COLLECTING,

DOCUMENTING
& REPORTING
on PRIVATE
SECURITY

A PRACTICAL GUIDE
FOR CIVIL SOCIETY

International
Code of Conduct
Association
 January 2021 COLLECTING,
DOCUMENTING
A PRACTICAL GUIDE
& REPORTING FOR CIVIL SOCIETY
to support implementation
onPRIVATE of the International Code
of Conduct for Private
SECURITY Security Service Providers

About ICoCA INTRODUCTION

ICoCA is a multi-stakeholder initiative formed in 2013 to ensure that providers

Civil Society and Private
1
of private security services respect human rights and humanitarian law.
CHAPTER

It serves as the governance and oversight mechanism of the International Security Governance
Code of Conduct for Private Security Service Providers (the “Code”).
The Code articulates responsibilities of private security companies under 1. What is private security?
human rights and international humanitarian law to ensure the responsible 2. Civil society’s role in good
provision of private security services, particularly when operating in complex private security governance
environments.

Collecting Information
About DCAF
CHAPTER
2
on Private Security
1. Differentiating private security
Since 2000, DCAF - Geneva Centre for Security Sector Governance has
from other security actors
facilitated, driven and shaped security sector reform (SSR) policy and
programming around the world. DCAF assists partner states in developing 2. Identifying applicable standards
laws, institutions, policies and practices to improve the governance of 3. Selecting information sources
their security sector through inclusive and participatory reforms based on
international norms and good practices. DCAF creates innovative knowl-
Documenting and Reporting
edge products, promotes norms and good practices, and provides legal and
policy advice. The Centre also supports capacity building of state, civil
society and private sector stakeholders by providing access to independent
CHAPTER
3
on Private Security
expertise and information on Security Sector Governance and Reform 1. Documenting
(SSG/R). • Key considerations before
documenting and reporting
• Private security documentation checklist
Supported by
2. Reporting
• Information that is pertinent for civil society
• Reporting mechanisms regarding
private security
CONCLUSION

2 3
 Introduction
ACKNOWLEGEMENTS

This tool was developed by the International Code of Conduct Association (ICoCA)
OBJECTIVE & PURPOSE OF THE TOOL
and DCAF – Geneva Centre for Security Sector Governance. ICoCA and DCAF
would like to sincerely thank the 16 civil society organisations across Latin America The private security industry has grown exponentially in many countries
and Africa for responding to questionnaires to inform the tool development meth- in the last quarter of century and is oftentimes larger than police, military
odology. A special recognition also goes to ICoCA and DCAF partner Observatoire and prison services combined. Despite its weight in the security, economic
d’Etudes et d’Appui à la Responsabilité Sociale et Environnementale (OEARSE) and social sectors of countries, there is a general lack of information and
based in DRC for coordinating the research of 13 civil society organisations on the data on the size and numbers of private security companies and employ-
ground and for the input and advice provided throughout the project. A big thanks ees as well as on the exact nature of their operations and activities.
goes also to the 13 civil society organisations based in DRC for their input, research
and continuous feedback to make the tool as practical as possible. In many contexts, national legal frameworks and policies do not effec-
tively regulate the industry and there is a lack of oversight. This leads
Lastly, ICoCA and DCAF would like to express their sincere gratitude for the generous to an increased risk of human rights abuses, such as sexual harassment,
support of the UK Government and the Swiss Federal Department of Foreign exploitation and abuse and excessive use of force.
Affairs Peace and Human Rights Division in making this project possible.
Civil society plays a fundamental role in promoting a better understand-
ACRONYMS ing of private security, ensuring that violations are reported and that
applicable national laws and policies address all relevant issues.
CSO Civil Society Organisation
DCAF Geneva Centre for Security Sector Governance This tool provides guidance to civil society organisations (CSOs) in
collecting, documenting and reporting on private security. For this, it
DRC Democratic Republic of Congo draws on the International Code of Conduct for Private Security Service
FARDC Forces armées de la République démocratique du Congo Providers (the Code). This Code articulates important principles for
private security companies based on human rights and international
ICoCA International Code of Conduct Association (ICoCA)
humanitarian law, including the prohibition of torture, human trafficking,
The Code International Code of Conduct for Private Security and rules on the use of force. It serves as a useful reference to ensure
Service Providers good private security governance and therefore to prevent and address
human rights abuses by private security companies. The Code is over-
ISO International Organization for Standardization
seen by the International Code of Conduct for Private Security Service
ISWAP Islamic State in West Africa Province Providers’ Association (ICoCA) a multi-stakeholder initiative formed in
MSF Médecins sans Frontières 2013 that brings together governments, civil society organisations and
private security companies.
NGO Non-Governmental Organization
OECD Organisation for Economic Co-operation and Development
OHCHR Office of the United Nations High Commissioner for
Human Rights
PNC Police Nationale Congolaise
PSC Private Security Companies
UNGPs UN Guiding Principles on Business and Human Rights
VPs Voluntary Principles on Security and Human Rights

4 5
 HOW TO USE THIS TOOL Human rights monitoring is a specialized function that requires sound
substantive knowledge, a distinct set of technical skills and the applica-
This tool addresses CSOs that work in the field of human rights protec- tion of thorough methodologies. If you would like to learn more about
tion and are interested in contributing to good private security gover- human rights monitoring specifically, you may find this resource useful:
nance. This tool assumes that CSOs have access to monitoring guidance Manual on Human Rights Monitoring (OHCHR): searchlibrary.ohchr.org/re-
and seeks to offer a specialised complement to such guidance by provid- cord/4835?ln=en This Manual was developed by the Office of the United
ing insight on collecting, documenting and reporting on private security Nations High Commissioner for Human Rights (OHCHR) and integrates
specifically. It provides an overview of international norms and standards the experience and good practices developed by OHCHR’s human rights
applying to private security and includes good practices and additional officers over two decades of fieldwork, including guidance on analysis,
elements to consider when integrating a private security focus in larger protection of witnesses, victims and sources, and monitoring of economic,
human rights promotion and protection work. social and cultural rights.

While this tool contains a core structure that is applicable to all contexts,
some sections are meant to be adapted for each setting as the private
security landscape changes from country to country. These sections
include boxes entitled “in context” where country specific information
IN CONTEXT
can be added.
Are there manuals and monitoring tools available offering CSOs guidance
on how to monitor and document human rights abuses?
THE FIRST CHAPTER lays out the role of civil society in private security
governance by highlighting the particularity of the sector and its charac-
teristics, through demonstrating how this sector’s operations can present
a risk for human rights and providing insights into the role civil society
can play in preventing and mitigating human rights abuses by private
security companies.

THE SECOND CHAPTER provides guidance on collecting information on

private security. After addressing the challenge in distinguishing private
security from other actors operating in the security sector, it provides an
overview of the standards articulated in the International Code of Conduct Are there agencies and experts that can be consulted?
for Private Security Service Providers (the Code). This Code compiles
principles based on human rights and international humanitarian law
which are particularly relevant for companies offering security services.
Lastly, an important step before collecting information requires identi-
fying information sources and indicating the strengths, weaknesses and
risks of each source.

THE THIRD CHAPTER provides insights on documenting and reporting

information on private security. In the documentation section, guidance
is provided on the content of the information that should be documented
when working on private security. Opportunities to enforce accountability
in the case of a human rights abuse, will depend on the information
documented. The last section covers relevant reporting best practices
and channels. Although this tool focuses on monitoring and reporting, it may also be
useful to raise awareness on the importance of good private security
governance with other civil society organisations, communities, private security
guards, clients of private security companies or government agencies.

