Bids and contracts

Good Practices

Assess private security providers according to national and international law requirements.

• Comply with national and international laws and standards concerning private security providers. If faced with conflicting requirements (e.g. a national law may prevent the implementation of certain international best practices), seek innovative ways to honour the principles of internationally recognised human rights.
• Seek to hire private security providers that have shown commitment to international standards. This can be demonstrated through membership in the International Code of Conduct Association (ICoCA), as well as by certification to industry standards that include human rights provisions (e.g. ANSI-ASIS PSC-1, ISO 18788 or ISO 28007). If such companies are not available, at the very least ensure that a company states commitment to human rights in its policies and within the service contract.
• Ensure that all private security staff’s human rights and international humanitarian law records are screened (see Vetting – Working with Private Security Providers).
• Ensure that private security providers are aware of their obligations, trained in human rights and international humanitarian law, and proficient in the use of security equipment and firearms, if applicable (see Training – Working with Private Security Providers).

Key Resources

• Mapping of National Private Security Sectors Regulation and Overview (DCAF 2021)
• International Code of Conduct for Private Security Service Providers: Membership (ICoCA 2021)

Publish a request for proposals (RfP) that stipulates exclusion criteria and award criteria related to compliance. This process communicates expected human rights standards directly to the companies at an early stage.

• The request for proposals will, in many aspects, reflect the eventual final contract; an adequate request for proposals will simplify the drafting of the contract.
• The request for proposals should include: a clear description of the mandate and contractor responsibilities; exclusion criteria that automatically disqualify a candidate; and award criteria that relate to the company, its personnel and weapons and equipment.

Key Resources

• A Contract Guidance Tool for Private Military and Security Services (DCAF 2017)
• Recommendations for Hiring Private Security Providers (SociosPeru, PeaceNexus Foundation, International Committee of the Red Cross and DCAF 2015)
• ‘Security to Go’ Module 14: Contracting Private Security Providers (Global Interagency Security Forum 2020)

Conduct a thorough due diligence assessment of bids and potential private security providers.

• This due diligence should involve consultation with other clients of private security providers, including companies, non-governmental organisations, government officials and other stakeholders. Inquire about the reputation of and their experiences with various private security providers. Voluntary Principles on Security and Human Rights: Implementation Guidance Tools, p. 52 (International Council on Mining and Metals, International Committee of the Red Cross, International Finance Corporation and IPIECA 2011).

Ensure that the company procurement personnel and/or department have the capacity to assess proposals.

• Although the burden to prove compliance with the criteria defined in the request for proposals (RfP) is usually with the potential contractor, the client must ensure that the criteria can be objectively assessed. This may require training, particularly to properly assess human rights criteria. To ensure a fair selection process, all of the criteria of the request for proposals need to be weighed and assessed through an established rating system.

Good Practices

Develop company policies and procedures that clarify and explain the roles and responsibilities of private security providers and include these in contracts.

• Ensure policies and contracts clearly stipulate that both the company and the private security provider should respect human rights in all circumstances. As explained by the UN Guiding Principles on Business and Human Rights, ‘This means that [businesses] should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved’.
• Ensure both company staff and private security personnel are familiar with company mechanisms to prevent human rights risks and impacts, as well as with procedures to deal with and support investigations of alleged human rights abuses.
• Include company policies and procedures in the contract with the private security provider and ensure the contract complies with relevant national laws and regulations (see Compliance with international standards and good practices: developing implementation guidance within Bids and contracts – Working with Private Security Providers)
• Confirm with international and national experts the validity of all contract clauses related to legal liabilities and responsibilities. Certain contract clauses with the private security provider may be helpful; for example, proof of risk indemnity insurance should be requested with the request for proposals. However, indemnification clauses will have limited application, depending on the national legal framework.

Carry out human rights due diligence in order to identify and address human rights risks and impacts, taking into account potential liabilities (see human rights due diligence).

