ship's SMS operates per the approved DOC. Valid 5 years with intermediate verification between 2nd and 3rd anniversary. Interim SMC valid 6 months.
Tier 3
SMS Manual
The Safety Management Manual describing the company's SMS structure, the 12 ISM elements, organizational chart, document control approach, master's authority, DPA contact details. Live document under controlled revision.
Tier 4
Procedures & Instructions
Documented procedures covering shipboard operations, emergency response, maintenance, drills, document control. Linked to SMS Manual sections. Approved by DPA. Version controlled with revision history.
Tier 5
Forms & Records
Operational forms (checklists, logs, NC reports), completed records (drills, audits, maintenance), and evidence (signatures, photos, timestamps). The audit-day evidence base. Retention per flag state requirements.
The ISM Verification Schedule
The ISM audit and verification calendar is the operational backbone of certificate maintenance. Each verification type has its own scope, frequency, auditor, and required evidence. PSC inspectors verify the verification record alongside the SMS itself. Scroll horizontally on mobile for the full view.
| Verification Type | Frequency | Auditor | Evidence Required |
|---|---|---|---|
| Initial DOC verification | Before issue | Flag state or RO | Full SMS audit + DOC report |
| Annual DOC verification | ±3 months anniversary | Flag state or RO | Annual audit report + endorsement |
| DOC renewal | Every 5 years | Flag state or RO | Full renewal audit + new DOC |
| Initial SMC verification | Before issue | Flag state or RO | Shipboard SMS audit + SMC report |
| SMC intermediate verification | Between 2nd and 3rd anniv | Flag state or RO | Intermediate audit report |
| SMC renewal | Every 5 years | Flag state or RO | Renewal audit + new SMC |
| Internal audit | At least every 12 months | Company internal auditor | Internal audit report + NCs + close-out |
| Management review | At least annually | Senior management | Review minutes + action items |
| Interim DOC verification | Within 12 months | Flag state or RO | Convert to full DOC |
| Interim SMC verification | Within 6 months | Flag state or RO | Convert to full SMC |
The DPA's Six Compliance Burdens
The Designated Person Ashore is the single point of accountability between company management and shipboard operations. ISM Code Element 4 defines the role with direct access to highest management, but real DPA work is structured around six recurring burdens. Compliance software either supports the DPA at each burden — or adds to the workload.
Burden 1
SMS Currency Across Fleet
Every SMS document at the current revision across every vessel. Updates pushed when amendments take effect. Obsolete documents removed from circulation. Master and crew acknowledgment captured per revision.
Burden 2
Non-Conformity Lifecycle
Every NC reported, investigated, root-cause-analyzed, corrected, verified, closed. Cycle time tracked. Major NCs at 3-month maximum closure window. Pattern detection across the fleet.
Burden 3
Audit Calendar Across Fleet
DOC anniversary, SMC intermediate window, internal audit cycle, management review schedule per vessel. Audit pre-pack assembled before each event. Auditor relationships managed.
Burden 4
Master Communication Channel
Direct two-way channel with every master. Safety concerns reported to DPA bypassing normal command structure. Master overriding authority documented. ISM Element 4 obligation met.
Burden 5
Crew Familiarisation Evidence
Every new joiner familiarised with the SMS. Familiarisation completed before assuming duties. Records signed by joiner, master, and DPA. ISM Element 6 obligation evidenced.
Burden 6
Critical Equipment Identification
ISM Element 10 critical equipment list maintained per vessel. Failure-could-result-in-hazardous-situation criterion applied. PMS aligned. Inspection intervals enforced.
The Non-Conformity Classification & Response Matrix
ISM non-conformities are classified into three categories per ISM Code §§ 1.1.8, 1.1.9, 1.1.10 with very different response windows and consequences. Misclassification is a major audit finding in itself. The matrix below maps each category to definition, response window, and closure evidence. Mobile users scroll horizontally for the full view.
| Classification | Definition | Response Window | Closure Evidence |
|---|---|---|---|
| Major Non-Conformity | Serious threat to safety/environment | 3 months max · before cert renew | Root cause + CAPA + verification |
| Major NC (systemic) | Lack of effective SMS implementation | 3 months max | System redesign + audit verification |
| Non-Conformity (Minor) | Deviation without immediate threat | 3 months typical | Corrective action + verification |
| Observation | Auditor concern but no deviation | Next audit cycle | Improvement noted, no closure required |
| Open NC consequence | Pending close-out beyond window | Cert at risk of downgrade | Flag state notification required |
| Major NC unresolved | Not closed in 3 months | DOC + SMC withdrawn | Re-certification required |
| PSC-detected NC | Found during PSC inspection | Per PSC officer determination | Closed before vessel departure |
| Near-miss / hazard | Reported under Element 9 | Per safety risk assessment | Investigation + preventive action |
DPA
Demo
See The DPA Dashboard On Your Fleet's SMS
A 30-minute walkthrough with a Marine Inspection product expert. Bring your SMS Manual table of contents, current NC log, and recent internal audit findings. Walk through 12-element coverage, document cascade, audit scheduling, NC lifecycle, and DPA dashboard on real data.
