ISO 27001 for Startups: What You Need to Know
ISO 27001 for startups is about building a practical information security management system that can…
ANSI/ASIS PSC.1-2022 certification verifies that a private security company’s management system meets requirements for risk management, legal compliance, human rights, use-of-force controls, incident reporting, and operational accountability within a defined certification scope.
AGS issues ANSI/ASIS PSC.1-2022 certification for eligible private security operations after independent audit, scope review, corrective-action closure, and certification decision. The certificate should clearly identify the legal entity, services, locations, standard edition, issue date, expiry date, and certified scope.
ANSI/ASIS PSC.1-2022 certification is third-party confirmation that a private security company follows a management system for security operations, risk control, legal compliance, human rights protection, and accountability.
The certification does not automatically cover every contract, country, branch, or service line. It applies only to the legal entity, locations, services, and activities listed in the approved certification scope.
It matters because private security work often sits where operational risk, legal exposure, reputational risk, and human-rights risk overlap. PSC.1 addresses that by turning quality, governance, and oversight into something structured, reviewable, and externally assessable.
Satisfied Clients
Years of Experience
ISO certifications
A credible PSC.1 certification status should be easy to verify. At minimum, a buyer should be able to confirm whether the status is current, which standard edition it applies to, who issued it, and when it expires. If those details are vague, missing, or hard to validate, the claim is weaker than it looks.
For providers preparing for certification, that means the target is not just passing an audit. The target is being able to present a clean certification position that survives external review. AGS helps companies prepare a clean certification position by tightening documented controls, audit evidence, corrective-action discipline, and scope logic before the certification audit, final review, or buyer due-diligence request.
Scope is where most misunderstandings begin. A PSC.1 certificate does not automatically apply to every service line, every contract, every entity in a group, or every country where a company happens to operate. The scope should define exactly what is covered.
That usually includes:
A wide marketing statement with a narrow certificate creates risk. A properly defined scope and certification process reduces that risk because the buyer can see what was actually audited and approved.
In practice, PSC.1 scope often turns on what the provider is actually delivering. That may include static guarding, mobile security, close protection, physical security operations, security risk management, or management oversight of field operations. Locations matter just as much. A company may be certified for named countries, named sites, or a limited operational footprint rather than for every jurisdiction where it has a presence.
That is why scope drafting has to be brutally precise. AGS works with clients to map actual service delivery, legal entities, contract structure, and operational geography into a certifiable scope that can be defended when a buyer asks for proof.
If your current PSC.1 scope would be difficult to explain in a tender room, it is not ready.
AGS works with private security companies that need their certification to hold up under real scrutiny, including:
We help turn weak or ambiguous scope into something defensible by tightening service definitions, legal entity boundaries, location coverage, and audit evidence before those gaps become procurement objections
Send us your current scope, operating countries, and buyer requirements. We’ll show you where it breaks and how to fix it before the next audit or tender review.
PSC.1 matters because it ties security operations to more than delivery quality. ASIS explicitly connects the standard to the Montreux Document and the International Code of Conduct and frames it around risk management, legal obligations, and respect for human rights. That is the heart of why serious clients ask for it.
The standard is built for environments where security operations can create legal and reputational exposure quickly. Procurement teams care because weak governance in this sector is not a paperwork problem. It can become a client liability problem. A provider that can show structured controls over human-rights-sensitive operations, legal compliance, incident handling, and management review is easier to trust than one relying on broad ethical claims alone.
A statement of conformance is a public claim that the provider aligns its system and operations with PSC.1 principles or requirements. It can be useful, but it is not the same thing as a third-party certificate.
The difference is simple. A statement of conformance is issued by the company about itself. Third-party certification is issued by an external certification body after a conformity assessment process. One shows commitment and declared alignment. The other adds external audit, formal scope, validity dates, and independent issuance. PSC.1 itself explicitly includes the concept of a statement of conformance, which is one reason buyers need to separate the two forms of proof instead of treating them as interchangeable.
PSC.1 is the American National Standard in this space. ISO 18788 is its closest international peer. Both are management-system standards for private security operations, and both tie operational quality to law, human rights, and voluntary commitments. They are related, but they are not identical or interchangeable.
For some organizations, PSC.1 is the more relevant route because of client expectations, U.S.-linked procurement, or legacy market language. For others, ISO 18788 may be the stronger fit because it is the international standard. In some procurement ecosystems, both show up in the same due diligence conversation. AGS supports companies that need to understand which route fits the buyer’s requirement before time is wasted on the wrong certification path.
PSC.2 is the adjacent ASIS standard for conformity assessment and auditing of PSC.1 systems. It provides requirements and guidance for audit programs, conformity assessment, and auditor competence in the PSC.1 environment.
That matters because buyers are not only buying a name on a certificate. They are buying confidence in the audit structure behind it. PSC.2 is one of the reasons PSC.1 can operate as a serious third-party certification route rather than just a self-declared framework.
Verification should be direct and boring. That is the standard.
A buyer should ask for:
If the certification claim is linked to the ICoCA ecosystem, the buyer should also check whether the standard is recognized and whether the certification body is accepted in that framework. ICoCA currently recognizes PSC.1, ISO 18788, and ISO 28007 for certification, and it does not accept certification from everybody in the market.
AGS works with private security providers that need more than a policy refresh. The right fit includes companies preparing for PSC.1 certification, tightening a weak scope, responding to client due diligence, aligning operations with legal and human-rights commitments, or preparing for renewal and surveillance activity.
The first conversation usually covers:
Send AGS your service scope, operating countries, and buyer requirements.
We will help you turn that into a cleaner certification path, stronger due diligence proof, and a scope you can defend under pressure.
They are used to structure and audit private security company operations through a management-system approach tied to quality delivery, risk management, legal obligations, and respect for human rights.
Private security service providers that need credible third-party proof of operational governance, especially where clients, governments, or international buyers require due diligence evidence.
No. ASIS professional credentials apply to individuals. PSC.1 is an organizational management system standard for private security operations.
Check the issuing body, current certificate dates, valid-until date, and exact scope, then use the validation route provided by the issuer or accepted framework.
That depends on the buyer’s risk threshold. A conformance statement can show commitment and alignment. Third-party certification gives stronger formal proof because it adds external issuance, scope, and validity controls.
