ISO 28007 Consultancy | Maritime Security Management Systems
AJC provides end-to-end ISO 28007 consultancy, supporting private maritime security companies through implementation, certification audits, surveillance audits, and recertification. Our ISO 28007 consultancy is practical, tailored, and focused on delivering audit-ready maritime security management systems that support operational effectiveness, legal compliance, and risk reduction.
ISO 28007 is the internationally recognised standard providing guidance for private maritime security companies (PMSCs) delivering armed and unarmed security services on board ships. It supports consistent, accountable, and legally compliant maritime security operations.
How We Support ISO 28007 Certification
Our ISO 28007 consultancy follows a clear, structured process designed to achieve certification efficiently and with minimal disruption to operations.
Initial Consultation
We work with your team to understand your organisation, maritime security services, operational structure, jurisdictions, and regulatory obligations. This allows us to define scope, timescales, and the most effective route to ISO 28007 certification.
ISO 28007 Gap Analysis
We assess your existing management systems, procedures, and operational controls against ISO 28007 requirements. This identifies gaps, risks, and improvement areas, with clear, prioritised actions to support compliance.
Tailored ISO 28007 Implementation
We develop and implement ISO 28007-compliant policies, procedures, and controls aligned to how your organisation operates. This includes governance arrangements, personnel vetting, training, rules for the use of force, incident reporting, and contractor management. Systems are practical, proportionate, and aligned with certification body expectations.
Certification & Ongoing Support
We carry out internal audits, prepare your team for the certification audit, and support you through Stage 1 and Stage 2 audits. Following certification, we provide ongoing support for surveillance audits, regulatory updates, and continual improvement of maritime security operations.
What Is ISO 28007?
ISO 28007 is the international standard providing guidance for private maritime security companies delivering security services on board ships, particularly in higher-risk maritime environments.
ISO 28007 certification demonstrates a commitment to:
Professional and accountable maritime security services
Legal and regulatory compliance across jurisdictions
Effective risk management and operational control
Continual improvement of security management systems
The standard primarily applies to private maritime security companies and is widely recognised by ship owners, flag states, insurers, and maritime authorities.
Common Challenges & Audit Pitfalls with ISO 28007
ISO 28007 audits often identify gaps not in the intent to operate securely, but in how maritime security controls, governance arrangements, and legal requirements are applied in practice.
Some of the most common ISO 28007 challenges we see include:
Unclear governance and management responsibility
Roles, authorities, and accountability for maritime security operations are not clearly defined or consistently applied.
Inconsistent personnel vetting and training controls
Screening, competence, and training records do not fully demonstrate compliance with ISO 28007 and flag state expectations.
Rules for the Use of Force (RUF) not adequately controlled
RUF exist but are not properly communicated, reviewed, or supported by evidence of understanding.
Weak incident reporting and investigation processes
Security incidents are recorded, but follow-up actions and lessons learned are not consistently documented.
Poor control of subcontractors and third-party providers
Security risks introduced through subcontracted personnel or services are not adequately assessed or monitored.
Management reviews focused on certification rather than operational effectiveness
Reviews fail to assess incident trends, legal changes, or emerging maritime security risks.
An effective ISO 28007 system embeds security governance, accountability, and legal compliance into everyday maritime security operations, not just documented procedures. Our consultant-led approach ensures ISO 28007 systems are practical, proportionate, and fully aligned with both audit expectations and real-world maritime security requirements.
Who Needs ISO 28007?
ISO 28007 is specifically designed for private maritime security companies providing armed or unarmed security services on board ships.
It is particularly beneficial for organisations looking to:
- Demonstrate compliance with international maritime security expectations
- Strengthen governance, oversight, and operational control
- Meet ship owner, insurer, and flag state requirements
- Reduce risk associated with higher-risk maritime operations
Industries We Commonly Support
Private Maritime Security Companies (PMSCs) – Demonstrate professional, compliant security provision
Maritime Security Providers – Strengthen operational governance and accountability
Organisations Supporting Anti-Piracy Operations – Align with recognised international standards
Benefits of ISO 28007 Certification
Achieving ISO 28007 certification delivers both operational and commercial benefits, including:
Improved credibility with ship owners, insurers, and flag states
Clear governance and accountability for maritime security operations
Reduced legal, operational, and reputational risk
Increased confidence in personnel competence and control measures
Enhanced competitiveness in contracts and tenders
ISO 28007 provides a structured framework for managing maritime security services in a consistent, transparent, and compliant manner.
How Much Does ISO 28007 Certification Cost?
The cost of ISO 28007 certification varies depending on factors such as:
Size of your organisation
Complexity of operations and environmental aspects
Number of employees
Single-site or multi-site structure
Choice of accredited or unaccredited certification body
Costs typically include ISO consultancy support, certification audit fees, and ongoing surveillance audits. Smaller organisations with limited scope may achieve certification with a lower time commitment, while larger or more complex operations require additional resource.
ISO 28007 certification is a cost-effective investment that delivers long-term value through improved compliance, reduced risk, and enhanced commercial credibility.
Book a Free ISO 28007 Consultation
If you’re unsure whether ISO 28007 is right for your organisation, we can help you understand the requirements, costs, and timescales with no obligation.
We support UK organisations and international businesses with clear, consultant-led ISO 28007 guidance tailored to how you operate.
Book a free ISO 28007 consultation today to discuss your next steps with an experienced ISO consultant.