Where Internal Audits Actually Find Findings
Internal audit findings cluster around six recurring patterns regardless of company size, fleet composition, or trading area. Recognized Organization auditors find similar patterns at external verification. A compliance platform that surfaces these patterns proactively is structurally different from one that simply records what the auditor finds after the fact.
F1
SMS Drift Between Shore And Ship
Shore SMS Manual at Revision 14. Vessel SMS Manual on board at Revision 11. Updates issued but not implemented. Crew operating against superseded procedures. Major finding territory.
F2
Drill Records Without Substance
Monthly drills logged in the deck log but no participation roster, no scenarios described, no debrief, no lessons learned. The drill happened in the record but not in reality.
F3
Open NCs Past Closure Window
NCs opened 8 months ago still showing "in progress." Major NCs approaching the 3-month threshold. No CAPA evidence. No root cause analysis. The certificate is at structural risk.
F4
Critical Equipment List Outdated
Critical equipment per ISM Element 10 not updated when machinery was modified, equipment was added, or system architecture changed. PMS intervals reference equipment that no longer exists.
F5
Familiarisation Gaps
New joiners assumed duties before completing familiarisation. Familiarisation records signed retrospectively. Master signature on familiarisation that the master could not have witnessed. ISM Element 6 finding.
F6
Management Review Cadence Slipped
Annual management review missed or compressed. ISM Element 12 obligation. Review minutes show no agenda items, no attendance, no follow-up actions. The review happened on paper only.
Marine Inspection's ISM Architecture
Marine Inspection's ISM layer is structured to map directly to the 12 elements, the document cascade, the audit verification calendar, and the DPA's real-time responsibilities. Four architectural layers handle the regulatory complexity. Book a DPA architecture walkthrough demo to apply the platform to your fleet.
Layer 1
12-Element Workflow Mapping
Every ISM element mapped to specific inspections, drills, records, and audit verification points. Element 9 NC workflow, Element 10 critical equipment list, Element 12 audit scheduling — all native modules.
Layer 2
Document Cascade Control
DOC, SMC, SMS Manual, Procedures, Records all tracked with version control. Revision push to vessels with acknowledgment capture. Obsolete document removal automatic. Audit-grade revision history.
Layer 3
NC Lifecycle Engine
NC reported via internal inspection, external audit, PSC finding, near-miss, or incident. Root cause analysis. CAPA assignment. Verification. Closure with documented evidence. 3-month major NC clock visible.
Layer 4
DPA Dashboard
Single fleet view for the DPA. SMS health per vessel. Open NCs across the fleet. Audit calendar. Familiarisation status. Critical equipment alerts. Master communications. The DPA's actual day, structured.
Frequently Asked Questions
What does ISM Code compliance tracking software do?
ISM Code compliance tracking software runs SOLAS Chapter IX requirements across every dimension of Safety Management System operations. The 12 ISM Code elements (Part A) covered with chapter-mapped workflows — General, Safety and Environmental Policy, Company Responsibility and Authority, Designated Person Ashore, Master's Responsibility and Authority, Resources and Personnel, Shipboard Operations Plans, Emergency Preparedness, Reports and NC Analysis, Maintenance of Ship and Equipment, Documentation, and Verification Review and Audit. SMS Document Cascade tracked across five tiers — Document of Compliance, Safety Management Certificate, SMS Manual, Procedures and Instructions, Forms and Records. Audit verification schedule enforced with DOC annual verification, SMC intermediate verification, internal audit at intervals not exceeding 12 months, management review annual. Non-conformity lifecycle from identification through root cause analysis to verified closure with 3-month major NC closure window. DPA dashboard providing the single fleet view for the Designated Person Ashore.
What are the 12 ISM Code elements?
The ISM Code Part A specifies twelve elements each Safety Management System must implement. Element 1 General — application, scope, definitions, overarching SMS framework. Element 2 Safety and Environmental Policy — documented company policy endorsed by senior management. Element 3 Company Responsibility and Authority — identification of company in SMC, defined responsibilities, lines of authority between shore and ship. Element 4 Designated Person Ashore — DPA appointment with direct access to highest level of management per MSC-MEPC.7/Circ.6. Element 5 Master's Responsibility and Authority — master's overriding authority for safety and pollution prevention decisions. Element 6 Resources and Personnel — qualified, certificated, medically fit crew with familiarisation and training. Element 7 Shipboard Operations Plans — documented procedures for navigation, cargo, machinery, mooring operations. Element 8 Emergency Preparedness — identified emergency situations, response procedures, drills per A.1072(28). Element 9 Reports and NC Analysis — reporting and analysis of non-conformities, accidents, hazardous occurrences with CAPA. Element 10 Maintenance of Ship and Equipment — planned maintenance system with critical equipment identification. Element 11 Documentation — controlled, current, available, reviewed SMS documents. Element 12 Verification Review and Audit — internal audits at intervals not exceeding 12 months and management reviews.
What is the SMS document cascade?
