Developing a STAMP-Based Port Risk Control Structure to Understand Interorganizational Risk Management in Canadian Ports

Abstract

Interorganizational risk management (IRM) in Canadian ports faces significant challenges due to the interconnected nature of operations and the interdependence of safety, security, environmental, organizational, and technological risks. Existing siloed risk management frameworks often fail to capture these dynamic interrelations, underscoring the need for a more integrated, systemic approach. This study introduces a Port Risk Control Structure (PRCS) designed specifically for Canadian Port Authorities (CPAs), based on the Systems-Theoretic Accident Model and Processes (STAMP). The PRCS maps control actions, feedback loops, and stakeholder roles across international, national, and local levels to better reflect the layered nature of port governance. The model aims to clarify the roles of key actors, such as the International Maritime Organization, Transport Canada, and local port stakeholders, and is designed to facilitate more structured risk identification, communication, and coordination across organizational levels. Although the model has not yet been empirically validated, its design suggests strong potential for scalability and adaptability across diverse port contexts. This research contributes to IRM literature by illustrating how STAMP principles can be operationalized within port systems. Future research will focus on integrating a taxonomy of IRM challenges to refine control structures and feedback mechanisms in response to evolving risks.

1. Introduction

Ports are complex and dynamic infrastructures that facilitate over 80% of global trade [1]. Operating at the crossroads of technological, organizational, environmental, and regulatory systems, they require risk management approaches that go beyond traditional, siloed methods [2,3,4]. As digitalization and automation accelerate, with the emergence of smart ports and cyber-physical systems, the risk landscape grows more interconnected and systemic [5,6,7]. Recent incidents, such as cyberattacks, environmental disruptions, and supply chain breakdowns, reveal how risks can cascade across organizations and infrastructure layers, as seen in major port systems like Rotterdam and Hamburg [8,9,10].

Despite this growing complexity, many current risk management frameworks remain focused on isolated events or failures within individual components. This narrow focus overlooks system-wide interactions and interorganizational dependencies that characterize modern port operations [11,12]. Established tools like Fault Tree Analysis and Event Tree Analysis are useful for modelling linear failures but are limited in addressing feedback loops and emergent behaviors in complex socio-technical systems [13]. These limitations have led researchers to advocate for system-wide models capable of capturing early warning signs and supporting coordination across diverse actors [14,15].

While international initiatives such as the International Maritime Organization’s (IMO) Convention on Facilitation of International Maritime Traffic (FAL) and International Ship and Port Facility Security Code (ISPS) encourage coordinated governance, implementation varies significantly across jurisdictions [16]. Comparative research suggests that successful risk management depends on shared control structures, real-time feedback mechanisms, and clearly defined stakeholder roles, features often missing in decentralized systems [17].

Several studies have previously attempted to address interorganizational risk management (IRM) in port settings. For example, the CoRiMaS framework outlines an ontological approach to cooperative risk management, focusing on stakeholder roles and terminology standardization [18]. A process-oriented model has also been proposed to support cooperative risk management through defined communication and workflow structures among port actors [19]. Other works have explored aspects of cross-agency collaboration and risk monitoring through regulatory or technical lenses [20,21,22]. While these contributions represent important progress, they often lack a systemic lens to model how control actions, feedback loops, and dynamic interdependencies are coordinated across stakeholders. As a result, there is limited guidance on how to manage risks that emerge from the interaction of multiple actors, regulatory regimes, and operational levels.

In Canada, these issues are especially salient. Canadian ports handle over 88% of the country’s international trade, acting as vital nodes in domestic and global supply chains [23]. They are managed by 17 Canada Port Authorities (CPAs), each independently responsible for its infrastructure, terminal operations, and marine spaces under the governance of the Canada Marine Act (CMA) [24]. While this decentralized framework supports local autonomy and self-sufficiency, it reinforces fragmented risk practices. Historically, risk management within CPAs has focused on discrete domains, such as safety or environmental protection, using traditional tools like Fault Tree Analysis and Event Tree Analysis [25]. These tools, while useful for analyzing linear failures, do not account for interdependencies across organizational boundaries, particularly in a landscape increasingly shaped by digital integration and cross-functional coordination [26]. Without cross-organizational strategies, a single cyber incident can affect interconnected systems, compromising not just individual CPAs but also the overall resilience of the port network.

To address these challenges, this study introduces the Port Risk Control Structure (PRCS), a high-level model grounded in Systems-Theoretic Accident Model and Processes (STAMP). The PRCS is designed to visualize and analyze how IRM is coordinated across key actors in Canadian ports. It maps roles, control actions, and feedback loops across international, national, and local levels, offering a system-wide view of IRM functions. The main aim of this paper is to apply STAMP principles to identify the control structure underlying IRM in Canadian ports, specifically who the key actors are, what control actions they take, and how feedback is exchanged across operational levels. This structured model responds to calls for better visualization of multi-actor risk governance, offering a replicable tool for systemic risk analysis in maritime contexts.

The central research question guiding this study is as follows: How can STAMP principles be used to identify and structure the control responsibilities and feedback mechanisms involved in IRM within Canadian ports? This paper presents the first application of STAMP to systematically describe IRM control structures within CPAs. It contributes both a conceptual foundation and an empirical mapping to support the development of future systemic coordination strategies in maritime risk governance.

This paper is structured as follows: Section 2 outlines the methodology used to develop the PRCS model. Section 3 presents the results, detailing the PRCS structure for Canadian ports. Section 4 discusses the implications of the model for improving IRM and identifies opportunities for future model refinement. Finally, Section 5 concludes with a summary of contributions and recommendations for future research.

2. Materials and Methods

Figure 1 outlines the step-by-step process employed to develop a high-level Canadian PRCS, guided by Bhattacharjee’s model-building methodology [27]. This two-phase approach, initial modelling drafting and the validation and refinement, integrates insights from a literature review and stakeholder engagement, combining inductive and deductive reasoning. The modelling process used a diagramming tool [28] to visualize control actions, feedback loops, and interdependencies within port operations. This qualitative study focuses on CPAs, using STAMP principles to examine IRM. Although the PRCS is not quantitatively assessed in this study, it is grounded in literature and validated through observations, semi-structured interviews, and procedural reviews. A future research stage will test its effectiveness in enhancing collaborative risk management.

2.1. Initial Modelling Drafting

A comprehensive literature review was conducted from March to September 2023. Academic sources were primarily accessed through the Scopus database, which provided peer-reviewed journal articles, conference proceedings, and book chapters. Additional sources included regulatory documents from the IMO and Canadian government websites [16]. Confidential reports from the Halifax Port Authority (HPA) also informed the context [29]. The search used three keyword groups: (1) STAMP and systems theory, (2) IRM and collaboration, and (3) port operations in Canada. A backward snowballing approach extended the dataset. This review served as the foundation for mapping key organizational actors, risk control roles, and feedback relationships within Canadian ports. Findings were used to build the first draft of a PRCS, explicitly grounded in STAMP principles.

