Good Practices

As part of the risk assessment, analyse the national framework for the provision of private security services, focusing on the enforcement of laws and regulations.

Develop a procurement policy in alignment with the company’s human rights and anti-bribery policies.

• Stipulate the company’s human rights expectations for contractors and suppliers and incorporate these expectations in both the contract and the code of conduct for private security providers.
• Make the policy publicly available and communicate it internally and externally to all personnel, business partners, contractors and other relevant parties.
• Encourage national professionalism by employing only reputable private security providers. Where feasible, consider hiring private security providers who are certified members of the International Code of Conduct Association (ICoCA) or a recognized industry standard such as ANSI-PSC:1, ISO 18788 and/or ISO 28700. These require some level of certification, monitoring, a complaints procedure, reporting and performance assessments. If the above conditions cannot be met, consider hiring an affiliate member of the International Code of Conduct Association.

When selecting a private security provider, review carefully the applicants’ standards and procedures

(see Selecting private security providers: assessing quality and cost considerations within Bids and contracts – Working with Private Security Providers).

• Examine private security provider policy and practice. This includes financial and contractual policy, human rights and security policy, health and safety policy, equal opportunities policy, disclosure of information and confidentiality policy.
• Review private security provider operational procedures, in particular with regard to the command and control structure and communication procedures.
• Assess the private security provider’s associations, including relationships with public security forces, senior officials, political parties, organisations, etc.
• Consider the private security provider’s governance and oversight. This may be reflected in a code of conduct/ethics, rulebooks, responsibilities regarding policy and enforcement, ethics committee, employee tribunals, membership of trade association, etc. Pay particular attention to monitoring and internal accountability mechanisms, such as:

Mechanisms for internal investigation and disciplinary action in case of allegations of wrong-doing by personnel.

Complaints mechanisms that allow individuals to safely raise grievances. This includes third-party mechanisms and whistle-blower protection arrangements.

Regular performance reporting, specific incident reporting and on-demand reporting to the company and, if appropriate, to the relevant authorities.

Requirement for private security provider personnel and its sub-contracted personnel to report any misconduct to the private security provider’s management and/or a competent authority.

• Review selection and recruitment methodology, including criminal screening, screening for human rights abuses and violations of international humanitarian law, drug screening, psychological screening and review in case of discharge from public security services.
• Evaluate human resource management, including philosophy and practice, training policy, number of employees, staff turnover and absenteeism.
• Examine the force and firearms policy and procedure. Check the private security provider’s weapons in use, storage and maintenance procedures, inspection procedures, oversight mechanisms and procedures for reporting use.
• Pay attention to references and certification, such as sector-related certifications, contract-related certifications for specific tasks, references based on past experiences of tendered contract and non-statutory certification.

Include clear clauses and performance requirements in the contract with the private security provider that ensure respect for relevant national law, international humanitarian law, human rights law and company policies.

The Montreux Document on Private Military and Security Companies, part 2, par.15 (International Committee of the Red Cross and Swiss Directorate of International Law 2006)

• Discuss these with the private security provider to make sure the security provider understands its performance objectives (see Compliance with international standards and good practices: developing implementation guidance within Bids and Contracts – Working with Private Security Providers).

• Require the private security provider to establish its own internal grievance mechanism, in alignment with the company’s own mechanism and consistent with company codes and policies. The private security should then report all reported grievances back to the company. The private security provider should also cooperate with official investigations into allegations of contractual violations and breaches of international humanitarian and human rights laws (see Human right abuses by private security providers: setting up procedures and policies to ensure adequate responses within Human rights abuses – Working with Private Security Providers).

• Consider including contractual sanctions commensurate to the conduct, including:

Financial penalties or withholding of progress payments, pending compliance with contract requirements.

Removal of individual private security providers from carrying out the contract.

Scaling back contract tasks, with commensurate decrease in payment.

Exclusion from consideration for future contracts, either perpetually or for a set period of time.

Termination of the contract.

‍

Reduce the range of scenarios where private security provider personnel operate individually. When guards operate alone, this may both increase the risk of incidents and decrease the effectiveness of accountability mechanisms.

Meet regularly with the contracted private security provider to address the following issues:

• Implementation of required tasks consistent with company policies and contractual requirements regarding the Voluntary Principles on Security and Human Rights, the code of conduct for private security providers and international and national humanitarian and human rights requirements.
• Vetting of personnel, to the best of the private security provider’s ability, including ongoing efforts to ensure knowledge of capacity and risks associated with hiring personnel from a particular location, service background, community, ethnic background, etc. Where feasible, personnel records should be kept on file by the contractor and made available for inspection. ‍
• Training of all employees on all standards specified in the contract—including on the use of equipment—on an ongoing and as needed basis as indicated by due diligence and risk assessment activities.
• Provision of all relevant equipment (e.g. defensive equipment, personal protective equipment, personal security equipment, appropriate weapons and firearms and ammunition) by the private security provider to its guards, as required by the contract.
• Investigation of all allegations of human rights abuses. As explained by the World Bank Group and Anvil Mining, this includes ‘all occasions when use of force and/or apprehension of a suspect has occurred to ensure this was done in accordance with company and contractor standards. […] All such incidents should be reported to the company security manager and, where appropriate, to the local authorities.’
• Review of community and stakeholders’ complaints to identify problems, as well as evaluate prevention and/or mitigation measures.
• Confidentiality of information, when appropriate, with particular attention to the privacy of communities and vulnerable groups.  
• Any other findings from ongoing community engagement, due diligence and risk assessment activities.

