In a previous blog post, ICoCA Releases Draft Certification Procedure for Vote by Members, Human Analytics described the process by which a national or international standard is considered for approval by the International Code of Conduct Association (ICoCA) as the pathway for a private security company (PSC) to gain ICoCA certification. To be approved a standard must be consistent with the principles of the International Code of Conduct for Private Security Service Providers (ICoC). Where there are inconsistencies between a standard and the ICoC, the ICoCA can request additional human rights and humanitarian law related information from member PSCs in order to assess whether their systems and policies meet the requirements of the ICoC. On July 3, the ICoCA Secretariat announced that the General Assembly approved the Certification Procedure with no dissenting votes and 65%+ participation in the vote by members from all three pillars – governments, PSCs, and civil society organizations.
With the Certification Procedure now in place, the Secretariat is undertaking the next step of assessing whether certification of a PSC to PSC.1 – shorthand for the ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations – meets the requirements of the ICoC. To that end the ICoCA Secretariat has circulated a Draft ICoCA Recognition Statement for ANSI/ASIS PSC.1 – 2012 along with Annex A: Draft Analysis of ANSI/ASIS PSC.1-2012 against the ICoCA Certification Assessment Framework and Annex B: Draft Certification Additional Information Requirement for PSC.1. These documents are now open for public comment. Compiled comments will be posted to the ICoCA website once the comment period ends on August 24. Thereafter, the Board will review the comments and will vote whether to accept the standard and publish a Recognition Statement for PSC.1. If accepted, the ICoCA will begin processing requests for ICoCA certification beginning in early October. Under the Articles of Association, member PSCs must obtain ICoCA certification within one year of the release of the Certification Procedure, which would be July 2016.
Human Analytics, as an Observer to the ICoCA, submitted the following comment to the Secretariat:
“Human Analytics, as an Observer to the International Code of Conduct Association, welcomes the progress that has been made in approving a Certification Procedure and releasing a Draft ICoCA Recognition Statement for ANSI/ASIS PSC.1 – 2012 and accompanying Draft Annexes. This represents an important step forward in enabling the ICoCA to exercise its governance and oversight functions. Furthermore, Human Analytics is pleased to see that the ICoCA recognizes the importance of harmonizing the International Code of Conduct with recently developed and emerging national and international standards applicable to the private security industry, in particular the UN Guiding Principles on Business and Human Rights and the ISO 18788 Management System for Private Security Operations – Requirements with Guidance.
The Annex A: Draft Analysis of ANSI/ASIS PSC.1-2012 against the ICoCA Certification Assessment Framework is a valuable document for clarifying where the ICoCA sees a limited number of inconsistencies between the ICoC and PSC.1, which informed the additional information requirements laid out in Annex B. However, when undertaking such comparisons, it is useful to bear in mind the nature of the two documents and their inter-relationship. The drafters of PSC.1 saw the standard’s purpose in the operationalization for implementing PSCs of the human rights and humanitarian law principles and commitments detailed in the ICoC through a risk and quality assurance management system process. In other words, PSC.1 turns the principles of the ICoC into business practice standards.
Furthermore, the Montreux Document and the ICoC form the normative foundations of PSC.1. This has a number of implications. When PSCs establish the framework for their management system, as detailed in section 5.1 of PSC.1, the management system “shall incorporate and adopt the legal obligations and recommended good practices of the Montreux Document relevant to PSCs and the guiding principles of the ICoC.” In other words, all requirements of the ICoC must be met for a company to be certified as in conformance with PSC.1. According to accredited certification bodies, audits are undertaken with PSC.1 as well as the ICoC in hand.
Finally, the provisions contained in the Guidance, while reflecting “should” rather than “shall” statements, are nonetheless significant both for PSCs and their auditors. For PSCs, the Guidance provides further information on how to interpret and understand the standards’ requirements, as well as additional detail on possible means to tailor implementation of those requirements to a particular company’s operating context. For auditors, the Guidance offers additional information not only on how to interpret the requirements, but also on what to look for when gathering evidence of conformance.
The most significant identified inconsistency between the two documents is with regard to the Human Rights Risk and Impact Assessment (HRRIA). While technically not a term appearing in either the ICoC or PSC.1, the ICoCA has rightfully identified an adequate HRRIA process as essential to identifying, preventing, mitigating, and addressing human rights risks linked to security operations. A HRRIA requirement is also an important step toward harmonizing the ICoC with emerging national and international consensus on the type of human rights due diligence any company should undertake, and in particular when operating in complex environments.
However, Human Analytics has some concerns with regard to the HRRIA checklist. First, it is unclear how the Secretariat will evaluate a written risk assessment model or process against this checklist. What is proposed here would appear to amount to a desk-based review of a company’s self-reported policies and may not provide a fuller view of what actually happens in practice. Second, the substantive questions relating to internal controls and policies and prohibitions contained in the ICoC amount to a restatement of the ICoC’s key provisions formulated as a list of questions on whether or not the HRRIA considered these provisions. Checklists lend themselves to tick the box exercises.
HRRIAs are a relatively new tool for identifying and managing human rights risks, and to date there has been limited standardization and agreement on best practice. Therefore, in keeping with Article 12.4 of the Articles of Association, which states that the ICoCA shall promote industry best practices, the ICoCA could help advance rights-respecting conduct of PSCs by supporting the development of sound HRRIA processes and tools specifically geared toward the needs of the private security industry and the rights-holders and other stakeholders affected by its activities. In developing such tools, the ICoCA could consider drawing on the expertise not only of its member PSCs, who have already undergone PSC.1 certification, but also of other companies in other sectors operating in complex environments, who have undertaken HRRIAs, as well as the various organizations – legal, academic, consulting, and not-for-profit – that have substantive knowledge of and first-hand experience with conducting HRRIAs.”