6 7
 Civil Society and Private
1 Security Governance
1.1 WHAT IS PRIVATE SECURITY?
In the last 20 years, there has been a world-wide increase in the number
of private security companies (PSCs). The role of PSCs is especially
visible where there is insufficient provision of security services by the
State, or when natural disasters or armed violence make it necessary to
strengthen security measures.

$
244 20+ 50 %
BILLION MILLION
Market value Number of Of the world’s
of the private private security population live
security industry workers in countries where
per year worldwide private security
workers outnumber
public police
officers

WHAT TYPE OF SERVICES DO PRIVATE SECURITY

COMPANIES PROVIDE?

Private security companies offer a wide range of services. These range

from classical activities, such as the guarding of airports or banks, body-
guarding, to the training of police or other companies, to assessing
and managing security risks of a big company or providing security to a
merchant vessel. Other services offered by PSCs might not be as visible
such as intelligence, surveillance, risk analysis, or cyber security.

8 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 9

 WHAT TYPE OF CLIENTS DO THEY HAVE?
CHALLENGES
Private security companies have a wide range of clients. One major cate-
gory of clients are states where companies offer training services to state
security forces, guard critical infrastructure or embassies, provide mobile The nature of the private security industry, and its evolution are in
security to government delegations, or other. Another category are themselves challenges for ensuring oversight and accountability.
(multinational) corporations such as extractive industries or agricultural
companies, shipping companies, banks, airports. Non-governmental and
international organisations such as the United Nations also increasingly
use private security companies.

LACK OF AVAILABLE
IN CONTEXT DATA & INFORMATION

MIX BETWEEN PUBLIC

AND PRIVATE SECURITY

LACK OF OVERSIGHT

COMPLEX BUSINESS
RELATIONSHIPS

10 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 11

 LACK OF AVAILABLE MIX BETWEEN PUBLIC
DATA & INFORMATION AND PRIVATE SECURITY

A lack of capacity to monitor the industry, its evolving and diverse nature, In many contexts, private security guards seem to execute the same
untransparent practices and exponential growth may be reasons for a lack services as public security officers. They could be performing a summary
of official data on the private security sector in many states, i.e. numbers, search of individuals, conducting investigations on specific criminal and/or
size, services, activities, etc. civil cases, ask for individuals’ identity papers etc. In addition, public and
private security often work together in mixed teams. For example, armed
The lack of data results in low levels of awareness in many societies about police cooperate with private security teams– this is especially the case in
the nature of private security services, how these are regulated and how countries where private security companies are prohibited from carrying
they differ from public security. Also, there is often no effective dem- firearms. “Rapid intervention teams” are manned by both private security
ocratic oversight of private security. This makes it challenging to know guards and police and stand ready in case of emergency. Corporate trans-
about the prevalence of human rights abuses and formulate strategies to ports can be escorted by units manned by both police and private secu-
prevent them. rity. In some countries, private security companies provide training to po-
lice units. Additionally, they can switch between public and private: often
A low level of awareness within domestic human rights constituencies, public security personnel hired for private security shifts in their free time
the increased privatisation of security, along with the withdrawal of the to augment their salary. As a result, citizens may struggle in distinguishing
state in a number of areas, lead to the fact that human rights abuses or between the type of actor they are encountering and the competences
other misconduct go unreported. they have. For public and private security there are different rules regard-
ing use of force, searching or arresting people, etc. Mixed public-private
teams make it also challenging to determine who controls and commands
IN CONTEXT and ultimately who is responsible and accountable for misconduct.

IN CONTEXT

12 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 13

 COMPLEX BUSINESS
LACK OF OVERSIGHT
RELATIONSHIPS

With the constant evolution of the private security industry, the need for The private security industry operates both at the international and na-
effective regulation has increased. Many states lack adequate national legal tional levels. The sector is constituted by both multinationals operating in
frameworks and resources to regulate and oversee the private security multiple sites all over the world and small businesses present in one com-
industry and thus to prevent/address human rights abuses or other mis- munity village. For example, some private security companies have over
conduct by companies or their personnel. Often states do not have laws 100’000 employees serving clients across countries. Sometimes, these
in place regulating private security services specifically, including on the international PSCs work through subsidiaries, companies which have a
use of firearms, storage of ammunition, working conditions and training. distinct legal entity for the purpose of taxation, regulation or liability but
Authorities in charge of the licensing of private security companies are they are owned/controlled by the parent company. Often international
in many cases located in the Ministries of Interior and have often limited PSCs rely on subcontractors, local PSCs in-country, to deliver the service.
expertise and resources to monitor the industry. Local PSCs may just operate in that specific area or have offices across
the country. For international clients, a combination of international and
local PSCs could be considered as the optimum solution. This in principle
ensures respect for international standards as well as local embeddedness.
IN CONTEXT However, these setups can make it difficult to establish accountability and
responsibility as there is often a lack of transparency in the relationships
between private security companies and their subcontractors. The diffi-
cult question to address for civil society is to establish accountability and
responsibility when private security companies’ headquarters are abroad
or when a company subcontracts the services to another company.

EXAMPLE

A business in Great Britain contracts an international private

security company to protect its staff in Tanzania. Due to the
local law allowing only companies to operate in the country with
a majority of nationals, the international company subcontracts
this contract to the local company in Tanzania. However, the local
company is not well trained and uses excessive force against
a community member. Whose responsibility is it in the end that
a community member was injured? What is the international
company’s responsibility?

14 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 15

 PROPORTION POLICE/
IN CONTEXT PRIVATE SECURITY
X | Times That Private Security
Outnumbers Police Officers

USA
1.5X China
~2X

India
~5X
Brazil
2X South
Africa
2.5X

16 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 17

 PRIVATE SECURITY The United Nations Guiding Principles (UNGPs)
Include THREE PILLARS Outlining How States
AND HUMAN RIGHTS and Businesses Should Implement the Framework:

1
Due to the challenges and complexity linked to private security outlined STATE DUTY TO PROTECT HUMAN RIGHTS
above, this industry poses a specific risk for the protection of human rights.
States have the responsibility to respect, protect and fulfil international
human rights law obligations within their jurisdiction. This includes the
duty to protect against human rights abuse by third parties, including
“ Quite simply, because of the types of services that private security companies business enterprises.
provide, they are in a position to violate human rights in numerous different
ways. For example, PSC personnel may carry weapons which impacts on the

2
THE CORPORATE RESPONSIBILITY TO RESPECT HUMAN RIGHTS
right to life or they may be involved in detaining individuals which impacts
on the right to liberty as well as the right to be free from torture and inhuman Businesses must act with due diligence to avoid infringing on the
rights of others and to address any negative impacts for individuals
and degrading treatment. They may also be linked to negative human rights
and communities. This includes for example conducting human rights
impacts through their government clients as well as their business relation- impact assessments.
ships. In addition, the increasing privatisation and outsourcing of security
by states means that the security industry is expanding rapidly into new

