ISO 18788:2015 is an internationally recognised standard for Security Operations Management Systems (SOMS). It provides a framework for organisations involved in security operations to establish, implement, maintain, and improve management processes while respecting human rights, legal obligations, and international good practices.
ISO 18788 Clause Summary
11 Mar 2026
ISO 18788:2015 is an internationally recognised standard for Security Operations Management Systems (SOMS). It provides a framework for organisations involved in security operations to establish, implement, maintain, and improve management processes while respecting human rights, legal obligations, and international good practices.
Below is a summary of the main clauses within ISO 18788:2015.
Scope
Defines the boundaries and applicability of the ISO 18788 standard.
It specifies the requirements for establishing and maintaining a Security Operations Management System to ensure effective and responsible security management.
Normative References
Lists the essential reference documents necessary for applying the standard correctly.
Terms and Definitions
Provides clear definitions of key terms used in the standard to ensure consistency in interpretation and implementation.
Context of the Organization
Requires organisations to understand internal and external issues that may affect their security operations.
Key elements include:
- Identifying interested parties such as clients, employees, regulators, and local communities
- Understanding legal, regulatory, and human rights considerations
- Defining the scope of the Security Operations Management System
Leadership
Emphasises the commitment of top management in establishing and supporting the security management system.
Responsibilities include:
- Developing a security policy
- Assigning roles, responsibilities, and authorities
- Ensuring accountability and ethical conduct in security operations
Planning
Focuses on identifying and addressing security risks and opportunities.
Organisations must:
- Conduct risk assessments related to security operations
- Consider legal and human rights obligations
- Establish measurable security objectives
- Plan actions to mitigate security threats and vulnerabilities
Support
Ensures the organisation has the resources, competence, and communication systems necessary to support security operations.
This includes:
- Qualified and trained security personnel
- Awareness of ethical and legal responsibilities
- Effective communication channels
- Proper control of documented information
Operation
Covers the implementation and control of security activities.
Key activities include:
- Operational planning and control
- Management of security personnel and contractors
- Incident management and reporting
- Ensuring security operations respect human rights and legal standards
Performance Evaluation
Requires organisations to monitor and evaluate the effectiveness of their Security Operations Management System.
Activities include:
- Monitoring security performance indicators
- Conducting internal audits
- Performing management reviews
- Evaluating compliance with security policies and legal requirements
Improvement
Encourages continual improvement of security operations and management processes.
This includes:
- Addressing security incidents and nonconformities
- Implementing corrective actions
- Improving operational procedures and risk management processes
Benefits of Implementing ISO 18788
- Improved governance and accountability in security operations
- Better risk management in high-risk environments
- Protection of human rights and ethical conduct
- Increased trust with clients, regulators, and stakeholders
- Enhanced operational effectiveness and security performance
