White Paper: SAMI on PCASP Security Standards

ABSTRACT: A hotly debated subject for some time, the use of privately contracted armed security personnel (PCASP) deployed onboard ship has given impetus to those who seek to demonstrate to the international community that they and the operatives they supply are of the right quality to legally, safely and effectively guard commercial shipping on the high seas. The development of the International Organization for Standardization (ISO)/PAS 28007 will not necessarily eliminate other national accreditation requirements, but it will hopefully reduce the extent to which ship owners, managers and operators continue to conduct their own forms of due diligence. Via Advanfort

By Steven Jones, SAMI Maritime Director

The issue of privately contracted armed security personnel (PCASP) deployed onboard ship has been a hotly debated subject for some time. This increased focus, and desire of owners to have the option of using armed guards, led to deliberation within the International Maritime Organization (IMO). After much debate, interim guidance to private maritime security companies (PMSCs) was agreed within IMO’s 90th session of the Maritime Safety Committee (MSC) in May 2012.

A special high-level maritime security working group of the MSC examined just how the international community should deal with issues related to the deployment of PCASP on board ships and the carriage of arms on board, this was not a straightforward task for the IMO—but after much work, guidance was issued and decisions made.

One of the driving factors in the next phase of the response was for the IMO to decide not to take the lead—and it was ultimately agreed that the International Organization for Standardization (ISO) would be best placed to develop international standards for PMSCs, based on the IMO-developed guidance and with relevant IMO liaison and participation in the ISO process for standards’ development.

So it was ISO that embraced the task of developing a new standard for the assessment of PMSCs. The goal of which was to provide reassurance that the PMSC industry is responsible, professional and effective, while also:

• Improving accountability
• Helping clients to identify competent companies
• Raising standards internationally

As the development work progressed, it was seen that a standard already existed which could be used for accredited certification; this was ISO 28000, a ‘supply chain security’ standard already in government-recognised use with critical supply chains. ISO 28000 is a high-level management standard that enables an organisation to establish an overall risk-based approach to managing any disruptive event in the supply chain—before, during and after the event, and it was seen that the threat of piracy fitted into this remit.

This saw ISO/PAS 28007:2012 developed, which provides guidelines containing additional sector-specific recommendations, which companies (organizations) who comply with ISO 28000 can implement to demonstrate that they provide PCASP on board ships to an internationally agreed standard. It is important that PMSCs are aware of the requirements of ISO 28000 & ISO/PAS 28007 and that executive level engagement is involved at every stage.

The maritime security standard utilises the existing knowledge of the ISO 28000 framework in order to take advantage of the potential for:

• Certification
• Accreditation
• Legal compliance regimes

The concept was to develop a standard that is fully compatible with ISO management systems standards—indeed there is intended to be an appendix which will provide a “crossover” for systems designers.

ISO 28007 sets the gold standard for PMSCs who want to demonstrate to the international community they and the operatives they supply are of the right quality to legally, safely and effectively guard commercial shipping on the high seas.

COMPLIANCE

Compliance with ISO/PAS 28007:2012 can be by first, second and third party (certification), and the process aims to provide certification using the full guidelines of ISO PAS 28007, which will ultimately classify a PMSC as providing Privately Contracted Armed Security Personnel, or PCASP.

In order to assess this company capability the standard includes a long list of criteria to be audited by duly accredited inspectors, and the bodies providing this oversight are now pushing on with the task in hand.

The key components of 28007 include the following: management of the security system (security risk assessments, key management responsibilities clearly defined, legal and other regulatory requirements and internal audits of operations); procedural aspects (rules of authority, contractor selection, screening and vetting, authorising licensing of firearms, prevention of incidents, incident management and emergency response, investigation and reporting of incidents, procedures for detainment, identification, interface with crew and familiarisation).