3
ACCESS TO REMEDY FOR VICTIMS OF BUSINESS-RELATED ABUSE
spheres of operation, this in turn means that the risk of human rights vio-
lations increases. The difficulty is that there is limited oversight of PSCs in Access to remedy for victims of business-related abuses: This includes
both the state and corporate responsibility to provide access to remedy.
relation to human rights.”*
As part of their duty to protect individuals within their jurisdiction
from business-related human rights abuse, states must ensure that
when such abuses occur under their jurisdiction those affected have
Where there is limited oversight and weak legal frameworks, it is not
access to an effective remedy through judicial, administrative, and
always clear how PSCs can be held accountable for human rights abuses.
legislative means.
As human rights are primarily applicable to states, their enforceability with
the corporate sector has been subject to debate in the international are-
na for many years. As a response, in 2011 the UN Human Rights Council When a private security company has infringed the human rights of an
adopted the Guiding Principles on Business and Human Rights (UNGPs) individual, this individual should have access to a mechanism provided
www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_ by the state in order to access an effective remedy for the violation
en.pdf. These Guiding Principles provide the first global standard for incurred. The corporate responsibility includes preventing and reme-
preventing and addressing the risk of adverse impacts on human rights diating any infringement of rights linked to their actions through for
linked to business activity. They clearly state that while states are the main example a company grievance mechanism or a mechanism developed
subject of human rights’ law, the corporate sector has a duty to respect jointly with communities. Having effective grievance mechanisms
human rights. in place is crucial in upholding the state’s duty to protect and the
corporate responsibility to respect. The UNGPs dictate that such
mechanisms should be legitimate, accessible, predictable, rights-com-
patible, equitable, and transparent.
* Mcleod Sorcha in Whose responsibility? Reflections on accountability of private security in
Southeast Europe, Franziska Klopfer and Nelleke van Amstel (Eds.), DCAF, 2017.

18 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 19

 EXAMPLES OF IMPACT
ON HUMAN RIGHTS

IN CONTEXT
Human Rights Impacted Example

Right to Life A security guard on a property shot and killed a

young man who was picking mangos from a tree.
While the guard stated he believed the young
man was trying to enter the property, the use of
force must only be used for self-defence and in
cases of threat to life to others.

Freedom of A security guard forbids a person to access

Movement and their home.
Unlawful Detention

Freedom from A security company holds an apprehended

Torture or Other person for two days without providing food
Cruel, Inhuman and or water.
Degrading Punishment

Right to an A security guard protecting a residential neigh-

Effective Remedy bourhood fired his weapon at alleged thieves.
A stray bullet hit a three-year old boy nearby,
leaving him paralyzed. His parents complained
to the company but have not received any
response.

Right to Health A security company does not provide its staff

protective clothing and material to protect them
from being infected by COVID-19.

Right to a A security company reads and monitors all

Private Life correspondence of its employees.

20 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 21

 1.2 CIVIL SOCIETY’S ROLE IN GOOD Examples of
PRIVATE SECURITY GOVERNANCE
CSO ACTIVITIES IN PRIVATE
Civil society organisations (CSOs) have a key role to play in addressing
challenges linked to private security and to mitigate related human rights SECURITY GOVERNANCE
risks. CSOs can for example act as a partner of state oversight actors, by
challenging information and analysis, support in ensuring accountability by

1
assisting alleged victims of private security, working with private security
CSO ROLE
to support human rights compliance through capacity-building etc.
PROMOTE A BETTER UNDERSTANDING
This tool focuses on three interrelated activities that can be conducted OF THE PRIVATE SECURITY INDUSTRY
separately or in sequence:

CSO
ROLE:
Monitoring
Private
Security

COLLECTING DOCUMENTING REPORTING

information on information on on private security
private security; private security; to various fora. COLLECT information about the size, services,
regulation, human rights violations and
other relevant data by developing in-depth
contextual analyses.
These three important activities do not encompass the full spectrum
of roles that CSOs can play in the field of private security governance. REPORT on the delivery, management and
They are however related to many different functions that CSOs can oversight of security services, determining
fulfil. For example, successful mediation processes require reliable how to effectively and sustainably promote
information which is adequately collected and documented. When good private security governance.
monitoring private security companies, civil society organisations collect,
document and report on private security. When building capacity of
stakeholders (government, CSOs, PSCs, clients, etc.) to promote good
private security governance knowledge on collecting and reporting
on private security is important.

See private security baseline studies conducted by CSOs here:

observatoire-securite-privee.org/en/content/publications

22 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 23

 CSO
ROLE:
Monitoring
Private
Security

2 CSO ROLE
SUPPORTING PRIVATE SECURITY
GOVERNANCE NATIONALLY

CSO
ROLE:
Monitoring
3 CSO ROLE
SUPPORTING PRIVATE SECURITY
GOVERNANCE GLOBALLY
Private
Security
PARTICIPATE IN INITIATIVES aiming to strengthen private
security governance at national, regional (such as the Private
Security Governance Observatory at www.observatoire-se-
curite-privee.org/en) or international level (such as the Inter-
national Code of Conduct Association at www.icoca.ch).
RAISE AWARENESS among clients about
their responsibilities and duty to contract

4
responsible private security services.
CSO ROLE
RAISE AWARENESS about the regulatory BUILDING CAPACITY AND SHARING EXPERTISE
framework and international standards,
expected behavior of private security
Provide CAPACITY-BUILDING on human rights to PSCs.
companies and challenges among
communities and other stakeholders. SUPPORT PSCs in vetting personnel.

PROMOTE dialogue between different SUPPORT PSCs in carrying out human

stakeholders such as CSOs, PSCs and rights risk and impact assessments.
their clients, and government actors
SUPPORT THE REGULATOR through expertise
and/or provision of information gathered in monitoring.
ADVOCATE/LOBBY at the local and national
level to strengthen private security regulation
and ensure accountability of private security.
Photo credit: CECIDE

A CSO in Guinea – CECIDE -

The International Code of Conduct Association – ICoCA:
developed videos to raise
awareness on the role of ICoCA is a multi-stakeholder initiative formed in 2013 to ensure that
private security in times providers of private security services respect human rights and human-
of COVID-19 in Guinea. itarian law. It serves as the governance and oversight mechanism of the
International Code of Conduct for Private Security Service Providers
(the “Code”).

24 Chapter 1 | What is Private Security? Chapter 1 | What is Private Security? 25

 Collecting Information
2 on Private Security

2.1 DIFFERENTIATING PRIVATE

SECURITY FROM OTHER ACTORS
To collect information on private security, the first step is to differen-
tiate these actors from other security entities. However, distinguishing
between security actors can be challenging in certain contexts.

CAN WE QUALIFY THE BELOW ACTORS AS PRIVATE SECURITY?

n Private security companies are hired to

protect private individuals’ houses.

n Private security companies are hired to

guard government buildings.

n State security forces are paid by a mining

company to provide security.

n State security forces take private security

shifts outside their normal working hours.

n Local militias and rebel groups are hired to

provide protection of businesses/organisations.

n Cooperatives, businesses, individuals hire

an individual or a group of individuals to
provide security.

26 Chapter 1 | What is Private Security? Chapter 2 | Collecting Information 27

 In order to collect information on private security companies,
it is important to be able to situate these actors in the security PRIVATE SECURITY
landscape and distinguish them from other actors operating
in same spaces. Below are standard definitions of the main actors Private security providers operate on a commercial basis; their goals are not polit-
providing security. Such actors can look different from one con- ical or criminal. Their activities are regulated by the state and at the international
text to another. level, and such companies have a formal legal status that allows them to practice
their profession legitimately. Private security guards are not allowed to use force
except in self-defence or defence of others.

