It is now possible for Private Maritime Security Companies (PMSCs) to receive independent, third party certification to the International Code of Conduct for Private Security Service Providers (ICoC) via the International Code of Conduct Association (ICoCA). On Friday of last week, the multi-stakeholder ICoCA announced the release of a recognition statement for ISO 28007-1: 2015 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract), ISO 28007 in short.
(Readers of Human Analytics’ Human Rights in Complex Environments blog may remember that we reported in February on the ICoCA’s release of an ISO 28007 draft recognition statement for public comment. The compilation of those comments is available here.)
As with the ICoCA recognition statement for the land-based security standard, ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations (PSC.1), the ISO 28007 recognition statement is accompanied by an Annex A analyzing the gaps between ISO 28007 and the ICoC and an Annex B summarizing the additional information, related to the human rights and humanitarian law requirements of the ICoC, that PMSCs must supply to the ICoCA. Unlike PSC.1, which has the ICoC as a normative reference, ISO 28007 did not and the gaps are not insignificant. (Despite some improvements in the human rights content of the ISO 28007 standard as it evolved from a PAS to an ISO guideline.) In addition to the failure of ISO 28007 to include human rights in PMSCs’ risk assessment process, four areas evidence the greatest number of gaps, namely requirements regarding employment policies, incident reporting practices, training programs, and grievance mechanisms.
Beyond this additional information, PMSCs must provide to the ICoCA the scope of their certification to ISO 28000 Specification for security management systems for the supply chain (the ISO standard that is actually auditable by certification bodies and to which ISO 28007 provides additional guidance), any non-conformities identified during the auditing process, corrective action plans, and details on their Human Rights Risk Assessment process. Only certificates lent by certification bodies accredited by recognized national accreditation bodies will be accepted by the ICoCA. Currently MSS Global and Lloyd’s Register Quality Assurance Limited are the only accredited certification bodies to audit to ISO 28000/28007. Both were accredited by the UK Accreditation Service.
Although more information will be forthcoming in terms of how the ICoCA will process certifications, the organization is poised to play an important role in increasing respect for human rights in the private maritime security industry. While the UK Accreditation Service has released guidance for certification bodies auditing to ISO 28000/28007, which clearly states that human rights competence is a must for auditors, this has limited effect in light of the weak human rights provisions in ISO 28007. Auditors can only audit to what is in the standard. Therefore, by gathering this additional human rights related information, the ICoCA can contribute to raising the bar by scrutinizing what human rights due diligence measures PMSCs have in place to identify, prevent, mitigate and account for how they address their adverse human rights impacts.
However, when assessing the information submitted to it by PMSCs, the ICoCA should draw on the expertise of its membership, to include organizations in the civil society pillar, such as Oceans Beyond Piracy/One Earth Future Foundation. As comments submitted by Oceans Beyond Piracy indicate, there are specificities to maritime security provision, to include differences in human rights risks and regulatory environments, that are not well-captured by the ICoC, which was drawn up with land-based security in mind. This is why the ICoC (Article 7) foresaw “the development of additional principles and standards for related services, such as… the provision of maritime security services,” beyond those already in the ICoC. Furthermore, as comments from MSS Global and two ICoCA member companies indicate, the scope of any ISO 28000/28007 certificate will also need to be scrutinized to ensure that it captures operations, beyond the Indian Ocean and High Risk Area, where human rights risks may be equally, if not more so, relevant to any PMSC’s compliance with the ICoC. Should the ICoCA be able to muster such informed scrutiny, and should PMSCs be willing to subject themselves to it, it is foreseeable that there will be an increase in PMSCs respect for human rights.