The current analysis examines three different solutions that Mexico implemented within its ports and offshore installations in order to improve the country’s maritime security framework, as well as ensuring compliance with the International Ship and Port Facility Security Code (ISPS Code): privatisation, militarisation and, finally, their combination. The findings of an on-going research effort include inconsistencies within the data of the necessary security incident records, or even their total absence. Inadequate competence and training among the Port Facility Security Officers (PFSO) also stands out. Another important issue was the use of different procedures among the ports under investigation for dealing with exactly the same security incidents. The clear conclusion is that after twelve years of the ISPS Code implementation, Mexico, which is leading the Interamerican Port’s Commission of the Organisation of American States (OAS), does not comply with the requirements of the ISPS Code at an acceptable level; the lack of a national maritime security policy has resulted in a poor (maritime) security culture, despite the severe (security) challenges that this nation is facing. It is also true that the country under discussion is currently reorganising its maritime security apparatus, with some positive results; tools and recommendations for enhancing the Mexican maritime security operating framework are therefore provided, along with areas of potential future research.