When the head of operations at a Northern European RoRo ferry operator opened our pricing page in early June, his query log showed three previous searches: «port security software», «yacht builder access control» and «ISPS code patrol management». Two days later, the head of security at a Dutch yacht builder followed a near-identical path. Both filled the contact form. Neither is the typical industrial customer that off-the-shelf guard tour software was designed for.
Maritime security is the discipline that classical guard tour software handles worst. The reasons are structural: a ship is a 200-meter steel cage that blocks GPS, a port covers 1.5 km² of mixed jurisdictions, and a yacht builder yard holds hulls worth 30-150 M€ each under construction. Each of these environments needs guard tour software that does things commercial-building software was never designed to do.
This post is the 2026 decision guide for maritime security directors evaluating guard tour software. It covers the three sub-sectors with the most unmet requirements and the technical capabilities that actually matter when the SOLAS audit or the ISPS code inspector walks in.
Sub-sector 1 — Ferry operations on board
The constraint nobody mentions in standard guard tour pitches: GPS does not work below deck. Most steel decks block GPS signal completely. A patrol on a car deck or in the engine room cannot rely on geofencing to validate its position.
What ferry security needs:
- NFC checkpoints as primary verification (do not depend on GPS). NTAG215 or NTAG216 tags installed at structural points: muster stations, fire doors, restricted access zones, vehicle deck rows.
- Bluetooth beacon fallback for areas where NFC tags would be difficult to maintain (engine room, paint storage). Beacons run on coin batteries, work in steel environments.
- Time-window enforcement rather than location-only enforcement. The patrol checkpoint at fire door D-3 must be scanned every 90 minutes during transit; if 95 minutes elapse without a scan, the bridge gets notified.
- Integration with the ship's incident reporting to align patrol logs with the captain's reporting under SOLAS chapter XI-2 (Maritime Security).
The «free tier» commercial guard tour app that works fine in office buildings becomes a liability on a ferry: when GPS fails to validate, every scan gets flagged «suspicious», the data is unusable for ISPS audit, and the security officer ends up keeping a separate paper log just to have something to present.
Sub-sector 2 — Port and terminal perimeter
Port security operates under the ISPS Code (International Ship and Port Facility Security Code) which mandates the Port Facility Security Plan (PFSP). The plan includes patrols at defined intervals across three security levels (1 = normal, 2 = heightened, 3 = exceptional). Each level has different patrol frequencies and access controls.
What port security needs:
- Configurable patrol frequency by security level. When the port authority raises the level from 1 to 2 (typically: cruise ship arrival with VIP passengers, or after a regional incident), patrol frequencies must double or triple within minutes. The software must allow the duty officer to switch level with one command and have the schedule recalculate automatically.
- Multi-jurisdiction tagging of checkpoints. A port has zones owned by the port authority, zones leased to terminal operators, zones inside the customs perimeter and zones outside. A single patrol can cross 3-4 jurisdictions. Each scan must be tagged with the jurisdiction so reports to different authorities filter correctly.
- Integration with port operations system. Modern ports have a TOS (Terminal Operating System) that knows which berths are occupied and which expect vessels. Patrol patterns should adapt: more patrols around occupied berths, fewer around empty ones.
- Documented coordination with the police and coastguard. When the patrol triggers an SOS alert, the call must reach both internal supervisor AND the local port police channel. The software must log the call attempt and response time for the next ISPS audit.
A patrol officer with a guard tour app that can't change frequency without IT support, can't tag scans by jurisdiction, and can't trigger external alerts simultaneously is providing patrol theater, not patrol evidence.
Sub-sector 3 — Yacht builders and shipyards
A megayacht under construction is worth 30-150 M€. The yard around it contains specialized tools, finished interior components in storage, and intellectual property in the form of plans and digital twin files. Security here is not perimeter-only: it is multi-layer with access controls at each layer.
What yacht yard security needs:
- Patrols differentiated by perimeter layer: outer fence, parking, building entrances, hull access platforms, internal hull inspection rounds (for vessels in advanced construction stages where contractor access is intense).
- Integration with subcontractor access logs. Hundreds of subcontractors enter daily. The patrol must verify that the workers actually present in restricted zones match those expected. A scan at a checkpoint near the engine bay should trigger a quick lookup: «is the electrical subcontractor team scheduled to be here at 14:30?».
- Theft detection from inside. Most security incidents in yacht yards are inside jobs (tool theft, component diversion). Patrol patterns that focus only on perimeter intrusion miss this. The software should support random checkpoint patterns that change daily to prevent patrol predictability.
- Documentation for insurance and warranty. Insurance companies covering hulls under construction increasingly demand documented patrol evidence in case of claim. The patrol log becomes part of the claim file. Lawyers and surveyors evaluate it post-incident.
What standard guard tour software gets wrong for maritime
Three patterns we see consistently:
- GPS-only verification: useless below deck, useless in covered terminals, useless in steel-framed yard buildings.
- Single-jurisdiction reporting: forces the security director to manually split logs for different authorities.
- No SOLAS/ISPS template: every report has to be reformatted manually for the ISPS audit.
Software that handles maritime well will:
- Default to NFC primary, GPS secondary, with Bluetooth beacon as third fallback.
- Tag every event with multi-dimensional metadata (zone, jurisdiction, security level, asset reference).
- Offer ready-made report templates aligned with SOLAS, ISPS, ISO 28000 (security management for the supply chain).
- Support multi-language operation (Tagalog, Filipino, Indonesian and Bahasa are common crew languages on RoRo and cruise ships).
How to evaluate maritime-suitable guard tour software
If you are the security director of a ferry operator, port facility, or yacht builder, ask the vendor these five questions before requesting pricing:
- «Show me how your scan validation works on a steel deck with no GPS signal.»
- «Demonstrate a security level change from 1 to 2 that recalculates patrol frequency for the next 24 hours automatically.»
- «Export me a sample ISPS audit report from a real port deployment (anonymized).»
- «Show the jurisdiction tagging on a single checkpoint and how the report filters by jurisdiction.»
- «What is your latency between scan and supervisor notification when the patrol officer is offline below deck?»
If the answer to any of these is «we can build that» rather than «here is the working demo», the product is not maritime-ready.
A small caveat for vendors
Maritime security is a discipline where buyers know exactly what they need. Pitching them generic «QR code patrols + GPS» is wasted breath. The vendors that win in this segment are the ones that show a working demo on the constraints maritime imposes, with the report templates the maritime regulators ask for, in less than 20 minutes of demo time.
For maritime security buyers reading this: the operators who got the call backs first are the ones who answered all five questions above with concrete evidence, not promises. Filter aggressively.