PRIMIS Global

ISO 18788

ISO 18788

ISO 18788: Setting the Global Standard for Professional Security Operations

Discover ISO 18788:2015 – the definitive international standard for organizations committed to excellence in private security operations. This standard provides the framework for establishing, implementing, maintaining, and continually improving a robust Security Operations Management System (SOMS).

By focusing on effective risk management, ethical conduct, respect for human rights, and legal compliance, ISO 18788 helps security providers and contractors enhance their reputation, gain a competitive advantage, ensure operational reliability, and meet the demanding expectations of clients and stakeholders in any environment. Learn how adherence to ISO 18788 signifies true professionalism in security.

Achieve ISO 18788 Compliance with Primis Global

Successfully implementing the comprehensive requirements of ISO 18788 demands expertise and dedicated effort. Primis Global provides specialized consulting services nationwide to guide your organization through every step of establishing or refining your Security Operations Management System (SOMS).

Leveraging over 25 years of deep security industry experience, we offer:

  • Expert Training Guidance: Tailored support to ensure your team understands and can effectively implement the SOMS requirements.
  • Audit Readiness Consulting: Comprehensive preparation for internal reviews and successful third-party certification audits.

Whether you are a Private Security Organization seeking certification or a company aiming to ensure the highest standards from your security contractors, let our experience be your advantage.

Contact Primis Global today to discuss your ISO 18788 requirements and ensure your operations comply with this global standard.

Phone: (845) 208-9558

 

 The comparison between ISO 18788:2015 (Management system for private security operations — Requirements with guidance for use) and ANSI/ASIS PSC. 11 (Management System for Quality of Private Security Company Operations – Requirements with Guidance). 

While highly similar and often considered complementary or equivalent, especially in US government contracting, they have distinct origins, structural nuances, and primary spheres of recognition.

1. Origin and Development:

  • ANSI/ASIS PSC.1: This is an American National Standard. Its development (first published in 2012, revised in 2022) was driven significantly by the need within the United States, particularly by the Department of Defense (DoD) and Department of State (DoS), to establish clear, auditable standards for Private Security Companies (PSCs) contracted for operations in complex environments overseas (like Iraq and Afghanistan). ASIS International, a major US-based security professional organization, led the development effort with ANSI accreditation. (Result 1.1, 1.5, 5.1)
  • ISO 18788:2015: This is an International Standard developed through the International Organization for Standardization (ISO) process. It leveraged PSC.1-2012 as a key foundational document but involved input from a wider range of international stakeholders (governments, PSCs, civil society). The goal was to create a globally applicable standard for managing security operations responsibly. (Result 1.1, 3.3, 3.5, 4.4, 5.1, 6.2)

2. Scope and Focus Naming:

  • PSC.1: Titled as a system for "Quality of Private Security Company Operations." Its focus emphasizes establishing processes to consistently deliver quality security services that meet client requirements while managing risks and adhering to ethical/legal obligations. (Result 1.1, 1.2, 2.1)
  • ISO 18788: Defined as a "Security Operations Management System (SOMS)." While encompassing quality management principles, the framing is slightly broader, covering the overall business and risk management framework specifically for conducting security operations. (Result 1.2, 2.1, 2.2, 2.3, 3.1)
  • Core Content Overlap: Despite the naming difference, both standards cover virtually the same essential ground: risk assessment and management, establishing policies and objectives, ensuring personnel competence, operational planning and control, legal and regulatory compliance, incident management, performance evaluation, and crucially, respect for human rights based on frameworks like the Montreux Document and the International Code of Conduct (ICoC). (Result 1.2, 1.3, 1.5, 3.1, 3.5, 4.1, 4.4)

3. Structure and Integration:

  • ISO 18788: Follows the ISO High-Level Structure (HLS) defined in Annex SL. This is the standardized 10-clause structure used across modern ISO management system standards (like ISO 9001 for Quality, ISO 14001 for Environment, ISO 45001 for Occupational Health & Safety). This common structure makes it significantly easier for organizations to implement an integrated management system covering multiple disciplines. (Result 1.1, 3.1, 3.3)
  • PSC.1 (2012): Did not follow the HLS/Annex SL structure, making integration with other ISO standards slightly more complex, requiring mapping between different clause structures.
  • PSC.1 (2022): The latest revision likely adopted or moved much closer to the HLS/Annex SL structure to improve alignment and integration capabilities, reflecting the evolution of management system standards globally. (References to 2022 version exist, e.g., Result 1.1, 1.3, 3.2, 5.1)