STATE SECURITY Examples

Private security companies, private military companies, private maritime security
Public security providers are the security institutions established by the state and companies, In-house, informal, artisanal guards
provide security as a public good. State security providers are authorized to use
force on behalf of the state. The use of force includes the threat to use force and
the limitation of certain basic rights under specific circumstances defined by law.
IN CONTEXT
Examples
Police, Armed forces, Border Guards,
Intelligence Service, Executive Protection Forces

IN CONTEXT

28 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 29

 2.2 IDENTIFYING APPLICABLE
HYBRID SECURITY STANDARDS
Security services are provided to citizens and companies – by an array of actors.
WHAT ARE THE LAWS, RULES AND PRINCIPLES APPLICABLE
Examples TO PRIVATE SECURITY?
Vigilante community security, non-state armed groups, Indigenous or
There are a multiplicity of laws, rules, principles and standards private
tribal authorities, de facto authorities and security officials, cooperatives
security companies (PSCs) are expected to respect. Private security
accountability as well as remedies/redress in case of alleged violations
will notably depend on the:

IN CONTEXT 1. country in which the PSC operates (“territorial state”)

2. the country of the PSC’s headquarters (“home state”)
3. the country contracting the private security company
(“contracting state”)

OECD
Guidelines for
Multinational
International Entreprises
Code of Conduct
for Private
Security Service National
Providers Law

LAWS, RULES,
PRINCIPLES
AND STANDARDS
UN Guiding
APPLICABLE
Principles on ISO 18788
Business and TO PSCs
Human Rights
(UNGPs)

ISO 28007
PSC.1

30 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 31

 INTERNATIONAL PRINCIPLES, STANDARDS AND GUIDELINES
APPLICABLE TO PRIVATE SECURITY COMPANIES The International Code
In addition, there are a range of voluntary international standards, princi-
ples and guidelines which apply to private security companies, including of Conduct for Private
the International Code of Conduct for Private Security Service Providers
(the Code). The Code includes internationally agreed principles specifi- Security Service Providers
cally applying to private security companies.

In addition, there are principles, standards and guidelines that concern

private security but do not apply directly to these actors. CONDUCT OF PERSONNEL
• The Montreux Document applies to states and addresses private
security regulation. • Use of Force

• The Voluntary Principles on Security and Human Rights speak • Detention

to the extractive sector and how extractive industries work with
private and public security as clients. • Apprehending Persons

• Prohibition of Torture or Other Cruel,

THE INTERNATIONAL CODE OF CONDUCT FOR PRIVATE SECURITY Inhuman or Degrading Treatment or Punishment
SERVICE PROVIDERS (THE CODE)
• Sexual Exploitation and Abuse or Gender-based Violence
The Code is the only international instrument drafted with the partic-
ipation of private security companies and addressing private security • Human Trafficking
companies directly.
• Slavery
It was negotiated among private security companies (PSCs), govern- • Child Labor
ments, civil society organisations and other experts in 2010 with a view
to bring together in one document existing minimum standards applying
to PSCs operating in complex environments and based on human rights MANAGEMENT AND GOVERNANCE
and international humanitarian law. Over 700 PSCs subscribed voluntarily
to this Code in 2010. • Identification and Registering

Today, the signatory status does not exist anymore, and PSCs can apply • Selection and Vetting of Personnel
for membership on a voluntary basis with the International Code of
Conduct Association (ICoCA). The ICoCA is the body overseeing the • Training of Personnel
implementation of the Code and based in Geneva, Switzerland. The Asso- • Selection and Vetting of Subcontractors
ciation is governed by three groups of Members, namely private security
companies, civil society organisations and governments. • Management of Weapons and Material
of War
The Code sets forth international principles specifically for PSCs operating
in complex environments. These principles are based on human rights • Safe and Healthy Working Environment
and international humanitarian law.
• Incident Reporting
The Code contains two sets of principles that address: • Company Grievance Mechanisms
1. how private security personnel should behave;
• Meeting Liabilities
2. how private security companies should be managed and governed.

32 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 33

 CONDUCT OF PERSONNEL

Use of Force
?
?
IN CONTEXT
QUESTIONS | Have you observed situations where guards used force?
What happened? What type of weapons (batons, etc.) do private security
guards carry?
A member of a community approaches a private security guard protecting the
mining site. The person holds a tree branch and looks very angry. How should
the guard react?

The Code
The use of force by private security guards is strictly restricted to the defence
of her/himself and to defend others and the property they protect against an
imminent threat.

A guard must always try to de-escalate the situation and use force proportionate
to the threat.

Security guards must respect the following principles:

• Use force only when strictly necessary;
• Use of force needs to be proportionate to the threat;
• Use of force needs to be appropriate to the situation.

For more information on the Use of Force

www.dcaf.ch/regulating-use-force-private-security-
providers-guidance-tool-states.

34 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 35

 Detention
?
? IN CONTEXT
A security guard discovers an intruder on a mine site in the process of stealing
QUESTIONS | How does this standard apply to your country?
equipment. The guard locks the person into an office until the police arrives to Which measures can the PSC put in place in such situations?
transfer the person to the police station. Because of the mine’s remote location,
the police will arrive in 3 to 4 days. What is the guard required to do? Can the
PSC detain the person?

The Code
Private security guards are only allowed to detain persons if state authorities
have asked them to do so and the details are regulated in a contract. For example,
they can decide to outsource the protection of prisons or the guarding, transport
or questioning of prisoners to private security companies. Otherwise detention
by private security guards is prohibited.

In situations, where the state has delegated the authority to detain individuals to
private security companies, these are required to properly train guards detaining
individuals in the applicable national and international law.

Most importantly, guards must treat all detained persons humanely at all times.

36 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 37

 Apprehending Persons
?
? IN CONTEXT
A person is caught stealing in a grocery shop by a security guard. Can the
QUESTIONS | How relevant is this Code standard in your country? Can you
security guard detain the person? What is the guard supposed to do? think of any other examples where private security guards apprehended
persons? Which actors are usually involved, i.e. clients, police? How can the
PSC ensure compliance with this standard considering the Police’s logistical
constraints?
The Code
Private security guards are not allowed to take or hold any persons except in
self-defence or to defend others such as clients or property under their protection.

In such situations the following principles apply:

• A guard must treat the person held humanely and consistent

with national and international law.
• At the earliest opportunity the guard must handover the person
to a Competent Authority such as for example the police.
• The PSC then needs to report this incident to the company,
Embassy or other client who contracted them without delay.

38 Chapter 2 | Collecting Information 39

 Prohibition of Torture or Other Cruel,
?
? IN CONTEXT
Inhuman or Degrading Treatment
or Punishment QUESTIONS | How relevant is this Code standard in your country?
Have you observed any situations of such misbehaviour? Please explain.
A security guard works in a prison. A prisoner shouts and swears at the guard.
To silence the prisoner, the guard beats him up. Another guard observes the
beating. What are both guards supposed to do?

The Code
Private security personnel are prohibited in any circumstance to torture individ-
uals, to punish them or treat them in any way which is degrading or inhuman.

Guards are required to report any observations or suspicions of such treatment

to the company.

Companies must report such acts to their clients and to Competent Authorities.
Competent Authorities may be those of:
• the country where the acts took place,
• the country of nationality of the victim,
• the country of nationality of the perpetrator.

40 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 41

 Human Trafficking, Slavery, Child Labour
?
? IN CONTEXT
Four women are hired by a private security company for housekeeping on the
QUESTIONS | How relevant are these Code standards in your country?
base the company is protecting. An employee observes that these women are Have you observed such behaviour? What are considered forced labour
working as prostitutes on the base and that other colleagues are involved in and adverse working conditions in your country? Do you observe any PSCs
hiring children?
human trafficking and in alcohol smuggling. The employee reports this obser-
vation to the management. What are the issues here? What action needs to
be taken?

The Code
Private security personnel are not allowed to engage in or be complicit in trafficking
of persons, slavery or child labour.

Human trafficking includes for example slavery or recruitment of a person forcing

her/him to provide sexual services or work under inhuman conditions unpaid.

