Pass the official audit
without surprise.
ISM and ISPS pre-audits run to IMO grids. Detection and closure of non-conformities before the flag auditor arrives. Externalisation of the DPA and CSO roles for owners who do not wish to structure those functions in-house.
The ISM Code (International Safety Management) and the ISPS Code (International Ship and Port Facility Security) are the two structuring regulatory regimes that govern the operation of a modern superyacht. The first organises the vessel's operational and environmental safety; the second, its security against external threats. Both revolve around a single living document: the Safety Management System (SMS) for ISM, the Ship Security Plan for ISPS.
At regular intervals — annual, intermediate, five-yearly — a flag auditor or a recognised classification society (Lloyd's Register, DNV, Bureau Veritas, RINA) verifies the actual compliance of the vessel and the Company. The result conditions the validity of the Safety Management Certificate (SMC) and the International Ship Security Certificate (ISSC). An uncleared major non-conformity can suspend these certificates and, in the most serious cases, lead to the detention of the vessel in Port State Control.
Cursorio's stance is simple: an official audit should never come as a surprise. Our pre-audit, run under the same conditions as the official audit but a few weeks ahead, identifies non-conformities while there is still time to close them without pressure. That is the difference between an audit that goes well and an audit that costs dearly in last-minute remediation, vessel downtime, and occasionally reputation with the flag.
Two situations.
The same demand.
A clean audit, peace of mind regained.
Your yacht is above 500 GT under Cayman, Marshall or Isle of Man flag. The annual ISM audit is coming up, and the captain is spending his evenings reconstructing missing records. Cursorio takes over two months ahead: full pre-audit, corrective plan, closure support. Your captain regains control of his calendar, the auditor finds nothing to flag.
- —Official audit passed without observations
- —No detention in Port State Control
- —Captain spared the documentary pressure
An externalised DPA, an impeccable file.
You do not wish to hire a salaried DPA ashore: you prefer to externalise the role to a recognised firm. Cursorio is declared DPA to the flag, maintains the ISM file to the expected standard, and ensures continuity of the role over time — including through captain changes or evolution of the ownership structure.
- —Externalised DPA officially declared
- —Documentary continuity, zero captain dependency
- —ISM file produced in one click for the external auditor
You pass the audit.
We prepared it with you.
The ISM audit and the ISPS audit are, by design, your audits. You are the one answering the auditor on the implementation of the SMS, demonstrating mastery of emergency procedures, producing the drill and near-miss registers. No one ashore can carry that role for you on the day. But no one should ask you to do it without preparation either.
Our work is upstream: identify the weak points of the system before the auditor does, brief you on the typical questions of the surveyor, update the documents that need updating, maintain the registers you materially do not have time to maintain during the season. On the day of the official audit, we can be on board with you, but it is your professionalism that convinces the auditor — ours is simply to put you in a position to succeed.
The ground, well ahead of the audit.
- —Exhaustive SMS documentary review
- —Procedures, annexes and safety policy updated
- —Master's review, management reviews, drill registers maintained
- —Verification of certificates and STCW crew matrix
- —Formal pre-audit on board (2-3 days)
- —NC report + costed corrective plan
- —Possible presence on the day of the official audit
On-board ISM leadership.
- —Running safety meetings and real drills
- —Day-to-day safety culture within the crew
- —Non-punitive near-miss reporting
- —Operational implementation of the SMS
- —Welcoming the auditor and answering his questions
- —Final decision to sail, with or without reservation
- —The hierarchical authority recognised by the ISM Code
“A well-run pre-audit does not replace your expertise on board — it simply ensures that the official audit validates what you already know.”
From document review
to compliance certificate in hand.
ISM documentary review
Line-by-line examination of the Safety Management System (SMS), operational procedures, ISM manual and safety/environment policy. Benchmarked against ISM Code requirements and your flag's standards.
