Private Security Companies:

The Department of Defense, to include Geographic Combatant Commanders, may contract for private security functions to fulfill non-combat requirements for security in Contingency Operations, Humanitarian or Peace Operations, and other military operations or exercises. Private security functions include guarding of personnel, facilities, designated sites, or property of a Federal agency, the contractor or subcontractor, or a third party. The use of force by PSCs is limited to self-defense, the defense of others and the protection of U.S. Government property. Deadly force can only be used in response to an imminent lethal threat to persons protected by the PSC, PSC personnel themselves, or to prevent the loss or destruction of inherently dangerous property or critical infrastructure. PSCs may not engage in combat, which is defined as deliberate destructive action against hostile armed forces or other armed actors. It is the policy of the Department of Defense that PSCs must be regularly established, registered, well regulated, rigidly disciplined, properly staffed with carefully selected operating personnel. This policy extends to include any other activity for which personnel are required to carry weapons in the performance of their duties. This policy reflects U.S. law and is implemented through Department of Defense Directives, Instructions, and acquisition policy, to include the use of rigorous and verifiable business and operational standards.

DoD Goal for PSCs:

Contracted private security functions remain a legitimate and effective method for providing non-inherently governmental protection of personnel, property, and activities in contingencies, areas of other significant military operations, peace operations, and designated military exercises where there is a credible threat of criminal or other unlawful violence and where the use of military or other government security forces are unavailable, insufficient, or inappropriate.

• The use of force in such protective services is limited to self-defense and defense of others against unlawful attack.


• Services must be provided using methods and techniques that promote, and do not undermine, long-term stability and security of the region in which these services are performed.


• Misconduct on the part of an PSC affects the ability of all PSCs to operate. Therefore, contracted security functions should be performed to quality standards common to all private security providers, regardless of contracting entity.

U.S. Law:

In addition to the laws and acquisition regulations that apply to all contingency contracting, the following laws and regulations are particularly applicable to PSCs and other armed contractors:

• OMB Circular A-76 and OMB Procurement Policy Letter outlines functions that are inherently governmental or military and cannot be contracted out.


• The International Traffic in Arms Regulations (ITAR) governs the export of defense Articles and defense services.


• National Defense Authorization Action 2011 (Section 862) governs the selection use, and limitations on US Government use of PSCs.


• Title 32, Part 159 of the Code of Federal Regulations implements the statutory requirements of Section 862.


• Title 48, (Federal Acquisition Regulations) Part 25.302 of the Code of Federal Regulations, (Contractors performing private security functions outside the United States) covers the use of PSCs throughout the US Government.


• The Defense Federal Acquisition Regulation Supplement (DFARS) Part 252, Subpart 225-7039 covers contractors performing private security functions requires use of ANSI/ASIS PSC.1 standard and registration in SPOT.

Department of Defense Instructions and Directives:

• DODD 5210.56, Carrying of Firearms and the Use of Force by DoD Personnel Engaged in Security, Law and Order, or Counterintelligence Activities
• DODI 1100.22, Policies and Procedures for Workforce Mix
• DODI 3020.41, Operational Contract Support (OCS)
• DODI 3020.50, Private Security Contractors (PSCs) Operating in Contingency Operations, Humanitarian or Peace Operations, or Other Military Operations or Exercises

Standards:

Section 833 of the National Defense Authorization Act of 2011 required the Defense Department to use business and operational standards in contracting and management of PSCs, with the intent of raising the overall standard of performance of these companies. Pursuant to this requirement, the Department of Defense contracted for the development of consensus based quality management standards. Working through its contract, DoD submitted its standards for recognition by the American National Standards Institute (ANSI). ANSI recognized the standard in March 2012. DFARS 252.225-7039 requires contractors and any subcontracts for private security functions to comply with this standard. To be competitive, proposals for PSC functions will include evidence of standards compliance. (Contracting offices may specify what is considered acceptable evidence.)

• Management System for Quality of Private Security Company Operations - Requirements with Guidance, ANSI/ASIS PSC.1-2012 - March 5, 2012

DoD also commissioned the development of the ANSI into an international standard. This work was published by the International Organization for Standardization (ISO) them as ISO 18788 - 2015: Management System Private Security Operations: Requirements with Guidance on 18 September 2015. The substance of the ISO and ANSI standards are the same. Companies that are in compliance with PSC.1 will also be in substantial conformance with the ISO standard. DFARS 252.225-7039 accepts ISO 18788 as an alternative to compliance with ANSI/ASIS PSC.1-2012. Interested persons should contact The Office of the Deputy Assistant Secretary (Program Support) for more information about this standard and its use in meeting DoD requirements for standards compliance.

