Skip to content

A residential building damaged by artillery in the rebel-held town of Pervomaisk, Luhansk Oblast, Eastern Ukraine. (Photo by iStock)

Managing Security Operations in Regions Outside the Rule of Law

For organizations seeking to manage risk and security operations in tenuous circumstances—including in countries or regions where there is conflict or where the rule of law has been undermined—a little guidance is more than welcome.

The ASIS Standard Management System for Quality of Private Security Company Operations - Requirements with Guidance was designed to provide such assistance. The standard builds on the Montreux Document and the International Code of Conduct (ICoC) to give private security companies criteria to operate under consistent and good practices with respect for human rights and legal obligations.

ASIS members can access an e-book version of the PSC.1-2012 standard for free. An excerpt from the standard’s section on the “Prevention and Management of Undesirable or Disruptive Events” (Section 9.5) is available below.

Respect for Human Rights

The organization shall establish, implement, and maintain procedures to treat all persons with dignity and with respect for their human rights and to report any nonconformance. The organization shall develop and communicate to all persons working on its behalf procedures for conduct consistent with the principles of the Montreux Document and ICoC; as well as any contractual, legal, and regulatory requirements applicable to the organization’s activities.

Rules for Use of Force and Use of Force Training

The organization shall identify competencies and training needs associated with the use of force and weapon-specific training. It shall provide ongoing training for the use of force as well as training to meet these needs of personnel carrying weapons. The organization shall verify competence and retain associated records.

The organization shall establish, document, and maintain procedures for the use of force, either as Rules for the Use of Force (RUF) specified by a competent legal authority or a use of force policy as specified by the client. The organization’s use of force procedures shall be consistent with applicable international and national law and be subject to legal review before implementation. Use of force procedures include conditions for the use of lethal force and less lethal force, emphasizing that lethal force is justified only under conditions of necessity when there is a reasonable belief that a person or persons presents an imminent threat of death or serious bodily harm to the individual or others in the vicinity. Lethal force is used only when there is a reasonable belief that the subject of such force poses an imminent risk of death or serious bodily harm to another person. Use of force training shall be based on application of the approved use of force procedures.

Use of force training shall include:

  1. Reasonable steps to avoid the use of force;
  2. Use of force continuum to resolve threats;
  3. Use of force is consistent with applicable law;
  4. Use of force necessary and reasonable in the face of a threat; and
  5. Use of lethal force against persons only in self-defense or defense of others against the imminent threat of death or serious injury, or to prevent the perpetration of a particularly serious crime involving a grave threat to life; and the application of force stops when there is no longer a threat.


The organization shall provide training to avoid, identify, and report non-conformances in the use of force including the use of weapons, as well as for the mitigation of consequences.

Occupational Health and Safety

The organization shall establish, implement, and maintain procedures to promote a safe and healthy working environment including reasonable precautions to protect people working on its behalf in high-risk or life-threatening operations consistent with legal, regulatory, and contractual obligations. Procedures shall include:

  1. Assessing occupational health and safety risks to people working on its behalf as well as the risks to external parties;
  2. Hostile environment training;
  3. Provision of personal protective equipment, appropriate weapons, and ammunition;
  4. Medical and psychological health awareness training, care, and support; and
  5. Guidelines to identify and address workplace violence, misconduct, alcohol and drug abuse, sexual harassment, and other improper behavior.


Performance of Security Functions

The organization shall establish, implement, and maintain procedures to support the performance of security-related tasks, including:

  1. Observation and reporting;
  2. Apprehension and detention of persons;
  3. Search;
  4. Actions on contact/react to direct or indirect fire;
  5. First Aid, casualty care, and evacuation;
  6. Incident reporting and evidence preservation; and
  7. Other task and context-specific functions required under the terms of a specific requirement or otherwise required by client or competent authority.


Incident Management

The organization shall establish, implement, and maintain procedures to identify undesirable and disruptive events that can impact the organization, its activities, services, stakeholders, human rights, and the environment. The procedures shall document how the organization will proactively prevent, mitigate, and respond to events.   

When establishing, implementing, and maintaining procedures to expeditiously prepare for, mitigate, and respond to a disruptive event, the organization shall consider each of the following actions:

  1. Safeguard life and assure the safety of internal and external stakeholders;
  2. Respect human rights and human dignity;
  3. Prevent further escalation of the disruptive event;
  4. Minimize disruption to operations;
  5. Notification of appropriate authorities;
  6. Protect image and reputation (of the organization and its client); and
  7. Corrective and preventative actions.

Incident Monitoring, Reporting, and Investigations

The organization shall establish, implement, and maintain procedures for incident monitoring reporting, investigations, disciplinary arrangements, and remediation. Incidents involving use of force or weapons, any casualties, physical injuries, allegations of abuse, loss of sensitive information or equipment, substance abuse, or nonconformance with the principles of the Montreux Document and ICoC, as well as applicable laws and regulations, shall be reported and investigated with the following steps taken, including:

  1. Documentation of the incident;
  2. Notification of appropriate authorities;
  3. Steps taken to investigate the incident;
  4. Identification of the root causes;
  5. Corrective and preventative actions taken; and
  6. Any compensation and redress given to the affected parties.


The organization shall assure all persons working on its behalf are aware of their responsibilities and the mechanisms to monitor and report non-conformances and incidents.

Records of nonconformances and incidents shall be maintained and retained for a minimum of seven years or as specified by legal or regulatory requirements.

Internal and External Complaint and Grievance Procedures

The organization shall establish procedures to document and address grievances received from internal and external stakeholders (including clients and other affected parties). The procedures shall be communicated to internal and external stakeholders to facilitate reporting by individuals of potential and actual nonconformances with this Standard, or violations of applicable international and national laws, or human rights. The organization shall investigate allegations expeditiously and impartially, with due consideration to confidentiality and restrictions imposed by local law. The organization shall establish and document procedures for:

  1. Receiving and addressing complaints and grievances;
  2. Establishing hierarchical steps for the resolution process;
  3. The investigation of the grievances, including procedures to;
    • Cooperate with official external investigation mechanisms;
    • Prevent the intimidation of witnesses or inhibiting the gathering of evidence; and
    • Protect individuals submitting a complaint or grievance in good faith from retaliation.
  4. Identification of the root causes;
  5. Corrective and preventative actions taken, including disciplinary action commeasurable with any infractions; and
  6. Communications with appropriate authorities.


Grievances alleging criminal acts, violations of human rights, or imminent danger to individuals shall be dealt with immediately by the organization, and other authorities as appropriate.


The full PSC.1-2012 Standard is available online and in print through the ASIS Store here.