Resources for employers
Resources / Topics / Ensuring Compliance

SIA ACS Audit Preparation: What Security Companies Need to Know

Preparing for an SIA ACS audit takes more than paperwork. This article explains what security companies need to know about ACS approval, costs, evidence, site visits, scoring, common challenges, and the future of the scheme.

a security company representative explaining ACS audit compliance rules to a security officer

Rollo Davies

9 mins to read

9 mins to read

For the last 4 weeks, I’ve been helping a company prepare for its ACS Approval renewal, and an audit is imminent. It isn’t a simple job, and although initially achieving SIA Approved Contractor Scheme membership may not be difficult, getting a good score takes time, effort, and a genuine corporate desire to adapt its culture and achieve excellence in a wide range of areas.

Within the UK private security industry, Security Industry Authority (SIA) Approved Contractor Scheme (ACS) status remains one of the most recognisable indicators of organisational quality. Although participation is voluntary, many buyers of security services somewhat naively regard ACS approval as evidence that a company has invested in governance, compliance, staff development, and operational standards.

For businesses considering ACS approval, or preparing for an upcoming assessment, the process can appear daunting. The documentation is extensive, the evidence requirements are demanding, and the assessment itself examines far more than simple regulatory compliance. Yet organisations that approach the ACS audit methodically often discover that the exercise improves the overall effectiveness of their business.

Why ACS Approval Is Desirable

ACS approval can provide several commercial advantages.

Many procurement departments, local authorities, public-sector bodies, and major corporate clients either prefer or actively encourage suppliers to hold ACS approval. In competitive tender situations, it can help differentiate a contractor from competitors that operate solely with the minimum legal requirements.

The scheme is also designed to encourage continual improvement rather than mere compliance. Companies are assessed against a range of business management criteria covering leadership, strategy, service delivery, people management, financial controls, and customer relationships.

For many businesses, ACS status becomes a useful marketing tool. It demonstrates that an independent assessor has reviewed the organisation and confirmed that required standards are being met.

The Cost of ACS Membership

One reason some companies hesitate before applying is cost.

There are SIA application and registration fees, together with assessment fees payable to approved assessing bodies. The total cost varies depending upon company size, the scope of approval sought, and the assessor selected. The SIA periodically reviews and adjusts ACS fees, and organisations should budget not only for the direct charges but also for the internal administrative effort required to prepare for assessment.

At the time of writing, ACS fees were as follows:

The initial application fee varies depending on the number of licensable staff in your organisation and is non-refundable.

  • Up to 10 licensable staff: £400
  • 11 to 25 licensable staff: £800
  • 26 to 250 licensable staff: £1,600
  • Over 250 licensable staff: £2,400

The registration fee is the same for everyone: £25 per every licensable individual deployed as of the 1st June 2026. It is worth noting that this has just gone up from £15 per officer, a raise of 66% with very little notice or consultation, and the industry is universally unhappy.

Read the Government’s explanation for the huge increase in fees here.

For a larger business, these costs may be regarded as a routine overhead. For a smaller security company employing only a handful of officers, the financial commitment can appear much more significant.

The 104-Page Self Assessment Workbook

Preparation normally begins with the ACS Self Assessment Workbook.

The current workbook runs to approximately 104 pages and requires organisations to assess themselves against the ACS standard before the external assessment takes place.

In principle, the workbook is a valuable preparation tool. It forces management teams to examine their procedures, identify weaknesses, and gather supporting evidence.

In practice, however, many users have experienced difficulties when attempting to complete the workbook electronically using Adobe Acrobat. Depending upon software versions, security settings, and local IT configurations, users have reported problems with data retention, embedded functions, validation fields, saving progress, and transferring information between different computers.

Such technical frustrations can waste valuable preparation time. Organisations are therefore advised to start work on the workbook well in advance of their assessment date and maintain multiple backup copies throughout the process.

The key point is that completing the workbook is not the objective. The objective is ensuring that every answer can be supported by evidence when the assessor arrives.

Policies and Procedures Required

One of the most common misconceptions is that ACS compliance is primarily about producing documents.

Documentation is important, but assessors are looking for evidence that policies are actually being followed.

Typical documents expected during an assessment include:

  • Recruitment and screening procedures.
  • Vetting and right-to-work processes.
  • Health and safety policies.
  • Equality, diversity and inclusion policies.
  • Data protection and GDPR procedures.
  • Complaints management procedures.
  • Disciplinary and grievance policies.
  • Training and competency frameworks.
  • Lone worker arrangements.
  • Incident reporting procedures.
  • Business continuity plans.
  • Environmental and sustainability policies.
  • Quality management procedures.
  • Customer feedback processes.