Guards are required to report any observations or suspicions of such acts to the
company or a Competent Authority.

42 Chapter 2 | Collecting Information 43

 Sexual Exploitation and
Abuse or Gender-Based Violence
?
? IN CONTEXT
QUESTIONS | How relevant is this Code standard in your country?
A private security guard and his five colleagues (all male) guard a company Is there any law in place regulating such behaviour? Are there any services
available where victims of sexual violence can go?
compound. People know that there are jobs at the company, but it is hard to get
inside to meet the right people. The guard is approached by a woman to let her
in so she can approach the manager. The guard suggests that he will let her pass
if she offers him a sexual favour in return. He organizes where to meet with her.
What could the issues be in this situation? What actions should be taken?

The Code
Private security personnel are not allowed to:
• engage in sexual exploitation or gender-based violence.
• benefit from sexual exploitation or gender-based violence.
Such behaviour includes for example sexual harassment of a colleague, using pros-
titution, rape.

Guards are required to report any observations or suspicions of such behaviour to

the company.

Where such behaviour took place, the company is recommended to offer assistance
to the harmed individual such as medical aid, psychological support or other help
they might need.

For more information on the Prevention of Sexual Exploitation and Abuse

www.icoca.ch/en/guidance#2

44 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 45

 MANAGEMENT AND GOVERNANCE
IN CONTEXT

??
QUESTIONS | How do you recognise in your country that vehicles used by
private security are registered with the relevant authorities? Do you recognise
private security guards in your country and for whom they are working?
Identification and Registering
A security guard is involved in a traffic accident and continues driving unharmed.
The injured persons in the other car see how a white car continues driving with a
driver in uniform and a logo on his arm. What can the injured persons do?

The Code
All private security personnel should be identifiable with their name and the com-
pany they are working for, for example through the company logo on their uniform.

The following should be registered and licensed with the relevant national authorities:
• Vehicles;
• Hazardous materials such as ammunition, chemicals, etc.

46 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 47

 Selection and Vetting of Personnel ??
A private security company operates in an area where different tribes are fighting
IN CONTEXT
each other. The company would like to hire a local to provide guarding services. QUESTIONS | Is there a different law in your country describing how people
should be hired? How are background checks done in your country and what
The country the company operates in does not have a system in place to check
are potential challenges? Does the state implement any measures against
criminal records. How can a company make sure that it hires a person which has discrimination?
not committed any crimes and is fit for the job?

The Code
Private security companies should select their personnel carefully. When hiring
personnel, companies must check the following:
• The candidate’s identity;
• That the candidate providing security services is not under 18 years of age;
• The candidate’s education history;
• The employment history of a candidate;
• That the candidate has no crime history/criminal record;
• That the candidate has no history of abusing human rights;
• That the candidate has sufficient physical fitness to perform
the assigned duties;
• That the candidate has sufficient mental fitness to perform the assigned duties;
• In case of previous military experience, that the candidate has
not been dishonourably discharged;
• That the candidate has the requisite qualifications as defined by the contract.

Companies must ask candidates applying for a position with a private security
company to authorise access to prior employment and government records.
Companies should keep passports, or other identification documents of their
personnel for the shortest period of time reasonable.
Once the person is hired, a company is required to assess her/his performance on a
regular basis for example through tests and training.
No tolerance for discrimination! When PSCs hire and assess their personnel they
should not discriminate on grounds of race, colour, sex, religion, social origin, social
status, indigenous status, disability, or sexual orientation.
All policies, employment material such as the Code, contract terms and conditions
need to be clearly communicated to personnel and be available in written form and
in a language they can understand.
PSCs need to keep employment records and reports on past and current personnel
for a period of 7 years.

48 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 49

 Training of Personnel
?
? IN CONTEXT
A private security company hires new staff to escort an NGO providing humani-
QUESTIONS | Do you know how private security personnel are trained in your
tarian aid to villages in the area. The guards are armed with batons. The country regions? If so, do you know the contents of their training?
where the company operates does not have any requirements on how to train
guards. What is the company supposed to do, to ensure the new staff are able
to provide the required services in the most professional manner possible?

The Code
PSCs are required to train their personnel when they start their job and then on
a regular basis.

The training should include the following:

• An explanation of the Company commitment to comply

with the highest standards of conduct and professionalism;
• An explanation of the principles of the Code;
• How to assess risks and prevent and mitigate harm to
personnel and the local population;
• Hostile environment training;
• An overview of the national and international law applicable
to the conduct of personnel;
• Training on the Rules for the Use of Force;
• An explanation of how to report incidents that occurred while
guards were operating;
• Training on how to use the company grievance mechanism;
• Communication of the disciplinary measures for violations of the
company procedures.
For those who carry weapons, PSCs need to provide training which is specific
to the weapons they carry. Personnel are only authorised to carry weapons if
the company has verified their skills specific to the type and model of weapon
they carry and provided dedicated training.

50 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 51

 Selection and Vetting of Subcontractors
?
? IN CONTEXT
A client asks an international private security company to put security measures
QUESTIONS | Does the law specify how subcontractors need to be selected
in place at short notice. The company does not have enough personnel to and according to which criteria? Do you know of private security services that
execute the contract in the required timeframe. It decides to contract a local are subcontracted to other entities? For example, international companies using
national companies to provide the services? Or companies using recruiting
security company to help them out. Which local company should they select?
agencies to recruit security personnel?

The Code
If private security companies decide to subcontract services, they have to eval-
uate them carefully and assess how they respect the Code on a regular basis.

A company needs to make sure that a subcontractor carrying out security services
operates in accordance with the principles of the Code. If a subcontractor is not
operating up to standard, a PSC needs to take measures to remedy that.

52 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 53

 Management of Weapons and Material of War
?
? IN CONTEXT
A private security company has a warehouse next to a market place in a village.
QUESTIONS | What is the law in your country to store and manage weapons and
In this warehouse the company stores various ammunitions, weapons and other ammunition? Are you aware of any incidents where ammunition and explosives
explosive material, piled up and mixed with each other. The warehouse guard were not stored appropriately?
smokes a cigarette. What are the risks? What is the company supposed to do?

The Code
In some countries private security guards are allowed to carry firearms. This is
regulated by national law.

PSCs are required to obtain and maintain authorisations for the possession and
use of weapons, ammunitions and other hazardous materials.

Companies are prohibited from possessing illegal weapons, ammunitions or other

hazardous materials or to engage in illegal transfers.

Companies are required to put in place measures which ensure that:

• Weapons and ammunitions are stored securely;
• Weapons and ammunitions are controlled regularly;
• It is recorded to whom and when weapons are issued;
• Ammunition is identified and accounted for;
• Weapons and ammunitions are disposed verifiably and properly.

54 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 55

 Safe and healthy working environment
?
? IN CONTEXT
A private security company protects a refugee camp close to a border. The
climate is hot. The area along the border is known to have landmines.What is
the company supposed to do to make sure the employees stay safe and healthy?

The Code
PSCs are required to ensure that reasonable precautions are taken to protect
relevant staff in high-risk or life-threatening operations.

This includes:
• Assessing the risks of injury to personnel and the local population;
• Provide adequate training to personnel;
• Provide adequate protective equipment, weapons and ammunition;
• Provide medical support;
• Other measures addressing psychological health, deters work-place
violence, misconduct, alcohol and drug abuse, sexual harassment and
other improper behaviour.
Companies should not tolerate harassment and abuse of co-workers.

