ISO 28007 – Understanding the Maritime Security Standard

What is ISO 28007?

ISO 28007-1:2015 sets the international standard for Private Maritime Security Companies (PMSCs), providing guidelines on the deployment of Privately Contracted Armed Security Personnel (PUASP) aboard ships navigating high-risk areas.

The standard was born from an International Maritime Organization (IMO) request for a consistent benchmark for armed security providers.

This standard is a specialized extension of the broader ISO 28000 security management framework, tailored to address the unique challenges of armed maritime security.

For PMSCs, certification signals a commitment to high operational standards and legal compliance. For shipping companies, it builds confidence, simplifying the selection of competent partners to protect their crew, cargo, and vessels.

Key Components of ISO 28007–1:2015

• Operational Planning and Risk Management: Mandates voyage-specific risk assessments, clear command and control structures, defined Rules for the Use of Force (RUF), and effective communication protocols.

• Personnel and Equipment Management: Sets stringent criteria for the selection, screening, vetting, and training of PUASP, including medical and psychological fitness. It also covers the lifecycle management of weapons and equipment, from licensing and procurement to onboard storage and maintenance.

• Legal and Contractual Compliance: Requires adherence to all relevant international, national, flag state, and coastal state laws, alongside transparent contracts that clearly outline responsibilities and liabilities.

Guidelines for PMSCs

ISO/PAS 28007:2012 Overview

The initial version, ISO/PAS 28007:2012, was introduced as a Publicly Available Specification (PAS) as a rapid response to the industry’s urgent demand for a common, auditable framework for PMSCs operating in high-risk areas.

Recognition by the International Code of Conduct for Private Security Service Providers’ Association (Coca) was a significant step, linking the standard to international human rights principles.

This alignment offered a clear mechanism for demonstrating accountability and responsible governance, establishing compliance as a recognized pathway to Coca certification. While superseded by the 2015 version, the 2012 PAS laid the essential groundwork for professionalizing the private maritime security industry.

Certification and Compliance

ISO 28007 certification is a formal validation that a PMSC meets the highest operational standards.

For shipping companies, partnering with a certified PMSC simplifies due diligence.

To achieve certification, a PMSC must first ensure compliance by aligning its policies, procedures, and management systems with the standard’s stringent requirements.

Auditing and Continuous Improvement

Maintaining ISO 28007 certification is not a one-time achievement but an ongoing commitment, verified through regular, structured audits.

The comprehensive auditing process promotes continuous improvement, encouraging companies to identify areas for enhancement, analyze root causes, and implement effective corrective measures.

A strict schedule of annual surveillance audits and a full recertification audit every three years enforces this commitment, ensuring certified companies adapt to emerging maritime risks.

Conclusion and Future of ISO 28007

ISO 28007 is a cornerstone of professionalism and accountability in the private maritime security sector. By translating complex security needs into a clear, auditable system, it gives shipping companies a reliable benchmark for selecting competent and ethical partners.

Looking ahead, the maritime security landscape is constantly evolving. While piracy remains a persistent threat, the standard’s core principles of risk management and continuous improvement equip certified PMSCs to confront emerging challenges—from drone technology and cyber-physical threats to geopolitical instability.

By establishing a transparent, internationally recognized standard of excellence, the standard fosters trust between shipping lines, insurers, and flag states. Partnering with an ISO 28007-certified PMSC is a definitive statement of due diligence and a commitment to the highest standards of safety at sea.