ISO 18788:2015 – Management System for Private Security Operations
ISO 18788:2015 provides a framework for establishing, implementing, operating, monitoring, reviewing, and improving a management system for private security operations. This international standard is designed to ensure that private security companies (PSCs) uphold human rights, legal compliance and professionalism while delivering security services in both stable and complex environments, including conflict zones and fragile states.
The standard supports risk management and accountability, setting out best practices for the selection, training, deployment, and oversight of security personnel. It is grounded in principles such as respect for applicable law and respect for international humanitarian norms. ISO 18788 aligns closely with ISO 9001 and ISO 28000 and supports compliance with the Montreux Document and the International Code of Conduct for Private Security Service Providers (ICoC).
To begin ISO 18788 certification for your private security firm, contact support@pacificcert.com.
Scope and Applicability
ISO 18788 is applicable to private security service providers that operate in high-risk areas, industrial zones, government and diplomatic compounds, remote logistics operations, and other critical infrastructure sectors. It is suitable for:
- Private military and security contractors
- Corporate security departments
- Maritime security providers
- Mobile convoy and executive protection services
The standard supports the full lifecycle of security operations, from client engagement and risk assessment to incident reporting and performance evaluation. Whether operating locally or across borders, ISO 18788 equips PSCs to deliver consistent, lawful, and accountable services.
Certification Process
Conduct a gap analysis comparing current operations against ISO 18788 requirements
- Define scope and key objectives for the security management system (SMS)
- Map legal, regulatory, and human rights obligations
- Establish policies on use of force, escalation procedures, reporting, and stakeholder engagement
- Train personnel on legal, operational, and ethical guidelines
- Implement risk-based planning, threat assessment, and incident response protocols
- Maintain documentation and conduct internal audits
- Engage with a third-party certification body such as Pacific Certifications for audit and certification
Start your certification process by contacting support@pacificcert.com.
Documentation Required
To achieve ISO 18788 certification, PSCs must maintain:
- Security management system policy and scope
- Risk and threat assessment documentation
- Legal and human rights compliance framework
- Personnel training, vetting, and deployment records
- Incident response procedures and reporting templates
- Operational planning documents and SOPs
- Contracts, use-of-force guidelines, and ethical conduct codes
- Internal audit logs and corrective action reports
Pacific Certifications offers full support, contact us today at support@pacificcert.com.
Eligibility Criteria
Organizations eligible for ISO 18788 certification must be involved in private security services. Eligibility includes:
- Established security contractors and PSCs operating nationally or internationally
- Companies providing armed or unarmed security personnel
- Entities contracted to protect persons, property, and assets in conflict-sensitive or high-risk areas
A demonstrated commitment to risk-based management, legality, and continual improvement is essential.
Certification Costs
Costs depend on:
- Size and complexity of operations
- Geographic scope (single country vs. multinational)
- Number of sites and personnel
- Integration with other standards (e.g., ISO 9001, ISO 28000)
For a custom quotation, contact us at support@pacificcert.com.
Certification Timeline
- Initial Gap Assessment: 2–3 weeks
- Policy, Risk, and Compliance Framework Development: 3–5 weeks
- Implementation and Training: 4–6 weeks
- Internal Review and External Audit: 2–3 weeks
Total duration: 10 to 14 weeks, depending on scale and readiness.
Requirements of ISO 18788:2015
Key requirements include:
- Governance and Legal Compliance: Ensure all services adhere to national and international laws, licensing requirements, and human rights frameworks.
- Risk Management: Establish a structured risk identification, assessment, and mitigation process, particularly for high-threat zones.
- Client and Stakeholder Engagement: Maintain transparent communications with clients, communities, and regulatory authorities.
- Operational Planning: Define SOPs for patrols, access control, surveillance, protection, and emergency response.
- Use of Force Protocols: Provide clear guidance and training on escalation, restraint, and proportional response.
- Personnel Competency: Vet and train staff for cultural sensitivity, legal awareness, and mission-specific readiness.
- Monitoring and Continuous Improvement: Evaluate performance through incident logs, debriefings, internal audits, and stakeholder feedback.
Benefits of ISO 18788 Certification
- Demonstrates legal and ethical compliance in high-risk environments
- Enhances reputation with clients, governments, and international bodies
- Mitigates operational, reputational, and legal risks
- Increases competitiveness in tenders and contracts requiring verified accountability
- Strengthens internal governance and stakeholder trust
- Supports integration with ISO 9001 (quality), ISO 14001 (environment), and ISO 28000 (security management)
As the global demand for private security grows—especially in humanitarian, diplomatic, and critical infrastructure sectors—there is increasing scrutiny over the ethical conduct and transparency of PSCs. ISO 18788 provides an internationally agreed-upon structure for compliance and risk-based operations.
Governments, UN agencies, and corporate clients are increasingly requiring ISO 18788 compliance as a prerequisite for procurement. It supports the Montreux Document and ICoC frameworks, aligning PSC operations with global human rights and accountability standards.
How Pacific Certifications Can Help
Pacific Certifications offers complete services for ISO 18788 certification. Our experienced auditors understand the operational, legal, and ethical challenges of private security service delivery.
We provide:
- Gap analysis and risk assessments
- Policy and operational procedure development
- Staff training on compliance and ethics
- Incident management system setup
- Third-party certification audits and surveillance
Start securing your compliance and reputation, contact support@pacificcert.com and get certified!
Frequently Asked Questions (FAQs)
Is ISO 18788 certification legally required?
No, but it is often mandated by international clients and procurement frameworks.
Can armed services be certified under ISO 18788?
Yes. The standard explicitly covers armed and unarmed services.
How does ISO 18788 support human rights?
By embedding legal compliance, due diligence, and oversight into the operational management system.
Can this standard be integrated with ISO 9001 or ISO 28000?
Yes, it aligns well with both for quality and supply chain security management.
How long is the certificate valid?
3 years, with annual surveillance audits.
Ready to get ISO ISO 18788:2015 certified?
Contact Pacific Certifications to begin your certification journey today!
Suggested Certifications –