• Conduct/update risk and impact assessment jointly with the private security provider (see Adequate and appropriate private security arrangements: properly identifying risks and impacts and human rights due diligence within Private security within risk and impact assessment – Working with Private Security Providers). Bear in mind that private security providers may have their own impact assessment processes; contracting companies can coordinate more closely with the private security provider to ensure efficiency.
• Consider the risk of corporate complicity in human rights abuses if the private security provider protecting the company’s site is involved in such abuses. The commentary for UN Guiding Principle 23 explains: ‘Treat this risk as a legal compliance issue, given the rise in national jurisdiction that allow corporate legal liability cases and extraterritorial civil (and criminal) claims. Note in this regard also the provisions of the Rome Statute of the International Criminal Court in jurisdictions that provide for corporate criminal responsibility. In addition, corporate directors, officers and employees may be subject to individual liability for acts that amount to gross human rights abuses.’
• Note that the risk attached to human rights abuses does not merely lie in the legal domain. Even if the legal responsibility is determined to lie with the private security provider, the reputational damage will likely be shared by the contracting company.
• Demonstrate the company’s ongoing efforts to mitigate any human rights impacts, for instance via community meetings or publication of efforts in local media. Provide for or cooperate in the remediation of adverse human rights impacts the company has caused or contributed to through legitimate processes (see Human rights abuses – Working with Private Security Providers).
• Note that the company’s responsibility to respect human rights and conduct human rights due diligence means that contractual clauses cannot exempt the company from that responsibility and cannot exclude potential legal liability, in particular when mandatory human rights due diligence is in place. This applies to both the contracting company and the private security provider.
• Do not assume that conducting due diligence, [BURDZY1] by itself, will automatically and fully absolve the company from liability for causing or contributing to human rights abuses.
• Ensure that the actions of contracted security providers do not violate international humanitarian law, nor trigger or intensify civil violence in conflict-prone regions. If this were to occur, the contracting company itself may be found liable for complicity in the commission of any violations.

To the best extent possible, share information on company’s security arrangements and procedures with local stakeholders.

• Appoint a company representative with a good understanding of the local context and a long- term commitment to the job to serve as an interlocutor between the community, the company and the private security provider. This could be done by the community liaison officer.
• Establish ongoing dialogue about operations, procedures and potential impacts of operations on local communities, particularly on vulnerable groups.
• Clarify roles and responsibilities of the private security provider and share the company’s own code of conduct for private security providers and/or the International Code of Conduct for Private Security Service Providers (if it is used).
• Clarify the steps that will be taken in case of alleged human rights abuses, including providing information on the company’s grievance mechanisms.

Ensure that grievances and complaints are not merely passed on to the private security provider, but are discussed and addressed together with company representatives.

• Keep accurate records of all reported grievances and of all actions taken to address them.
• Conduct reviews on the handling of grievances together with the private security provider, identifying lessons learned and adjusting procedures accordingly.
• Ensure the private security provider has a company grievance mechanism that has integrated the International Code of Conduct Association guidance , which is aligned with UN Guiding Principle 31.

Practical Tools

• Interpretive Guidance: Developing and Operating Fair and Accessible Company Grievance Mechanisms that Offer Effective Remedies (International Code of Conduct Association 2018)
• Manual: Developing and Operating Fair and Accessible Company Grievance Mechanisms that Offer Effective Remedies (International Code of Conduct Association 2018)

Good Practices

Develop policies, procedures and guidelines defining the roles and responsibilities of private security providers, with reference to the International Code of Conduct for Private Security Service Providers and other international standards

(see Private security within risk and impact assessment – Working with Private Security Providers).

• Develop a human rights policy and ensure it is embedded throughout the company (see Sensitive discussions on security and human rights: addressing issues constructively within Human rights concerns – human rights due diligence and Working with Host Governments).
• Develop security and procurement policies that reflect the company’s human rights policy. According to UN Guiding Principle 16, these policies should:
  • Be approved at the most senior level of the company.
  • Be informed by relevant internal and/or external expertise.
  • Stipulate the company’s human rights expectations of personnel, business partners, private security providers and suppliers.
  • Be publicly available and communicated internally and externally to all personnel, business partners, contractors and other relevant parties.
  • Be reflected in the company’s security procedures.

