Setting Standards for Maritime Security
As maritime security evolves, so too is the need for increased and standardized professionalism in the ranks of Private Maritime Security Companies.
In many respects, the maritime security industry is still in adolescence. The growing pains associated with speed of expansion have led to disparity in terms of acceptable behavior and confusion over appropriate conduct. This disparity is echoed in the PMSCs themselves - there are those who strive to lead the way in terms of professionalism and others who struggle to keep up with reasonable minimum standards. Although some owners may be happy to accept a more liberal approach to maritime security, when it comes to deploying men with guns on ships, there is no room for allowing immaturity. The stakes are too high.
What the industry continues to need are clearer boundaries and standards. This, coupled with an ethos of integrity, is central to securing the confidence and respect of the shipping market, not least so for those shipowners and operators who understand the tangible value attached to reputation.
Fortunately, there continues to be a determination to professionalize the industry; the ISO/PAS 28007 standard, as well as amendments to German law provide clear examples of how private maritime security is maturing.
In the short history of private maritime security there has never been one universal standard; a definitive benchmark that comprehensively encapsulates every aspect of a private maritime security company (PMSC) and how it should be delivering its services effectively. Until now, that is.
Initiated in 2012, ISO/PAS 28007 (annexed to the ISO 28000 Security Management System) was formulated within six months, making its establishment one of the fastest in ISO history. However, that speed is in no way reflective of the depth of the standard, but rather the necessity of an internationally recognized standard to support ship owners and operators in effectively evaluating PMSCs. It sets the benchmark for PMSCs who want to demonstrate to the international community that they, and the operatives they supply, are of the right quality to legally, safely and effectively guard commercial shipping on the high seas.
ISO 28000 is a risk based quality management system for the security of operations and activities conducted by organizations. ISO 28007 sets out guidance for applying ISO 28000 to PMSCs and key components fall into two main groups; management of the security system and procedural aspects. Management of the security system includes areas such as security risk assessments, clearly defined management responsibilities, internal audits of operations, and legal and other regulatory requirements. Procedural aspects encapsulate rules of authority, contractor selection, screening and vetting, training, authorizing licensing of firearms, prevention of incidents, incident management and emergency response, investigation and reporting of incidents, procedures for detainment, identification, interface with crew and familiarization.
The United Kingdom Accreditation Service (UKAS) is the sole national body recognised by government to assess evaluating organizations, such as certification bodies, against international standards. UKAS has been appointed to assess companies offering certification to ISO/PAS 28007, verifying that they are using competent assessors with the correct qualifications and that rigorous and tested auditing processes are followed. The importance of thorough and independent assessment against recognized standards (UKAS accreditation) is key to the confidence of the shipping market. It is vital that auditing standards are not undermined and that PMSCs are not tempted by a certification body that is not internationally-accredited.
UKAS began assessment of the certification bodies’ in June and aims to complete the pilot project by the end of the year. This will allow appropriate time for those certification bodies taking part to train its auditors to the rigorous requirements demanded by ISO/PAS 28007. In the meantime ship owners can continue to work with the ISO/PAS 28007 document as guidelines to independently assess the competency of PMSCs.
PVI is one of the few PMSCs involved in the pilot scheme and is working through the process with Lloyd’s Register Quality Assurance (LRQA). As a subsidiary of Lloyd’s Register Group Limited, LRQA clearly has strong foundations in the maritime industry and is one of three global management system certifiers participating in the pilot.
Ultimately, ISO/PAS 28007 is all about risk assessment. It has been specifically created for ship owners and operators to support them in deciding whether or not the risk that they are taking has been properly evaluated, calculated and assessed. This can only be welcomed.
Although the ISO/PAS 28007 represents a landmark in the professionalization of PMSCs and will represent the foundation for future due diligence, certain Flag States continue to adopt their own procedures to determine which companies are approved to protect vessels sailing under that Flag. Panama, Malta, Belgium, Croatia, Greece, the Netherlands, Luxembourg, Italy, the UK and Cyprus, for example, all have particular requirements for the utilization of PMSC services and from 1 December 2013, Germany will join that group. Changes to German law will mean that only licensed PMSCs will be able to provide security services onboard German-flagged vessels.
The updated German regulations are more stringent than any other existing standard and go beyond those of the ISO 28000/28007 certification. It may well be, therefore, that many maritime security companies will not afford the time and resource to achieve this mandatory accreditation.
The German regulations require companies not only to demonstrate due process, but also to evaluate the implementation of those processes. PMSCs are asked to, amongst other things, submit standard operating procedures and company documentation for scrutiny by the authorities. They also place great emphasis on training standards, for example obtaining knowledge and skills relevant to the German public. This includes comprehensive knowledge of German civil and criminal laws – such as width and limits of right of self-defense – crisis handling, de-escalation techniques, the secure handling of weapons and equipment, as well as weapons law and foreign trade law of Germany, and of the relevant harbour and coastal states. In addition, they require the PMSC’s Privately Contracted Armed Security Personnel (PCASP) to conduct and evidence regular firearms training.
PVI is committed to obtaining a license from the German Authorities to enable it to place its PCASP on German-flagged vessels. It is undertaking the additional training in-house and has employed independent German legal experts to ensure the accuracy of the German legal training requirements.
Whilst there have been questions over the necessity for such complexity in the German regulations, what is being set out to achieve is obvious; mitigation of risk in an area where the stakes are high. BAFA and the Polizei Hamburg are proactive and knowledgeable in their approach, providing direction and support to interested PMSCs and the German Government should be praised for its attempt to not only regulate this maturing industry but ultimately keep seafarers safe.
As the maritime security industry gradually matures and the risks presented by anything less than an exemplary approach become readily apparent, it stands to reason that ship owners and operators are becoming increasingly discerning in their choice of security partner. This is why accreditation that recognizes and rewards legal compliance, professionalism, quality and excellence is to be applauded and embraced.
(As published in the 4Q 2013 edition of Maritime Professional - www.maritimeprofessional.com)