Skip to main content



Third Edition, Available in English, French, Spanish and Chinese

Click on the tabs below to access the language versions

A compendium of concrete good practices to security and human rights challenges aimed at companies, security providers, civil society, national regulators and other practitioners


3.2. Bids and contracts

a) Companies may find it difficult to properly assess quality and cost considerations when selecting private security providers.


Good Practices*

Use the findings of the risk assessment to define quality and cost considerations (See Challenge 3.1.a.)

  • Comply with national and international laws and standards concerning PSPs. If faced with conflicting requirements (e.g. a national law may prevent the implementation of certain international best practices), seek innovative ways to honour the principles of internationally recognised human rights. (GPs: 25)
  • Ensure that all private security staff’s human rights and international humanitarian law records are screened. (See section 3.5. Vetting)
  • Ensure that PSPs are aware of their obligations, trained in human rights and international humanitarian law, and proficient in the use of security equipment and firearms, if applicable. (See Section 3.6. Training)

Stipulate in a Request for Proposals (RFP) “that each applicant (PSP) provide background information in order to assist the client in assessing their application in terms of due diligence, professionalism and financial probity” (SCG: 4)

  • The RFP should provide information on (based on SCG: 3):
    • Operational tasks the PSP is expected to accomplish
    • Type of security required, including whether armed or unarmed
    • Number of posts to be covered
    • Percentage of local staff, if relevant
    • Minimum training and experience levels required
    • Language skills and any other required skills/expertise, if relevant
    • Description of working environment
    • Equipment requirements for the PSP
    • Extent to which the PSP will be in contact with the public
    • Existing grievance mechanisms
  • The RFP should require that bids include information on:
    1. Description of the private security company
      • Evidence of business licenses
      • Ownership structure
      • Company policies, codes and standards, including whether the PSP adheres to the VPs and/or any private security industry standards, such as the International Code of Conduct for Private Security Service Providers (ICoC)
      • Membership in trade associations, multi-stakeholder initiatives or national industry regulatory bodies (e.g. ICoC Association or the South Africa Private Security Industry Regulatory Authority - PSIRA)
      • Proof of “sufficient insurance to cover risks and associated liabilities arising from its operations and activities” (PSC.1: 15), including insurance for its employees
      • Company balance sheets and statement of overall turnover (SCG: 4), including tax payment
      • Relations with subcontractors, subsidiary corporations and ventures
    2. Employees
      • Extent of pre-employment screening for employees/management staff (SCG: 4)
      • Qualifications, background and experience of PSC managerial and operational staff
      • Proof of training provided by the company to its employees on human rights and humanitarian law, the use of force, weapons and firearms, and first aid
      • Salaries, benefits and work conditions of employees
      • Turnover rate of employees (SCG: 4)
    3. Equipment
      • Evidence of equipment licenses (particularly as these relate to weapons and firearms)
      • Number and type of weapons, firearms and ammunition
      • Transportation and communications equipment
    4. Track record and relevant experience
      • Information on any human rights incidents or complaints relevant to the operating environment and/or tasks to be performed and any remedial action taken
      • A list of principal services provided in the last three years (SCG: 4)
      • References from similar clients, in particular from those operating in the local area (SCG: 4)
      • Experience in working with public security in the country/region and any other relevant experience
    5. Implementation plan for the bid
      • Number and work pattern of employees (full time/part time) for the job (SCG: 4)
      • Cost of providing the services needed by the company in compliance with the above requirements

The ICoC explicitly states that “Signatory Companies will not knowingly enter into contracts where performance would directly and materially conflict with the principles of this Code, applicable national or international law, or applicable local, regional and international human rights law, and are not excused by any contractual obligation from complying with this Code. To the maximum extent possible, Signatory Companies will interpret and perform contracts in a manner that is consistent with this Code.” (ICoC: par. 20)

Contracting companies should therefore bear in mind that demanding very low price bids for the required services may exclude PSPs which are compliant with the ICoC from participating in the bidding in the first place, if the remuneration is not sufficient to comply with their standards.

