1、BSI Standards PublicationBS ISO 28007-1:2015Ships and marine technology Guidelines for PrivateMaritime Security Companies(PMSC) providing privatelycontracted armed securitypersonnel (PCASP) on boardships (and pro forma contract)Part 1: GeneralBS ISO 28007-1:2015 BRITISH STANDARDNational forewordThis
2、 British Standard is the UK implementation of ISO 28007-1:2015. It supersedes PD ISO/PAS 28007:2012 which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee GW/8/1, Security Management Systems in Complex Environments - Marine Security.A list of organizations re
3、presented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2015.Published by BSI Standards Limited 2015ISBN 978 0
4、 580 81548 5ICS 03.080.20; 47.040Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 March 2015.Amendments/corrigenda issued since publicationDate T e x t a f f e
5、 c t e dBS ISO 28007-1:2015 ISO 2015Ships and marine technology Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) Part 1: GeneralNavires et technologie maritime Guide destin aux socits pri
6、ves de scurit maritime (PMSC) fournissant des agents de protection arms embarqus sous contrat priv (PCASP) bord de navires (et contrat pro forma) Partie 1: GnralitsINTERNATIONAL STANDARDISO28007-1First edition2015-04-01Reference numberISO 28007-1:2015(E)BS ISO 28007-1:2015ISO 28007-1:2015(E)ii ISO 2
7、015 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2015All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, w
8、ithout prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in Swi
9、tzerlandBS ISO 28007-1:2015ISO 28007-1:2015(E)Foreword vIntroduction vi1 Scope . 12 Normative references 13 Terms and definitions . 14 Security management system elements for Private Maritime Security Companies (PMSC) . 34.1 General requirements . 34.1.1 Understanding the PMSC and its context . 34.1
10、.2 Understanding the needs and expectations of interested parties 44.1.3 Determining the scope of the security management system 44.1.4 Security management system . 44.1.5 Leadership and commitment 44.1.6 Competence 54.1.7 Organizational roles, responsibilities and authorities 54.1.8 Structure of th
11、e organization 64.1.9 Financial stability of the organization . 64.1.10 Outsourcing and subcontracting 74.1.11 Insurance 74.2 Planning 74.2.1 Security management policy . 74.2.2 Actions to address risks and opportunities 84.2.3 Security objectives and plans to achieve them 84.2.4 Legal, statutory an
12、d other regulatory requirements 94.2.5 Authorization and licensing of firearms and security related equipment 104.3 Resources 114.3.1 General. 114.3.2 Selection, background screening and vetting of security personnel, including PCASP 114.3.3 Selection, background screening and vetting of sub-contrac
13、tors 124.4 Training and awareness . 124.4.1 General. 124.4.2 Training standards 124.4.3 Training procedures and protocols 134.4.4 Firearms training 144.4.5 Training records 154.5 Communication and awareness 154.5.1 Awareness .154.5.2 Internal and external communication 154.6 Documented information a
14、nd records 164.6.1 General. 164.6.2 Control of documented information 165 Operation 175.1 Operational planning and control . 175.2 Command and control of security personnel including security team, size, composition and equipment 185.2.1 Command and control 185.2.2 Size and composition of security t
15、eam 185.3 Guidance on Rules for the Use of Force (RUF) 195.4 Incident management and emergency response195.5 Incident monitoring, reporting and investigation .205.6 Scene management and protection of evidence 205.7 Casualty management 21 ISO 2015 All rights reserved iiiContents PageBS ISO 28007-1:20
16、15ISO 28007-1:2015(E)5.8 Health safety environment 215.9 Client complaints, grievance procedures and whistle blowing .216 Performance evaluation 226.1 Monitoring, measurement analysis and evaluation .226.2 Internal audit . 226.3 Management review 236.4 Nonconformity and corrective action 236.5 Conti
17、nual improvement . 23Bibliography .24iv ISO 2015 All rights reservedBS ISO 28007-1:2015ISO 28007-1:2015(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is norm
18、ally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in t
19、he work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the
20、 different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this docume
21、nt may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/
22、patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO prin
23、ciples in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee responsible for this document is ISO/TC 8, Ships and marine technology.This first edition of ISO 28007-1 cancels and replaces ISO/PAS 28007:2012. ISO 2015 All rights reserved vBS
24、ISO 28007-1:2015ISO 28007-1:2015(E)IntroductionISO 28000 is the certifiable security management system standard for organizations which has been developed along the format of other management system standards (ISO 9001 and ISO 14001) with the same management system requirements.ISO 28000 was develop
25、ed in response to demand from industry for a security management standard with the objective to improve the security of supply chains and is certifiable in accordance with the International Accreditation Forum. In effect ISO 28000 is a risk-based quality management system for the security of operati
26、ons and activities conducted by organizations. Organisations seeking to be certified to this International Standard should respect the human rights of those affected by the organisations operations within the scope of this International Standard, including by conforming with relevant legal and regul
27、atory obligations and the UN Guiding Principles on Business and Human Rights. This part of ISO 28007 sets out the guidance for applying ISO 28000 to Private Maritime Security Companies (PMSC).vi ISO 2015 All rights reservedBS ISO 28007-1:2015Ships and marine technology Guidelines for Private Maritim
28、e Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) Part 1: General1 ScopeThis part of ISO 28007 gives guidelines containing additional sector-specific recommendations, which companies (organizations) who comply with ISO
