ISO 18788:2015 Management system for private security operations — Requirements with guidance for use sets a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the management of security operations. It provides the principles and requirements for a security operations management system (SOMS).
The standard provides a business and risk management framework for organizations conducting or contracting security operations and related activities and functions while demonstrating:
- conduct of professional security operations to meet the requirements of clients and other stakeholders;
- accountability to law and respect for human rights;
- consistency with voluntary commitments to which it subscribes.
ISO 18788 is applicable to any organization that needs to:
- establish, implement, maintain and improve an SOMS;
- assess its conformity with its stated security operations management policy;
- demonstrate its ability to consistently provide services that meet client needs and are in conformance with applicable laws and human rights requirements.
The standard was last reviewed and confirmed in 2021; therefore, this version remains current.
Table of Contents
Introduction |
1 Scope |
2 Normative references |
3 Terms and definitions |
4 Context of the organization |
4.1 Understanding the organization and its context |
4.2 Understanding the needs and expectations of stakeholders |
4.3 Determining the scope of the security operations management system |
4.4 Security operations management system |
5 Leadership |
5.1 Leadership and commitment |
5.2 Policy |
5.3 Organization roles, responsibilities and authorities |
6 Planning |
6.1 Actions to address risks and opportunities |
6.2 Security operations objectives and planning to achieve them |
7 Support |
7.1 Resources |
7.2 Competence |
7.3 Awareness |
7.4 Communication |
7.5 Documented information |
8 Operation |
8.1 Operational planning and control |
8.2 Establishing norms of behaviour and codes of ethical conduct |
8.3 Use of force |
8.4 Apprehension and search |
8.5 Operations in support of law enforcement |
8.6 Resources, roles, responsibility and authority |
8.7 Occupational health and safety |
8.8 Incident management |
9 Performance evaluation |
9.1 Monitoring, measurement, analysis and evaluation |
9.2 Internal audit |
9.3 Management review |
10 Improvement |
10.1 Nonconformity and corrective action |
10.2 Continual improvement |
Annex A Guidance on the use of this International Standard |
A.1 General |
A.2 Human rights and international law |
A.3 Management systems approach |
A.4 Context of the organization |
A.5 Leadership |
A.6 Planning |
A.7 Support |
A.8 Operations |
A.9 Performance evaluation |
A.10 Improvement |
A.11 Maturity model for the phased implementation |
Annex B General principles |
B.1 General |
B.2 Outcomes oriented |
B.3 Leadership and vision |
B.4 Governance |
B.5 Needs oriented |
B.6 Overall organizational risk management strategy |
B.7 Systems approach |
B.8 Adaptability and flexibility |
B.9 Managing uncertainty |
B.10 Cultural change and communication |
B.11 Factual basis for decision making |
B.12 Continual improvement |
Annex C Getting started – Gap analysis |
Annex D Management systems approach |
Annex E Qualifiers to application |
Implementation
Implementing a Security Operations Management System (SOMS) in conformity with ISO 18788 involves several key steps.
Here are those steps.
Leadership and Commitment
- Demonstrate leadership commitment to security operations within the organization.
- Establish a security policy that aligns with organizational goals.
Scope and Context
- Determine the scope of the Security Operations Management System (SOMS).
- Understand the internal and external context, including security risks and threats.
Legal and Regulatory Compliance
- Identify and comply with relevant legal and regulatory requirements related to security operations.
- Stay informed about changes in legislation that may impact security.
Security Policy
Develop a security policy that outlines the organization’s commitment to effective security operations.
Risk Assessment and Management
- Identify and assess security risks associated with the organization’s activities.
- Develop risk mitigation strategies and controls to manage and reduce security risks.
Security Objectives and Targets
- Establish specific, measurable, and time-bound security objectives and targets.
- Set goals for achieving and maintaining effective security operations.
Security Controls and Procedures
- Implement security controls and procedures to ensure the safety and security of personnel, assets, and information.
- Develop processes for incident response, access control, and emergency management.
Communication and Training
- Communicate security policies, objectives, and expectations to employees and relevant stakeholders.
- Provide training to personnel on security procedures and their responsibilities.
Monitoring and Measurement
- Implement systems for monitoring and measuring security performance.
- Regularly assess the organization’s security against established objectives and targets.
Data Analysis and Reporting
- Analyze security performance data to identify trends, areas for improvement, and opportunities.
- Prepare regular reports on security achievements and initiatives.
Incident Management
- Develop and implement processes for identifying, reporting, and responding to security incidents.
- Establish a clear incident management framework.
Crisis Management and Business Continuity
- Develop plans for crisis management and business continuity in case of security-related incidents.
- Ensure the organization can effectively respond to and recover from security crises.
Technology and Systems
- Implement technology solutions and systems to support effective security operations.
- Ensure that systems enable surveillance, access control, and communication.
Internal Audits
- Conduct internal audits to assess the effectiveness of the SOMS.
- Ensure that audits cover relevant security controls and procedures.
Management Review
- Conduct periodic management reviews to assess the overall performance of the SOMS.
- Use review findings to make informed decisions and improvements.
Continual Improvement
- Establish processes for continual improvement of security operations.
- Regularly review and update security practices based on feedback and changing security threats.
Documentation and Record-Keeping
- Develop and maintain documentation related to security policies, procedures, and practices.
- Keep records of security incidents, audits, training, and any changes made to the SOMS.
Legal and Ethical Considerations
- Ensure that security practices align with legal, ethical, and professional standards.
- Establish processes to handle security-related legal and ethical issues.
In conclusion…
By following these steps, organizations can implement a SOMS in conformity with ISO 18788. Regular reviews and updates are essential to ensure the continued effectiveness and relevance of security operations practices.
ISO 18788 can be purchased through the ISO.org website.
Comments (0)