ISO 28007 What does it mean to a Maritime Security Operator (MSO)?
Previously, certain Private Maritime Security Companies (PMSC) have used ISO 9001 to standardise their services in the use of Privately Contracted Armed Security Personnel (PCASP) on commercial vessels operating in the High Risk Area (HRA) in the Indian Ocean. ISO 9001: 2008 is a general quality management standard, which is not initially tailored specifically to PMSC when it comes to the use of armed MSO’s.
In the last three years, commercial shipping has increasingly looked to the use of PCASP to protect vessels, crews, cargoes and reputation. This has helped to dramatically reduce the hijacking of vessels and subsequently reduced the loss of life and traumatic hostage situations. Although the Piracy threat remains fluid to the Maritime Security (MARSEC) Industry, the use of PCASP is still a pretentious issue for some.
ISO 28007 is the new International Standard, which deals with PCASP on commercial vessels. This ISO contains vital information for PMSC’s and the vessels in which they service by outlining the specific requirements for security management systems and the supply chain. The document focuses on subjects such as planning, training and awareness, communications and documentation. On an operational scale it covers crime scene and forensic management, casualty management, customer focus and as always health and safety. In addition, the ISO 28007 is backed by major international corporations and intelligence and law enforcement agencies such as the IMO, INTERPOL, the European Commission, the Contact Group established by the UN Security Council Resolution 1851 and the UK appointed SCEG (Security in Complex Environments Group).
Industry has learned lessons from previous hostile areas such as Iraq, Afghanistan where the use of armed security contractors has been commonplace for some time. The main difference between the land industry and the maritime environment is that contractors are employed on contracts instead of just being self-employed contractors, where certain skill sets such as Team Medic, weapon handling etc. are paid for by the company because that was a requirement for the team to operate.
Raising the standards and personal development of PCASP is difficult in such a quasi-regulated industry. PMSC’s are always going to get the best individuals for the job but the standards have been fluctuating since the start of the boom in MARSEC.
It’s a difficult issue and, to focus on the PMSC’s and not the PCASP, the ISO/PAS 28000 (Security Management Systems for the Supply Chain) sets the criteria, PMSCs will need to demonstrate this in order to be certified. Covering everything from client focus, risk analysis, company procedures and protocols, which includes selection and training of PCASP, through to post incident management. The new ISO consolidates what MSO’s will have to focus on, in training and development and it may be time for PMSC’s to start investing in training development.