A Brief Explanation of the Private Security Regulatory Initiatives: The Standards
Originally Posted on Affiliate Dextra Fortis’ Blog.
By Dr. Ian Ralby.
The ICoC in Paragraph 7 set for the key follow-on obligations of the process. First among these was the development of
objective and measurable standards for providing Security Services based upon this Code, with the objective of realizing common and internationally-recognized operational and business practice standards.
Unlike the multi stakeholder initiatives which created the ICoC and ICoC Association via essentially self-governing ad hoc processes, there is a whole global infrastructure for developing and implementing Standards. Following completion of the ICoC in 2010, the United States Department of Defense hired ASIS International, the premiere security-related standards drafting organisation to develop formal Standards in line with the ICoC. Recognising the need to develop the standards quickly and with as diverse input as possible, ASIS determined that they would be best developed under the rules of the American National Standards Institute (ANSI) and could then be proliferated from there.
The ANSI/ASIS PSC.1 Standard, developed by a Technical Committee of over two hundred people from twenty-six different countries, is by far the most detailed instrument in existence relevant to the regulation, governance and oversight of the private security industry. It is the flagship Standard of the ANSI/ASIS PSC Standards Series which seek to operationalise the ICoC within a formal structure familiar to businesses. That structure, with national and international supervision, provides auditable procedures for the development of the standard, certification to it, and monitoring of ongoing compliance. That said, PSC.1 pushes the proverbial envelope with regard to business Standards, as it is the first Standard to seek to incorporate human rights requirements. As mentioned in the previous Post in this Blog Series, the ICoC’s substantive significance was primarily to commit signatories to human rights principles regardless of whether they were obligated accordingly pursuant to the law. The PSC Standard Series, therefore, takes that voluntary commitment a step further and incorporates adherence to those human rights principles as prerequisite for certification.
Given the unusual nature of the PSC.1 Standard, it was known from the outset that a second Standard would be needed to set forth the requirements for auditing PSCs. A conformity assessment standard, PSC.2 is based on ISO 17021, but tailored specifically to the unique needs of the PSC industry and the PSC.1 Standard. It is also applicable to the follow-on Standards, PSC.3 and PSC.4. It focuses on the expertise required to appropriately assess companies operating with weapons in the most challenging places on Earth. Traditional auditors, accustomed to examining more traditional businesses, typically lack the discernment and expertise necessary to understand whether the companies in question have sufficiently implemented the legal, human rights, and operational requirements by the PSC Standards. PSC.2, therefore, provides the details as to what is required to be an auditor of PSCs.
Standards compliance, especially with a difficult Standard like PSC.1, can be time consuming and costly. PSC.3, a Maturity Model, sets forth the process for phased implementation of the PSC Standards. Detailing the benchmarks for gradually achieving complete compliance, PSC.3 provides helpful guidance to PSCs in their implementation of the PSC Standards, as well as helpful guidance to the auditors tasked with reviewing and certifying their compliance.
PSC.1 is comprised of two parts: the Requirements and the Implementation Guide. The Requirements are general principles applicable to all PSCs, while the focus of the Implementation Guide for PSC.1 is, consistent with the original focus of the ICoC, the responsible provision of private security services on land. PSC.4 is the Maritime Implementation Guide for the Requirements enumerated in PSC.1. In other words, PSC.4 is inextricably linked to both PSC.1 and, therefore, the ICoC, as it provides the guidance for how PSCs operationalise the principles of the Code and thus the Requirements of PSC.1 when operating in the maritime environment. Importantly, the scope of those operations in the maritime domain are not restricted to any particular activities, but security services generally. Through PSC.4, therefore, the ICoC human rights principles become required of PSCs providing maritime security regardless of whether applicable laws impose such human rights requirements.
ISO PAS 28007
Concurrent with the development of PSC.4, ISO PAS 28007 was developed as a maritime industry initiative. Some in the private security industry and the maritime industry felt that an ANSI Standard, regardless of content, would be inappropriate for the maritime industry, since the “A” in ANSI stands for “American” – an adjective that is perhaps less relevant to the global maritime community than it is to the global security community. This Standard was developed via an abbreviated ISO process and will have to be reviewed before it becomes a full-fledged ISO Standard. Recognising the ICoC is not directly applicable on its terms in the maritime environment, the ISO PAS 28007 does not adopt the ICoC principles. As a result, human rights are only incorporated so far as they are addressed by applicable law. As it lacks clarity on human rights principles and is focused primarily on armed transits of High Risk Areas on the high seas – only a portion of what private maritime security companies do – the longevity of this Standard should very much be in question. For now, though, it is the principle Standard for maritime security companies.
The next post will explore other human rights initiatives that are relevant to the private security industry.