56 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 57

 Incident reporting
?
? IN CONTEXT
Private security company personnel are involved in a traffic accident.
QUESTIONS | What happens in your country if a company is involved in a traffic
What are they supposed to do? accident? Have you ever observed how security actors record incidents? Do you
know if they need to report these incidents to a competent authority or client?

The Code
PSCs need to document and investigate any incident involving the use of weap-
ons, escalation of force, damage to equipment, injury to persons, attacks criminal
acts, traffic accidents or incidents involving other security forces.

The information to be investigated and documented needs to include the following:

• Time and location of the incident;

• Identity and nationality of any persons involved including their addresses
and other contact details;
• Injuries/damage sustained;
• Circumstances leading up to the incident; and
• Any measures taken by the Signatory Company in response to it.
Companies are then required to write a report and share it with their clients and
if required by law also with Competent Authorities.

58 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 59

 Company Grievance Mechanisms
?
? IN CONTEXT
A private security guard enters a university with a firearm and pushes a student.
The colleague of the student witnesses this and wants to complain to the com-
pany about the aggressive behaviour of the guard. What is he supposed to do?

The Code
Every company should be able to receive complaints from its own employees
as well as the public. For people to know about it, what they need to do and
how it works, a company needs to make it known.

As a minimum, companies are required to have a description on their website

on how people can submit any concerns or complaints they may have. They
should have the following on their websites:
• Company contact details;
• Who can submit a complaint;
• How complaints can be submitted and in which languages;
• An indicative timeline for processing the complaint;
• That the Company intends to protect complainants from any retaliation
for making such reports in good faith.

Ideally this information is available through a link on their main page of the
website.
Complainants should also have a choice of different communication options
through which they can submit a complaint. Some companies have feedback
boxes, posters or a phone number on their car through which people can reach
them. Sometimes companies or their clients have dedicated staff members who
are in touch with community elders and listen to any concerns people may have.
When companies receive complaints, they are required to acknowledge
receipt of the complaint, investigate the complaint properly and inform the
complainant about next steps and all necessary information.
When complainants meet with company staff in charge of the complaint, they
should be allowed to bring a friend, colleague or family member with them for
their support.
A company also needs to make sure that complainants are protected from any
further harm.
Companies are required to find a solution for the complaint which is fair and
compensates the complainant adequately for the damage experienced. For more information on Company Grievance Mechanisms
www.icoca.ch/en/guidance#1

60 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 61

 Meeting Liabilities
?
? IN CONTEXT
The country where the company operates does not have any insurance options
QUESTIONS | Is it possible for companies to get insurance in your country?
in place. If the company causes any damage to property or people it might need If so, what type of insurance?
to pay a large sum of money to remedy the damage. The company is worried
that it might not be able to cover potential damage. It therefore decides to
create its own fund into which it regularly pays a certain amount of money.

The Code
Companies need to ensure that they always have sufficient financial capacity
in place to be able to meet commercial liabilities for damages to any person or
property.

This might be insurance coverage, customer commitments, self-insurance or

any other alternative arrangements.

62 Chapter 2 | Collecting Information 63

 The principle “the victim’s interest comes first” should always
2.3 COLLECTING INFORMATION guide the steps taken by CSOs.
ON PRIVATE SECURITY The victims’ informed consent must be secured at all times.

INFORMATION SOURCES
Civil Society Organisations (CSOs) worldwide use several channels
to gather information linked to private security. We review each in
turn highlighting tips, best practices and challenges.
IN CONTEXT

The Alleged Victim

Description Alleged victims approach CSOs for help and support. Either
& Process the civil society organisation has the capacity to handle
the case (legal background, expertise) or the CSO guides
the victim to the appropriate organisations/entities. This
information source could potentially provide the most
direct, accurate and detailed account of incidents. When
CSOs seek to support alleged victims either to prevent
further harm or seek remedies, this is the primary chan-
nel of information. However, reliability of alleged victims’
reports needs to be carefully assessed.

Risk/ Securing informed consent always is paramount: this

Challenges means that at every step taken the victim needs to under-
stand exactly the risks and consequences and accept such
risks and consequences. When engaging with an alleged
victim it is crucial that CSOs assess the risks for the victims
and for themselves by evaluating the risk of reprisals, the
risk of interfering with an on-going legal process, collateral
harm to other alleged victims, etc.

Tips/Good • CSOs establish networks of partners with the appro-

Practices priate expertise to which they can refer the victim for
appropriate guidance.
• CSOs define pre-established steps that they system-
atically follow depending on the gravity of the case.
• For awareness raising on individual human rights,
some CSOs have organised conferences with lawyers.

64 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 65

 IN CONTEXT

The Community/
The General Public

Description The community is a powerful channel for information

& Process gathering. Connecting effectively to the local community
ensures a full picture of events/incidents as well as the
opportunity to prevent incidents from happening via early
warning systems. CSOs engage with community leaders
and organise awareness-raising events to sensitise the
community to possible impact of private security for the
promotion and protection of human rights. The community
is made aware of what to look for and how to channel
information to CSOs whether on past and/or current
events/incidents and/or risks.

Risk/ When relying on information provided by the community/

Challenges the general public, it may be challenging to distinguish
reliable information from gossip, settling of scores, etc.
In some cases, mobile phone applications set up to receive
information on incidents, have led to receiving such a high
number of unreliable denunciations that they had to be
shut down.

Tips/Good Some CSOs work with facilitators in the communities that

Practices collect information. These facilitators have motorbikes to
travel long distances and are given specific information
to gather. Most CSOs have stressed the importance of
in-field presence and regular contact with the community
to build trust and cooperation.

66 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 67

 IN CONTEXT
Regulatory Authority

Description Official databases, reports and registers are in many con-

& Process texts a reliable source of information. Some CSOs rely on
the regulatory authority for information – notably through
information requests – as in many countries, states require
private security companies to register and operate under
licenses. Some authorities issue public annual reports
including an analysis of the trends in the industry, as well
as information on compliance inspections. States some-
times also have platforms to receive complaints on private
security.

Risk/ Given that the maintenance of a private security registry

Challenges requires considerable resources, the regulatory authority
sometimes does not have updated information. In some
contexts, states are affected by issues of corruption and
of conflict of interest. For instance, some private security
companies are owned by public officials linked to the
authority or have special relationships with some
companies. Information from such channels must thus be
carefully assessed.

Tips/Good Some CSOs have established formal or informal partner-

Practices ships/relationships with private security authorities to
exchange information on the sector. Many CSOs stressed
that being seen as a credible organisation by the authority
is very important for the quality of the exchange.

68 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 69

 Working Groups/
Networks
EXAMPLES

Description In many contexts, working groups are established to The International Code of Conduct Association is a multi-stakeholder
& Process address a specific issue (e.g. local security, human rights, initiative composed by states, private security companies and civil
border management challenges, etc.) either on a regular society organisations. All stakeholders share best practices, exchange
or ad hoc basis. Working groups usually have established information on promoting responsible private security and oversee
procedures, where they either have regular meetings/ implementation of the International Code of Conduct for Private
or include systemised reporting. Such groups potentially Security Service Providers.
allow for coordinated and systematic information collec-
icoca.ch/about/
tion whilst including a variety of expertise and locations.
If groups are composed of stakeholders from the public
and private sector and representing different industries The Voluntary Principles Working Group in South Kivu builds trust in
and functions, information received can come from multistakeholder working settings to increase collaboration between
different angles and perspectives. Such groups some- private sector, civil society organisations, security forces and other
times conduct early warning and prevention of incidents. public authorities. Security and human rights risks in the extractive
(See concrete examples on the next page). sector are jointly identified and addressed.

