PRIVATE SECURITY COMPANIES - Standards
Section 833 of the National Defense Authorization Act of 2011 required the Defense Department to use business and operational
standards in contracting and management of PSCs, with the intent of raising the overall standard of performance of these companies.
Pursuant to this requirement, the Department of Defense contracted for the development of consensus based quality management
standards. Working through this contract, DoD submitted its standards for recognition by the American National Standards Institute
(ANSI). ANSI recognized the standard in March 2012. DFARS 252.225-7039 requires contractors and any subcontracts for private security
functions to comply with this standard. Proposals for PSC functions must include evidence of standards compliance. (Contracting offices
may specify what is considered acceptable evidence.) The standard was reviewed in 2017 reaffirmed with no substantial changes.
DoD also commissioned the development of the ANSI into an international standard. This work was published by the International
Organization for Standardization (ISO) then as ISO 18788 - 2015: Management System Private Security Operations: Requirements with
on 18 September 2015. The substance of the ISO and ANSI standards are the same. Companies that are in compliance with PSC.1
will also be in substantial conformance with the ISO standard. DFARS 252.225-7039 accepts ISO 18788 as an alternative to compliance
with ANSI/ASIS PSC.1. Interested persons should contact The Office of the Deputy Assistant Secretary (Program Support) for more
information about this standard and its use in meeting DoD requirements for standards compliance.
These standards are accompanied by a conformity assessment standard, ANSI/ASIS PSC.2-2012 Conformity Assessment and Auditing
Management Systems for Quality of Private Security Company Operations.
This standard supplements and builds upon ISO/IEC Standard
17021 Conformity Assessment - Requirements for bodies providing audit and certification of management systems.
Whereas the ISO/IEC
standard provides general guidance for conformity assessment to any management standard, the ANSI/ASIS PSC.2 standard is specific to the
requirements of auditing private security functions. It includes requirements and guidance on the management of audit programs, conduct of
internal or external audit of the management system and private security company operations, human rights considerations, as well as the
competence and evaluation of auditors. The PSC.2 standard enables certification bodies to become accredited for and to provide independent,
third party audits of PSCs. Such certification will provide a measure of due diligence in the selection of PSCs, by providing an independent
review that a company can in fact, operate in accordance with the good practices of The Montreux Document On Pertinent Legal Obligations and
Good Practices for States Related to Operations of Private Military and Security Companies During Armed Conflict and the International Code
of Conduct for Private Security Service Providers. This standard will begin its ANSI-required 5 year review period shortly. The Department of
Defense expects that there will be no substantial changes.
The American National Standards Institute, through its accreditation body (ANAB) published rules for accrediting certification bodies and
auditors to audit and certify PSCs to the PSC.1 standard (May 2013). The United Kingdom Accreditation Service accredited three certification
bodies to conduct conformity assessments. The Joint Accreditation System of Australia and New Zealand also has its own program for certifying
PSCs in its region.
The PSC operations standard is supported by a maturity model. The Department of Defense contracted for the development of this tool to enable
PSCs and government contract managers (such as the Defense Contract Management Agency, Inspectors General, Contracting Officers and their
representatives) to assess a company's progress towards full conformance with the standard. Rather than being a pass/fail audit, it identifies
the degree to which a company has implemented the objectives of the standard and identifies ways to move from where a company is at that moment
towards meeting those objectives. This maturity model is also useful for Private sector purchasers of PSC services in assessing whether a PSC
under contract with them is implementing the PSC.1 Standard.
These standards are growing international recognition and use. In December 2012, the British Foreign and Commonwealth Office announced that the
PSC.1 Standard was required in all overseas contracts for private security services. Australia, Canada, the Czech Republic and several other States
have either recognized or endorsed PSC.1 or the international equivalent standard (ISO 18788.) As of March 2017, at least 72 companies working in
23 different countries and every inhabited continent are either certified to the standards or nearing certification.