ISO INTERNATIONAL STANDARD 18788 Firstedition 2015-09-15 Management system for private security operations Requirements with guidance for use Systeme de management des opérations de sécurite privée - Exigences et lignes directrices pour son utilisation Reference number IS0 18788:2015(E) LSO International Organization for Standardization Institute of Standardization 5956617 IS02015 vided by IHS underI itted without license from IHS IS0 18788:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS0 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISOcopyrightoffice Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel.+41 22 749 01 11 Fax +41 22 749 09 47 copyright@iso.org www.iso.org Intenatinair PrganizationforStandardization Not for Resale, 2015/11/11 08:58:44 etworking permitted without license from IHS IS0 18788:2015(E) Contents Page Foreword ..V Introduction. ...vi 1 Scope. 2 Normative references 3 Terms and definitions 4 Context of the organization .14 4.1 Understanding the organization and its context ..14 4.1.1 General. ..14 4.1.2 Internal context. .14 4.1.3 External context. ..14 4.1.4 Supply chain and subcontractor mapping and analysis ..15 4.1.5 Defining risk criteria .15 4.2 Understanding the needs and expectations of stakeholders ..15 4.3 Determining the scope of the security operations management system ..16 4.4 Security operations management system ..16 5 Leadership .17 5.1 Leadership and commitment ..17 5.1.1 General ..17 5.1.2 Statement of Conformance. .17 5.2 Policy. ..18 5.3 Organization roles, responsibilities and authorities ..18 6 Planning. .19 6.1 Actions to address risks and opportunities ..19 6.1.1 General ..19 6.1.2 Legal and other requirements. 20 6.1.3 Internal and external risk communication and consultation .20 6.2 Security operations objectives and planning to achieve them .21 6.2.1 General. .21 6.2.2 Achieving security operations and risk treatment objectives. .22 7 Support. .22 7.1 Resources. 22 7.1.1 General. 22 7.1.2 Structural requirements 23 7.2 Competence 24 7.2.1 General 24 7.2.2 Competency identification 24 7.2.3 Training and competence evaluation 25 7.2.4 Documentation. 25 7.3 Awareness .25 7.4 Communication 25 7.4.1 General 25 7.4.2 Operational communications. 26 7.4.3 Risk communications. 26 7.4.4 Communicating complaint and grievance procedures 26 7.4.5 Communicating whistle-blower policy 26 7.5 Documented information. 27 7.5.1 General. .27 7.5.2 Creatingandupdating ..27 7.5.3 Control of documented information. ..28 8 Operation .29 8.1 Operational planning and control .29 iii nseeZhejiang Institute of Standardization 5956617 ed without license from IHS Not for Resale, 2015/11/11 08:58:44