Risk/ Given that the maintenance of a private security registry The Private Security Governance Observatory is a network of African
Challenges requires considerable resources, the regulatory authority civil society organisations that seeks to share knowledge and rein-
sometimes does not have updated information. In some force their organizational capacity to promote good governance of
contexts, states are affected by issues of corruption and the private sector.
of conflict of interest. For instance, some private security
companies are owned by public officials linked to the Main activities:
authority or have special relationships with some • Research, awareness raising and building a network;
companies. Information from such channels must thus be
carefully assessed. • Support to CSO engagement with national authorities,
companies and other stakeholders at national, regional,
and international levels;
Tips/Good Some CSOs have established formal or informal partner-
Practices ships/relationships with private security authorities to • Experience sharing within and across regions.
exchange information on the sector. Many CSOs stressed observatoire-securite-privee.org/en
that being seen as a credible organisation by the authority
is very important for the quality of the exchange.

70 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 71

 IN CONTEXT The Media

Description Media play a crucial role in ensuring a democratic oversight

& Process of the work of the security sector. Nevertheless, private
security is often overlooked by the media, despite its
growing importance in the national security landscape.
It is therefore essential that media are well informed about
private security’s role and the legal framework for its
activities, in order to be able to report on their activities
adequately and serve as a useful information channel
for CSOs (e.g. Social media, newspapers, online platforms,
radio.)

Risk/ Depending on the credibility of the media, information

Challenges needs to be verified. There is still insufficient reporting on
private security by the media.

Tips/ The media is an important source of information; however

Good information should be thoroughly cross-checked with
Practices multiple different sources. CSOs should consider reaching
out to media outlets and establishing relationships of
trust for media to constitute a reliable and consistent
information collection channel.

72 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 73

 IN CONTEXT
The Private Security
Sector & Clients

Description The private security ecosystem includes industry asso-

& Process ciations, trade unions, the companies and their clients
and employees. Especially when a relationship of trust is
established, CSOs may receive information from such
actors.

Risk/ Private security companies & clients have by definition

Challenges commercial interests to protect – CSOs should be aware
of this when handling information from such channels.

Tips/ It is recommended to conduct a mapping of such actors

Good to be prepared when more detailed information on an
Practices incident would be needed. Moreover, participation in
multi-stakeholder working groups/networks (see above)
is a proven way of establishing trust-based relationships
between CSOs and the private security sector/clients.

74 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 75

 IN CONTEXT Example 1
Three uniformed PSC guards intimidate, beat
and rob an elderly man at an ATM machine.

Example 2
Armed attackers shoot and kill a PSC guard
protecting an entrance to a mine.

1 Which of your information channels

would have alerted you about the
cases below?

2 Which information channels would

you use to get more details on these
incidents?

76 Chapter 2 | Collecting Information Chapter 2 | Collecting Information 77

 Documenting
3 Reporting on and

Private Security
3.1 WHAT SHOULD BE DOCUMENTED

Think first about...

• Your objective with documenting:
Before documenting information, clarify the objective.
The data needed will be different for advocacy to the
government on improving private security regulatory
frameworks than to contribute to a case in a court of law.

• Informed consent:
Always make sure that you have the consent of the
alleged victims before using that information.

• Risk analysis and mitigation:

Before documenting and using the information analyse
the potential risks for all the actors involved.

78 Chapter 3 | Documenting and Reporting Chapter 3 | Documenting and Reporting 79

 Relevant Information On
Private Security Companies
The following checklist intends to help guide the documenting process
by showing you what type of questions you could ask yourself and what
type of information you should look out for. Assess risks to yourself and/or
others before contacting a company and asking for information.

INFORMATION NEEDED HOW/WHAT/WHERE INFORMATION NEEDED HOW/WHAT/WHERE

Why Is It Useful TO CHECK Why Is It Useful TO CHECK

n WHERE n LICENSED • Check the company website

Location of the Incident In many countries, companies • Check with the national authorities
need to be licensed to operate.

n WHEN
Time and Date n MEMBER OR AFFILIATE OF ICoCA • Check the ICoCA website
As ICoCA members or affiliates, PSCs www.icoca.ch
have committed to comply with the • Check if you see a logo on
n WHO WAS INVOLVED the company website, uniform
Code, and to be submitted to ICoCA’s
Possible remedies will be different if • Uniform or other
core function (i.e., certification,
police, army, private security company, • Weapon monitoring and complaints).
client or other actor responsibililty is • Logo
established?
n CERTIFIED • Check for certification logos
To achieve certification, PSCs had to on the website or description
n NAME OF THE PRIVATE SECURITY • Company logo on the uniform/
vehicle or other material demonstrate that they comply with of the company
COMPANY INVOLVED
recognized international standards. • Depending on the nationality
of the company you may also
n NATIONAL/INTERNATIONAL • If safe and possible go to the com- check websites of private security
Important information to identify the pany offices associations
different options for contacing the • Check the company website
company. An international company • Check the client website/material
n WHO IS THE CLIENT • Check the company website
can be contacted both in-country or • Check with the regional/
OF THE COMPANY • Reach out to the local community
at the headquarters level national authorities
• If safe, talk to peoople living Clients have a responsibility in the
and working around the location operations of the PSC they hire
where the incident happened, especially when in their service.

80 Chapter 3 | Documenting and Reporting Chapter 3 | Documenting and Reporting 81

 3.2 REPORTING
IN CONTEXT
Reporting and Human Rights
INFORMATION NEEDED HOW/WHAT/WHERE
Why Is Is Useful? TO CHECK
What now? Where to go if an incident occurs indicating an alleged human
rights abuse by a private security company once the information has
been collected?

As mentioned in Chapter 1, the United Nations Guiding Principles on Busi-

ness and Human Rights (UNGPs) consist of 31 principles implementing the
United Nations’ (UN) “Protect, Respect and Remedy” framework on the
issue of human rights and transnational corporations and other business
enterprises. The International Code of Conduct for Private Security Service
Providers (the Code) implements the UN Guiding Principles as regards
private security as it sets forth international principles based on human
rights and international humanitarian law specifically for private security
companies operating in complex environments.

Identifying reporting mechanisms for private security abuse/misconduct

is challenging in some contexts. Non-state-based mechanisms for seeking
remedies are sometimes more effective than state processes.

The following section identifies how CSOs report on private security.

It is recommended to store and continuously update key information on
available reporting mechanisms as well as services that provide relief
to alleged victims. The Chapter offers concrete examples of relevant
mechanisms to private security, such as company grievance mechanisms,
licencing, certification and accreditation bodies. It concludes by providing
key information on the International Code of Conduct Association’s
grievance mechanism.

The alleged victim should always be at the centre of any

action taken. If the victim needs medical, psychological or
other assistance, he or she should be directed to such assistance.

82 Chapter 3 | Documenting and Reporting Chapter 3 | Documenting and Reporting 83

 Information Civil
Society Should Have
Before collecting, documenting and reporting information about the
behaviour of private security companies, it is important to know what INFORMATION NEEDED HOW/WHAT/WHERE TO CHECK
type of services and grievance mechanisms are available, how they work
and in which situations they can be used. GRIEVANCE MECHANISMS • List of grievance mechanisms or other
AND/OR OTHER AVENUES reporting avenues available on a national,
If a person is harmed by actions of private security guards, help sometimes FOR REPORTING regional and international level
needs to be provided in a timely manner to avoid further harm to the victim. • Scope and competence of grievance
mechanism or other avenue
Having the information ready about potential services and grievance
• Possible outcome from grievance mechanism
mechanisms is therefore highly recommended. or avenue chosen

• Risk assessment for self and third parties

in using mechanism or avenue

INFORMATION NEEDED HOW/WHAT/WHERE TO CHECK • Possibility for submitting simultaneously

to different processes
MEDICAL AND LEGAL • Closest medical services (including psycho- • Availability of support netwok to assist in
ADVISORY SERVICES logical services) and legal advisory services identifying and submitting complaints to
• Exact location, itinerary and means of grievance mechanisms or through other
transportation to medical and legal advisory avenues
services • Documentation of experience with process
• Costs and means of payment of medical • Information on functioning responsivity
services and legal advisory services and challenges of process.

