PRIVATE SECURITY COMPANIES - Standards
Section 833 of the National Defense Authorization Act of 2011 required the DoD to use business and operational standards in contracting and management of PSCs, with the intent of raising the overall standard of performance of these companies. Pursuant to this requirement, the DoD contracted for the development of consensus based quality management standards. Working through this contract, DoD submitted its standards for recognition by the American National Standards Institute (ANSI). ANSI recognized the standard in March 2012. DFARS 252.225-7039 requires contractors and any subcontracts for private security functions to comply with this standard. Proposals for PSC functions must include evidence of standards compliance. (Contracting offices may specify what is considered acceptable evidence.) The standard was reviewed in 2017 reaffirmed with no substantial changes.
DoD also commissioned the development of the ANSI into an international standard. This work was published by the International Organization for Standardization (ISO) then as ISO 18788 - 2015: Management System Private Security Operations: Requirements with Guidance on 18 September 2015. The substance of the ISO and ANSI standards are the same.
Companies that are in compliance with PSC.1 will also be in substantial conformance with the ISO standard. DFARS 252.225-7039 accepts ISO 18788 as an alternative to compliance with ANSI/ASIS PSC.1. Interested persons should contact The Office of the for more information about this standard and its use in meeting DoD requirements for standards compliance.
These standards are accompanied by a conformity assessment standard, ANSI/ASIS PSC.2-2019 Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations. This standard supplements and builds upon ISO/IEC Standard 17021 Conformity Assessment - Requirements for bodies providing audit and certification of management systems. Whereas the ISO/IEC standard provides general guidance for conformity assessment to any management standard, the ANSI/ASIS PSC.2 standard is specific to the requirements of auditing private security functions. It includes requirements and guidance on the management of audit programs, conduct of internal or external audit of the management system and private security company operations, human rights considerations, as well as the competence and evaluation of auditors. The PSC.2 standard enables certification bodies to become accredited for and to provide independent, third party audits of PSCs. Such certification will provide a measure of due diligence in the selection of PSCs, by providing an independent review that a company can in fact, operate in accordance with the good practices of The Montreux Document On Pertinent Legal Obligations and Good Practices for States Related to Operations of Private Military and Security Companies During Armed Conflict and the International Code of Conduct for Private Security Service Providers. This standard was revised in 2019 to reflect changes in the R2017 version of PSC.1.
The American National Standards Institute, through its accreditation body (ANAB) published rules for accrediting certification bodies and auditors to audit and certify PSCs to the PSC.1 standard (May 2013). The United Kingdom Accreditation Service accredited three certification bodies to conduct conformity assessments. The Joint Accreditation System of Australia and New Zealand also has its own program for certifying PSCs in its region.
The PSC operations standard is supported by a maturity model. The DoD contracted for the development of this tool to enable PSCs and government contract managers (such as the Defense Contract Management Agency, Inspectors General, Contracting Officers and their representatives) to assess a company's progress towards full conformance with the standard. Rather than being a pass/fail audit, it identifies the degree to which a company has implemented the objectives of the standard and identifies ways to move from where a company is at that moment towards meeting those objectives. This maturity model is also useful for Private sector purchasers of PSC services in assessing whether a PSC under contract with them is implementing the PSC.1 Standard.