The private security industry in the UK is regulated by the Security Industry Authority (SIA) under the Private Security Industry Act 2001. Every individual who carries out licensable activity, whether door supervision, security guarding, close protection, CCTV monitoring, or key holding, must hold a valid SIA licence. And every company that wants to demonstrate compliance to clients, win public sector contracts, or simply operate above the baseline must engage with the Approved Contractor Scheme (ACS).
The licensing regime is straightforward in principle. In practice, it generates a relentless documentation burden that scales with every operative you employ, every site you staff, and every contract you hold.
Every operative must hold a valid front-line SIA licence for the specific type of work they perform. A door supervision licence does not cover security guarding. A CCTV licence does not cover close protection. Each licence is valid for three years, costs 220, and requires the holder to complete the relevant qualification before applying.
For a security company with 50 operatives, that means tracking 50 individual licence expiry dates, each on a different three-year cycle. If an operative's licence expires and they continue working, both the individual and the company are committing a criminal offence under Section 3 of the Private Security Industry Act. The maximum penalty is six months' imprisonment, an unlimited fine, or both.
The SIA runs a free online licence checker. You enter a licence number or surname and date of birth, and it confirms whether the licence is valid. The SIA expects employers to check every operative's licence before deployment and to maintain records of those checks. Not once at hiring. On an ongoing basis, because licences can be revoked mid-term if the holder fails the continuous criminality checks the SIA runs against the Police National Computer.
Multiply that by 50, 100, or 500 operatives, and you have a personnel filing system that must be maintained in real time. A single expired licence on a live deployment is a criminal offence and an immediate ACS non-conformity.
ACS is voluntary but increasingly essential. Public sector contracts routinely require ACS status. Major private clients specify it as a procurement condition. Insurance premiums are lower for ACS-approved companies. The SIA frames ACS as a mark of quality, and the market has followed.
ACS approval requires an independent audit against the SIA's Approved Contractor Standard, which covers seven areas: business management, people management, service delivery, operational management, financial management, management of subcontractors, and business improvement. The audit examines your documented systems, interviews staff, and reviews sample records.
The audit is documentation-heavy. At minimum, you need:
ACS audits happen annually. The auditor visits your office, reviews your documentation, and visits at least one operational site to verify that what the paperwork says matches what actually happens on the ground. Non-conformities are graded as minor or major. Major non-conformities, or a pattern of minor ones, result in failure or conditional approval.
BS 7858 is the British Standard for security screening of individuals employed in a security environment. ACS requires it for all operatives, not just those in licensable roles. The standard requires verification of identity, right to work, a minimum five-year employment history (with gap explanations), criminal record declarations, financial probity checks, and references from previous employers.
For a new hire, completing a BS 7858 screen takes 2 to 4 weeks if references come back promptly. For an operative with a fragmented employment history, gaps, or overseas periods, it can take considerably longer. Every step must be documented: the request, the response, any follow-up, and the final decision. You must retain these records for the duration of employment plus a reasonable period after.
Every shift on every site generates records. The assignment instructions (a document specifying what the operative does on that site, what to check, who to contact in an emergency, and how to escalate incidents) must be current and accessible at the site. The deployment record (who attended, start and end times, relief arrangements) must be maintained. Incident logs, visitor logs, patrol records, and handover notes add to the volume.
A medium-sized security company running 20 sites with 24/7 coverage generates approximately 600 to 800 deployment records per month, plus incident reports, patrol logs, and handover documentation. That is 8,000 to 10,000 operational documents per year, before you add the personnel files, training records, and management system documentation.
The pattern is consistent. The security company did the work. The operatives were trained, screened, and competent. But the documentation was incomplete, disorganised, or dependent on one person's filing habits. When that person leaves, moves on, or simply forgets, the compliance position collapses.
Deploying an unlicensed operative: criminal offence, unlimited fine. Failure to maintain ACS standards: suspension or withdrawal of approved contractor status, which typically means losing every public sector contract you hold. Insurance claims rejected if the operative involved was not properly screened or licensed. Client contracts terminated for breach of the compliance warranties that every security contract contains.
For a security company doing 1M in annual revenue, losing ACS status typically means losing 40 to 60 percent of that revenue within 90 days, because the contracts that require ACS are usually the largest and most profitable.
Most security companies manage their compliance documentation with a combination of spreadsheets for licence tracking, shared drives for personnel files, site-specific ring binders for operational records, and email for everything else. The system works when one dedicated compliance manager maintains it full-time. It fails when that person is absent, when the company grows faster than the filing system scales, or when an ACS auditor asks to see 50 records and they are stored in 50 different places.
Slatewick builds compliance tools for regulated industries. The licence tracking, training records, screening documentation, deployment logs, and audit trails that security companies must maintain are structured, repeatable documentation tasks. They should not depend on one person's spreadsheet skills or filing discipline.
Slatewick helps regulated businesses manage the documentation that auditors and inspectors actually check. Licence tracking, training records, screening files, and operational logs.
Learn more about SlatewickCompliance tools for regulated industries. Built with the tools of tomorrow, guided by the values of yesterday.