Conduct a thorough due diligence assessment of bids and bidding PSPs, involving consultation with “like-minded industry players, non-governmental organisations, government officials, and other stakeholders, about the reputation of and their experiences with various (PSPs)” (IGTs: 52)

The Sarajevo Client Guidelines for the Procurement of Private Security Companies (SEESAC, 2006) recommend to “evaluate bids in two stages; automatic exclusion on the basis of set criteria and the assessment of tenders according to award criteria.” (SCG: 4)

1. Automatic exclusion (SCG: 5):

a. Inability to fulfil any aspect of the RFP;

b. Failure to provide requested documentation;

c. Submission of false information or misleading information;

d. Bankruptcy or proceedings for a declaration of bankruptcy; 

e. Failure to pay taxes or social security obligations;

f. Grave professional misconduct by the company or one of its management;

g. Conviction of the company or its management of an offence concerning its professional conduct;

h. Proven involvement in political activities; and

i. Proven breaches of international humanitarian and human rights law.

2. Award criteria (See score sheet on SCG: 6-7):

a. Personnel standards
  • Average officer experience: employee backgrounds, experience in industry, contract specific experience
  • Training and professionalism: human rights training (and international humanitarian law in situations of armed conflict), additional training, contract specific training, use of force and firearms and other skills
  • Employment conditions: pay and remuneration, benefit packages, working conditions, types/hours of shifts worked
  • Selection and recruitment: recruitment and selection methodology, criminal screening, human rights abuse (and international humanitarian law violations) screening, drug screening, discharge from police/security services, psychological screening
  • Use of force and firearms: basic training, regular further training
b. Contract management
  • Management structure and experience: structure, organisation and skills of management team, contract specific knowledge of management team
  • Contract resources and implementation mechanisms: contract manager availability, contract manager response time, rostering methodology, back-up capacity, general and client specific procedures, reporting, staff standards inspections, HQ support/24 hours support room
c. Contract infrastructure
  • Equipment: communication tools and systems, IT hardware and software, uniforms, vehicles
  • Technical support: surveillance/CCTV, guard control system, access control system, alarm installation, central monitoring system
d. Company standards
  • Company policy and practice: financial and contractual policy, human rights and security policy, health and safety policy, equal opportunities policy, disclosure of information and confidentiality
  • Company associations: relationship with the police/security services, relationship with political parties and organisations
  • Governance and oversight: code of conduct/ethics, rulebooks, responsibilities regarding policy and enforcement, ethics committee, employee tribunals, membership of trade association
  • Human resource management: philosophy and practice, number of employees, staff turnover, absenteeism
  • Force and firearms policy: weapons in use, storage and maintenance procedures, inspection procedures, oversight and procedures for reporting use
  • References and certification: sector related, contract related, past experience of tendered contract, non-statutory certification
e. Financial
  • Appropriate costing
  • Value for money

Select a PSP on the basis of the two-stage evaluation process and establish formal contract with the selected provider (See Challenge 3.2.c.)

b) Human rights responsibilities and potential liabilities of both the company and the PSP may not be clear.


Good Practices*

Develop company policies and procedures that clarify and explain the roles and responsibilities of the different security actors around the project site and include these in the contract with the PSP

  • Ensure policies and contracts clearly stipulate that both the company and the PSP should respect human rights in all circumstances. “This means that they should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved.” (GPs: 13)
  • Discuss roles and responsibilities with the PSP and address any ambiguities or misunderstandings.
  • Ensure both company staff and private security personnel are familiar with company mechanisms to prevent human rights risks and impacts, as well as with procedures to deal with and support investigations of alleged human rights abuses.
  • Include company policies and procedures in the contract with the PSP and ensure the contract complies with relevant national laws and regulations. (See Challenge 3.2.c.)
    • Confirm with international and national experts the validity of all contract clauses related to legal liabilities and responsibilities. It may be possible to transfer risks and responsibilities to the PSP through a required insurance clause (proof of risk indemnity insurance should be requested with the RFP). However, indemnification clauses will have limited application, depending on the national legal framework.

Carry out due diligence in order to identify and address human rights risks and impacts, taking into account potential liabilities

  • Conduct/update risk and impact assessment jointly with the PSP. (See Challenge 3.1.a.)
  • Consider the risk of corporate complicity in human rights abuses if the PSP protecting the company’s site is involved in such abuses and “treat this risk as a legal compliance issue, given the expanding web of potential corporate legal liability arising from extraterritorial civil (and criminal) claims, and from the incorporation of the provisions of the Rome Statute of the International Criminal Court in jurisdictions that provide for corporate criminal responsibility. In addition, corporate directors, officers and employees may be subject to individual liability for acts that amount to gross human rights abuses.” (GP: 25-26)
  • Note that the risk attached to human rights abuses does not merely lie in the legal domain. Even if the legal responsibility will be determined to lie with the PSP, the reputational damage will likely be shared by the contracting company.
  • Demonstrate the company’s ongoing efforts to mitigate any human rights impacts and provide for or cooperate in the remediation of adverse human rights impacts the company has caused or contributed to through legitimate processes. (GPs: 24) (See Challenge 3.10.a.)
  • Do not assume that conducting due diligence, by itself, will automatically and fully absolve the company from liability for causing or contributing to human rights abuses. (GPs: 19)