The international standard is one being taken very seriously by the maritime security industry, and SAMI has been working within the process at various levels, both nationally and internationally—ensuring that the views of PMSCs are represented and that the lessons learned through the application of the SAMI Standard and certification programme are fed into the new system.

CERTIFYING BODIES

One of the key facets of the Standard is the provision of auditors to assess compliance and who will “police the policemen.” The International Accreditation Forum (IAF) is the world association of conformity assessment accreditation bodies and it lists the 60 national accreditation organisations that it recognises to accredit Certification Bodies (CB). In keeping with usual ISO assurance process used for the other management systems, CBs must be able to provide key skills.

Uppermost in the requirements is the capability to provide an impartial, knowledgeable observer to review the company’s readiness for audit against the demands of the relevant standard (i.e. all the policies, procedures, management reviews, etc., are in place).

However, before a CB can be appointed for ISO/PAS 28007 the prospective CB must attain national accreditation. Verifying of the CBs for the UK is currently being led by the UK Accreditation Service (UKAS).

This has led to the launch of a pilot scheme to assess not just the standard and how it is applied, but the prospective CBs auditing against it. Currently there are three companies engaged in this process; these are LRQA, MSS Global, and SAMI’s chosen partner RTI.

The CBs that successfully complete the pilot and UKAS assessment will be awarded Accreditation by UKAS as CBs for ISO 28000 and ISO/PAS 28007. It is important to note that this is not a foregone conclusion and PMSCs must conduct their own due diligence of CBs before deciding to work with them.

While the UK has taken the lead on this, it is unclear at the moment whether or not any other national accreditation organisations recognised by IAF are considering conducting a similar process to the UK and accrediting one or more of their CBs to conduct ISO/PAS 28007 certification.

The business case for other nationalities taking up the responsibility appears to be insufficient at the current time, and it unclear whether or not any other IAF-listed national accreditation bodies will get involved.

PILOT SCHEME In order to provide a framework for assessment of both the standard and also those certifying against it, a pilot certification programme has been launched.

This has seen a number of PMSCs volunteering to be assessed against the standard by prospective CBs.

The pilot scheme allows observance and verification of the effectiveness and conformance of the management system and risk based approach against the PAS, and the PMSCs involved will undergo an audit assurance process in accordance with the standard.

The feedback of this process is being assessed by UKAS as part of the review system in place.

On completion of the pilot, the prospective CBs will submit their findings and procedures for the conduct of their work to UKAS for them to assess each prospective CB and ensure equal rigour, parity of scrutiny and process without each CB losing a separate identity. This is as much about assessing the certifying bodies as it is the PMSCs.

There has been unease voiced by the PMSCs who are not involved in the pilot, as they are concerned that those who are will have an advantage. This should not be a concern, as the pilot study PMSCs will only be awarded their ISO/PAS 28007 Certification when the CB itself has been accredited by UKAS. Until the CB is accredited successfully there is no way of actually knowing whether the certificate will ultimately be accepted.

The SAMI pilot scheme has recently been launched, and four companies are working as part of this with our certification partner RTI. The PMSCs within the current pilot are Bowline Defence, Control Risks Group, Securewest International and Zeal Global Maritime Solutions.

SAMI PARTNER CERTIFYING BODY

In order to provide SAMI members with the support they need to comply with increasingly complex and demanding standardisation requirements, the association felt it vital to work closely with a respected independent third party auditor.

Key to this concept has been a new partnership that SAMI has entered into with leading maritime auditing company, RTI Forensics. RTI will lead on certification for the Association, and will be able to provide robust checks to ensure the standard of companies passing through the SAMI scheme and working in the industry.

SAMI has worked hard to ensure that standardisation of the maritime security industry is effective for both shipping and our members. As part of our move to fully embrace ISO/PAS 28007, we have looked to ensure that SAMI members have access to the best support available to achieve an independent assessment of their company, and are pleased to be working with RTI to deliver this.

