1、BSI Standards PublicationBS ISO 18788:2015Management system forprivate security operations Requirements with guidancefor useBS ISO 18788:2015 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 18788:2015.The UK participation in its preparation was entrusted to Tec
2、hnicalCommittee GW/8, Security Managements Systems in ComplexEnvironments.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctappl
3、ication. The British Standards Institution 2015.Published by BSI Standards Limited 2015ISBN 978 0 580 85900 7ICS 03.080.20; 13.310Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strateg
4、y Committee on 30 September 2015.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS ISO 18788:2015 ISO 2015Management system for private security operations Requirements with guidance for useSystme de management des oprations de scurit prive Exigences et lignes directrices
5、pour son utilisationINTERNATIONAL STANDARDISO18788First edition2015-09-15Reference numberISO 18788:2015(E)BS ISO 18788:2015ISO 18788:2015(E)ii ISO 2015 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2015, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this p
6、ublication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the c
7、ountry of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 18788:2015ISO 18788:2015(E)Foreword vIntroduction vi1 Scope . 12 Normative references 23 Terms and definitions . 24 Con
8、text of the organization 144.1 Understanding the organization and its context 144.1.1 General. 144.1.2 Internal context 144.1.3 External context .144.1.4 Supply chain and subcontractor mapping and analysis154.1.5 Defining risk criteria154.2 Understanding the needs and expectations of stakeholders .1
9、54.3 Determining the scope of the security operations management system 164.4 Security operations management system 165 Leadership .175.1 Leadership and commitment 175.1.1 General. 175.1.2 Statement of Conformance . 175.2 Policy 185.3 Organization roles, responsibilities and authorities .186 Plannin
10、g 196.1 Actions to address risks and opportunities 196.1.1 General. 196.1.2 Legal and other requirements . 206.1.3 Internal and external risk communication and consultation .206.2 Security operations objectives and planning to achieve them .216.2.1 General. 216.2.2 Achieving security operations and
11、risk treatment objectives .227 Support 227.1 Resources 227.1.1 General. 227.1.2 Structural requirements . 237.2 Competence 247.2.1 General. 247.2.2 Competency identification . 247.2.3 Training and competence evaluation 257.2.4 Documentation .257.3 Awareness 257.4 Communication . 257.4.1 General. 257
12、.4.2 Operational communications . 267.4.3 Risk communications 267.4.4 Communicating complaint and grievance procedures 267.4.5 Communicating whistle-blower policy .267.5 Documented information 277.5.1 General. 277.5.2 Creating and updating 277.5.3 Control of documented information 288 Operation 298.
13、1 Operational planning and control . 29 ISO 2015 All rights reserved iiiContents PageBS ISO 18788:2015ISO 18788:2015(E)8.1.1 General. 298.1.2 Performance of security-related functions 308.1.3 Respect for human rights 308.1.4 Prevention and management of undesirable or disruptive events .308.2 Establ
14、ishing norms of behaviour and codes of ethical conduct 308.3 Use of force 308.3.1 General. 308.3.2 Weapons authorization . 318.3.3 Use of force continuum .318.3.4 Less-lethal force.328.3.5 Lethal force 328.3.6 Use of force in support of law enforcement.328.3.7 Use of force training .338.4 Apprehensi
15、on and search . 338.4.1 Apprehension of persons 338.4.2 Search . 338.5 Operations in support of law enforcement 338.5.1 Law enforcement support. 338.5.2 Detention operations 348.6 Resources, roles, responsibility and authority .348.6.1 General. 348.6.2 Personnel . 348.6.3 Procurement and management
16、of weapons, hazardous materials and munitions .368.6.4 Uniforms and markings 368.7 Occupational health and safety 368.8 Incident management 368.8.1 General. 368.8.2 Incident monitoring, reporting and investigations .378.8.3 Internal and external complaint and grievance procedures .378.8.4 Whistle-bl
17、ower policy 389 Performance evaluation 389.1 Monitoring, measurement, analysis and evaluation 389.1.1 General. 389.1.2 Evaluation of compliance 399.1.3 Exercises and testing .399.2 Internal audit . 399.3 Management review 409.3.1 General. 409.3.2 Review input .409.3.3 Review output .4110 Improvement
18、 .4110.1 Nonconformity and corrective action 4110.2 Continual improvement . 4210.2.1 General. 4210.2.2 Change management .4210.2.3 Opportunities for improvement 42Annex A (informative) Guidance on the use of this International Standard 43Annex B (informative) General principles .89Annex C (informati
19、ve) Getting started Gap analysis .92Annex D (informative) Management systems approach .93Annex E (informative) Qualifiers to application 96Bibliography .97iv ISO 2015 All rights reservedBS ISO 18788:2015ISO 18788:2015(E)ForewordISO (the International Organization for Standardization) is a worldwide
20、federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that c
21、ommittee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document
22、 and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives,
23、Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of
24、 the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific t
25、erms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.The committee responsible for this document is Technical C
26、ommittee ISO/TC 292, Security and resilience. ISO 2015 All rights reserved vBS ISO 18788:2015ISO 18788:2015(E)Introduction0.1 GeneralThis International Standard specifies requirements and provides guidance for organizations conducting or contracting security operations. It provides a business and ri
27、sk management framework for the effective conduct of security operations. It is specifically applicable to any organization operating in circumstances where governance may be weak or rule of law undermined due to human or naturally caused events. Using a Plan-Do-Check-Act approach, this Internationa
28、l Standard provides a means for organizations conducting or contracting security operations to demonstrate:a) adequate business and risk management capacity to meet the professional requirements of clients and other stakeholders;b) assessment and management of the impact of their activities on local