29、 28000 can implement to demonstrate that they provide Privately Contracted Armed Security Personnel (PCASP) on board ships. To claim compliance with these guidelines, all recommendations (“shoulds”) should be complied with.Compliance with this part of ISO 28007 can be by first, second and third part
30、y (certification). Where certification is used, it is recommended the certificate contains the words: “This certification has been prepared using the full guidelines of ISO 28007-1 as a Private Maritime Security Company providing Privately Contracted Armed Security Personnel”.2 Normative referencesT
31、he following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 28000
32、, Specification for security management systems for the supply chain3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.3.1Private Maritime Security CompanyPMSCorganization which provides security personnel, either armed or unarmed or both, on board fo
33、r protection against piracyNote 1 to entry: Henceforth throughout this International Standard, the word “organization” refers to the PMSC.3.2Privately Contracted Armed Security PersonnelPCASParmed employee or subcontractor of the Private Maritime Security Company (PMSC)3.3area of high risk of piracy
34、area identified as having an increased likelihood of piracyINTERNATIONAL STANDARD ISO 28007-1:2015(E) ISO 2015 All rights reserved 1BS ISO 28007-1:2015ISO 28007-1:2015(E)3.4guidance on the procedures or rules for the use of force (RuF)clear policy drawn up by the Private Maritime Security Company (P
35、MSC) for each individual transit operation which sets out the circumstances in which force, to include lethal force, in the delivery of maritime security services may be used in taking account of international law and the law of the flag state3.5Security Management SystemSMSrisk-based security frame
36、work3.6interested party and stakeholdersperson or organization that can affect, be affected by or perceive themselves to be affected by a decision or activityNote 1 to entry: This denotes but is not limited to clients (ship-owners, charterers), the shipping community including seafarers, THE flag ST
37、ATE, impacted communities, coastal STATES, international organizations, P and I clubs and insurers, and security training companies, certification bodies.3.7maritime security servicesservices which range from intelligence and threat assessment to ship hardening and the guarding and protection of peo
38、ple and property (whether armed or unarmed) or any activity for which the company personnel may be required to carry or operate a firearm in the performance of their duties3.8Guiding Principles on Business and Human RightsUNGPsguidance principles to companies on how to respect the human rights of al
39、l those affected by their operations, including developing a human rights policy, taking steps to identify, address and mitigate human rights risks and developing effective operational level grievance mechanisms3.9personnelpersons working for a Private Maritime Security Company (PMSC) whether as a f
40、ull-time or part-time employee or under a contract, including its staff, managers and directors3.10risk assessmentoverall process of risk identification, risk analysis and risk evaluationSOURCE: ISO Guide 73, definition 3.4.13.11firearmsportable barrelled weapon from which projectile(s) can be disch
41、arged by an explosion from the confined burning of a propellant and the associated ammunition, related ancillaries, consumables, spare parts and maintenance equipment used by security personnel at sea3.12securityprocess to pre-empt and withstand intentional, unauthorised act(s) designed to cause har
42、m, damage or disruption3.13home statestate of nationality of a Private Maritime Security Company (PMSC), i.e. where a PMSC is domiciled, registered or incorporated2 ISO 2015 All rights reservedBS ISO 28007-1:2015ISO 28007-1:2015(E)3.14coastal statestate of nationality of the area of transit within c
43、oastal waters3.15security management objectivespecific outcome or achievement required of security in order to meet the security management policy3.16security management policyoverall intentions and direction of an organization, related to the security and the framework for the control of security-r
44、elated processes and activities that are derived from and consistent with the organizations policy and legal and regulatory requirements3.17security related equipmentprotective and communication equipment used by security personnel at sea3.18team leaderdesignated leader of the personnel contracted t
45、o provide security services aboard the ship3.19threat assessmentassessment by the organization, the client and other expert sources on the potential for acts of piracy or other threats to a specific transit or to operations more generally3.20top managementperson or group of people who direct and con
46、trol an organization at the highest level3.21incidentevent that has been assessed as having an actual or potentially adverse effect4 Security management system elements for Private Maritime Security Companies (PMSC)4.1 General requirements4.1.1 Understanding the PMSC and its contextThe organisation
47、should determine and document relevant external and internal factors. These include the international and national legal and regulatory environment including licensing and export/import requirements, the political, the natural and physical environment, the role, perceptions, needs, expectations and
48、risk tolerance of the client and other interested parties and stakeholders as well as key international developments and trends in the home state, flag and coastal states and areas of operation. The organisation should also evaluate and document elements that might impact on its management of risk i
49、ncluding its own organisation and lines of authority for operations, its capabilities in delivering objectives and policies, and the contribution of partners and subcontractors, and any voluntary commitments to which the organisation may subscribe. The evaluation should include the particular circumstances of each operation or transit and the attendant risk factors for the organisation.The organisation should also identify, document and manage as necessary the significant risks identified by the ship owner which have prompted consider