These standards are accompanied by a conformity assessment standard, ANSI/ASIS PSC.2-2012 Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations. This standard supplements and builds upon ISO/IEC Standard 17021:2011 Conformity Assessment - Requirements for bodies providing audit and certification of management systems. Whereas the ISO/IEC standard provides general guidance for conformity assessment to any management standard, the ANSI/ASIS PSC.2 standard is specific to the requirements of auditing private security functions. It includes requirements and guidance on the management of audit programs, conduct of internal or external audit of the management system and private security company operations, human rights considerations, as well as the competence and evaluation of auditors. The PSC.2 standard enables certification bodies to become accredited for and to provide independent, third party audits of PSCs. Such certification will provide a measure of due diligence in the selection of PSCs, by providing an independent review that a company can in fact, operate in accordance with the good practices of The Montreux Document On Pertinent Legal Obligations and Good Practices for States Related to Operations of Private Military and Security Companies During Armed Conflict and the International Code of Conduct for Private Security Service Providers.

• ANSI/ASIS PSC.2-2012 Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations.

The American National Standards Institute, through its accreditation body (ANAB) published rules for accrediting certification bodies and auditors to audit and certify PSCs to the PSC.1 standard (May 2013). Following a pilot certification program, the United Kingdom Accreditation Service has accredited two certification bodies to conduct conformity assessments. The Joint Accreditation System of Australia and New Zealand is developing its own program for certifying PSCs in its region.

The PSC operations standard is supported by a maturity model. The Department of Defense contracted for the development of this tool to enable PSCs and government contract managers (such as the Defense Contract Management Agency, Inspectors General, Contracting Officers and their representatives) to assess a company's progress towards full conformance with the standard. Rather than being a pass/fail audit, it identifies the degree to which a company has implemented the objectives of the standard and identifies ways to move from where a company is at that moment towards meeting those objectives. This maturity model is also useful for Private sector purchasers of PSC services in assessing whether a PSC under contract with them is implementing the PSC.1 Standard.

• ANSI/ASIS PSC.3-2013 Maturity Model for the Phased Implementation of a Quality Assurance Management System for Private Security Service Providers

These standards are growing international recognition and use. In December 2012, the British Foreign and Commonwealth Office announced that the PSC.1 Standard was required in all overseas contracts for private security services. Australia, the Czech Republic and several other States have either recognized the standard or endorsed its use. Other States are expected to recognize or endorse the international equivalent standard (ISO 18788.) The standards process is marked by a commitment to continual improvement. Consistent with that, the Defense Department initiated a new contract with ASIS International to review and recommend possible revisions to ANSI/ASIS PSC.1-2013 to ensure that it remains relevant, usable, and captures the lessons learned in the time since it was originally published.

International Efforts:

Working with other U.S. Government agencies, the Department of Defense supports international efforts for regulation and oversight of PSCs. These efforts include the development and promotion of the Montreux Document on pertinent international legal obligations and good practices for States Related to operations of Private Military and Security Companies During Armed Conflict; and promotion of the International Code of Conduct for Private Security Service Providers (ICoC). The ICoC is applicable to PSCs and a useful reference for private sector purchasers of PSC services. DoD supports the Department of State in other international efforts at regulation, including private maritime security companies and the work of UN agencies in PSC oversight.

The Montreux Document
The Montreux Document describes existing legal obligations regarding Private Military and Private Security Companies and lists recommended good practices for States which contract for such services as well as the States in which the companies are registered and/or operate. The U.S. Government's support of the Montreux Document is active and continuous.

Regulation of Private Military and Private Security Services by the United States began before Montreux and has continued since then. DoD believes that its policy, directives, instructions, the requirement for compliance with the ANSI or ISO standard for PSCs and its other contracting and regulatory practices implement all of the provisions of the Montreux Document for contracting States. These can be found in the U.S. Laws and Defense Department Directives and Instructions cited above. PSC specific elements include the determination of services, selection and vetting of PSCs, accounting for weapons and other materiel, Rules for the Use of Force, training, and applicability of Host Nation Law. Other elements of national law and standard clauses required by the Federal Acquisition Regulations and Defense supplements (DFARS) apply to all contractors accompanying the force or providing operational support. These laws and implementing clauses cover elements such anti-human trafficking, other personnel welfare provisions, measures against bribery and corruption, and contract management and oversight.

Although oriented on armed conflict, the Montreux Document states that its recommended good practices may also be instructive for post-conflict situations and for other, comparable situations. Further, although addressed to States, the good practices may be of value for other entities such as international organizations, NGOs and companies that contract for private security services, as well as for PMCs and PSCs. Although the Montreux Document is not a binding international agreement, the U.S. Government recognizes the existing legal obligations described in the document and the value of its recommended good practices. DoD's regulations covering PSCs are reviewed for consistency with the Montreux Document and DoD works with other agencies of the U.S. Government for consistency throughout the government and to promote the Montreux Document internationally.

