Challenge Topic

Human rights abuses

Print Friendly and PDF


Human rights abuses by private security providers: Setting up procedures and policies to ensure adequate responses

Good Practices

Review the risk and impact assessment to ensure all risks and impacts have been properly analysed and all feasible preventive measures are in place

(see Adequate and appropriate private security arrangements: properly identifying risks and impacts within Private security within risk and impact assessment – Working with Private Security Providers).

  • The Voluntary Principles on Security and Human Rights explain, ‘As part of the exercise, assess local capacity to investigate abuses and provide for proper resolution. Risk assessments should consider the local prosecuting authority and judiciary’s capacity to hold accountable those responsible for human rights abuses or violations of international humanitarian law in a manner that respects the rights of the accused.’ Voluntary Principles on Security and Human Rights, p. 3

When contracting with a new private security provider, require applicants to be officially registered, per national regulations, and verify evidence of the business license. Include this requirement in the request for proposals

(see Selecting private security providers: assessing quality and cost considerations within Bids and contracts – Working with Private Security Providers).

Ensure the contract with the private security provider includes the following requirements and conditions

(see Compliance with international standards and good practices: developing implementation guidance within Bids and contracts – Working with Private Security Providers).

  • Refresher trainings on use of force, human rights and international humanitarian law (where relevant), including practical exercises on how to manage security incidents.
  • A monitoring system (see Oversight and accountability within – Working with Private Security Providers).
  • An incident reporting mechanism. Explicitly require the private security provider to report any incident where personnel participate in, encourage or seek to benefit from any national or international crimes, including, but not limited to: war crimes; crimes against humanity; genocide; torture and other cruel, inhuman or degrading treatment; enforced disappearance; forced or compulsory labour; hostage-taking; sexual or gender-based violence; human trafficking; the trafficking of weapons or drugs; child labour; or extrajudicial, summary or arbitrary executions. International Code of Conduct for Private Security Service Providers, par. 22 Contractual obligations towards the company may not be invoked as justifications for such acts.
  • A process for investigating reported incidents.
  • The right to cancel the contract in case of proven human rights abuses or of humanitarian law violations. Also include provisions to remove personnel involved in credible allegations of human rights abuses or humanitarian law violations.

Establish an early alert system and engage in pro-active monitoring.

  • Develop a company policy and internal process to deal with both potential and actual human rights abuses and ensure all company staff are familiar with these.

Provide human rights training to employees, including on how to identify signs of potential human rights abuses.

Designate focal points within the company (e.g. a security manager, a community relations officer) that will receive oral or written reports of potential and actual human rights abuses. Ensure their contact details are distributed to all relevant stakeholders.

Require systematic reporting of all alleged and confirmed human rights abuses.

  • Monitor causes and triggers of conflict on a regular basis, especially in complex environments, and establish a concrete action plan to prevent and mitigate risks of escalation.
  • As allowed by national legislation, monitor private security providers through a variety of means, such as radio networks, CCTV visual monitoring (including installing cameras in vehicles) and/or unannounced physical site inspections.
  • Support the oversight of the private security industry by local authorities and community groups.  
  • Develop a network with relevant stakeholders, ensuring different groups in local communities are adequately represented (in particular the most vulnerable groups), and provide them with guidance and capacity support on what to do whenever there are risks of human rights abuse. Consider providing them with capacity support, directly or indirectly.
  • Encourage dialogue and cooperative agreements between the company, security providers and communities. Clearly outline the roles, responsibilities and practices for different actors in maintaining law, security and public order.
  • Ensure a certain degree of oversight and monitoring by hiring certified or affiliate International Code of Conduct Association (ICoCA) members or companies certified by other certification bodies.

Establish an operational-level grievance mechanism that allows individuals to report abuses anonymously

(see Community mistrust: ensuring an effective grievance mechanism within Stakeholder engagement strategy – Working with Communities).

Contract a private security provider that has an effective and accessible grievance mechanism. Alternatively, require the establishment of a grievance mechanism if the private security provider does not have one.

  • Establish or ensure the existence of at least one of the following mechanisms:

A ‘report abuse’ hotline, accessible either via phone or SMS.  

A secure email address that is solely accessible by a trusted monitor.  

Tip boxes with clear instructions posted above them, located in areas where individuals have unobserved access to the boxes and can drop in anonymous notes, tips or other information. These should have clear instructions posted above them.

‘Persons of trust’ selected by employees that can bring concerns to the company or private security provider management on the behalf of employees. This can also be done via existing mechanisms such as unions and/or employee associations, if applicable.

A community office where complainants can report their claims in person. Ensure that this is easily accessible to all potential claimants. If it is clear that certain members of the potentially affected community are not able to access the office, mobile teams should be sent to engage with the community and carry out the grievance process in their location.