2.2. Validation and Refinement

The initial PRCS draft was refined through fieldwork conducted from November 2023 to April 2024. A triangulation strategy, which included observations, semi-structured interviews, and procedural reviews, ensured a robust qualitative research foundation [27]. The validation aimed to determine whether STAMP-based control components, such as controller roles, constraints, and feedback mechanisms, accurately reflected interorganizational dynamics in Canadian ports.

2.2.1. Observations

Observations are conducted at Halifax Port from November 2023 to April 2024, following Ograjenšek’s qualitative approach [30]. The goal is to examine real-world dynamics related to risk management and interorganizational communication. Positioned within the planning department, the researcher can observe interactions at multiple organizational levels (executive, middle management, frontline), attending meetings, participating in safety inspections, and documenting communication patterns and decision-making processes. Collected data are systematically organized using an online diagramming tool [28] to map control actions and feedback loops. A key observation includes a simulated crisis drill involving the port authority, service providers, and federal and municipal agencies. This exercise, inspired by Valdez Banda et al. [31] approach, provides insights into collaborative response effectiveness, refining the PRCS by clarifying stakeholder roles within the risk control structure, as discussed in Section 3.

2.2.2. Semi-Structured Interviews

Between November 2023 and April 2024, 15 semi-structured interviews were conducted with stakeholders from executive, managerial, and operational roles at the Halifax Port Authority and associated organizations [32]. Participants were purposively selected based on their active involvement in risk coordination, identified during the observation phase [31,33]. Interview questions were structured around the eight STAMP control components: controllers (entity that makes decisions and issues control actions), process model (a controller’s internal view of the system it manages), control actions (directive from a controller to influence system behavior), feedback loops (mechanism for reporting system state back to the controller), sensors (component that monitors and reports system conditions), control constraints (a safety requirement that prevents hazardous system states), actuators (entities that carry out control actions), and controlled process (the part of the system being managed by the controller) [34]. In addition to sharing insights on their organizational roles and decision processes, participants were invited to review and comment on the initial PRCS draft. Their insights led to key refinements in the model. These included clarifying intermediate control roles, revising feedback responsibilities, and improving the representation of control constraints across organizations. The input ensured that the PRCS reflected both operational and strategic realities. The full set of STAMP components, their associated validation questions, and their analytical purposes is provided in Appendix A (

Table A1. STAMP control structure components, guiding validation questions, and their analytical purposes.

STAMP Component	Validation Question	Purpose
Controllers	Who holds primary authority for initiating control actions related to safety, security, operational, environmental, and technological risks in your organization?	Identify decision-making authority and risk ownership
	How clearly are the boundaries of responsibility defined between your organization and others within the port system?	Clarify interorganizational role definition
	Are there instances where overlapping authorities create confusion or duplicated effort?	Detect duplication or ambiguity in control roles
Process model	How does your organization develop an understanding of how other port stakeholders operate (routines, technologies, constraints)?	Understand shared mental models or lack thereof
	Are there cases where mismatched assumptions about roles or system behavior led to a coordination problem?	Reveal cognitive mismatches across organizations
	What challenges do you face in maintaining an accurate mental or formal model of the overall port system?	Assess limitations in system-wide awareness
Control actions	Can you describe a typical control action (policy, procedure, or communication) your organization initiates to manage a shared risk?	Identify examples of proactive control actions
	How do you ensure that control actions are aligned with those of other stakeholders?	Evaluate cross-organizational alignment of decisions
	Have you experienced instances where a control action from one organization caused unintended effects on others?	Understand unanticipated effects of control actions
Feedback loops	What types of feedback does your organization receive from other port stakeholders after taking a control action?	Assess information flow and post-action visibility
	Are there delays or breakdowns in receiving feedback during emergencies or routine operations?	Identify barriers to timely feedback
	How is feedback analyzed and incorporated into decision-making across organizational boundaries?	Evaluate use of feedback in adaptive decision-making
Sensors/monitoring mechanisms	What formal or informal mechanisms are used to detect emerging risks in port operations (digital systems, inspections, reports)?	Determine tools used for risk detection
	Are there shared monitoring systems among organizations, or do you operate in silos?	Evaluate the integration of monitoring mechanisms
	How reliable are the current monitoring tools in reflecting real-time system status?	Gauge reliability of monitoring data for coordination
Control constraints	Are there explicit rules or constraints your organization follows when managing risks with others (limits on authority, standard operating procedures)?	Assess the presence of formal limits on action
	How are control constraints communicated between organizations?	Identify clarity and communication of rules
	Are there known constraints that hinder collaboration or delay action?	Explore constraints that inhibit coordination
Actuators	How are your organization’s control decisions operationalized (through systems, departments, or people)?	Understand how decisions are put into action
	Have you experienced problems in executing decisions due to lack of coordination or incompatible systems?	Assess delays or failure in execution mechanisms
	How responsive are these actuators to rapid changes or signals from other stakeholders?	Gauge adaptability of response implementation
Controlled process	What parts of the port system does your organization consider under its operational influence?	Identify operational boundaries and responsibilities
	How do your operations interact with those of other stakeholders (shared infrastructure, overlapping tasks)?	Understand cross-stakeholder operational overlaps
	Are there coordination issues when the controlled processes of multiple organizations intersect?	Detect points of conflict or misalignment in operations

).

2.2.3. Procedure Review

Following the interviews, a review of relevant documents was conducted to support and validate the findings. This included regulatory acts, organizational policies, operational manuals, and internal reports related to governance and risk coordination within Canadian Port Authorities. A close reading method was applied to systematically examine the content [35], with a focus on identifying stakeholder responsibilities, decision-making structures, control actions, and feedback mechanisms. Extracted information was categorized using the eight STAMP control structure components. The results contributed to refining the PRCS model by confirming alignment between documented procedures and observed practices.

The validation data collected through observations, interviews, and document reviews were interpreted using the STAMP framework, which provided a systems-based lens for modelling control and coordination in Canadian port operations. This framework is described in detail in the following section.

2.3. STAMP Model

This study adopts the STAMP elements to model Canadian port IRM. STAMP views safety as a control problem and analyzes accidents as a result of control failures, rather than component failures [13,36]. In this study, STAMP guides both model design and data interpretation.

To operationalize the STAMP framework in this study, the control structure model shown in Figure 2 was used. Figure 2 illustrates the relationships between controllers, control actions, control constraints, feedback loops, sensors, and the controlled process. This diagram provided a conceptual foundation for coding and interpreting data collected through field observations, interviews, and procedural reviews. Each STAMP component was translated into guiding questions and analytical categories, allowing the PRCS to map real-world feedback loops, control roles, and constraints across stakeholders in the Canadian port system. Further methodological details are provided in Appendix A.

