The key purpose of this article is to critically assess the extent to which auditing and certification to quality assurance and risk management standards containing human rights-related requirements are an adequate and effective means of ensuring that private security companies internalize their responsibility to respect human rights. Based on participant observation, interviews and publicly accessible data, it concludes that in the absence of the adoption of specific assurance measures in the certification and oversight processes, the constructivist ‘tipping point’ resulting in the internalization of the corporate responsibility to respect may not be attained when there is inadequate norm compliance or, worse yet, norm regression.