The new connection with RTI will see SAMI members enter into an enhanced certification process which will make up part of the ISO/PAS 28007 pilot scheme, bringing members in line with the wider-reaching requirements of ISO and forming a solid foundation for their on-going industry certification. The use of an independent third party assessor has been a pillar of the SAMI certification scheme, and we are continuing to ensure that members have the right support necessary to succeed.

RTI’s experience of working with a range of flag States and maritime stakeholders on a global basis, as well as their industry leading provision of shipping and offshore oil and gas auditing and quality management services, is vital to this process. SAMI members undergoing certification will now do so through this enhanced and revised certification process with RTI.

RTI has more than 300+ consultants across marine, rail, aviation, security and utilities, and has a depth of experience as well as strong and well established strong maritime links. The company’s marine experts come from both merchant navy and the armed services, and their auditors have considerable experience providing International Safety Management (ISM) Code and Safety Management Systems audits and training across the shipping industry.

This combined with RTI’s provision of experts for accident investigations and disputes enables the company to take a broader view of the risks and service standards. In furthering this, the company has also formed an independent governance committee to monitor the audit process to make sure they are fair and transparent. This group consists of leading industry figures with experience of flag registries, Classification Societies and leading ship owner associations.

FLAG STATE VIEW

It is important to note that ISO/PAS 28007 will not necessarily eliminate other national accreditation requirements, but it will hopefully reduce the extent to which ship owners, managers and operators will continue to conduct their own forms of due diligence.

It is anticipated that a number of flag States (including Germany, Panama, Cyprus, Belgium, Croatia, Greece, Malta, the Netherlands, Luxembourg, Italy, the UK and Japan) will retain their own additional requirements and processes for state specific reasons, which may in fact be over and above the ISO/PAS 28007 standard. However, acknowledgement and acceptance by flag States of the ISO/PAS 28007 audit by IAF accredited CBs (via their national bodies) will make the standard more meaningful.

The ISO process, from the CBs down through the certified PMSCs is all about reassurance, trust and respect. It is hoped in time that shipping companies will be able to save themselves significant time, effort and resources by turning to the ISO28007 as a standard which they can trust instead of feeling the need to embark on their own lengthy vetting processes.

SAMI, for its part, will recognise only the certification issued by IAF (UKAS and other national Accreditation bodies) Accredited CBs. The association will thereby recognise PMSCs that are certified by those organisations as having passed the entrance criteria to join SAMI.

As part of this acceptance process, SAMI also urges the main shipping associations to support the UKAS lead in this process and encourage their members to only accept CBs accredited by IAF national accreditation bodies. This support is a crucial catalyst to begin the acceptance by the shipping industry of ISO/PAS 28007 and the certification process as a whole.

ABOUT SAMI:

The Security Association for Maritime Industry (SAMI) is a global organisation representing companies working in the maritime security industry and a focal point for global maritime security matters. The international membership encompasses over 180 maritime security providers, consultants, trainers and maritime security equipment, technology and hardware manufacturers from across 35 different nations.

ABOUT ADVANFORT:

A recognized global leader with ever-growing reach, AdvanFort provides high-quality, comprehensive security solutions for commercial shipping, port and terminal operations, and oil and gas industries. Our world-class reputation is a result of our laser-like priority of understanding clients’ businesses in order to create security services that integrate seamlessly with your needs.

In an increasingly integrated world, we work closely with those complex networks of relationships that both need and support our state-of-the-art standards and practices, and proud history of commercial experience, thus providing the most cost-effective security possible.

The result: Unparalleled customer experiences.

Protecting lives and maritime assets against any type of threat and assuring their arrival in safe waters, AdvanFort prides itself with strategic and innovative responses to sea piracy in the Gulf of Aden and its growing reach in other places in the world. The unique quality assurance system employed by AdvanFort has proved 100 percent successful in support of our clients’ vessel transits, resulting in the complete failure of pirates boarding their ships.

Via Advanfort