3. Results: Port Risk Control Structure of CPAs

This section introduces the STAMP-based PRCS, developed to understand how IRM is applied across safety, security, environmental, organizational, and technological risk domains in CPAs. Figure 3 offers a simplified overview of key stakeholder roles, control actions, feedback loops, and relationships, serving as a guide for the detailed layers presented in the next sections: international (Section 3.1), national (Section 3.2), and local (Section 3.3).

The PRCS identifies two categories of stakeholders: impact actors, who have regulatory or operational authority, and influence actors, who support coordination through policy guidance or collaboration [36]. For example, Transport Canada (TC) is an impact actor, while the Canadian Marine Advisory Council (CMAC) acts as an influence actor. Appendix B and Appendix C provide structured overviews of how control actions and feedback loops operate at international and national levels. They include tables listing the key intergovernmental and federal organizations that define control actions and request feedback loops from CPAs, supporting regulatory alignment and role clarity within the PRCS. These appendices are included to provide transparency and detail for readers seeking to understand the concrete basis of the PRCS. They support the validity of the framework by linking each risk control function to its corresponding institutional actor.

In terms of the relationship between the different actors represented in Figure 3, the PRCS captures both formal and informal relationships. Formal control structures include codified elements such as international conventions, national statutes, and bilateral service agreements. These define explicit control actions, assign controllers and actuators, and establish feedback loops for compliance and adaptation. Informal interactions, such as community consultations and inter-agency coordination, complement these formal mechanisms by enabling trust-based collaboration in complex or evolving risk contexts [37].

A key finding is the role of middle management as a bridge between strategic direction and operational execution. Middle managers function as internal controllers within the PRCS, translating policy into procedures and supervising actuators responsible for implementing controls. They also process feedback, adjust risk responses, and facilitate learning loops to ensure system adaptability [38].

The PRCS clarifies how actors contribute to maintaining safe and sustainable port operations. For example, TC issues safety regulations under the Canada Shipping Act [39], which CPAs implement using tools like the Port Information Guide (PIG) [29]. This alignment of roles, actions, and feedback processes supports coordinated risk governance. As illustrated in Figure 3, feedback loops are not only vertical (from frontline to leadership) but also horizontal (across peer organizations), enhancing real-time coordination and responsiveness.

Contracts and service-level agreements further support IRM by specifying performance expectations, responsibilities, and compliance obligations. These mechanisms are widely used by CPAs and ports globally to align goals between port authorities and service providers [40]. At the local level, CPAs apply international and national control actions using the PIG, which outlines operational procedures for managing risk. It designates actuators (those who carry out risk management actions) and controllers (those responsible for oversight and compliance), and ensures that risk management practices are adapted to the specific needs and conditions of each port. This foundational structure sets the stage for Section 3.1, Section 3.2 and Section 3.3, which explore each level of the PRCS in more detail.

3.1. International Regulatory Framework for Port Risk Management

The international layer of the PRCS is structured around a hierarchy of intergovernmental organizations (IGOs) whose mandates are grounded in the United Nations Convention on the Law of the Sea (UNCLOS). As the principal legal framework for maritime governance, UNCLOS establishes the jurisdictional scope of coastal states and provides the foundation for regulating maritime safety, environmental protection, and legal dispute resolution. Under UNCLOS, functional responsibilities are delegated to specialized IGOs that act as impact actors within the PRCS. These include the International Maritime Organization (IMO), the International Labor Organization (ILO), the World Health Organization (WHO), the International Atomic Energy Agency (IAEA), and the International Tribunal for the Law of the Sea (ITLOS) [41].

These organizations issue binding conventions, standards, and rulings that serve as system-level constraints in STAMP terms, guiding risk control actions across port systems. Each of these IGOs addresses specific domains of risk, such as maritime safety, pollution prevention, labor protections, health emergencies, and legal compliance. Their mandates are reinforced and adapted through coordination with influence actors, including international non-governmental organizations (INGOs), service-oriented IGOs, and regional partnerships. These actors play key roles in implementing technical guidance, facilitating feedback loops, and ensuring local relevance of international controls. Together, these entities form a multi-layered regulatory structure that supports both vertical and horizontal coordination across jurisdictions. The roles of these organizations and their interdependencies within the PRCS are elaborated in the following subsections and summarized in

Table 1. International-level impact and influence actors in the PRCS.

Impact Actor	Influence Actor(s)	Control Actions	Feedback Loops	Governance Strength	Interorganizational Control Function
IMO	IAPH, IPCSA, SIGTTO	SOLAS, MARPOL, ISM and ISPS codes STCW, COLREGs, FAL, and cyber guidelines.	Reports, consultations, working groups	Binding	Serves as the central system controller for international port risk governance, issuing foundational conventions [16] and coordinating with other IGOs and INGOs to ensure aligned control structures and feedback mechanisms [42]. The IMO facilitates cross-domain integration and systemic constraint enforcement, enabling sustained collaboration across organizational boundaries within the PRCS.
ILO	ITF	MLC, ILO-OSH guidelines	Tripartite mechanisms, data sharing	Binding	Defines global labor standards that constrain work conditions in port environments, particularly through the MLC [43]. Operates as a system enabler by supporting coordination between states, unions, and INGOs to ensure that labor-related risks are addressed within the broader interorganizational control structure. ILO’s role reinforces systemic accountability and helps align social protections with operational safety.
IAEA	ISO	Radioactive cargo standards, IAEA-IMO agreement	Risk reporting, consultations	Binding	Establishes global safety constraints for the maritime transport of hazardous materials, especially radioactive cargo [44]. Within the PRCS, IAEA collaborates with IGOs and INGOs to ensure consistent interpretation and implementation of safety protocols across jurisdictions. It enables technical harmonization, reduces uncertainty, and strengthens the reliability of cross-border risk control functions within complex port systems.
ITLOS	Legal NGOs, academic organizations	UNCLOS compliance, legal rulings	Case proceedings, tribunal feedback, consultations	Binding	Functions as the adjudicative mechanism for resolving international maritime disputes, enforcing legal constraints that stabilize the broader control structure. ITLOS supports system integrity by coordinating with IGOs, INGOs, and national courts to ensure that legal interpretations align with risk governance objectives [45]. Through binding decisions and precedent-setting feedback, it helps maintain accountability and clarify responsibilities across interdependent actors.
WHO	IMHA, IFRC	IHR, maritime health protocols	Outbreak reports, emergency updates, compliance	Advisory	Acts as the international system coordinator for public health constraints in port environments. Through the IHR framework, the WHO collaborates with state agencies and INGOs to support timely feedback, promote disease prevention, and ensure that health-related risks are integrated into broader risk governance [46]. Its role reinforces the continuity of control functions during biological events and strengthens adaptive responses across organizational boundaries.