On-board audit
Two to three days on board: verification of records (Master's review, safety meetings, drills), status of safety equipment, crew familiarisation, emergency procedures, review of near-miss reports over the past 12 months.
ISPS review
Check of the Ship Security Plan (SSP), the Continuous Synopsis Record (CSR), ISPS drills, the CSO / SSO relationship, and consistency with the security level applicable in your operating area.
Non-conformity report
Written synthesis classified by severity: major (risk of SMC or ISSC suspension), minor, observations, opportunities for improvement. Each point documented, photographed, referenced to the relevant paragraph of the Code.
Costed corrective plan
For each non-conformity: corrective action, owner, deadline, closure evidence expected. Calibrated to be closed before the official audit, without pressure or overrun.
Support through to the audit
Weekly follow-up of NC closure, crew preparation for the audit (typical interviews, standard surveyor questions), possible on-board presence the day of the official audit as Designated Person Ashore (DPA).
Post-audit review
Debrief after the official audit, formal recording of any NC closures, SMS update and feeding of the continuous improvement cycle for the following year.
Everything the audit mission covers.
Available as a one-off mission (standalone pre-audit) or as an ongoing mandate (externalised DPA / CSO, annual support). Included in the monthly retainer if your vessel is already under management with us.
- Full ISM pre-audit (documentary review + on-board verification) compliant with IMO resolutions A.1022(26) and MSC-MEPC.7/Circ.8
- ISPS pre-audit with Ship Security Plan review and testing of applicable security levels
- Externalisation of the Designated Person Ashore (DPA) role for ISM Companies that do not wish to keep it in-house
- Externalisation of the Company Security Officer (CSO) role for ISPS application
- Support during external audits (Flag State, Classification Society, Port State Control)
- Annual SMS update and integration of regulatory changes (IMO circulars, SOLAS amendments)
- Maintenance of the annual Master's review, management reviews, drills and near-miss registers
- Brief training of crew and captain on auditor expectations ahead of each audit
- Documentation fully kept in Cursorio Manager, one-click export for the inspector
What you have in hand for the audit.
Pre-audit report
20-40 page structured document, organised by ISM Code and ISPS chapter. Non-conformities, observations, photographic evidence.
Costed corrective plan
Roadmap with action, owner, deadline, evidence. Real-time progress dashboard in Cursorio Manager.
Updated SMS
Safety Management System revised and delivered in the formats required by the flag. Reference version archived and traceable.
DPA / CSO letter
Official appointment letter for Cursorio as externalised DPA or CSO, declared to the flag authority.
ISM / ISPS registers
Master's review, management review, drills, near-miss, internal audits — kept up to date and ready for external audit.
Annual ISM review
Executive summary: NCs of the year, trends, continuous improvement plan for the next exercise.
Two recent missions, anonymised.
Client details withheld by ethical obligation. Figures and flags indicative.
M/Y 55 m · Cayman Islands (KY) flag · five-yearly renewal
Context. Five-yearly renewal of the Safety Management Certificate due in 10 weeks. The captain flagged concerns about the state of the SMS, partly drifted through two successive changes of ownership, and about the quality of drill records over the past 18 months. Cayman flag, Lloyd's Register classification.
Cursorio pre-audit. Remote documentary review (8 days) · on-board verification (3 days) · identification of 2 major non-conformities (missing annual management review, outdated confined space entry procedure) and 7 minor non-conformities · costed corrective plan over 6 weeks · full SMS update aligned with the Cayman Islands Shipping Registry standard · crew training on new procedures · captain support on the day of the official audit.
Outcome. SMC renewed for 5 years with no non-conformity raised by the official auditor. Captain confident, owner at ease, file directly reusable for the intermediate audits in the following years.
M/Y 48 m · Marshall Islands (MI) flag · family office
Context. Longstanding DPA retiring, not replaced by the family office which did not wish to hire a new shore-based employee. Multi-month vacancy on the role, intermediate ISM audit due in 5 months. Serious risk of major non-conformity on the functional absence of a Designated Person.
