Security Operations Management System
ISO 18788 Management System for Private Security Company Operations is a standard that specifies requirements and provides guidance for organizations conducting or contracting security operations.

ISO 18788:2015 provides framework for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the Security Operations Management System (SOMS). ISO 18788 gives business and risk management the framework for SOMS, while demonstrating conduct of professional security operations to meet clients’ and other stakeholders’ requirements, in addition to accountability to law and respect to Human Rights and consistency with voluntary commitments to which subscribes.

ISO 18788 draws on provisions from and provides mechanism to demonstrate compliance with relevant principles, legal obligations and voluntary commitments and good practices of:

  • The International Code of Conduct for Private Security Providers (ICoC) 2010 
  • The Montreux Document on Pertinent International Obligations and Good Practices for States Related to Operations of Private Military and Security Companies During Armed Conflict, 2008
  • Guiding Principles on Business and Human Rights, Implementing the United Nations “Protect, Respect and Remedy” Framework, 2011

Why certification as per ISO 18788 is important for your business?

The importance of ISO 18788 stands for the ability of the organization to detect appropriate legal and regulatory guidelines and also support business functions and the supply chain.

This standard is appropriate for any kind of organization involved in conducting or contracting security operations. The ISO 18788 certification helps you to establish, implement, maintain and improve a Security Operations Management System and at the same time assures that the organization has implemented effective management controls.

In addition, it demonstrates the organization’s commitment to continuously provide qualitative services that meet customer’s needs, protect the customer’s and the organization’s reputation, while adhering to applicable laws and human rights requirements.

With the certification of ISO 18788 by LiberoAssurance, you will gain the necessary expertise to support your organization in implementing and managing a Private Security Operations Management System (SOMS)

Benefits of ISO 18788 and PSC.1 to your organization:

  • Implements and maintains an effective SOMS
  • Gives your organization creditability within the private security industry
  • Shows your organization’s respect for human rights
  • Provides reliability and establishes effective Corporate Governance
  • Strengthens credibility and protection of reputation
  • Ensures the quality and professionalism of security organizations
  • Establishes sustained customer relations
  • Increases the potential of operational success

    The implementation process is described below:
  • Finding the GAP between existing system related to ISO requirements
  • Selecting the appropriate certification body
  • Based on the scope of your business & certification body you choose
  • Management System Manual, Management System Procedures, Policy, Objectives, Forms etc.
  • Review of Standard Operating Procedures (SOP)
  • ISO Awareness training for the top management and staff
  • Implementing a well-documented management system throughout the organization
  • Internal audits identifying nonconformities related to ISO requirements
  • Management Review Meetings
  • Corrective and Preventive Action plan for nonconformities
  • acts on your behalf and assists you in the third-party audit
  • Closing of any nonconformities identified by the certification body
  • ISO certificates issued for 3 years
  • Surveillance Audits yearly
  • Support of Yearly documentation for audit

ISO 18788 Structure – Key points

Like many standards, ISO 18788 is structured in the format of annex SL (renamed in 2019 as Annex L) which helps streamline the creation of new standards, and makes implementing multiple standards within one organization easier. Below we have highlighted some of the key areas of ISO 18788:

Context of the organization – This is essentially understanding the internal and external factors that affect the business and includes understanding the needs and expectations of interested parties/stakeholders; Respect for life and  human rights underpins ISO18788; organizations that conduct or contract security operations, and their clients, have an obligation to respect the lives and human dignity of both internal and external stakeholders.  Only by understanding both internal and external stakeholders will the business be able to manage risks and promote a culture of respect for human rights.

Scope – The scope identifies the ‘boundaries’ of the Security Operations Management System (SOMS); PSC’s will operate in many different environments and in offer a variety of services (e.g. security & risk management consultancy, unarmed static guarding, armed vehicle movement, cash in transit, K9 security etc). Once the scope has been identified, all assets, activities, products and services within that scope become elements to be managed as part of the SOMS.

Leadership – The leadership of the PSC should evidence their commitment to effectively controlling their company through a reliable Security Operations Management System (SOMS), this is done in a number of ways including:

  • creating, communicating and promoting the Security Operations Policy;
  • setting objectives at all levels and functions across the business;
  • ensuring the company is appropriately resourced;
  • ensuring staff are competent to undertake their job function;
  • communicating awareness of risk and the requirements of the SOMS.

Planning – An important aspect of effective service delivery management is the planning stage (described in Clause 6 of the ISO); this sets out two sub-clauses:

  • actions to address risks and opportunities;
  • Security operations objectives and planning to achieve them (Clause 6.2).

PSC’s need to reliably manage risk to the client while also managing risk to the organization and impacted stakeholders and communities. The organization needs to achieve its tactical, operational and business objectives within the context of protecting life and property of its clients, people working on its behalf and local communities, while respecting human rights. 

Support – Leadership should ensure that the resources needed to run the company reliably through their SOMS are identified.  This can range from human resources and specialist skill sets, through to the infrastructure requirements such as equipment, intelligence and technology to name a few.

Operations – Put simply, the PSC should evaluate which operations present identified significant risks, and should ensure that they are conducted in a way that will control or reduce the risk in in a manner reflective of its security operations management policy and supports the achievement of its objectives and targets.

Performance evaluation – It is best practice to monitor, measure and evaluate all important aspects of your performance – including the management of security operations to ensure there is compliance with the contractual, legal and human rights requirements identified (including applicable client contracts and local permits or licenses), as well as other wider requirements to which the organization has subscribed. Some of the performance evaluation techniques include:

  • Audit, both internal and third party, this should be planned against an audit schedule and based on your actual business processes.
  • Management review by leadership to evaluate the sustainability, adequacy and effectiveness of the management of security operations through the established SOMS controls.
  • Tests and exercises to provide resilience. 

Oss Middle East Company:

Aim to help organization in all sectors in Egypt and Middle East to apply the international standard in Quality Management systems in all fields.

OSS accredited by:-

OSS register by Many Egyptian Organization:

Other Article:-

Leave a Reply

Your email address will not be published. Required fields are marked *