PRIVATE SECURITY COMPANIES - Standards
Section 833 of the National Defense Authorization Act of 2011 required the Defense Department to use business and
operational standards in contracting and management of PSCs, with the intent of raising the overall standard of
performance of these companies. Pursuant to this requirement, the Department of Defense contracted for the development
of consensus based quality management standards. Working through its contract, DoD submitted its standards for
recognition by the American National Standards Institute (ANSI). ANSI recognized the standard in March 2012. DFARS
252.225-7039 requires contractors and any subcontracts for private security functions to comply with this standard.
To be competitive, proposals for PSC functions will include evidence of standards compliance. (Contracting offices
may specify what is considered acceptable evidence.) The standard completed its initial 5 year review and was
recommended for reaffirmation with no substantial changes.
DoD also commissioned the development of the ANSI into an international standard. This work was published by the International
Organization for Standardization (ISO) them as ISO 18788 - 2015: Management System Private Security Operations: Requirements
on 18 September 2015. The substance of the ISO and ANSI standards are the same. Companies that are in compliance
with PSC.1 will also be in substantial conformance with the ISO standard. DFARS 252.225-7039 accepts ISO 18788 as an alternative to
compliance with ANSI/ASIS PSC.1-2012. Interested persons should contact The Office of the Deputy Assistant Secretary (Program
Support) for more information about this standard and its use in meeting DoD requirements for standards compliance.
These standards are accompanied by a conformity assessment standard, ANSI/ASIS PSC.2-2012 Conformity Assessment and Auditing
Management Systems for Quality of Private Security Company Operations
. This standard supplements and builds upon ISO/IEC
Standard 17021:2011 Conformity Assessment - Requirements for bodies providing audit and certification of management
. Whereas the ISO/IEC standard provides general guidance for conformity assessment to any management standard, the
ANSI/ASIS PSC.2 standard is specific to the requirements of auditing private security functions. It includes requirements and
guidance on the management of audit programs, conduct of internal or external audit of the management system and private security
company operations, human rights considerations, as well as the competence and evaluation of auditors. The PSC.2 standard enables
certification bodies to become accredited for and to provide independent, third party audits of PSCs. Such certification will
provide a measure of due diligence in the selection of PSCs, by providing an independent review that a company can in fact,
operate in accordance with the good practices of The Montreux Document On Pertinent Legal Obligations and Good Practices for
States Related to Operations of Private Military and Security Companies During Armed Conflict and the International Code of
Conduct for Private Security Service Providers. This standard will begin its ANSI-required 5 year review period shortly. The
Department of Defense expects that there will be no substantial changes.
The American National Standards Institute, through its accreditation body (ANAB) published rules for accrediting certification
bodies and auditors to audit and certify PSCs to the PSC.1 standard (May 2013). Following a pilot certification program, the
United Kingdom Accreditation Service has accredited two certification bodies to conduct conformity assessments. The Joint
Accreditation System of Australia and New Zealand is developing its own program for certifying PSCs in its region.
The PSC operations standard is supported by a maturity model. The Department of Defense contracted for the development of this
tool to enable PSCs and government contract managers (such as the Defense Contract Management Agency, Inspectors General,
Contracting Officers and their representatives) to assess a company's progress towards full conformance with the standard.
Rather than being a pass/fail audit, it identifies the degree to which a company has implemented the objectives of the standard
and identifies ways to move from where a company is at that moment towards meeting those objectives. This maturity model is
also useful for Private sector purchasers of PSC services in assessing whether a PSC under contract with them is implementing
the PSC.1 Standard.
These standards are growing international recognition and use. In December 2012, the British Foreign and Commonwealth Office
announced that the PSC.1 Standard was required in all overseas contracts for private security services. Australia, the Czech
Republic and several other States have either recognized or endorsed PSC.1 or the international equivalent standard (ISO 18788.)
As of March 2017, at least 54 companies working in 17 different countries and every inhabited continent are either certified
to the standards or nearing certification.