EXAMPLES
EXAMPLES Ministry responsible for overseeing
MEDICAL private security companies or their
Hospitals, Médecins sans frontiers (MSF), National Red Cross, Human rights institutions
clients
International Red Cross Courts
Certification Body
LEGAL Private security companies
Legal clinics, specialised CSOs, public services. International Code of Conduct
Clients of private security companies Association
such as oil companies, mines,
African Observatory for Private
embassies,
Security Governance
United Nations
RECOMMENDATION Working groups of the Voluntary
Licensing authority of private Principles for Security Human Rights
Continuously update and have readily available a list of reporting security companies

mechanisms, expert organisations as well as support services

(see following checklist)

84 Chapter 3 | Documenting and Reporting Chapter 3 | Documenting and Reporting 85

 Examples Of Reporting Licensing bodies

Mechanisms Linked To The The Montreux Document, which includes good practices for states to
regulate private security companies, recommends that states designate

Private Security Industry a central authority to issue operating licences to every PSC wishing to
offer its services on its territory. Operating licences should be issued for
a limited amount of time and a renewable period based on clear criteria.

If there is a competent authority in your country, you may consider

Company Grievance Mechanisms reporting an incident to this authority. The authority assesses if this
information infringes on the requirements for obtaining licence and might
The International Code of Conduct requires private security companies to
revoke the licence for the company to operate on its territory and/or
have a grievance mechanism in place which is fair, impartial, and offers an
submit the file to the justice system.
effective resolution of the complaint. Everybody who has been harmed or
has observed misconduct by company personnel should be able to report
this to the company. Every Affiliate and Member company of the ICoCA
has such a mechanism in place. Personnel and the public can report any Certification bodies
concerns by phone, e-mail, through community liaison officers, feedback A Certification Body is a company which evaluates and certifies other
boxes, or through the company websites. If you check the company companies to a national or international standard. A company that wishes
websites look out for “complaints”, “feedback”, “compliance”, “contact” to achieve certification pays a Certification Body to evaluate its processes
or other wording at the bottom or top of the page to find information and policies, to verify these on site and in-country and to issue a certifi-
about a company grievance mechanism. Usually you find a description of cate for a certain amount of years, if the company meets all the criteria
how the grievance mechanism works or directly the grievance policy ex- of the standard.
plaining the process step-by-step. If you cannot find the information you
need, contact the company and ask for it.
In order to be allowed to do that a Certification Body needs to be accred-
ited by a National Accreditation Body.

Grievance mechanisms of clients of private security companies For private security companies there are specific standards they can get
Clients of private security companies often have grievance mechanisms certified to. For example, ISO 18788 for land-based PSCs, ISO 28007 for
in place. For example, you may want to inform the Embassy protected maritime PSCs, or the US standard PSC.1.
by private security guards or home country of an international company.
If you observe an incident, you may check if the company involved is cer-
Extractive companies have their own grievance mechanisms which are tified and by which Certification Body. You may then report the incident
sometimes managed jointly with the surrounding communities or the to the Certification Body which can revoke the certification if it assesses
private security company protecting the extractive company. Some that the company does no longer meet the specific standard. This may
extractive companies require all complaints against their private security cause the company to lose its clients.
providers to be reported directly to them and not to the private security
provider. Examples
Certification Bodies certifying to standards for private security companies
Humanitarian actors such as the International Committee of the Red Cross include:
(ICRC), Médecins Sans Frontières (MSF) or others may have mechanisms • MSS Global, UK: www.mssglobal.com
in place as well.
• Intertek, UK: www.intertek.com
• LRQA, UK: www.lr.org/en-gb/management-systems
• Asociación de Empresas Seguras, Colombia: aes.org.co

86 Chapter 3 | Documenting and Reporting Chapter 3 | Documenting and Reporting 87

 IN CONTEXT The International Code of
Conduct Association’s
Grievance Mechanism
The Association receives and processes complaints of alleged violations
of the International Code of Conduct by its Member & Affiliate Companies.
Where a complainant seeks support, the ICoCA facilitates access to fair
and accessible grievance procedures that may offer an effective remedy,
including through providing the complainant with access to ICoCA’s own
good offices. For Member & Affiliate Companies, the Association provides
guidance on establishing and maintaining fair and accessible grievance
procedures in compliance with the Code.

88 Chapter 3 | Documenting and Reporting Chapter 3 | Documenting and Reporting 89

 Grievance Mechanism Conclusion
MAIN
STEPS
1
ICoCA Secretariat to review complaint received and
check if a violation by an ICoCA member/affiliate
company of the Code is alleged.
This practical guide’s primary focus is to support civil society organi-

2
sations seeking to work on private security governance and oversight.
Request more information from submitter if needed. It should be approached as a living document which can be adapted
to different contexts, depending on the size and nature of the private

3 If conditions are met and with consent of submitter and security industry and its regulatory framework. This tool specifically
alleged victim, ICoCA will contact the member company. addresses civil society organisations that seek to increase their under-
standing of private security, the applicable international standards and

4 Based on information collected will make

recommendations to ICoCA member/affiliate.
what roles they themselves could play in ensuring a more responsible
private security industry.

5 Different options will be offered for resolution of case:

mediation, good offices, referral, etc.
The role and regulation of private security is not well-known despite the
industry’s growing importance across the globe. The development of this

6
tool responds to a call by key stakeholders such as regulators, clients,
ICoCA will monitor implementation of corrective
civil society organisations themselves to support civil society in better
measures by member companies and affiliates.
understanding and monitoring the private security industry as well as in

7
reporting misconduct. However, donors and governments need to step
If company does not cooperate in good faith, possibility
up and support civil society in this important work, as they themselves
for ICoCA to suspend/terminate membership/affiliation.
increasingly use private security services while regulation and oversight
remains often insufficient.

WHO CAN SUBMIT COMPLAINT? Anyone This tool also contributes to raising awareness about the International
Code of Conduct for Private Security Service Providers across a variety of
stakeholders, notably civil society organisations, private security companies
CONCERN WHO/WHAT? and their clients as well as governments. A result of negotiations between
private security companies, civil society and states, it recalls minimum
Complaint concerning private security company which is either standards based on human rights and international humanitarian law
ICoCA member or affiliate. applicable to private security companies and their personnel. The Code
constitutes a useful frame of reference for any actor in a variety of contexts
Alleging a violation of the International Code of Conduct for Private working on private security. In that sense, this tool is a contribution to
Security Service Providers that has occurred or is about to occur. applying the Code and its standards in practice.

HOW?
Through complaint form on the ICoCA website: www.icoca.ch
Comments and feedback should be sent to:
E-mail to [email protected] [email protected] or [email protected].

Call or send an instant message by Viber, WhatsApp (+41 79 440 34 14)

or Skype (ICoCA Secretariat)

90 Chapter 3 | Documenting and Reporting Collecting, Documenting and Reporting | A Practical Guide for Civil Society 91
International
Code of Conduct
Association