4. Recognition and Application:

  • PSC.1: Holds primary recognition within the United States, particularly for fulfilling contractual requirements set by US government agencies like the DoD and DoS for PSCs operating overseas. (Result 3.3, 4.4, 5.1)
  • ISO 18788: Has broader international recognition. It is increasingly preferred or required by international organizations, NGOs, multinational corporations, and non-US governments when procuring security services globally. (Result 2.3, 4.1)
  • Equivalency: The US Department of Defense explicitly recognizes ISO 18788 certification as an acceptable alternative to PSC.1 certification for meeting its contractual standards requirements. (Result 4.4, 5.1, 5.2)

5. Certification:

  • Both standards are designed for third-party certification.
  • Due to the substantial overlap in requirements, Certification Bodies like MSS Global and Intertek often offer integrated or combined audits, allowing companies to achieve certification to both standards efficiently. (Result 2.3, 3.6, 4.2) Holding both can be beneficial for companies with both US government contracts and international commercial or governmental clients.

In-Depth Summary:

While PSC.1 laid critical groundwork as a US national standard focusing on quality assurance and responsible conduct for PSCs (driven largely by US gov needs), ISO 18788 represents the international evolution of these principles into a globally recognized Security Operations Management System framework. ISO 18788 benefits from the standardized HLS structure, facilitating integration with other management systems and gaining broader international acceptance. PSC.1 remains highly relevant within the US context, especially for specific government contracts. Because their core requirements—particularly regarding risk management, legal obligations, and human rights—are so closely aligned, they are often viewed and accepted as functionally equivalent for ensuring responsible private security operations. Many leading PSCs pursue certification to both to meet diverse client and stakeholder expectations.

Main Sections

  • Foreword
  • Introduction
  • 1 Scope
  • 3 Terms and definitions
  • 4 Context of the organization
    • 4.1 Understanding the organization and its context
      • 4.1.1 General    
      • 4.1.2 Internal context    
      • 4.1.3 External context    
      • 4.1.4 Supply chain and subcontractor mapping and analysis    
      • 4.1.5 Defining risk criteria    
         
    • 4.2 Understanding the needs and expectations of stakeholders    
    • 4.3 Determining the scope of the security operations management system    
    • 4.4 Security operations management system    
  • 5 Leadership
    • 5.1 Leadership and commitment
      • 5.1.1 General    
      • 5.1.2 Statement of Conformance    
         
    • 5.2 Policy    
    • 5.3 Organization roles, responsibilities and authorities    
       
  • 6 Planning
    • 6.1 Actions to address risks and opportunities
      • 6.1.1 General    
      • 6.1.2 Legal and other requirements    
      • 6.1.3 Internal and external risk communication and consultation    
         
    • 6.2 Security operations objectives and planning to achieve them
      • 6.2.1 General    
      • 6.2.2 Achieving security operations and risk treatment objectives    
         
       
  • 7 Support
    • 7.1 Resources
      • 7.1.1 General    
      • 7.1.2 Structural requirements    
         
    • 7.2 Competence
      • 7.2.1 General    
      • 7.2.2 Competency identification    
      • 7.2.3 Training and competence evaluation    
      • 7.2.4 Documentation    
         
    • 7.3 Awareness    
    • 7.4 Communication
      • 7.4.1 General    
      • 7.4.2 Operational communications    
      • 7.4.3 Risk communications    
      • 7.4.4 Communicating complaint and grievance procedures    
      • 7.4.5 Communicating whistle-blower policy    
         
    • 7.5 Documented information
      • 7.5.1 General    
      • 7.5.2 Creating and updating    
      • 7.5.3 Control of documented information    
         
       
  • 8 Operation
    • 8.1 Operational planning and control
      • 8.1.1 General    
      • 8.1.2 Performance of security-related functions    
      • 8.1.3 Respect for human rights    
      • 8.1.4 Prevention and management of undesirable or disruptive events    
         
    • 8.2 Establishing norms of behaviour and codes of ethical conduct    
    • 8.3 Use of force
      • 8.3.1 General    
      • 8.3.2 Weapons authorization    
      • 8.3.3 Use of force continuum    
      • 8.3.4 Less-lethal force    
      • 8.3.5 Lethal force    
      • 8.3.6 Use of force in support of law enforcement    
      • 8.3.7 Use of force training    
         
    • 8.4 Apprehension and search
      • 8.4.1 Apprehension of persons    
      • 8.4.2 Search    
         
    • 8.5 Operations in support of law enforcement
      • 8.5.1 Law enforcement support    
      • 8.5.2 Detention operations    
         
    • 8.6 Resources, roles, responsibility and authority
      • 8.6.1 General    
      • 8.6.2 Personnel    
      • 8.6.3 Procurement and management of weapons, hazardous materials and munitions    
      • 8.6.4 Uniforms and markings    
         
    • 8.7 Occupational health and safety    
    • 8.8 Incident management
      • 8.8.1 General    
      • 8.8.2 Incident monitoring, reporting and investigations    
      • 8.8.3 Internal and external complaint and grievance procedures    
      • 8.8.4 Whistle-blower policy    
         