UN Guiding Principles on Business and Human Rights, no. 16

• Clarify the role of private security in all worksite safety and security policies and procedures.
• Use the International Code of Conduct for Private Security Service Providers or develop a similar code of conduct for private security providers based on the Code, ensuring coherence with the company’s security policy and procedures. Make this code a standard part of all contracts issued by the company.
  • Provide copies of this code of conduct and written rules for the use of force to each member of security personnel.
  • Make private security provider management and guards sign the code of conduct for private security providers adopted by the company, acknowledging understanding of the document and committing to comply with the principles therein.  Ensure the company’s security department keeps a copy of all signed documents.
  • Share and discuss this code of conduct with relevant stakeholders, such as other companies, public security forces and local communities. Where appropriate, amend this code to integrate feedback received during these discussions.
• In all security-related policies and guidelines, reference the company’s human rights policy (see Sensitive discussions on security and human rights: addressing issues constructively within Human rights concerns – Working with Host Governments). Company policies should reference and adhere to applicable international and national instruments and standards, including:
  • National law and professional standards of the host country.
  • The Universal Declaration of Human Rights.
  • The International Covenant on Civil and Political Rights.
  • The International Covenant on Economic, Social and Cultural Rights.
  • The International Labour Organization’s Declaration on Fundamental Principles and Rights at Work.
  • The Geneva Conventions of 1949 and the Additional Protocols of 1977.
  • The United Nations Convention Against Torture.
  • The UN Guiding Principles on Business and Human Rights.
  • The Voluntary Principles on Security and Human Rights.
  • The Montreux Document on Private Military and Security Companies.
  • The International Code of Conduct for Private Security Service Providers.

Voluntary Principles on Security and Human Rights: Implementation Guidance Tools, p. 54 (International Council on Mining and Metals, International Committee of the Red Cross, International Finance Corporation and IPIECA 2011)

Develop a contract with the private security provider that includes clear clauses on respect for human rights law, international humanitarian law and relevant national law. Discuss these clauses with the private security provider to make sure the provider understands its performance objectives.

Key Resources

• The Montreux Document on Private Military and Security Companies, part 2, par. 14 (International Committee of the Red Cross and Swiss Directorate of International Law 2006)

Practical Tools

• A Contract Guidance Tool for Private Military and Security Services, Section 2: Contractor’s Roles and Responsibilities (DCAF 2017)
• Recommendations for Hiring Private Security Providers (SociosPeru, PeaceNexus Foundation, International Committee of the Red Cross and DCAF 2015)

Discuss the roles and responsibilities of individual security personnel with the private security provider to make sure the security provider understands personnel requirements and how to integrate them into their performance.

Complement training provided by the private security provider to its staff through regular communication and refresher sessions.

• Remind private security provider personnel of key points of the company’s code of conduct for private security providers and/or the International Code of Conduct for Private Security Service Providers. Additionally, remind security personnel about site-specific safety controls and other relevant policies. Do this on a regular basis (e.g. at the beginning of shifts, during shifts, during refresher sessions).
• Convene regular meetings where private security personnel can discuss good practices, ask specific questions and share their experiences amongst themselves (see Case study: Monusco and- Tenke Fungurume Mining training of for public security forces, (see Inadequate preparedness of public security forces: establishing a path to progress on human rights and minimal use of force within Training – Working with Public Security Forces).
• Distribute pedagogical material on the International Code of Conduct for Private Security Service Providers, adapted to the context and audience. Print the key points of the ICoC and the company’s code of conduct for private security providers, with an emphasis on the rules for the use of force. Distribute these to all private security personnel and require that they are kept on hand. The ‘smart cards’ should be in the appropriate local language for ready reference and inspection.

Conduct regular performance checks and meet regularly with private security provider management to discuss the findings.

Multilateral Investment Guarantee Agency Voluntary Principles Implementation Toolkit for Major Project Sites, IV-5 (World Bank Group Multilateral Investment Guarantee Agency and Anvil Mining 2008)

• Develop a checklist based on the contract and the code of conduct and use it during the monthly performance checks.
• Consider using an external human rights monitor to check compliance on a regular basis (e.g. engage with a non-governmental organisation to identify human rights gaps). To this end, it is beneficial to hire International Code of Conduct Association (ICoCA) members and/or companies that are certified by industry standards, as they undergo a certain level of monitoring by the ICoCA and/or certification bodies.
• Review security incident reports to identify actual or potential human rights abuses and take appropriate measures
• (See Human right abuses by private security providers: setting up procedures and policies to ensure adequate responses within Human rights abuses (Working with Private Security Providers). Identify lessons learned and integrate them into security procedures and practices.

If the private security provider still fails to comply with any or several of the clauses in the contract, consider the following options.

Voluntary Principles on Security and Human Rights: Implementation Guidance Tools, p.57 (International Council on Mining and Metals, International Committee of the Red Cross, International Finance Corporation and IPIECA 2011)

• Negotiate a timeline for compliance.
• Withhold payments as established in the contract until the issue is satisfactorily addressed.
• Condition maintaining the business relationship on performance.
• Provide more detailed guidance and training, together with regular performance review.
• Terminate the relationship with the private security provider.