ISO 18788 ISO 28007

ISO 18788:2015 Prévisualiser

Système de management des opérations de sécurité privées -- Exigences et lignes directrices pour son utilisation

L'ISO 18788:2015 fournit un cadre organisationnel permettant d'établir, de mettre en œuvre, d'exploiter, de surveiller, de réviser, d'entretenir et d'améliorer le management des opérations de sécurité.

Elle pose les principes et les exigences d'un système de management des opérations de sécurité (SMOS). Elle donne un cadre organisationnel de management des activités et des risques à destination des organismes menant ou sous-traitant des opérations de sécurité, ainsi que les activités et fonctions associées tout en démontrant:

a) une conduite professionnelle des opérations de sécurité en vue de satisfaire aux exigences des clients et autres parties prenantes;

b) une responsabilité vis-à-vis du droit et du respect des droits de l'homme;

c) une cohérence par rapport aux engagements volontaires auxquels ils ont souscrit.

L'ISO 18788:2015 est applicable à tout organisme ayant besoin:

a) d'établir, de mettre en œuvre, d'entretenir et d'améliorer un SMOS;

b) d'évaluer sa conformité à sa politique déclarée de management des opérations de sécurité;

c) de démontrer sa capacité à proposer constamment des services répondant aux besoins des clients et conformes au droit international, national et local ainsi qu'aux exigences de respect des droits de l'homme.

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1.  In particular the different approval criteria needed for the different types of ISO documents should be noted.  This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.  Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL:  Foreword - Supplementary information

The committee responsible for this document is ISO/TC 8, Ships and marine technology.

This first edition of ISO 28007-1 cancels and replaces ISO/PAS 28007:2012.


ISO 28000 is the certifiable security management system standard for organizations which has been developed along the format of other management system standards (ISO 9001 and ISO 14001) with the same management system requirements.

ISO 28000 was developed in response to demand from industry for a security management standard with the objective to improve the security of supply chains and is certifiable in accordance with the International Accreditation Forum. In effect ISO 28000 is a risk-based quality management system for the security of operations and activities conducted by organizations. Organisations seeking to be certified to this International Standard should respect the human rights of those affected by the organisations operations within the scope of this International Standard, including by conforming with relevant legal and regulatory obligations and the UN Guiding Principles on Business and Human Rights. This part of ISO 28007 sets out the guidance for applying ISO 28000 to Private Maritime Security Companies (PMSC).

1   Scope

This part of ISO 28007 gives guidelines containing additional sector-specific recommendations, which companies (organizations) who comply with ISO 28000 can implement to demonstrate that they provide Privately Contracted Armed Security Personnel (PCASP) on board ships. To claim compliance with these guidelines, all recommendations (“shoulds”) should be complied with.

Compliance with this part of ISO 28007 can be by first, second and third party (certification). Where certification is used, it is recommended the certificate contains the words: “This certification has been prepared using the full guidelines of ISO 28007-1 as a Private Maritime Security Company providing Privately Contracted Armed Security Personnel”.

2   Normative references

The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

  • ISO 28000, Specification for security management systems for the supply chain

3   Terms and definitions

For the purposes of this document, the following terms and definitions apply.


Private Maritime Security Company


organization which provides security personnel, either armed or unarmed or both, on board for protection against piracy

Note 1 to entry: Henceforth throughout this International Standard, the word “organization” refers to the PMSC.


Privately Contracted Armed Security Personnel


armed employee or subcontractor of the Private Maritime Security Company (PMSC)


area of high risk of piracy

area identified as having an increased likelihood of piracy


guidance on the procedures or rules for the use of force (RuF)

clear policy drawn up by the Private Maritime Security Company (PMSC) for each individual transit operation which sets out the circumstances in which force, to include lethal force, in the delivery of maritime security services may be used in taking account of international law and the law of the flag state


Security Management System


risk-based security framework


interested party and stakeholders

person or organization that can affect, be affected by or perceive themselves to be affected by a decision or activity

Note 1 to entry: This denotes but is not limited to clients (ship-owners, charterers), the shipping community including seafarers, THE flag STATE, impacted communities, coastal STATES, international organizations, P and I clubs and insurers, and security training companies, certification bodies.


maritime security services

services which range from intelligence and threat assessment to ship hardening and the guarding and protection of people and property (whether armed or unarmed) or any activity for which the company personnel may be required to carry or operate a firearm in the performance of their duties


Guiding Principles on Business and Human Rights


guidance principles to companies on how to respect the human rights of all those affected by their operations, including developing a human rights policy, taking steps to identify, address and mitigate human rights risks and developing effective operational level grievance mechanisms



persons working for a Private Maritime Security Company (PMSC) whether as a full-time or part-time employee or under a contract, including its staff, managers and directors


risk assessment

overall process of risk identification, risk analysis and risk evaluation

[SOURCE: ISO Guide 73, definition 3.4.1]



portable barrelled weapon from which projectile(s) can be discharged by an explosion from the confined burning of a propellant and the associated ammunition, related ancillaries, consumables, spare parts and maintenance equipment used by security personnel at sea



process to pre-empt and withstand intentional, unauthorised act(s) designed to cause harm, damage or disruption


home state

state of nationality of a Private Maritime Security Company (PMSC), i.e. where a PMSC is domiciled, registered or incorporated


coastal state

state of nationality of the area of transit within coastal waters


security management objective

specific outcome or achievement required of security in order to meet the security management policy


security management policy

overall intentions and direction of an organization, related to the security and the framework for the control of security-related processes and activities that are derived from and consistent with the organization’s policy and legal and regulatory requirements


security related equipment

protective and communication equipment used by security personnel at sea


team leader

designated leader of the personnel contracted to provide security services aboard the ship


threat assessment

assessment by the organization, the client and other expert sources on the potential for acts of piracy or other threats to a specific transit or to operations more generally


top management

person or group of people who direct and control an organization at the highest level



event that has been assessed as having an actual or potentially adverse effect