Ensure clear communications and effective coordination

To the extent possible, share information on company’s security arrangements and procedures with local stakeholders

  • Appoint a company representative with a good understanding of the local context and a long-term commitment to the job to serve as an interlocutor between the community, the company and the PSP.
  • Establish ongoing dialogue about operations, procedures and potential impact of operations on local communities, particularly on vulnerable groups.
  • Clarify roles and responsibilities of the PSP and share the company’s own code of conduct for private security providers.
  • Suggest steps to take in case of alleged human rights abuses, providing information on the company’s grievance mechanism.

Ensure that grievances and complaints are not merely passed on to the PSP but are discussed and addressed together with company representatives

  • Keep accurate records of all reported grievances and of all actions taken to address them.
  • Conduct review of handling of grievances together with the PSP, identifying lessons learned and adjusting procedures accordingly, if appropriate.
c) In the absence of implementation guidance, PSPs may not fully perform according to international standards, despite their inclusion in contracts.  


Good Practices*

Develop policies, procedures and guidelines defining the roles and responsibilities of private security providers

  • Develop a human rights policy and ensure it is embedded throughout the company.
  • Develop security and procurement policies that reflect the company’s human rights policy. These policies should (based on GPs: 16):
    • Be approved at the most senior level of the company:
    • Be informed by relevant internal and/or external expertise;
    • Stipulate the company’s human rights expectations of personnel, business partners, PSPs and suppliers;
    • Be publicly available and communicated internally and externally to all personnel,  business partners, contractors and other relevant parties;
    • Be reflected in the company’s security procedures.
  • Clarify the role of private security in all work site safety and security policies and procedures. (IGTs: 54)
  • Adopt the ICoC or develop a code of conduct for PSPs based on the VPs and/or the ICoC, ensuring coherence with the company’s security policy and procedures. Make this code a standard part of all contracts issued by the company.
    • Define the company’s standards and expectations clearly, so that the PSP understands its performance objectives and deliverables. (MIGA: IV-1) “Address the ambiguities and clarify what they mean to prevent the private security provider from guessing the intent and measure of success”. (MIGA: IV-2)
    • Provide copies of this code of conduct and written rules for the use of force to each guard.
    • Make PSP management and guards sign the code of conduct for PSPs adopted by the company, acknowledging understanding of the document and committing to comply with the principles therein, and ensure the company’s security department keeps a copy of all signed documents.
    • Share and discuss this code of conduct with relevant stakeholders, such as other companies, public security forces and local communities. Where appropriate, amend this code to integrate feedback received during these discussions.
  • In  all policies and guidelines, reference applicable international and national instruments and standards, including (based on IGTs: 54):
    • Law and professional standards of the host country
    • Universal Declaration of Human Rights
    • International Covenant on Civil and Political Rights
    • International Covenant of Economic, Social and Cultural Rights
    • International Labour Organization’s Declaration on Fundamental Principles and Rights at Work
    • Geneva Conventions of 1949 and their Additional Protocols of 1977
    • UN Principles on the Use of Force and Firearms by Law Enforcement Officials, and the UN Code of Conduct for Law Enforcement Officials
    • Convention Against Torture
    • UN Guiding Principles on Business and Human Rights
    • Voluntary Principles on Security and Human Rights
    • Montreux Document on Private Military and Security Companies
    • International Code of Conduct for Private Security Providers

Develop a contract with the PSP that includes clear “clauses and performance requirements that ensure respect for relevant national law, international humanitarian law and human rights law” by the contracted PSP (MD Part 2: par. 14), and discuss these with the PSP to make sure the security provider understands its performance objectives. Such clauses may address:

  • Compliance with international human rights and humanitarian law (in situations of armed conflict), company policies and code of conduct for PSPs (include these as an annex to the contract). These should be broken into specific provisions against which performance can be assessed (for sample contract clauses on VPs for private security contracts see IGTs: 93).
  • Roles and responsibilities of the company and the PSP.
  • Mutually agreed rules for the use of force.
  • Minimum age to carry out security services (i.e. 18 years old).
  • Vetting, including past conduct and regular performance evaluations, where feasible. This includes records relating to posts held with the military, police or PSPs. (ICoC: par. 48) (See Section 3.5. Vetting)
  • Fair remuneration and working conditions for private security personnel. (See Challenge 3.3.a.)
  • Training on human rights and international humanitarian law (in situations of armed conflict). (See Section 3.6. Training)
  • Regular testing to evaluate:
    • Understanding of use of force, human rights and international humanitarian law standards, and, if applicable, competency in safe handling of authorised arms and ammunition (for every type of firearm used);
    • Physical and psychological fitness standards to perform their contracted duties; and
    • Substance abuse.
  • Possession of required registration, licenses or authorisations, and lawful acquisition and use of equipment, in particular weapons. (MD Part 2: par. 14)
  • Procedures for apprehending persons “to defend themselves or others against an imminent threat of violence, or following an attack or crime committed by such persons against Company Personnel, or against clients or property under their protection, pending the handover of such detained persons to the Competent Authority at the earliest opportunity.” (ICoC: par. 34) All apprehended persons should be treated “humanely and consistent with their status and protections under applicable human rights law or international humanitarian law.” (ICoC: par. 33)
  • Work with subcontractors, including requirements that the PSP:
    • Communicates in advance any intention, and obtains necessary approval, to engage with subcontractors as part of the service agreement; (PSC.1: 20)
    • Demonstrates that subcontractors comply with equivalent requirements as the PSP initially contracted by the company; (MD Part 2: par. 15) and
    • Be liable, as appropriate and within applicable law, for the conduct of its subcontractors. (MD Part 2: par. 15)
    • Monitoring mechanisms.
  • Evaluation and reporting requirements.
  • Investigation and reporting of unlawful or abusive behaviour and appropriate disciplinary action, including that appropriate reparation be provided to those harmed by the misconduct of PSPs and their personnel. (MD Part 2: par. 14)
  • Liabilities in case of damage to property, employees, reputation of the company or of human rights abuses to third parties.
  • Compliance inspections and an annual audit (e.g. conducted by the contracting company or by an independent third party) to verify the successful delivery of the performance objectives established in the contract and the code of conduct.
  • Clear provisions for termination of the relationship by the company where there is credible evidence of unethical or unlawful behaviour by private security personnel (VPs: 6-7) or for any other failure to comply with contractual provisions.
  • Financial rewards (e.g. further work) and penalties (e.g. withholding payments) for compliance or noncompliance with contractual provisions that relate to human rights requirements. (IGTs: 53)

Complement training provided by the PSP to its staff with the following measures:

  • Remind PSP personnel of key points of the ICoC/company’s code of conduct for PSPs, as well as of site specific safety controls, on a regular basis (e.g. at the beginning of shifts, during shifts, during refresher sessions).
  • Convene regular meetings where private security personnel can discuss good practices, ask specific questions and share their experiences among themselves. (See Cameroon case study)
  • Print the key points of the ICoC/company’s code of conduct for PSPs and the rules for the use of force on plasticized “smart cards” issued to all private security personnel. The smart cards should be in the appropriate local language for ready reference and inspection. (MIGA: IV-3)

Conduct regular performance checks and meet regularly with the PSP management to discuss the findings (MIGA: IV-5)

  • Develop a checklist based on the contract and the code of conduct and use it during the monthly performance checks.
  • Consider using an external human rights monitor to check compliance on a regular basis (e.g. engage with an NGO to identify human rights gaps).
  • Review security incident reports to identify actual or potential human rights abuses and take appropriate measures (See Challenge 3.10.a.). Identify lessons learned and integrate them in security procedures and practices.

If the PSP still fails to comply with any or several of the clauses in the contract, consider the following options (IGTs: 57):

  • Negotiate a timeline for compliance.
  • Withhold payments as established in the contract until the issue is satisfactorily addressed.
  • Condition ongoing relationship on performance and provide further, detailed guidance and training, together with regular performance review.
  • Terminate the relationship with the PSP.

Termination of Contract with PSP and Transition of Security Delivery[4]

A company may choose to terminate its contract with a Private Security Provider (‘PSP) for a variety of reasons including cost, change in requirements or a failure of the PSC to fulfil its contractual obligations.