The SMS is structured as a five-tier document cascade with each tier serving a specific function in the audit chain. Tier 1 Document of Compliance (DOC) issued to the company by flag state or Recognized Organization certifying the company's SMS meets ISM Code requirements, specific to ship types, valid 5 years with annual verification, Interim DOC valid 12 months. Tier 2 Safety Management Certificate (SMC) issued to each vessel after initial verification confirming the ship's SMS operates per the approved DOC, valid 5 years with intermediate verification between 2nd and 3rd anniversary, Interim SMC valid 6 months. Tier 3 SMS Manual describing the company's SMS structure, the 12 ISM elements, organizational chart, document control approach, master's authority, DPA contact details, live document under controlled revision. Tier 4 Procedures and Instructions documented procedures covering shipboard operations, emergency response, maintenance, drills, document control, linked to SMS Manual sections, approved by DPA, version controlled. Tier 5 Forms and Records operational forms (checklists, logs, NC reports), completed records (drills, audits, maintenance), and evidence (signatures, photos, timestamps).
What is the role of the Designated Person Ashore?
The Designated Person Ashore (DPA) is a shore-based person with direct access to the highest level of management, responsible for monitoring the safety and pollution-prevention aspects of each ship's operation and ensuring adequate resources and shore-based support. The DPA must have the qualifications, training, and experience necessary for the role as outlined in IMO Circular MSC-MEPC.7/Circ.6. Six recurring burdens structure real DPA work. SMS Currency Across Fleet — every SMS document at current revision across every vessel with updates pushed and acknowledgment captured. Non-Conformity Lifecycle — every NC reported, investigated, root-cause-analyzed, corrected, verified, closed with major NCs at 3-month maximum closure. Audit Calendar Across Fleet — DOC anniversary, SMC intermediate window, internal audit cycle, management review per vessel. Master Communication Channel — direct two-way channel with every master bypassing normal command structure for safety concerns. Crew Familiarisation Evidence — every new joiner familiarised before assuming duties with records signed by joiner, master, and DPA. Critical Equipment Identification — ISM Element 10 critical equipment list maintained per vessel.
What is a major non-conformity and what response time applies?
A major non-conformity (MNC) is an identifiable deviation posing a serious threat to personnel safety, vessel safety, or environmental protection requiring immediate corrective action. It also includes the lack of effective and systematic implementation of any ISM Code requirement. A major NC must be corrected before a DOC or SMC can be issued or renewed. During external audits, three months is typically allowed for correction with documented Corrective and Preventive Action evidence including root cause analysis. If a major NC is not resolved within the agreed period (maximum 3 months), the DOC and SMC are withdrawn and re-certification is required. A minor non-conformity is a deviation that does not pose an immediate serious threat but still requires corrective action within an agreed timeframe (typically within 3 months). An observation is an auditor concern that does not constitute a deviation but suggests potential improvement, noted at the audit with no formal closure required. Non-conformities detected during Port State Control inspections may carry different response windows determined by the PSC officer with closure before vessel departure typical for serious findings.
What does the ISM verification schedule look like?
ISM verification follows a structured schedule of audit and verification events. Initial DOC verification conducted before issue by flag state or Recognized Organization with full SMS audit and DOC report. Annual DOC verification conducted within plus-or-minus 3 months of the anniversary by flag state or RO with annual audit report and endorsement. DOC renewal conducted every 5 years with full renewal audit and new DOC issued. Initial SMC verification conducted before issue with shipboard SMS audit and SMC report. SMC intermediate verification conducted between the 2nd and 3rd anniversary with intermediate audit report. SMC renewal conducted every 5 years with renewal audit and new SMC. Internal audit conducted by the company at intervals not exceeding 12 months with internal audit report including non-conformities and close-out. Management review conducted at least annually by senior management with review minutes and action items. Interim DOC verification conducted within 12 months to convert to full DOC. Interim SMC verification conducted within 6 months to convert to full SMC. PSC inspectors verify the verification record alongside the SMS itself at every boarding.
How does Marine Inspection handle ISM Code compliance?
Marine Inspection's ISM Code compliance is structured in four architectural layers. Layer 1 Twelve-Element Workflow Mapping — every ISM element mapped to specific inspections, drills, records, and audit verification points with Element 9 NC workflow, Element 10 critical equipment list, Element 12 audit scheduling all native modules. Layer 2 Document Cascade Control — DOC, SMC, SMS Manual, Procedures, Records all tracked with version control, revision push to vessels with acknowledgment capture, obsolete document removal automatic, audit-grade revision history. Layer 3 NC Lifecycle Engine — NC reported via internal inspection, external audit, PSC finding, near-miss, or incident with root cause analysis, CAPA assignment, verification, closure with documented evidence, and 3-month major NC clock visible. Layer 4 DPA Dashboard — single fleet view for the DPA with SMS health per vessel, open NCs across the fleet, audit calendar, familiarisation status, critical equipment alerts, master communications. 6-12 week deployment for typical mid-size fleets with free trial available before any commitment.
Ready When You Are
Run A Real SMS. Pass Every Audit.
Twelve ISM elements covered, five-tier document cascade, ten-row verification schedule, six DPA burdens addressed, eight-row NC matrix, six internal audit pattern detections, four-layer ISM architecture — all in one DPA-first compliance platform built for the 2026 audit reality.