29、 communities;c) accountability to law and respect for human rights; d) consistency with voluntary commitments to which the organization subscribes.NOTE 1 This International Standard is not intended to place additional burdens on general guarding services outside these specific circumstances.This Int
30、ernational Standard draws on provisions from, and provides a mechanism to demonstrate compliance with, relevant principles, legal obligations, voluntary commitments and good practices of the following documents: Montreux Document on Pertinent International Legal Obligations and Good Practices for St
31、ates related to Operations of Private Military and Security Companies during Armed Conflict (09/2008); International Code of Conduct for Private Security Service Providers (ICoC) (11/2010); Guiding Principles on Business and Human Rights; Implementing the United Nations “Protect, Respect and Remedy”
32、 Framework (2011).NOTE 2 The International Code of Conduct reflects 1) the legal obligations and good practices of the Montreux Document (including the provisions detailing the human rights law and humanitarian law applicable to security providers), and 2) the relevant principles of the “Protect, Re
33、spect and Remedy” framework as operationalized in the Guiding Principles on Business and Human Rights.NOTE 3 Although specifically addressed to states and armed conflict, the Montreux Document is also instructive in similar conditions and for other entities.Private security operations perform an imp
34、ortant role in protecting state and non-state clients engaged in relief, recovery, and reconstruction efforts; commercial business operations; development activities; diplomacy; and military activity. This International Standard is applicable for any type of organization conducting or contracting se
35、curity operations, particularly in environments where governance might be weak or the rule of law undermined due to human or naturally caused events. The organization, in close coordination with legitimate clients and state actors, needs to adopt and implement the standards necessary to ensure that
36、human rights and fundamental freedoms are adhered to in order to safeguard lives and property, and that untoward, illegal, and excessive acts are prevented. This means that organizations engaging in security operations manage the utilization of tactics, techniques, procedures, and equipment, includi
37、ng weapons, in such a way as to achieve both operational and risk management objectives. The purpose of this International Standard is to improve and demonstrate consistent and predictable security operations maintaining the safety and security of their clients within a framework that aims to ensure
38、 respect for human rights, national and international laws, and fundamental freedoms. NOTE 4 For the purposes of this International Standard, national laws can include those of the country of the organization, countries of its personnel, the country of operations and country of the client.vi ISO 201
39、5 All rights reservedBS ISO 18788:2015ISO 18788:2015(E)This International Standard builds on the principles found in international human rights law and international humanitarian law (IHL). It provides auditable criteria and guidance that support the objectives of the Montreux Document on Pertinent
40、International Legal Obligations and Good Practices for States related to Operations of Private Military and Security Companies during Armed Conflict of 17 September 2008; the International Code of Conduct for Private Security Service Providers (ICoC) of 9 November 2010; and the Guiding Principles on
41、 Business and Human Rights; Implementing the United Nations “Protect, Respect and Remedy” Framework 2011.This International Standard provides a means for organizations, and their clients, to implement the legal obligations and recommended good practices of the Montreux Document and to provide demons
42、trable commitment, conformance and accountability to respect the principles outlined in the ICoC, as well as other international documents related to human rights and voluntary commitments, such as Guiding Principles on Business and Human Rights; Implementing the United Nations “Protect, Respect and
43、 Remedy” Framework 2011 and Voluntary Principles on Security and Human Rights (2000).Given that organizations that conduct and contract security operations have become important elements for supporting peace, stability, development and commercial efforts in regions where the capacity of societal ins
44、titutions have become overwhelmed by human and natural caused disruptive events, their operations face a certain amount of risk. The challenge is to determine how to cost-effectively manage risk while meeting the organizations strategic and operational objectives within a framework that protects the
45、 safety, security and human rights of internal and external stakeholders, including clients and affected communities. Organizations need to conduct their business and provide services in a manner that respects human rights and laws. Therefore, they and their clients have an obligation to carry out d
46、ue diligence to identify risks, prevent incidents, mitigate and remedy the consequences of incidents, report them when they occur, and take corrective and preventive actions to avoid a reoccurrence. This International Standard provides a basis for clients to differentiate which organizations can pro
47、vide services at the highest professional standards consistent with stakeholder needs and rights.Protecting both tangible and intangible assets is a critical task for the viability, profitability and sustainability of any type of organization (public, private, or not-for-profit). This transcends the
48、 protection of just physical, human and information assets; it also includes protecting the image and reputation of companies and their clients. Protecting assets requires a combination of strategic thinking, problem solving, process management and the ability to implement programmes and initiatives
49、 to correspond with the context of the organizations operations and their risks.Core to the success of implementing this International Standard is embedding the values of the Montreux Document and the ICoC into the culture and range of activities of the organization. Integrating these principles into enterprise-wide management of the organization requires a long-term commitment to cultural change by top management, including leadership, time, attention and resources both monetary and physical. By using this International Standard, organizations