Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO 28007-1:2015 Private Maritime Security Companies — Guidelines
Operational, training, and contractual standards for PCASP on board ships
ISO 28007-1:2015 provides comprehensive guidelines for Private Maritime Security Companies employing Privately Contracted Armed Security Personnel on board ships. This landmark standard establishes operational, training, ethical, and contractual requirements for PMSCs operating in the maritime domain, helping shipping companies and flag states select and oversee qualified security providers while ensuring that armed security operations are conducted professionally, lawfully, and with full respect for human rights and international maritime law.
ISO 28007-1 addresses the critical gap between international maritime law and the practical realities of private armed security on merchant vessels transiting high-risk areas. It provides an auditable certification framework that shipping companies, flag states, and insurers can rely on for vetting PMSC capabilities and conduct.
PMSC Operational Requirements and Risk Management Framework
The standard defines comprehensive operational requirements covering threat and risk assessment methodologies, voyage-specific security planning, rules for the use of force graduated response protocols, weapons management and armory security, communication procedures, incident reporting and evidence preservation, medical support capabilities, and contingency planning. PMSCs must conduct detailed threat assessments for each transit through high-risk areas, develop tailored security plans aligned with the vessel’s existing Ship Security Plan, and ensure that PCASP teams are fully integrated into the vessel’s security organization under the Ship Security Officer’s coordination.
| Operational Element | Detailed Requirements | Verification and Audit Method |
|---|---|---|
| Threat and Risk Assessment | Threat analysis per voyage route, vulnerability assessment of vessel, transit-specific risk rating, mitigation measures | Documentation review of assessment methodology, scenario validation exercises |
| Use of Force Protocols | Graduated response from presence through deadly force, rules of engagement aligned with flag state law, escalation and de-escalation procedures, post-incident reporting | Training records review, scenario-based testing, use-of-force incident analysis |
| Weapons Management | Armory construction standards, weapon registration and serialization, daily inventory control, maintenance schedules, ammunition management, carriage documentation | Physical inspection of armory, audit trail verification, inventory reconciliation |
| Incident Reporting and Investigation | Real-time reporting protocols, evidence preservation chain of custody, witness statement procedures, post-incident analysis and lessons learned | Review of past incident reports, communication logs, corrective action tracking |
| Medical Support Capability | First aid qualification requirements, trauma management equipment, telemedicine consultation, medical evacuation planning, hospital pre-identification at ports | Certification verification, equipment inspection, drill observation |
Rules for the use of force are among the most sensitive and legally consequential aspects of PMSC operations. ISO 28007-1 requires clear written protocols aligned with flag state, coastal state, and port state legal frameworks, reviewed by qualified legal counsel and updated regularly to reflect changes in applicable law and operational experience.
Personnel Qualification, Training, and Certification Standards
ISO 28007-1 establishes rigorous personnel standards for all PCASP. All armed security personnel must have verified military or law enforcement service backgrounds, pass comprehensive psychological evaluations including PTSD screening, complete maritime-specific training covering ship familiarization and emergency procedures, demonstrate proficiency in weapons handling and marksmanship with quarterly requalification, and maintain valid first aid and trauma care certifications. The standard requires continuous professional development with minimum annual training hours and periodic re-certification every 12 months.
PMSCs certified to ISO 28007-1 demonstrate significantly lower incident rates and higher client satisfaction. The standardization of training curricula, operational procedures, and ethical conduct requirements has professionalized the maritime private security industry and improved safety outcomes for seafarers transiting high-risk areas.
Pro Forma Contract and Legal Framework
A distinctive feature of ISO 28007-1 is the inclusion of a comprehensive pro forma contract template for PMSC services. This contractual framework addresses scope of services, liability allocation and insurance requirements, confidentiality and data protection, termination and suspension clauses, dispute resolution mechanisms, governing law, and force majeure considerations. The standard guides both PMSCs and shipping companies in developing clear contractual arrangements that protect both parties’ interests.
Q: Is ISO 28007-1 certification mandatory for PMSCs operating internationally?
A: While not universally mandated by treaty, ISO 28007-1 certification is required by many flag states as a condition for deploying armed security on vessels under their registry and has become the de facto industry standard for PMSC qualification.
A: While not universally mandated by treaty, ISO 28007-1 certification is required by many flag states as a condition for deploying armed security on vessels under their registry and has become the de facto industry standard for PMSC qualification.
Q: How are PCASP integrated with the ship’s command structure?
A: PCASP operate under the Ship Security Officer’s overall coordination for security integration while maintaining their own tactical chain of command for armed security operations, as defined in the integrated security plan.
A: PCASP operate under the Ship Security Officer’s overall coordination for security integration while maintaining their own tactical chain of command for armed security operations, as defined in the integrated security plan.
Audit, Certification, and Ongoing Compliance Verification
PMSCs seeking ISO 28007-1 certification undergo a rigorous audit process conducted by accredited certification bodies with maritime security expertise. The certification audit includes a documented review of the PMSC’s management system, operational procedures, training records, weapons management protocols, and incident reporting history. On-site audits verify that documented procedures are effectively implemented in practice, that equipment including weapons and communications gear are properly maintained, and that personnel records are complete and current.
Ongoing compliance requires annual surveillance audits focusing on changes in the PMSC’s operations, personnel turnover, training currency, client feedback, and incident trends. Full recertification occurs every three years. The standard also requires internal audits at least annually and regular management reviews of security performance, client satisfaction, and continuous improvement opportunities.
Q: How are PCASP teams rotated and how does this affect certification?
A: PCASP personnel rotation is expected and managed through thorough handover procedures. Certification requires that all personnel meet the same training and vetting standards regardless of rotation schedule.
A: PCASP personnel rotation is expected and managed through thorough handover procedures. Certification requires that all personnel meet the same training and vetting standards regardless of rotation schedule.
Q: What happens if a PMSC experiences a security incident?
A: The PMSC must report the incident according to contractual requirements, conduct an internal investigation, preserve evidence, notify relevant authorities, and implement corrective actions to prevent recurrence. Incident reporting and investigation capability is assessed during certification audits.
A: The PMSC must report the incident according to contractual requirements, conduct an internal investigation, preserve evidence, notify relevant authorities, and implement corrective actions to prevent recurrence. Incident reporting and investigation capability is assessed during certification audits.
Ethical Standards and Human Rights Compliance
ISO 28007-1 includes important provisions for ethical conduct and human rights compliance. PMSCs must operate in accordance with applicable international humanitarian law and human rights principles, including the Montreux Document and International Code of Conduct for Private Security Service Providers. The standard requires documented policies prohibiting human rights abuses, sexual exploitation and harassment, and discrimination. All PCASP must receive training on these policies and report any observed violations through established reporting channels.
Industry Impact and Future Outlook
ISO 28007-1 has significantly improved the professionalism and accountability of the maritime private security industry since its publication. The standard has been adopted by major flag states and shipping industry organizations as the benchmark for PMSC qualification. Future developments may include expanded guidance on cybersecurity for PMSC operations, integration with vessel remote monitoring technologies, and enhanced requirements for environmental responsibility in security operations.
