Management System for Private Security Operations

ISO 18788:2015

The context

ISO 18788:2015 sets requirements for organizations that conduct or contract security operations. It provides a framework for the effective conduct of security operations. This standard is used to demonstrate:
a) capacity to meet the requirements of clients and other stakeholders;
b) management of the impact on local communities;
c) legal compliance and respect for human rights;
d) consistency in fulfilling voluntary commitments.
Private security companies play an important role in protecting clients that are engaged in various activities such as relief, recovery, reconstruction; commercial business; development; diplomacy; and military.
ISO 18788:2015 is applicable for any type of organization conducting or contracting security operations, particularly in environments where governance is weak or the rule of law undermined due to human or naturally caused events.
The organization, in coordination with clients, needs to implement the standards necessary to ensure that human rights are adhered to in order to safeguard lives and property, and that illegal acts are prevented.
The purpose of this international standard is to demonstrate consistency in the provision of security operations in line with respect for human rights, national and international laws, and fundamental freedoms.

For the purposes of this international standard, national laws can include those of the country of the organization, countries of its personnel, the country of operations, and the country of the client.

This International Standard builds on the principles found in international human rights law and international humanitarian law (IHL).
Organizations need to carry out their business in a manner that respects human rights and laws. Therefore, they and their clients have are obliged to carry out due diligence to identify risks, prevent incidents, mitigate and remedy the consequences of incidents, report them when they occur, and take corrective actions to avoid a reoccurrence.
This International Standard provides a basis for clients to differentiate which organizations can provide services in a highly professional way that is consistent with the needs and rights of the stakeholders.
In order for the successful implementation of this standard is embedding, it’s important that the values of the Montreux Document and the ICoC are embedded into the culture of the organization. This in turn requires a long-term commitment by top management, including leadership, time, attention, and resources – both monetary and physical.
ISO 18788:2015 can be integrated with other management systems within an organization (e.g. 9001, 45001, 22301, 14001, 27001 and 31000). One suitably designed management system can thus fulfill the requirements of all these standards.

Normative references

  • Montreux document on pertinent international legal obligations and good practices for states related to operations of private military and security companies during armed conflict (09/2008);
  • International code of conduct for private security service providers (ICoC) (11/2010);
  • Guiding principles on business and human rights; implementing the united nations “protect, respect and remedy” framework (2011).

Who's this for?

Organizaions conducting or contracting security operations and related functions and activities

How'll we do it

The Process - Development and implementation of management system against ISO 18788:2015

Gap Analysis against ISO 18788:2015

- Business Excellence' team will conduct an initial assessment/gap analysis according to the scope of services with reference to the STANDARD including office as well as sites
- A comprehensive written report will be presented to the Top Management on the status of the compliance against standard’ requirements in order to know as to what are the gaps

Awareness Training on ISO 18788:2015, ANSI PSC.1 and Int'l Code of Conduct (ICoC)

- Business Excellence's team will provide awareness training to the key process owners and relevant staff, on the requirements of the standard
- Further to this, they'll explain how these requirements apply to their business


Business Excellence' team will provide full assistance for the development of documentation according to the requirements
These documents will be of different types at different levels (in the order of importance) including policies, manual, system element procedures, and associated 'forms' including RACI matrix, process maps, risks & opportunities register, KPI’s, etc


Business Excellence' team will extend its full support in regards to the implementation of the aforementioned documented management systems in letter and spirit
This may include SWOT analysis, process mapping, setting objectives & targets, development of RACI matrices, training need analysis, internal audit, corrective action including root cause analysis, management review meeting etc

Mock Third Party Assessment

- Finally, a mock assessment by the 'Business Excellence' team will be performed before third-party arrives
- The detailed report of which shall be submitted to the management and will help rectify the non-conformities & concerns
- However, management to ensure rectification of the identified concerns within the time frame, as agreed

Review &/or Assessment by the Certification Body

- The selected third party to review documentation including records
- Lastly, conduct an onsite audit

Closing Out of Non-conformities

- Consequent upon the independent review and assessment by the relevant authority, the corrective action plan to be developed for each of the non-conformities
- Business Excellence to provide guidance to implement the corrective action plan

The value of the money

Key Deliverables - Development and Implementation of Management System against ISO 18788:2015

Gap Analysis Report

To evaluate the existing systems to ascertain as to what is in compliance and what're the gaps and submitting a comprehensive report to the client

Documentation Kit

The templates for documents of all types (at all levels) including policies, manuals, system element procedures, work instructions, RACI matrices, forms, process maps, checklist, registers, etc.

Training on the Standard

On the requirements of the international standard and how these apply in the context of the business

Review of Documentation and Associated Records

- Business Excellence' team will review each & every provided document prior to finalization
- However, after review by us; the client shall also review these documents prior to approval

Support for Implementation

Business Excellence's team will extend its full support in regards to the implementation of the documented management systems in letter & spirit. This may include SWOT analysis, process mapping, risk assessment, objectives and targets, RACI matrices, training need analysis & training plan, internal audit, corrective action, management review etc

Mock Third-party Assessment

Finally, a mock assessment by Business Excellence' team will be performed before the third-party assessment and a detailed report of this shall be submitted to the management in order to help rectify the non-conformities & concerns

Submission for Review &/or Assessment by the Relevant Authority

The management systems documentation including records shall be submitted to the relevant authority for its review of documentation and on-site assessment

Corrective Action

Business Excellence' team shall help develop and implement corrective actions to closeout findings consequent upon 3'rd party review &/or assessment till approval of the management systems and issue of the certificate

Various Options

Delivery Methods

Face To Face (On Client' Premises)
Online & Virtual (through e-mail, phone and video calling)
Blended (Mix of Option 1 & 2)

    Contact us through any of the below channels

    For Further Information
    00971 50 406 5134