Note: This table outlines the roles of international impact actors in the PRCS, highlighting their control functions, governance strength, and interorganizational coordination based on STAMP principles. Detailed descriptions of the actors’ mandates, control actions, and feedback mechanisms are provided in Appendix B (Table A2) for expanded reference. For definitions of all acronyms used in this table, please refer to the Abbreviations section at the end of the manuscript.

and

Table 2. International influence actors mapped by STAMP system roles supporting PRCS.

STAMP-Aligned Role	Influence Actor(s)	Supported Controller	Key Contribution
Ecological constraint formulation and environmental domain guidance	GESAMP, IUCN, IWC, UNEP, UNWTO	ILO, IMO	Provides scientific guidance on marine environmental protection; promotes biodiversity and species conservation; supports ecological risk mitigation in ports; contributes to sustainable tourism integration [47,48,49,50,51].
Predictive feedback and real-time system monitoring	IALA, IHO, IOC, WMO	IMO	Sets navigation standards and supplies hydrographic data; enables ocean and weather forecasting for real-time risk monitoring and maritime decision support [52,53,54,55].
Technical standardization and control consistency enabler	IAPH, IPCSA, ISO, IMSO	IMO, IAEA	Standardizes operational technologies and maintains global communication systems to ensure coordination and system-wide control reliability [20,56,57,58].
Control execution and emergency response stabilization	IBTA, INTERPORT POLICE, SIGTTO, IMHA, IFRC	ILO, IMO, WHO	Implements port safety and security measures; enables emergency coordination and maritime health response to reduce operational disruption and safeguard critical functions [59,60,61].
Labor constraint formulation and human–system interface	ITF	ILO	Defines labor protection constraints; fosters social dialogue; advocates for safe working conditions and alignment of human factors with regulatory framework [62].
Legal–economic constraint harmonization and cross-border alignment	FAO, UNCTAD, UNCITRAL, WCO, WTO, legal NGOs, academic organizations	IMO, ITLOS	Harmonizes trade and legal standards; supports regulatory enforcement, dispute resolution, and food safety protocols across borders; integrates academic and legal advisory functions to reinforce systemic coherence [1,63,64,65,66,67].
Specialized domain coordination and external control support	ICAO, ISA	IMO, ISA	Coordinates specialized regulatory domains, including search and rescue and seabed resource governance; integrates niche controls into the broader port safety structure [68,69].
Cross-border coordination and adaptive feedback facilitation	OAS, CEC, Great Lakes Agreement, Arctic Cooperation, Joint Marine Pollution Plan	CPAs, TC	Establishes regional frameworks for environmental protection, cross-border emergency cooperation, and adaptive risk governance in port operations [41,70,71].

Note: Table is grouped by systemic control function aligned with STAMP theory, rather than by traditional functional domains, to reflect the interorganizational logic of risk governance. “Supported Controller” refers to the intergovernmental organization(s) whose formal control actions are influenced, coordinated, or reinforced by the listed influence actors. For definitions of all acronyms used in this table, please refer to the Abbreviations section at the end of the manuscript.

.

Table 1 presents the principal impact actors alongside their paired influence actors (primarily INGOs), highlighting control actions, feedback loops, governance strength (binding or advisory), and a STAMP-informed interpretation of each actor’s interorganizational control function. This systemic role perspective helps distinguish between actors that issue constraints and those that support coordination and feedback loops essential to IRM.

Table 2 further classifies influence actors by STAMP-aligned control roles, emphasizing their contribution to adaptive capacity, knowledge transfer, and system monitoring. Although these actors do not issue binding controls, they enhance the effectiveness of international governance by sustaining feedback loops, updating operational constraints, and facilitating alignment with emerging risks. Examples include the Group of Experts on the Scientific Aspects of Marine Environmental Protection (GESAMP) and the United Nations Environment Programme (UNEP) supporting the IMO through environmental data, the International Organization for Standardization (ISO) reinforcing cyber-technical frameworks, and the International Transport Workers’ Federation (ITF) enabling the implementation of labor conventions.

Together, Table 1 and Table 2 illustrate how formal and informal actors interact to sustain international control structures. This multi-actor configuration enables systemic stability, adaptability, and cross-domain responsiveness in port risk governance.

3.2. Canadian Regulatory Framework for Port Risk Management

The national-level PRCS in Canada reflects a multi-actor governance structure that integrates formal legislation with interorganizational collaboration.

Table 3. National-level impact and influence actors in the PRCS.

Impact Actor	Aligned Actor(s)	Control Actions	Feedback Loops	Linked Actor	Interorganizational Control Function
TC	CTA, TSB, CPAs, provincial transport ministries, municipal transit authorities	Marine regulation, port navigation rules, transport licensing, container and nuclear material safety standards	Inspection reports, safety audits, public consultations	IMO	Coordinates transportation safety with port authorities and transit agencies; enables consistent maritime governance across jurisdictions.
DFO	CCG, MCTS	Navigation aids, vessel traffic services (VTS), search and rescue coordination, marine environmental protection	Real-time communication, incident logs, coordination with TC and port authorities	IMO	Provides essential control actions for navigation and environmental safety; supports federal mandates on vessel traffic, marine pollution, and emergency response within PRCS.
ECCC	IAAC, provincial environmental ministries, municipal waste and pollution offices	Environmental assessment, disposal at sea permits, emergency pollution planning	Incident reporting, community feedback, pollution response coordination	IMO	Facilitates shared environmental governance and integrates federal/provincial/municipal environmental risk controls.
PS	CBSA, provincial police, municipal police and emergency services	Border inspection protocols, cargo screening rules, threat response	Customs data, incident logs, inter-agency security notifications	IMO	Supports cross-border logistics and national-port security alignment; integrates multi-level enforcement actions.
HC	PHAC, provincial health units, local health authorities	Health quarantine orders, port-based infection control	Epidemiological reports, quarantine data, public health alerts	WHO	Aligns federal IHR obligations with provincial and municipal health responses; enables health risk containment.
ESDC	CIRB, provincial labor boards, municipal labor bureaus	Labor code enforcement, workplace safety inspections	Dispute resolution records, union feedback, compliance audits	ILO	Harmonizes labor standards enforcement across jurisdictional layers; resolves interorganizational safety concerns.
DoJ	Supreme Court of Canada, provincial courts, municipal bylaw enforcement	Constitutional interpretation, maritime liability rulings	Judicial rulings, court case outcomes, legal consultations	ITLOS	Maintains consistent legal interpretation and judicial recourse; supports STAMP-aligned legal stability in PRCS.
DND	RCN, DRDC	Controlled Access Area Regulations, maritime surveillance, emergency security coordination	Military threat reports, secure communication with TC and port security.	IMO	Supports maritime surveillance, port perimeter control, and operational readiness for emergency scenarios.
CIRNAC	Co-management boards (e.g., James Bay, Inuvialuit), Indigenous port advisory committees	UNDRIPA implementation, Indigenous land/water consultation processes, co-management agreements	Consultation records, environmental assessments, Indigenous community feedback	IMO	Enables Indigenous co-governance and integration of traditional knowledge into port decision-making and environmental risk mitigation.

