T: +44 (0) 117 927 20 08
ISO 28007
CITADEL has participated in the ISO 28007 process through the Security for Complex Environments Group (SCEG) which feeds directly into the UK Government debate on Maritime Security.  Our attitude to quality indicators such as ISO is progressive and we work hard to ensure we are at the forefront of industry implementation of ISO Standards.

Below is an overview of our experience with the nascent Maritime Security industry regulation and the actions we are taking to improve our approach to quality & security management.



ISO 28007 was incepted by the International Maritime Organisation (IMO), the specialised Maritime agency of the United Nations with responsibility for the safety and security of shipping at sea, in May 2012.  The IMO appointed ISO (International Standards Organisation) to investigate the possibility of drafting a Maritime Security Standard.

In November 2012, at the Maritime Security Council (MSC) 91 accepted ISO 28007 as being the preferred method of oversight that it would use to regulate Maritime Security Companies.


A History of  Regulation

ISO 28007 is the first unilateral standard that has been introduced by the into the Maritime Security field to holistically regulate and control Maritime Security Service Providers (MSSP’s).  There have been efforts to regulate the industry which have had varying levels of success.  Perhaps the most successful was the introduction by North of England P&I Club of the auditing of Maritime Security Companies by external risk manager Gray Page which began the process of separating the competent from the incompetent.  This might have served as a widespread method of regulating the industry had more P&I clubs joined with North methods.  However there were criticisms and it clearly would not have been fair to nominate Gray Page as the sole auditor for all MSSP’s.  However, it was an excellent solution for North of England Members.


Security Associations

Other solutions included the establishment of a variety of ineffective Security Associations.  In 2009 the fashion of the industry was to start a Maritime Security Company.  By 2012 the latest fad had evolved to the establishment of a Maritime Security Auditing company.  Various organisations appointed themselves as the guiding solution to the Maritime Security Industry which was growing out of control with an acknowledged lack of oversight of both the companies and the individuals working within the Industry.  The threat of nightclub bouncers issued with weapons , which had happened in Iraq, loomed large and BIMCO acted fast.


Led by former Royal Marine Giles Noakes, BIMCO saw the need to protect ship-owners and to unify the standards that Maritime Security Companies were expected to uphold.  The introduction of GUARDCON by BIMCO on the 28th of March 2012 introduced a framework for regulation by standardising the contractual basis on which Shipping Companies would contract with Maritime Security Companies.  It protected the Maritime Security Operative by ensuring they were properly trained and equipped with the proper background.  It guided the Shipping Company towards quality and provided them with indemnities that would protect them in the event of negligence on behalf of the MSSP.  And finally it protected the Maritime Security Company, by levelling the field and enabling them to compete on a more equal basis.


Owners Responsibility

However the GUARDCON did not go far enough.  The onus for auditing the MSSP still ultimately rested with the owner.  The P&I club could go so far to ensure contractual compliance and that it members were protected but a robust method for auditing security companies and looking carefully at how they conducted their internal affairs was still lacking. Without an invasive onsite investigative tool the Shipping Industry lacked the guarantee of quality from a MSSP that it required.

In the modern world it is all to easy to set oneself up as a functioning business based on the infrastructure of a phone and a website.  ISO 9001 audits offered a level of scrutiny, but the auditing bodies and the auditors themselves sadly lacked the in depth knowledge required to search inside an MSSP and to understand whether they were truly operating legally, or whether they simply appeared to be.


Lloyds Register to audit CITADEL

ISO 28007 bridges this gap.  Currently in the United Kingdom only two bodies are been accredited to audit Maritime Security Companies.  They will visit those business at their UK headquarters and their overseas outposts to assess their competence not only of their management but also of their embarked personnel.  One of those organisations is LRQA, whom Citadel has chosen to audit their ISO28007 Security Management System.

Citadel welcomes the introduction of the ISO standard.  We are amongst the first company to undergo an audit by Lloyds Register of Quality Assurance (LRQA) and we expect to be amongst the first companies to be accredited to ISO28007.  You will see regular updates to our news as this process happens.

LRQA will visit our offices in July.  In August we will be letting existing clients know the outcome of their initial findings.  The path to effective regulation has been a long one, but by focusing on quality over quantity Citadel Maritime is well placed to guide our clients through it.
Mission Statement
Citadel Maritime enables people to operate safely in high risk maritime environments, by delivering simple solutions to the complex challenge of protecting assets and reputation.