New Standards for CBs Certifying Private Security Companies to ANSI/ASIS PSC.1 and ISO 18788 Open for Public Comment

Readers, who have been closely following standard setting for private security companies (PSCs), may be interested in opportunities to comment on two new standards for Certification Bodies (CBs) certifying PSCs to ANSI/ASIS PSC.1-2012 and ISO 18788-2015 – the two leading management system standards for PSC operations. The United Kingdom Accreditation Service (UKAS), the British organization responsible for accrediting CBs, has opened a public comment period until August 31 for the UKAS Guidance for Certification Bodies Certifying the Management Systems of Private Security Companies against ANSI/ASIS PSC.1: 2012 or ISO 18788: 2015. Its American equivalent ANAB (ANSI-ASQ National Accreditation Board) has released Accreditation Rule 40 (AR 40).* The Guidance and AR 40 apply to CBs seeking accreditation to assess and certify PSCs’ security operations management systems built on ANSI/ASIS PSC.1-2012 and/or ISO 18788. ANAB’s public comment period is open until September 5.

Although serving similar purposes, it is interesting to note the differences in approach taken by UKAS and ANAB. UKAS states that it will accredit CBs to certify to ANSI/ASIS PSC.1-2012 and/or ISO 18788 using ISO 17021-1. ISO 17021 is the International Organization for Standardization’s generic Conformity Assessment standard for CBs providing audit and certification of management systems. The Guidance does note that it provides guidance on ISO 17021-1 and ANSI/ASIS PSC.2-2012, but it does not explicitly state that it requires CBs to adhere to ANSI/ASIS PSC.2 for accreditation purposes. By way of reminder to readers, ANSI/ASIS PSC.2-2012: Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations provides requirements and guidance for conducting conformity assessment of ANSI/ASIS PSC.1-2012. It is a sector specific standard based on ISO 17021. In contrast, ANAB’s AR 40 states that ANSI/ASIS PSC.2-2012 is a required document. The length of UKAS’s Guidance, in particular the extensive detailing of auditor/audit team competences, is likely a result of failing to explicitly make ANSI/ASIS PSC.2 a required document. ANSI/ASIS PSC.2 already covers in depth required competences, and unlike the Guidance also discusses the needed training and experience of auditors as well as requirements for screening and vetting auditors. One thing is certain, all three documents make it clear that auditors must have a wide variety of skills relevant to assessing the responsible provision of security services in complex environments, to include human rights expertise.

Another strong point of ANAB’s AR 40 is the useful Annex at the end, which compares and contrasts the requirements of ANSI/ASIS PSC.1-2012 and ISO 18788. While the two management system standards are very similar, there are differences of which auditors need to be aware. ISO 18788 cites the UN Guiding Principles on Business and Human Rights as a normative reference. This has resulted in some stronger human rights provisions in ISO 18788. For example, human rights risk analysis is now a clearly articulated requirement. In addition, there are a few new requirements that were not in ANSI/ASIS PSC.1-2012 related to apprehension and search and operations in support of law enforcement. That being said, the Annex is a surface comparison of requirements, and auditors will need to do a comparative deep-dive to capture the nuances in terms of improvements to ANSI/ASIS PSC.1-2012 that found their way into ISO 18788.

While perhaps not the most exciting reading material, both the Guidance and AR 40 are key documents not only for CBs and their auditors, but also for PSCs seeking certification to ANSI/ASIS PSC.1-2012 and/or ISO 18788. They can assist PSCs with grasping the certification process, understanding what elements of a management system auditors will assess, and providing a sense of the type of competences to look for in a CB.

* For purposes of disclosure, Human Analytics’ Rebecca DeWinter-Schmitt served on the Committee of Experts that drafted AR 40.

About the Author