Where a contracting company (henceforth, a ‘company’) terminates a PSP contract with a view to replacing it with another PSP, both the termination of the existing contract and the transition to new security arrangements need to be managed proactively, as failure to do so may expose the company and those associated with its operations (such as: its personnel, contractors, suppliers and/or other public or private security providers) to multiple risks.

Companies should consider PSP contract termination from two angles: legal and operational. As with any contractual arrangement, a company should seek advice on its legal obligations relating to the termination of the PSP contract. It is beyond the scope of this section to discuss legal issues (which, by nature, are jurisdiction- and contract-specific). Instead, the focus is on the operational issues relating to discontinuing a PSP contract.

Among the more pertinent operational issues for a company to consider are:

  • Licences: Licenses are required for a variety of PSP-related items and services including: the use, transport and on-site storage of weapons; specific firearms; and the delivery of PSC services at the operating site. Such licences may be granted by both local and national authorities. The company should conduct a review to establish which licences and permits have been granted, who ‘owns’ them (for instance, are weapons licensed for use on the site specifically, licensed to individuals or licensed for general use by the PSP) as well as if and how they can be transferred. It is possible that the exiting PSP has secured licences in relation to the property unbeknown to the company. In this instance, the company should contact the relevant authorities, as well as the exiting PSP, to complete the inventory. 
  • Equipment: Apart from weapons, a PSP will make use of other equipment and materials. It is important for the company to determine who owns the equipment and, where appropriate, to arrange for its transfer.
  • Employees/Consultants: In some cases, a company will be responsible for individual employees or contractors of the PSP beyond the termination of the contract. Such responsibilities may include obligations to continue employment, pay for healthcare or insurance.
  • Records: A company may have access to the PSP’s records (personnel, incident logs, etc.). Consideration should be given to retaining or transferring copies of this information as appropriate.
  • Systems: In many circumstances, the exiting PSP will have access to the company’s operational systems (including IT). Consideration should be given to closing this access and safeguarding confidential or sensitive data.
  • Complaints: Companies should consider whether there are any outstanding complaints against the PSP or its operatives. Priority should be given to managing these complaints.
  • Public security: PSPs typically play a role in managing relationships with police and military units. Companies should determine whether there is any Memorandum of Understanding in place with public security forces and, if so, whether it names the PSP. Companies should also establish which individuals in the PSP are responsible for these relationships with public security officials and, where necessary, how to transfer and institutionalise these relationships.
  • Sub-contractors: PSPs often subcontract to other PSPs and outsource support functions such as vehicle maintenance. Companies should establish what sub-contractors exist, how they will be affected, which party is responsible for them, and how any transfer of service delivery will be managed.
  • Knowledge transfer: The outgoing PSP is likely to have developed significant knowledge of relevant security issues surrounding company operations. Companies and their new PSPs should attempt to gain intelligence from the outgoing PSP.

It is always prudent to consider and factor in issues of termination as part of the negotiation and drafting of the contract. The above are, of course, just a sample of some of the practical issues that a company must consider prior to terminating a contract with a PSP. Every situation is unique and each company must unwind all aspects of its existing contractual arrangements, effectively deconstructing the contract to identify what rights and responsibilities a company has to its PSP and vice versa.

Of particular importance to the termination of the PSP contract is the issue of coordination. It is critical that processes are coordinated in order to ensure that there is no gap in the provision of security services. The termination of a PSP contract is not just a matter for a company’s security and legal departments; it also has an impact on other departments, including operations, human resources, and communications.

PSPs are often a source of significant local employment and their operatives are ‘the face’ of a company – patrolling the perimeter of operations and interacting with external parties on a regular basis. Therefore, changing a PSP will inevitably have an impact on a wide range of stakeholders including local communities. It is important for a company to be proactive in the management of its community relations and, to the extent possible, engage communities in terms of the termination and transition of the PSP contract.

Where the PSP itself instigates the termination of the contract, the company should conduct its own assessment of the reasons for such a termination. The company must be particularly vigilant to ensure that the PSP has not chosen to terminate its contract as a result of material threats, abuses or other issues at the operating site and, moreover, has not adequately informed the company of these concerns and issues.

The immediate termination of a PSP contract may put a company and its operators at significant risk if it is not adequately managed. For this reason, it is advisable to conduct contingency planning for such an eventuality, taking into account the issues identified above.

In sum, the effective termination of a PSP contract and subsequent management of the transfer to a new contractor will require coordination between departments and stakeholders. To protect a company from potential risks, these processes, in conjunction with the abovementioned operational issues, must be proactively managed.