How Many Types of ISO Certification Are There?
How Many Types of ISO Certification Are There? ISO certification applies to 4 categories of…
ISO 18788 certification gives organizations that conduct or contract security operations a formal way to prove that their security work is controlled, lawful, risk-based, and accountable. ISO 18788:2015 is the international standard for a Security Operations Management System, or SOMS, built for private security operations and related functions that need structure, oversight, and continual improvement.
This page is for organizations making a serious buying decision. The questions are practical: does the standard fit your operations, what will be the audit test, what affects scope, and what should be ready before you request a quote.
ISO 18788 is the international standard for a Security Operations Management System for organizations that conduct or contract security operations. It provides a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the management of security operations. ISO says the standard is built around professional security operations, accountability to law, respect for human rights, and consistency with voluntary commitments.
A SOMS is the management system that turns security operations into an auditable system instead of a loose collection of practices. That matters because buyers, regulators, and internal leadership do not need vague assurances. They need defined controls, evidence, and a system that can be reviewed and improved over time.
A working SOMS usually includes these core elements:
ISO 18788 certification matters because security operations carry real legal, operational, and human-rights risk. The standard gives organizations a business and risk management framework to run security operations with clear accountability, consistent controls, and evidence that the system is being monitored and improved.
It becomes even more important when operations run in complex or high-risk environments. DQS describes ISO 18788 as especially relevant where the rule of law may be disrupted, and ISO itself frames the standard around client requirements, stakeholder expectations, accountability to law, and respect for human rights. That is why the standard sits far above generic “security best practice” language.
Satisfied Clients
Years of Experience
ISO certifications
The main benefits are stronger buyer confidence, better control of operations, and cleaner governance. Those benefits are commercial, operational, and compliance-driven at the same time.
Commercial benefits
Operational benefits
Compliance and governance benefits
ISO 18788 certification is a third-party audit process. ISO publishes the standard, but ISO does not perform certification or issue certificates. External certification bodies do that.
The certification path is straightforward when the scope is clear and the system is ready:
Stage 1 reviews the management system before the full audit. In practice, that means reviewing documentation, objectives, management review outputs, and internal audit results to confirm that the system is ready for formal assessment.
Stage 2 is the main audit against the requirements. The auditor evaluates how the system works in practice, records findings, and closes the audit with the organization. If gaps appear, corrective action is agreed before the certification decision is completed.
Once certified, the system does not go on autopilot. Surveillance audits are normally conducted at least once a year, and DQS states that an ISO 18788 certificate is valid for a maximum of three years before recertification.
ISO 18788 certification is for organizations that conduct or contract security operations. That includes private security companies, organizations that outsource security work, and buyers that need a controlled and defensible security management framework.
In practice, the page fits these buyer groups:
As an accredited body, we issue certificates for the most sought-after management system standards:
There is no universal fixed public price for ISO 18788 certification. DQS states plainly that pricing varies and is quoted case by case rather than offered as a flat fee.
The quote usually moves on a few practical factors:
That is why fixed-price promises are usually nonsense on a page like this. Scope drives audit time. Audit time drives cost.
Yes. ISO 18788 can work alongside other ISO management system standards where an organization wants one coordinated system for governance, risk, internal audit, corrective action, and management review. That is especially useful for organizations already operating standards such as ISO 9001 or ISO 14001, because shared management-system elements can be aligned without running separate control structures for every standard.
A credible certification route matters as much as the standard itself. ISO tells buyers to evaluate certification bodies, check whether the relevant conformity-assessment standards are used, check accreditation, and verify accredited certifications through IAF CertSearch or by contacting the relevant certification or accreditation body directly.
At AGS, we keep that route clear. We audit. We verify scope. We separate training, documentation support, and certification audit activity. We tell the buyer what affects readiness, what belongs in the audit, and what the next step is before time gets wasted.
ICoCA sits in the due-diligence layer, not outside it. ICoCA says certified companies are subjected to the highest level of due diligence, including external certification to an ICoCA-recognised standard issued by an independent accredited certification body accepted by ICoCA, plus additional scrutiny of company policies and procedures. It also states that private security companies must first attain that external certification before applying for ICoCA certification.
PSC.1 is a related standard often discussed alongside ISO 18788 in the private security market. Intertek markets them together and describes PSC.1 as an extension-of-scope path connected to ISO 18788 work. Treat PSC.1 as a related route, not as a synonym for ISO 18788. They are connected, but they are not the same label pasted twice.
Company certification and individual training are not the same deliverable. ISO certification is third-party assurance that an organization’s management system meets the standard. Training is person-level learning or credentialing.
That distinction matters because ISO 18788 search results include both intents. PECB offers Foundation, Lead Implementer, and Lead Auditor training for individuals, and its Lead Auditor course is about developing the expertise to perform SOMS audits. Useful for competence, yes. A substitute for organization certification, no.
If you want the first conversation to be useful, come ready with these basics:
That is where readiness starts. Not with slogans. With scope, evidence, and a system that can stand up to audit.
If your organization conducts or contracts security operations and needs a certification route that a client, procurement team, or due-diligence reviewer can take seriously, start with the scope. We will define what belongs in the audit, identify what is ready, flag what is missing, and keep the certification path clear from the first discussion to surveillance planning.
We audit. We certify through an independent third-party process. We verify. We keep the process clear. When accredited certification applies, certificate status can be verified through IAF CertSearch or through the relevant certification body and accreditation body.