       
  • 9 Performance evaluation
    • 9.1 Monitoring, measurement, analysis and evaluation
      • 9.1.1 General    
      • 9.1.2 Evaluation of compliance    
      • 9.1.3 Exercises and testing    
         
    • 9.2 Internal audit    
    • 9.3 Management review
      • 9.3.1 General    
      • 9.3.2 Review input    
      • 9.3.3 Review output    
         
       
  • 10 Improvement
    • 10.1 Nonconformity and corrective action    
    • 10.2 Continual improvement
      • 10.2.1 General    
      • 10.2.2 Change management    
      • 10.2.3 Opportunities for improvement    
         
       

Annexes (Informative)    

  • Annex A: Guidance on the use of this International Standard    
  • Annex B: General principles    
  • Annex C: Getting started - Gap analysis    
  • Annex D: Management systems approach    
  • Annex E: Qualifiers to application    

 

Accelerate Your ISO 18788 Certification: Why Hiring an Expert Consultant Makes Sense

Achieving compliance and certification with ISO 18788:2015 signifies a commitment to the highest standards of professionalism, ethics, and effectiveness in private security operations. As outlined previously, implementing the required Security Operations Management System (SOMS) is a comprehensive and demanding process. While attempting this solely with internal resources is possible, partnering with an experienced ISO 18788 consultant offers significant strategic advantages, often leading to a more efficient, effective, and successful outcome.   

If your organization is considering adopting ISO 18788, here’s why engaging expert external guidance is a smart investment:

1. Deep Standard Expertise & Interpretation

ISO 18788, like any comprehensive management standard, has nuances and requires careful interpretation. An experienced consultant specializes in this standard. They understand the intent behind each clause, common implementation pitfalls, and how requirements apply across different operational contexts. This deep knowledge prevents misinterpretations and ensures your SOMS is genuinely compliant, not just superficially aligned.   

2. Efficiency and Speed to Implementation/Certification

Developing a compliant SOMS from scratch involves a steep learning curve. A consultant brings proven methodologies, templates (that they will help customize), and a clear roadmap based on previous implementations. This significantly accelerates the process, saving countless internal hours that would otherwise be spent on research, trial-and-error, and document drafting. They guide you directly to what needs to be done, minimizing wasted effort.

3. Objective Gap Analysis and Unbiased Assessment

It can be difficult for internal teams to objectively assess their own established processes and identify shortcomings against a new standard. An external consultant provides a fresh, unbiased perspective. They can conduct a thorough gap analysis, pinpointing precisely where your current operations meet the standard and where improvements are needed, free from internal politics or familiarity blindness.   

4. Resource Optimization: Saving Time and Internal Costs

While there's a fee for consulting services, consider the hidden costs of a purely internal approach: the extensive time your key personnel (management, operations, HR) must divert from their core duties, the potential costs of mistakes or rework, and the risk of a delayed or failed certification audit. A consultant streamlines the effort, often resulting in a more cost-effective path to compliance when internal resource time is factored in.

5. Tailored Solutions, Not Just Templates

A good consultant doesn't just hand you a template. They work to understand your specific organization, operational environment, risk profile, and client requirements. They help tailor the ISO 18788 framework and documentation to be practical, effective, and value-adding for your business, rather than creating a generic system that hinders operations.   

6. Navigating Documentation Requirements

ISO 18788 requires significant documented information (policies, procedures, risk assessments, logs, records). Knowing what needs to be documented, how to document it effectively, and how to manage it can be daunting. Consultants provide expert guidance to ensure your documentation is compliant, efficient, and genuinely useful for managing operations.   

7. Expert Audit Preparation

The certification audit is the final hurdle. Consultants with experience in ISO 18788 know exactly what third-party auditors look for. They can help conduct readiness reviews, prepare your team for audit interviews, and ensure all necessary evidence is organized and available, significantly increasing your chances of passing the certification audit successfully on the first attempt.

8. Leveraging Broad Industry Experience

An experienced consultant (especially one with decades in the field) brings insights and best practices learned from working with various organizations and scenarios within the security industry. This broad perspective adds immense value beyond simply interpreting the standard's text.

Conclusion: An Investment in Success

Implementing ISO 18788 is a strategic initiative that enhances credibility, manages risk, and improves operational quality. While challenging, the journey is significantly smoother and more certain with an experienced guide. Hiring an ISO 18788 consultant isn't just an expense; it's an investment in efficiency, expertise, and achieving your compliance and certification goals effectively, allowing your team to focus on delivering outstanding security services.   

Partnering with the right ISO 18788 consultant can transform a complex compliance challenge into a strategic advantage for your security operations.

Page 1 of 2

Main Menu
ISO 18788 Analysis
Search ISO 18788