  • Consult with local communities during the design of the grievance mechanism to ensure it is culturally appropriate and that they are able to access it effectively.
  • Ensure procedures are accessible, fair and effective. The mechanism must produce effective remedies, including recommendations for preventing future occurrences.
  • Establish a grievance mechanism and ensure it is effective from the onset, instead of waiting until issues arise.
  • Make sure the grievance mechanism addresses issues early, before they escalate into human rights abuses and/or breaches of other standards.
  • Ensure that the grievance mechanism is known to, and trusted by, all relevant stakeholders, including community members, women, vulnerable groups and workers. This may be done by organising meetings with local communities or by publishing details of the grievance mechanism in prominent places, as well as on a publicly accessible website.
  • Safeguard those who report wrongdoings in good faith and implement measures to shield them from retaliation (e.g. via disciplinary measures).  
  • Keep records of all known alleged human rights abuses by private security, whether or not a grievance is raised.

Conduct investigation into credible allegations and, when appropriate, report abuses to the relevant authorities.

  • According to the International Code of Conduct for Private Security Service Providers, companies should ‘investigate allegations promptly, impartially and with due consideration to confidentiality’.
  • Ensure that investigation teams are trained on how to engage in a manner respectful of cultural practices, traditions and gender roles. Build teams that are gender differentiated, competent in the local languages and familiar with local customs and/or ethnic or tribal dynamics.
  • Collect necessary information from internal and external sources to determine if allegations are credible and warrant official investigation.
  • Request an incident report from the private security provider, as established in the contract. Reports by the private security provider should cover any incident involving: the use of force; escalation of force; use of a weapon (including the firing of any weapon, except for training); damage to equipment; injury to persons; attacks; traffic incidents; criminal acts; and/or incidents involving other security forces. These reports should provide information on:

Time and location of the incident.

Identity and contact details of any persons involved in the incident, including nationality and whether they are employed by the company or private security provider.

Injuries and/or damage sustained and how these were established.

Circumstances leading up to and immediately subsequent to the incident.

Any measures taken by the private security provider in response to the incident, including any interaction with victims or witnesses.

International Code of Conduct for Private Security Service Providers, par. 63

What happened?

Who was involved?

Did the business cause or contribute to the event, either directly or through its contractors and security providers?

What is the actual or potential severity of the event?

  • Keep records of all findings from the investigation.
  • If an incident appears credible and serious, notify senior management and the relevant regional security advisor.  
  • Based on the available information, decide whether the investigation should be conducted internally or by a trusted third party. Criteria for such decisions should be clearly outlined in the company’s policy (e.g. complaints policy, human rights policy, security policy) and should explicitly state when third parties (such as national authorities) need to be involved. In doing so, consider risks from external stakeholders and integrate their input into this policy.  
  • When appropriate, report the abuse to competent authorities in the operating location, victim’s home country and/or the perpetrator’s home country.
  • If the host government is to lead the investigation, formally express the company’s willingness to assist and cooperate.
  • Pursue appropriate disciplinary or remedial actions in response to the incident. Determine which actions to take immediately to de-escalate the situation and which to take based on the outcomes of the investigation.
  • Prevent further escalation of the incident.
  • When force was used, ensure that medical attention is provided to injured parties.
  • When private security providers are found to have violated international humanitarian law and/or committed human rights abuses, take measures to terminate the business relationship.
  • If the investigation is led by law enforcement authorities, monitor progress of the investigations and press for proper resolution.
  • Cooperate as much as possible with investigations conducted by other legitimate actors (e.g. by ombudsman institutions, national human rights institutions, regional human rights commissions or multi-stakeholder initiatives).

Track the effectiveness of responses on the basis of appropriate qualitative and quantitative indicators. According to the UN Guiding Principles on Business and Human Rights, these should ‘draw on feedback from both internal and external sources, including affected stakeholders’.

UN Guiding Principles on Business and Human Rights no.22

Conduct lessons learned exercises.

  • According to the UN’s interpretive guide on the corporate responsibility to respect human rights, ‘Wherever a significant human rights impact has occurred, initiate a process to identify how and why it occurred. This is important to prevent or mitigate its continuation or recurrence. Linking preventing or mitigating actions to staff incentives and disincentives, whether financial compensation, promotion or other rewards, can play an important role in helping embed respect for human rights into the practice of the (company).’
  • Make appropriate changes to contracts and/or deployment in order to prevent recurrence of incidents. Consider carefully whether repeatedly hiring the same security provider with a history of misconduct and/or problems may be a cause for complacency, leading to potential incidents.
  • Provide supplementary training to private security providers, especially on topics relating to appropriate response and the root causes of the incident.  
  • If appropriate, consider using the incident for practical exercises in future trainings.
  • Consider whether and how to engage external stakeholders (e.g. affected communities, civil society organisations) in the after-incident assessment and remediation activities.

Communicate how the company addresses its human rights impacts to all relevant stakeholders, particularly in the event of an incident that generates significant external stakeholder concern and publicity.

  • The UN Guiding Principles on Business and Human Rights emphasise that communicating on how human rights impacts are addressed is a key element of human rights due diligence (see human rights due diligence).  
  • Ensure communications are accessible to their intended audiences. Consider different formats (e.g. billboards, posters, website) that are appropriate to the local context and available in local languages.
  • Provide information that allows internal and/or external stakeholders to evaluate the adequacy of the company’s response.  
  • Consider sharing lessons learned with other companies working in the area.

Case Studies and Fact Sheets

Risk mitigation: hiring private security providers which are certified by the International Code of Conduct Association (ICoCA) or another industry standard

View Resource

The use of force by private security providers

View Resource