Note: This table emphasizes interorganizational control and collaboration functions aligned with the STAMP model. Detailed regulatory mandates and risk types addressed by each entity are provided in Appendix C (Table A3). For full organizational names, please refer to the Abbreviations section at the end of the manuscript.

identifies federal departments as lead impact actors and maps out supporting agencies, regulatory boards, commissions, and advisory groups engaged in control actions and feedback loops across Canadian ports.

Transport Canada (TC) serves as the central regulatory node of Canada’s port governance system and represents Canada in the IMO. It is responsible for implementing international maritime conventions domestically, including International Convention for the Safety of Life at Sea (SOLAS), International Convention for the Prevention of Pollution from Ships (MARPOL), and ISPS Code standards. TC’s mandates are executed through a network of impact actors, such as the Transportation Safety Board (TSB) and the Canadian Transportation Agency (CTA), which issue safety recommendations and enforce accessibility and trade-related maritime controls. This structure reinforces STAMP control functions by distributing responsibilities across multiple, coordinated entities [41].

Other departments, such as Environment and Climate Change Canada (ECCC), Public Safety Canada (PS), Health Canada, Employment and Social Development Canada (ESDC), and the Department of Justice (DoJ), collaborate with similarly autonomous actors (e.g., IAAC, CBSA, PHAC, CIRB, and the Supreme Court) to implement control actions related to environmental protection, health security, labor regulation, and legal adjudication. These actors are linked to international impact actors (such as the WHO, ILO, and ITLOS) through their respective domains of influence, ensuring regulatory coherence with global frameworks. These relationships create regulatory interdependencies that mirror the STAMP principle of decentralized control supporting system resilience.

A defining feature of Table 3 is that related entities are not simply subordinate to departments; many are independent or quasi-independent impact actors. For example, the Canadian Nuclear Safety Commission (CNSC), while functionally aligned with Transport Canada, maintains its own legal authority under the Nuclear Safety and Control Act. Similarly, the Supreme Court of Canada influences port risk governance through constitutional interpretation of federal maritime law.

From a STAMP perspective, Table 3 captures how regulatory control is distributed across interlinked controllers, where each entity imposes constraints, processes feedback and supports system stability. This structure reflects a balance between top-down mandates and distributed regulatory autonomy, which are key to managing the interconnected safety, security, environmental, and organizational risks present in Canadian port systems. The column, labeled “Linked Actor”, references the international organizations listed in Table 1 whose conventions or mandates inform the authority or oversight role of Canadian entities. These linkages reflect how national institutions both respond to and implement global regulatory frameworks within the Canadian PRCS, as visualized through the interdependencies mapped in Figure 3.

While Table 3 identifies entities responsible for issuing and enforcing formal system-level constraints,

Table 4. Provincial and municipal actors supporting federal port risk controllers.

STAMP-Aligned Role	Influence Actor(s)	Supported Controller(s)	Key Contribution
Ecological constraint formulation and environmental domain guidance	Provincial environmental departments, municipal environmental units	ECCC, DFO	Implements local environmental policies and collaborates with ECCC on pollution control and habitat protection.
Predictive feedback and real-time system monitoring	Provincial emergency management organizations, local meteorological stations	TC, CTA	Provides local data and early warning systems for weather, natural hazards, and emergency response planning.
Technical standardization and control consistency enabler	Provincial and municipal infrastructure and services authorities	TC	Maintains port-adjacent infrastructure and ensures alignment with federal technical and safety standards.
Control execution and emergency response stabilization	Provincial police, fire services, municipal emergency response units	TC, PS, CNSC, PHAC, CBSA	Executes emergency response plans, supports security enforcement, and stabilizes operational environments.
Labor constraint formulation and human–system interface	Provincial labor ministries, local labor unions, local employers’ associations	ESDC, CIRB	Monitors labor conditions, enforces provincial labor standards, and facilitates local workforce dialogue.
Legal–economic constraint harmonization and cross-border alignment	Provincial courts, provincial justice departments, national associations (e.g., CMAC, ACPA)	DoJ	Interprets and applies maritime-related legal frameworks; supports cross-jurisdictional legal consistency.
Specialized domain coordination and external control support	Land–port interface authorities, provincial road agencies, provincial transport ministries	TC	Supports the coordination of marine and land transport systems; facilitates the interface between port and regional mobility infrastructure.
Cross-border coordination and adaptive feedback facilitation	Provincial and municipal appointees to CPA boards, municipal stakeholder committees, indigenous rights groups, and local associations	TC, CPAs, Federal Court of Canada	Enables the integration of provincial and municipal input into port planning and operational decisions.

Note: Table 4 identifies national, provincial, and municipal influence actors whose roles align with STAMP-based systemic functions in the PRCS. These actors do not issue binding constraints but support federal controllers by facilitating implementation, enabling feedback, and translating national goals into local actions. Their contributions include predictive monitoring, adaptive coordination, emergency response, and cross-jurisdictional collaboration that reinforce the resilience of Canadian port governance systems. For full names of the organizations listed in this table, please refer to the Abbreviations section provided at the end of the manuscript.

highlights influence actors that translate, adapt, and reinforce those constraints at the provincial and municipal levels. These actors do not set regulatory mandates, but they are essential in executing and modifying them through predictive feedback, localized coordination, and dynamic risk response. Table 4 situates each actor within a STAMP-aligned control role, demonstrating their function as indirect controllers that enhance system resilience across Canada’s port infrastructure.

Critically, Table 2 and Table 4 represent complementary layers of systemic control. Table 2 focuses on how international influence actors shape soft constraints and inform global standards, while Table 4 shows how these constraints are operationalized within the Canadian context. Together, they reflect the multilevel structure of the PRCS, in which international priorities are interpreted through national, provincial, and local governance layers, creating a continuous feedback loop between policy origin and practical implementation.

For instance, at the Halifax Port Authority (HPA), the Halifax Regional Police (HRP) Marine Detachment does not author the ISPS Code, but it plays a decisive role in its execution, coordinating with TC and terminal operators during security operations. Similarly, the Halifax Employers Association (HEA) facilitates labor risk control by adapting national and ILO-aligned labor standards to the realities of port operations through union negotiations and local compliance audits. Provincial environmental units reinforce ecological constraints by executing habitat protection measures and reporting back to Environment and Climate Change Canada (ECCC) on risk developments not visible from the federal level.

