ISO 28007-1:2015

INTERNATIONAL ISO
STANDARD 28007-1
First edition
2015-04-01
Ships and marine technology —
Guidelines for Private Maritime
Security Companies (PMSC) providing
privately contracted armed security
personnel (PCASP) on board ships
(and pro forma contract) —
Part 1:
General
Navires et technologie maritime — Guide destiné aux sociétés privées
de sécurité maritime (PMSC) fournissant des agents de protection
armés embarqués sous contrat privé (PCASP) à bord de navires (et
contrat pro forma) —
Partie 1: Généralités
Reference number
©
ISO 2015
© ISO 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2015 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Security management system elements for Private Maritime Security Companies (PMSC) .3
4.1 General requirements . 3
4.1.1 Understanding the PMSC and its context . 3
4.1.2 Understanding the needs and expectations of interested parties . 4
4.1.3 Determining the scope of the security management system . 4
4.1.4 Security management system . 4
4.1.5 Leadership and commitment . 4
4.1.6 Competence . 5
4.1.7 Organizational roles, responsibilities and authorities . 5
4.1.8 Structure of the organization . 6
4.1.9 Financial stability of the organization . 6
4.1.10 Outsourcing and subcontracting . 7
4.1.11 Insurance . 7
4.2 Planning . 7
4.2.1 Security management policy . 7
4.2.2 Actions to address risks and opportunities . 8
4.2.3 Security objectives and plans to achieve them . 8
4.2.4 Legal, statutory and other regulatory requirements . 9
4.2.5 Authorization and licensing of firearms and security related equipment .10
4.3 Resources .11
4.3.1 General.11
4.3.2 Selection, background screening and vetting of security personnel,
including PCASP .11
4.3.3 Selection, background screening and vetting of sub-contractors .12
4.4 Training and awareness .12
4.4.1 General.12
4.4.2 Training standards .12
4.4.3 Training procedures and protocols .13
4.4.4 Firearms training .14
4.4.5 Training records .15
4.5 Communication and awareness .15
4.5.1 Awareness .15
4.5.2 Internal and external communication .15
4.6 Documented information and records .16
4.6.1 General.16
4.6.2 Control of documented information .16
5 Operation .17
5.1 Operational planning and control .17
5.2 Command and control of security personnel including security team, size,
composition and equipment .18
5.2.1 Command and control .18
5.2.2 Size and composition of security team .18
5.3 Guidance on Rules for the Use of Force (RUF) .19
5.4 Incident management and emergency response.19
5.5 Incident monitoring, reporting and investigation .20
5.6 Scene management and protection of evidence .20
5.7 Casualty management.21
5.8 Health safety environment .21
5.9 Client complaints, grievance procedures and whistle blowing .21
6 Performance evaluation .22
6.1 Monitoring, measurement analysis and evaluation .22
6.2 Internal audit .22
6.3 Management review .23
6.4 Nonconformity and corrective action .23
6.5 Continual improvement .23
Bibliography .24
iv © ISO 2015 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 8, Ships and marine technology.
This first edition of ISO 28007-1 cancels and replaces ISO/PAS 28007:2012.
Introduction
ISO 28000 is the certifiable security management system standard for organizations which has been
developed along the format of other management system standards (ISO 9001 and ISO 14001) with the
same management system requirements.
ISO 28000 was developed in response to demand from industry for a security management standard
with the objective to improve the security of supply chains and is certifiable in accordance with the
International Accreditation Forum. In effect ISO 28000 is a risk-based quality management system for the
security of operations and activities conducted by organizations. Organisations seeking to be certified
to this International Standard should respect the human rights of those affected by the organisations
operations within the scope of this International Standard, including by conforming with relevant legal
and regulatory obligations and the UN Guiding Principles on Business and Human R
...