The most significant development specifically intended to support U.S. implementation the Good Principles of the Montreux Document are the consensus based performance standards for PSC operations, described above.

The Montreux Document can be accessed at:
https://www.icrc.org/eng/assets/files/other/icrc_002_0996.pdf

A detailed description of the U.S. Government's implementation of the Montreux Document can be found in a response to a questionnaire on that subject. The Department of Defense promoted the development of a Forum for Montreux Document Participants. The purpose of this forum is to provide an informal consultative arrangement whereby participants in the Montreux Document process can share information, review best practices, work to ensure consistency in national legislation, provide State oversight of the International Code of Conduct initiative, and review application of the goals of the Montreux Document to conditions other than armed conflict and for non-State purchasers of such services. The Forum established a working group for liaison and oversight of the ICoC Association in December 2014 and a second working group applying the Montreux Document in the maritime environment is expected in the coming year.

The International Code of Conduct for Private Security Service Providers (ICoC):
Article 8 of the Introduction to the Montreux Document states: “That while this document is addressed to States, the good practices may be of value for other entities such as international organizations, NGOs and companies that contract PMSCs, as well as for PMSCs themselves.” The PSCs that acted as expert advisors in the development of the Montreux Document accepted this recommendation and approached the Swiss Government to facilitate the development of a tool that would enable the PSC industry to adapt and apply the Montreux Document’s good practices in their own operations. This effort produced the International Code of Conduct for Private Security Service Providers, which was signed by 58 private security providers in Geneva in November 2010. There are hundreds of signatory companies today.

The ICoC represents the PSC industry's commitment to abide by the legal obligations of the Montreux Document and implement the recommended good practices in that document which are appropriate to private security service providers and other practices consistent with broadly accepted human rights principles. The Department of Defense encourages companies to commit to the principles of the ICoC as supporting DoD strategic goals for private security functions. The ICoC remains, however, a voluntary, industry led initiative. It supports implementation of the Montreux Document. It does not impose any obligation on States and States are not parties to the ICoC. Key points of DoD support for this initiative include the understanding that:

• The ICoC does not bind governments and incurs no obligations on the Department of Defense.
• Current U.S. Government requirements for conformance with ANSI/ASIS PSC.1-2012 or ISO 18788 implement the recommended good practices of the Montreux Document and realizes the commitments made by PSCs in the ICoC.
• DoD will not require signature to the ICoC or certification and oversight by the ICoC Association as a condition of any DoD contracts.

Further information about the ICoC can be found at: http://www.icoca.ch/

Guidance on the use of force: The use of force and the potential to use deadly force is the fundamental issue that distinguishes private security contractors from other operational contract support (civilians accompanying the armed forces.) Regulating the use of force and violence is a sovereign prerogative of States and, in many cases, is also subject to the provisions of international law, to include the Law of Armed Conflict and outside of armed conflict, International Human Rights Law. The Department of Defense is involved in several initiatives to ensure that the use of force by PSCs is consistent with international law and the notion of State monopoly of violence.

The Department of Defense works closely with the International Institute of Humanitarian Law in Sanremo, Italy in its Rules of Engagement Workshops and The Sanremo of Rules of Engagement. This handbook is used by armed forces on all six inhabited continents in developing Rules of Engagement (ROE) for their armed forces, including U.S. Geographic Combatant Commands and the Joint Staff. DoD participation helps students understand the differences between armed forces and PSCs and the critical differences between ROE appropriate to armed forces in combat and the Rules for the Use of Force (RUF) for civilian self-defense.

To further clarify this distinction and in recognition that most purchasers of PSC services are not States and international organizations, but come from the private sector (to include NGOs), DoD participates in an initiative sponsored by the United Nations Office on Drugs and Crime (UNODC) to develop a Use of Force Handbook for PSCs. This work is patterned after the Sanremo Handbook and is written by many of the same authors. The difference is its sole focus on use of force appropriate to PSCs rather than a broader work on ROE that can be used to develop RUF. The UNODC initiative also addresses that in many cases, PSCs will not be operating under State issued or approved RUF but under a use of force policy developed by the private sector purchaser of security services or the PSC itself. This UNODC sponsored effort was published in September, 2016 as the Handbook for Use of Force by Private Security Companies by the NGO Oceans Beyond Piracy. It is available on their website. This handbook can be useful for both formal RUF development and use of force policy consistent with recognized PSC operations standards.