From a STAMP perspective, these actors operate as the feedback-rich foundation of systemic governance. While Table 1, Table 2 and Table 3 reflect the top-down flow of control goals and constraints, Table 4 captures the bottom-up structure of the PRCS, in which provincial and municipal actors reframe global and national mandates into context-sensitive controls, while feeding performance insights and emergent risks upward into the system. This layered interaction is what allows Canada’s port system to adapt regulatory intentions to operational complexity, ensuring that risk governance is not only consistent across jurisdictions but also responsive to emergent threats, variability, and real-world constraints, a fundamental characteristic of effective system safety and IRM.

3.3. CPA Regulatory Framework for Port Risk Management

The CPAs, as Agencies of the Crown, are the main actors accountable for implementing IRM at the local level within the PRCS depicted in Figure 3. Operating under the authority of the Canada Marine Act (CMA), CPAs manage port infrastructure, enforce safety, and coordinate risk-related actions with a network of actors, including federal agencies, service providers, tenants, and surrounding communities. While CPA governance is structured independently at each port, their mandates are harmonized through federal oversight and regulatory statutes [24,72].

From a STAMP perspective, CPAs function as mid-level controllers, embedded within a layered control system. They translate national strategic constraints into localized actions, supported by feedback mechanisms that connect external mandates with port-specific realities. Although CPAs act as actuators from a federal viewpoint, at the port level, they become primary controllers. Notably, this role may shift depending on the controlled process. For example, during cargo operations, terminal operators may act as a controller while a tugboat company becomes the actuator. Tugboat companies execute direct vessel maneuvers during berthing and unberthing based on control directives, transforming planning into physical action. Similarly, stevedores loading or unloading cargo, or mooring crews securing vessels, also function as actuators within this operational layer.

Table 5. CPA-level control structure within the PRCS.

CPA-Level Actor	Control Actions	Feedback Loops	Linked Actor	STAMP Function	Interorganizational Control Function
Board of directors	Strategic planning, oversight CMA mandates, letters patent enforcement, high-level risk prioritization	Reporting to TC, municipal consultation, audits, annual risk reviews	TC	Strategic constraint setting and oversight	Ensures regulatory alignment and accountability to federal and municipal priorities [24,72]
CPA team	Operational planning, internal audits, compliance protocols, manual enforcement (PIG)	Top-down performance reviews, bottom-up compliance reports	TC, ECCC	Control execution and operational consistency enforcement	Translates strategic mandates into implementable protocols across departments [29,72]
Federal bodies	Navigation control, certification validation, customs inspection, emergency protocols	Incident reports to CPA, inspection delays, compliance data sharing	TC, CBSA, CCG, MCTS	Specialized regulation and system constraint reinforcement	Implements federal controls on-site; validates vessel compliance and navigational safety [29].
Port safety committees	Safety meeting coordination, procedure review, emergency response protocols, hazard ranking	Meeting records, safety review outputs, stakeholder feedback	TC, PS	Collaborative risk coordination and protocol alignment	Acts as an IRM facilitator by engaging stakeholders to update risk mitigation protocols [74].
Port users	Operational adherence to CPA manuals and PIG standards	Incident-based reporting to CPA, compliance feedback	TC	Constraint compliance interface and localized adherence	Interfaces with CPA for daily compliance; identifies operational risks and gaps [29].
Port services providers	Execution of service contracts, terminal regulations, service license agreements	Service audits, communication with CPA team, resource use reporting	TC	Task-specific control enforcement and resilience support	Delivers essential port services under regulated agreements; provides performance data [29].
Port Tenants	Lease regulation enforcement, tenant compliance monitoring, facility maintenance	Facility needs reporting, lease feedback, safety suggestions	TC	Facility-level constraint compliance and feedback provision	Supports long-term port strategy through lease compliance and facility coordination [29].
Port-Linked Entities	PIG-based operational alignment, informal coordination protocols	Industry trend sharing, informal consultation with CPA	TC	Informal constraint negotiation and feedback enrichment	Informs CPA strategy via informal insights; potential to formalize risk signals [75].

Note. This table outlines CPA-level actors based on their control actions, feedback mechanisms, linked federal actors (referenced from Table 3), and STAMP-aligned system functions. It also characterizes each actor’s role in interorganizational collaboration within the PRCS. The mapping reflects the layered control hierarchy and dynamic actuator–controller relationships observed at the port level. For definitions of acronyms and institutional abbreviations, see the Abbreviations section at the end of the manuscript.

summarizes each CPA-level actor according to their control responsibilities, feedback loops, and interdependencies with national entities (as outlined in Table 3). This table aligns each actor with its corresponding STAMP function, showing how CPA components bridge strategic oversight and operational enforcement. The stakeholder classifications follow ref. [4] and Yap [73], grouping actors as port users (e.g., shipping lines, logistics firms), port service providers (e.g., tugboat operators), or port tenants (e.g., warehouse lessees). A single organization may occupy multiple roles depending on the operational context. To illustrate, terminal operators may fall under all three categories: as a tenant (leasing a terminal), a service provider (handling cargo), and a user (operating ships or port facilities).

Within each CPA, boards of directors, appointed by TC, provincial, and municipal governments, provide high-level oversight and strategic planning. CPA teams carry out operational functions under a hierarchical structure where senior leaders set strategy, middle managers implement plans, and frontline workers ensure compliance. These teams rely on tools such as the Port Information Guide (PIG) to maintain internal control protocols and assess feedback [29].

Surrounding this core, federal enforcement bodies like TC, the Canadian Coast Guard (CCG), Marine Communications and Traffic Services (MCTS), pilotage authorities, and the Canada Border Services Agency (CBSA) act as embedded actuators responsible for enforcing regulatory constraints on navigation, pilotage, customs, and environmental compliance. In ports like Halifax, the APA coordinates pilotage services essential to vessel movement safety. Agreements between CPAs and agencies like the APA and MCTS facilitate synchronized control of traffic and entry permissions [29]. Security protocols, including compliance certification checks for SOLAS-registered vessels, reflect how regulatory enforcement is jointly managed to prevent safety breaches. Observation data revealed that feedback loops with federal agencies often experience delays, affecting risk response efficiency.

Port safety committees, though non-statutory, serve as IRM coordination platforms, aligning various stakeholders through hazard ranking, procedural review, and emergency planning [74]. These committees act as systemic feedback nodes, integrating localized insights into broader control strategies. Institutionalizing and standardizing these committees across ports would strengthen their effectiveness as collaborative IRM instruments embedded within the PRCS.