Cursorio intervention. Formal declaration to the Marshall Islands Maritime Administrator as externalised DPA · full audit of documentary state (SMS, registers, management reviews over the past 36 months) · drafting of the missing management review · establishment of a direct escalation circuit captain — DPA — family office leadership · preparation for the intermediate audit.
Outcome. Intermediate audit passed without observation. DPA role now permanently externalised to Cursorio, with 24/7 availability, immediate intervention in case of incident, and integration into the continuous improvement cycle of the SMS.
What captains and owners ask us.
01 My yacht is private. Am I really concerned by ISM and ISPS?
My yacht is private. Am I really concerned by ISM and ISPS?
More often than one would think. The ISM Code applies, in principle, to commercial vessels, but several superyacht flags (Cayman Islands, Marshall Islands, Isle of Man, Malta) extend its application to private yachts above 500 GT — and sometimes from 400 GT depending on the jurisdiction. The ISPS Code generally applies to commercial vessels on international voyages, so mainly to commercially chartered yachts — but some flags recommend a Ship Security Plan even for private yachts operating in higher-risk areas. A one-hour diagnostic is enough to clarify your exact situation.
02 What is the difference between a pre-audit and an official audit?
What is the difference between a pre-audit and an official audit?
The official audit is conducted by an accredited auditor of the flag or a classification society (Lloyd's Register, DNV, Bureau Veritas, RINA), with the authority to issue, renew or suspend the Safety Management Certificate (SMC) and the International Ship Security Certificate (ISSC). The pre-audit is a full simulation run by Cursorio a few weeks ahead, under the same conditions — same grid, same requirements — but without certification stakes. Its purpose: identify and correct non-conformities before the official audit catches them. A vessel that passes its audit without observations is a vessel that has been properly pre-audited.
03 What is a DPA and can I externalise the role?
What is a DPA and can I externalise the role?
The Designated Person Ashore (DPA) is a role required by the ISM Code: a person ashore, directly reporting to the highest level of the Company, responsible for overseeing the application of the SMS and with direct access to top management. It can be externalised to a specialist firm, provided the contract gives the DPA the required independence and authority. Cursorio is registered with the IMO under unique company identifier 6391845 — a prerequisite for accreditation by any classification society — and already acts as externalised DPA for a 499 GT vessel under Marshall Islands flag, declared to the Marshall Islands Maritime Administrator. This active mandate guarantees we do not offer a theoretical service: we currently carry, in real conditions, the duties of a DPA.
04 How long does a full pre-audit take?
How long does a full pre-audit take?
The typical timeline is about six weeks: one week of remote documentary review, two to three days on board for operational verification, two weeks to draft the report and corrective plan, then four to six weeks supporting the closure of non-conformities. In practice, we recommend scheduling the pre-audit two to three months before the planned official audit, to leave margin for quiet NC closure without interfering with the vessel's operational calendar.
05 What happens if a major non-conformity is identified?
What happens if a major non-conformity is identified?
A major NC means that an essential requirement of the ISM Code or SMS is not implemented, to the point that the safety of the vessel or crew could be compromised. During a pre-audit, this is exactly what we are looking for: to identify them before the official auditor does. We immediately propose a priority action plan, often achievable in days or weeks depending on the nature of the gap. The purpose of a good pre-audit is that a major NC never reaches the door of the official audit.
06 Can you be present during the official audit?
Can you be present during the official audit?
Yes, and it is a frequent practice. Under a management mandate or an externalised DPA/CSO assignment, we are present on board the day of the official audit. We support the captain in the exchanges with the auditor, immediately produce the evidence requested, and facilitate on-the-spot closure of any minor NCs. This presence is often decisive in securing a clean, on-time audit with no overrun.
Let's anticipate your next audit together.
A one-hour diagnostic is enough to assess your current ISM / ISPS compliance level and frame a pre-audit tailored to your deadline. Confidential, no commitment.
Get in touch