Establish a monitoring mechanism to improve company oversight of the private security provider.

• Establish a focal point at the company who will be responsible for oversight of the private security provider.
• Require the private security provider to establish a focal point to oversee the conduct of its personnel and to meet with the company’s focal point on a regular basis (e.g. daily or weekly).
• Monitor private security providers through a variety of means. As appropriate, this may include radio networks, CCTV visual monitoring (including installing cameras in vehicles), daily inspections and/or unannounced physical site inspections.
• Use checklists and performance indicators shared with the contractor and assess these on a regular basis. Tie these indicators to specific outcomes, such as financial rewards, penalties and/or termination of the contract.
• Potential performance indicators could include:

No-show rate.

Missed guard tours.

Missed supervisory visits.

Missed training, incomplete training or failure to pass training tests.

Internal and third-party complaints.

Misuse of force/firearms, including accidental discharges of weapons.

Inappropriate interactions with community, public security, or other stakeholders.

Violations of agreed procedure.

Violations of international humanitarian law and human rights abuses.

Violations of international or national laws governing the private security industry.

Violations of company or industry code of conduct or ethics.

Failure to cooperate with client investigation, request for information or incident reporting requirements.

Violations of the terms of the contract.

The Sarajevo Client Guidelines for the Procurement of Private Security Companies, p. 8 (South Eastern and Eastern Europe Clearinghouse for the Control of Small Arms and Light Weapons 2006)

• Deploy an independent third party to monitor the performance of the private security provider. As BP explains in its guidance document on the Voluntary Principles on Security and Human Rights, ‘Monitoring by credible external professionals can provide an additional layer of assurance for stakeholders. It can generate practical advice and guidance to improve performance. It can increase transparency regarding the security arrangements for the business. By hiring ICoCA members or companies certified by certification bodies, a certain degree of oversight and monitoring by the ICoCA or certification bodies can be expected.’
• Identify gaps in service delivery and examine options to fill these gaps, including additional training and other support.

Establish an operational-level grievance mechanism that allows individuals to report unethical and unlawful conduct anonymously

(see  Human right abuses by private security providers: setting up procedures and policies to ensure adequate responses within Human rights abuses – Working with Private Security Providers).

UN Guiding Principles on Business and Human Rights, no. 31

Conduct investigations into credible allegations and, where appropriate, report abuses to the relevant authorities

(see  Human right abuses by private security providers: setting up procedures and policies to ensure adequate responses within Human rights abuses – Working with Private Security Providers).

Engage with the host government to improve national oversight of the private security sector.

• In countries where domestic laws and regulations conflict with internationally recognised human rights, seek ways to honour internationally recognised human rights to the fullest extent which does not place the company in violation of domestic law.23
• Advocate for reforms that bring domestic legislation in line with international standards.24
• In agreements with host governments and associates, address risks of human rights abuse, violations of international humanitarian law and complicity_bookmark109 (see Sensitive discussions on security and human rights within Human rights concerns – Working with Host Governments)

Work with other stakeholders to improve oversight of private security providers.

• Support security sector reform programmes to enhance governance and oversight while respecting the core principle of local ownership.

Promote coordination within host government structures, as there is often no single regulatory agency or oversight mechanism for the private security industry.

Support efforts to strengthen the capacity of national human rights institutions, ombudsman institutions, anti-corruption commissions and independent security sector oversight bodies to effectively oversee the private security industry.

• Work with other stakeholders (e.g. home governments, other contracting companies, relevant trade associations, other industry bodies, private security providers, civil society organisations) to develop frameworks for monitoring the performance of private security providers and to promote the adoption of effective remedy mechanisms.

Support multi-stakeholder initiatives—such as the Voluntary Principles on Security and Human Rights or the International Code of Conduct Association—and harness their potential to lobby host governments on relevant human rights matters. (see  Stakeholder engagement strategy – Working with Communities)

Exchange experiences and lessons learned with other companies operating in the area and consider aligning companies’ codes of conduct for private security providers.

Encourage private security providers to become advocates for human rights issues.

• Encourage oversight of private security providers by local stakeholders.

Clarify roles and responsibilities of the private security provider and share the company’s own code of conduct for private security providers.

Develop a network with relevant stakeholders, ensuring different groups in local communities are adequately represented (in particular the most vulnerable groups), and provide guidance on what to do whenever there are risks of human rights abuse. Consider providing them with capacity support, directly or indirectly.

Suggest steps to take in case of alleged human rights abuses, providing information on the company’s grievance mechanism and guidance on how to use it. Ensure protection of whistle-blowers and human rights defenders.