Port users are expected to comply with CPA-issued guidelines on safety and environmental protocols. These users, ranging from cruise lines and shipping companies to logistics firms, operate under procedures defined in the PIG [29], including berth reservations, hazardous cargo notifications, and port entry conditions. Although engagement is often reactive, user decisions, such as vessel movements and cargo handling, directly impact operational safety. Users function as constraint-bound actors whose behaviors are shaped by CPA directives, but their feedback potential remains underutilized.

Port service providers fulfill CPA-directed operational tasks under formal agreements, including terminal operations, stevedoring, tugboat maneuvers, mooring, vessel maintenance, security, and other port-critical services. These entities operate within defined performance boundaries outlined in contracts and the PIG [29]. They act as actuators by implementing CPA or terminal directives in real-time port operations. Interview findings revealed challenges with overlapping documentation, reducing efficiency, a phenomenon aligned with Rae et al.’s concept of safety clutter [3].

Port tenants contribute to infrastructure maintenance and risk identification through lease agreements. Observations and interview data indicated that their input is rarely integrated into strategic discussions. Similarly, port-linked entities such as nearby exporters and service firms provide informal feedback to CPA staff, but these interactions are not part of structured coordination protocols. The PRCS identifies these actors as underutilized nodes in the feedback loop, highlighting a gap between operational insight and formal decision-making.

The PRCS’s local application highlights the complexity of overlapping roles in port governance. A single actor may simultaneously function as a port user, service provider, and tenant, depending on the process. This role fluidity underscores the need for clear interfaces, scalable communication protocols, and robust feedback mechanisms. From a STAMP perspective, the CPA system operates as a context-dependent control structure where actors alternate between controller and actuator roles. This dynamic reinforces the value of the PRCS as a tool to map interdependencies and strengthen systemic coordination. The tabular and graphical outputs (e.g., Table 1, Table 2, Table 3, Table 4 and Table 5 and Figure 3) help concretize these relationships and offer a practical foundation for strengthening IRM across Canadian ports.

4. Discussion: Enhancing IRM in Canadian Ports Through the PRCS

This study aimed to develop a STAMP-based PRCS tailored to CPAs, focusing on managing interconnected operational (safety, security), organizational, environmental, and technological risks. Economic risks fall outside the scope of this analysis. The resulting PRCS offers a structured, system-oriented model that supports CPAs in navigating the complexities of a multi-level and multi-actor system. The discussion interprets these findings in relation to existing literature and system safety theory, highlighting the model’s contributions and avenues for future research.

4.1. Addressing the Need for IRM in Ports

As port operations become increasingly complex and digitalized, isolated risk management strategies are insufficient for addressing the interconnected nature of risks [18]. The PRCS responds to this gap by providing a top-down structure that maps stakeholders, control actions, and feedback loops across international, national, and local levels. Table 1, Table 2, Table 3, Table 4 and Table 5 illustrate these control relationships and interdependencies.

The model aligns with CPAs’ existing risk practices and offers a scaffold for identifying constraints at multiple levels, enabling port-specific adaptations. This supports prior research [76], which emphasizes the value of cooperative frameworks over isolated decision-making, demonstrating that cooperation enhances system performance and overall benefits. Cooperation ensures better alignment with overarching standards while allowing for the evaluation of current practices and the development of additional constraints where necessary to protect the system.

The inclusion of both impact and influence actors in the PRCS reflects the diverse array of stakeholders involved in Canadian port operations, including government agencies, regulatory bodies, private sector actors, and non-governmental organizations. This multilevel integration fosters coordinated action and shared accountability, allowing CPAs to address risks that arise from interorganizational interactions rather than viewing them in isolation. The model supports insights presented in ref. [4], which emphasize the need for centralized data sharing and coordinated risk management across global supply chains.

4.2. Advancing the Application of STAMP for Comprehensive Risk Control

This study reaffirms STAMP as a robust model for understanding and managing risks in complex socio-technical systems such as port operations. STAMP’s control-based approach, which emphasizes relationships, constraints, and feedback loops, proves particularly effective in addressing the layered governance structure of Canadian ports. Unlike traditional risk management models, STAMP allows for dynamic interactions between system components, accommodating both direct control actions (regulatory oversight) and indirect influence mechanisms (industry advocacy groups).

By applying STAMP to port risk management, this study offers a basis for developing assessments or methodologies that go beyond failure prevention to actively enforce constraints across interdependent systems. The PRCS facilitates structured control actions that pre-emptively mitigate unsafe conditions and unanticipated risks, aligning with recent advances in systems thinking as applied in other high-risk sectors [13]. This model’s application within Canadian ports demonstrates STAMP’s adaptability in accommodating various risk types, including security, safety, environmental, and organizational risks, making it a viable alternative for similar complex, multi-actor systems.

One of the key elements of STAMP is the use of feedback loops, which act as critical indicators of the system’s status. These indicators provide actionable insights into system performance and help develop control actions to address unexpected changes or emerging risks. As emphasized by ref. [77], defining and monitoring critical system indicators is crucial, particularly in complex and dynamic environments, such as those involving autonomous ships.

By proactively identifying such indicators, port members can enhance their capacity to monitor and respond to evolving conditions, ensuring greater adaptability and resilience in port operations. As noted in ref. [78], effective logistics integration depends on cohesive partnerships among institutional, operational, and resource-sharing entities, emphasizing the importance of interorganizational collaboration. Incorporating these principles into the port CPA’s risk management framework strengthens its ability to support collaboration, manage technological and operational complexities effectively, and maintain robust control over emerging risks.

STAMP was initially developed with a focus on safety. However, its adaptability to broader risk assessment contexts has been recognized in the literature. Building on the call by ref. [79] for a comprehensive understanding of risk that includes uncertainty, consequences, and hazards, beyond traditional probability-based definitions, STAMP aligns well with this broader approach, making it applicable to various risk types beyond safety alone. As ref. [80] emphasizes, risk and safety are interconnected both conceptually and practically, noting that “risk is defined as the likelihood of unwanted events, while safety is defined as their absence.” This interconnection supports STAMP’s potential application to a more comprehensive understanding of risks. Further supporting its flexibility, ref. [81] effectively applies STAMP to port security risk management, extending its use beyond safety. Similarly, ref. [11] highlights STAMP’s utility across multiple risk management areas. As a result, there is evidence that STAMP offers a comprehensive framework well-suited for IRM in complex, multi-risk systems like ports.

While this PRCS is tailored to Canadian ports, its STAMP-based foundation makes it adaptable to international port systems operating under similarly layered governance models. The model’s modularity allows for customization based on stakeholder configurations and governance regimes. Future studies could explore its scalability by applying it in centralized or hybrid port governance environments.

4.3. Implications for Policy and Practice in Ports

The PRCS model offers multiple policy and operational benefits aligned with CMA’s governance objectives. It supports coordinated compliance with international conventions and interjurisdictional collaboration with provincial and municipal entities. The study’s findings emphasize the importance of communication protocols and risk transparency across governance levels.

4.3.1. Enhancing Systemic Risk Awareness

The PRCS enhances systemic risk awareness by clarifying how control and feedback mechanisms function across organizational levels. This enables policymakers to identify structural vulnerabilities. For example, feedback delays observed between federal and local actors can be addressed through improved real-time monitoring and streamlined communication protocols.

4.3.2. Cybersecurity Integration and Technological Adaptability

As ports increasingly adopt “smart port” technologies [7], the PRCS can serve as a foundation for integrating cybersecurity measures into port operations. The model’s systems-based approach facilitates the identification of vulnerabilities within the interconnected digital and physical infrastructure. It is plausible that this proactive approach can contribute to addressing the evolving nature of cyber-physical threats, which, as highlighted by ref. [26], can cascade across systems and disrupt port operations. Traditional risk management frameworks often struggle with cyber-physical risks because they treat cyber threats in isolation. By integrating cybersecurity practices into the PRCS’s feedback loops, ports can better anticipate, detect, and mitigate potential cyber risks before they escalate.

4.3.3. Balancing Standardization and Operational Flexibility

The analysis revealed that while standardizing risk management practices can improve consistency across ports, excessive procedural requirements may lead to operational rigidity. This phenomenon, often referred to as “safety clutter” [3], was observed when general safety protocols designed for larger operations were difficult to implement. Interviewees shared experience where safety documentation initially created for high-traffic ports was applied unchanged to smaller ones, resulting in confusion and noncompliance. The PRCS based on STAMP principles could provide a foundation for differentiating core safety requirements from context-specific guidelines, enabling CPAs to tailor practices to their unique operational environments without compromising safety standards.

4.3.4. Practical Implications for Stakeholder Engagement

Effective IRM requires active participation from diverse port stakeholders, including governmental bodies, private enterprises, and community representatives. The PRCS model can promote inclusive decision-making by clarifying stakeholder roles and the nature of their interactions through control actions and feedback loops. This clarity aims to foster trust and cooperation, particularly when addressing risks that span organizational boundaries, such as environmental incidents or security breaches.

For example, the HPA implemented quarterly stakeholder forums following safety incidents, resulting in more efficient collaborative responses. Policymakers can leverage the PRCS to establish regular inter-stakeholder forums that facilitate knowledge exchange and joint problem-solving, aligning with findings by ref. [19] on the benefits of cooperative risk management.

4.3.5. Policy Consideration for Continuous Improvement

The interaction between provincial, municipal, and federal stakeholders within the PRCS reflects the layered complexity of IRM in Canadian port operations. Observations during the research suggest areas where communication across governance levels may benefit from greater alignment. Enhancing the flow of information through improved coordination mechanisms could support more responsive and cohesive risk management efforts. These considerations contribute to a broader understanding of how the PRCS framework captures the dynamics of interorganizational coordination and its influence on risk-related decision-making within the port context.

4.4. Contributions to the Literature and Future Research Directions

This study contributes to the limited body of literature on IRM within port operations by providing a concrete, STAMP-based analysis that accounts for the diverse risk landscape in Canadian ports. While prior research [19,73] has discussed the challenges of aligning multiple stakeholder objectives in ports, this study operationalizes those insights into a functional model that can serve as a scalable template for other ports with complex interdependencies.

Further research is needed to refine and test the PRCS across diverse operational contexts, especially in regions with differing regulatory structures, and to assess its effectiveness in crisis situations. While this study presents a structured proposal, empirical validation through case studies would provide stronger evidence of the PRCS’s applicability in real-world settings. Additionally, a taxonomy of IRM challenges is suggested to enhance the PRCS’s practical application to risk identification, analysis, and management. Such a taxonomy could categorize risks (safety, security, organizational, environmental, technological) and facilitate targeted control actions, more precise feedback loops, and clearer stakeholder roles. By integrating insights from STPA-based analyses, the taxonomy could help uncover systemic vulnerabilities that may not be immediately visible using conventional risk management approaches [13]. By addressing these risk categories, a taxonomy would make the PRCS more actionable and adaptable to evolving port needs, support both large and small ports with scalable strategies, and encourage continuous learning. Such a structured approach would improve risk management practices, enabling Canadian ports to build resilience through an integrated, proactive risk framework.

This study complements recent work by ref. [82], which underscores the need for frameworks that categorize and address risks in complex socio-technical systems. Similar studies, such as those by ref. [81], demonstrate how STAMP-based approaches provide a broader systems perspective, identifying risks that traditional methods may overlook. Incorporating these principles into the PRCS could enhance its capacity to model interactions among port stakeholders and identify control actions that effectively mitigate systemic risks. Future works on the PRCS could incorporate similar approaches to refine risk identification methodologies, particularly in emerging contexts such as autonomous systems and digitalized port environments.

To further demonstrate the PRCS model’s utility, future research could incorporate real-world examples or hypothetical scenarios from port operations. A scenario-based application of the PRCS, modelled after studies like ref. [31], would illustrate its effectiveness in mapping control structures and feedback loops during high-risk situations, such as hazardous material incidents or cybersecurity threats in port logistics. Such examples would provide practical illustrations of how the model can be applied across various risk contexts, helping practitioners better understand its applications and potential benefits for coordinated risk management. These scenarios would not only enhance clarity but also showcase the PRCS’s practical advantages in addressing diverse and evolving risks effectively.

One limitation of this study is its qualitative scope. Future studies should pursue empirical applications to evaluate the PRCS’s operational effectiveness, decision-making support, and policy relevance across varied governance systems.

5. Conclusions

This study developed a PRCS for CPAs grounded in the STAMP model, offering a comprehensive, system-oriented approach to strengthen IRM across diverse risk domains in Canadian ports. It contributes to the IRM literature by operationalizing STAMP principles, control actions, constraints, and feedback loops within a layered governance context. The model clarifies stakeholder roles from international to local levels and provides CPAs with a scalable structure that supports risk identification, coordination, and stakeholder collaboration.

By mapping control structures, the PRCS enhances visibility into stakeholder interdependencies in complex port environments. Key roles are defined for institutions like the IMO (global conventions), Transport Canada (national oversight), and CPAs (local implementation), with additional responsibilities distributed across port service providers, users, and tenants. This delineation promotes transparency and helps align risk management activities across operational levels.

Looking ahead, integrating a taxonomy of IRM challenges tailored to Canadian ports could extend the PRCS’s applicability. Such a taxonomy would support more precise risk classification, targeted control strategies, and improved feedback structures. It would also facilitate knowledge transfer and continuous learning across ports.

Ultimately, the PRCS advances a scalable and adaptive control structure that reinforces systemic resilience in port operations, enabling Canadian ports to navigate an increasingly complex and dynamic global risk landscape.