Just as important as the policies themselves, however, are the records that demonstrate implementation. Training records, management meeting minutes, customer surveys, corrective action reports, supervisor site visit records, and employee consultation evidence all help support compliance claims and boost the achieved score.

Site Visits and What Auditors Want to See

The site visit is often the point at which reality meets documentation.

Assessors want to confirm that what appears in policies and procedures is genuinely happening on operational sites.

During site visits, they typically examine:

  • Assignment instructions.
  • Site risk assessments.
  • Occurrence books and incident records.
  • Patrol records.
  • Welfare facilities.
  • Uniform standards.
  • Licensing compliance.
  • Training records.
  • Emergency procedures.
  • Health and safety arrangements.
  • Management and supervisory oversight.
  • They will normally speak directly with security officers and supervisors.

Staff should understand their site instructions, know how to report incidents, understand emergency procedures, and be familiar with company reporting lines. Assessors are generally not conducting examinations, but they do expect staff responses to align with documented procedures.

How to Score Additional Points

Under the ACS assessment model, organisations must meet the required achievement level for every indicator. Beyond that, additional points are awarded for evidence of good practice and continuous improvement.

Some relatively straightforward ways of improving scores include:

  • Conducting regular employee engagement surveys.
  • Recording customer satisfaction feedback.
  • Implementing structured management reviews.
  • Demonstrating environmental initiatives.
  • Maintaining formal training and development programmes.
  • Operating documented welfare and wellbeing initiatives.
  • Recording lessons learned from incidents and complaints.
  • Establishing measurable business objectives and reporting against them.

Many organisations leave potential points on the table simply because good practices exist but are not formally documented.

How Many Points Are Needed to Pass?

A common misunderstanding concerns scoring.

What do you actually need to score to pass your ACS audit: Zero.

Zero, however, is the baseline figure obtained if you meet the absolute minimum standard in all 78 required “indicators” across 7 assessment criteria. All points above this are earned for going further, achieving more, and being better.

In practical terms, failing to meet a mandatory indicator is likely to be far more serious than missing out on extra improvement points.

The maximum possible score is currently 145 points, so there is a huge gulf between a company that just scrapes through and only ticks the required boxes, and one of the compliance powerhouses that obtains ACS Pacesetters (A private membership organisation for top-scoring companies) qualification level, being the top 15% of all ACS-approved companies, with a score above 110!

Adding a New Category of Approval

Existing ACS-approved companies sometimes decide to expand into additional sectors such as door supervision, security guarding, key holding, or CCTV operations.

When this occurs, businesses should engage with the SIA well in advance. Extending the scope of approval is not something that should be left until the last minute. The continuation and approval extension processes require planning, supporting documentation, and sufficient time for review.

Early communication with the SIA can prevent delays and avoid unnecessary complications during renewal or reassessment.

Challenges for Smaller Businesses

Smaller companies often face the greatest difficulties.

Many owner-managed businesses already operate effectively but lack the administrative infrastructure expected by the ACS framework. Producing management reports, documenting staff consultations, conducting formal reviews, and maintaining comprehensive records can be challenging when the same individual is responsible for sales, operations, recruitment, and payroll.

The cost of external consultancy, assessment fees, and management time can also place significant pressure on limited resources.

As a result, some excellent operational businesses struggle with ACS preparation despite delivering high-quality security services.

Why Some Businesses Do Not Seek ACS Approval

Given the advantages, it may seem surprising that some companies choose not to pursue ACS status.

The reasons are varied.

For some, the cost outweighs the perceived commercial benefit. Others operate within niche markets where clients rarely ask about ACS approval. Some business owners simply prefer to focus on operational delivery rather than compliance administration.

There are also organisations that conclude the return on investment does not justify the considerable effort required to maintain approval year after year.

Ultimately, ACS approval is a business decision rather than a legal requirement. However, for companies seeking larger contracts, stronger market credibility, and structured business improvement, the scheme continues to provide a recognised framework for demonstrating professionalism within the UK security industry.

The Future of the Approved Contractor Scheme

The ASC is not perfect, and the regulator has been looking at modifying the entire system for the last few years. The industry has also been crying out for mandatory security business licensing, and a new system would be required to allow this to be successful.

To that end, a new Business Approval Scheme (BAS – because they love acronyms) is not far over the horizon. Is it just a case of change for change’s sake? Well, until the Home Office finally relents and implements mandatory business licensing, many people think so.

Will the new BAS genuinely bring the improvements in public safety and better industry standards that the SIA claim?

We can only wait and see.

Keeping Compliance Practical

ACS preparation is ultimately about proving that the systems in the business work in practice, not just on paper. For security companies trying to make that easier, GuardPass brings hiring, training and compliance tools into one platform, while GuardCheck helps simplify BS7858 screening when evidence and speed both matter.

Build the habits before the ACS audit arrives, and the assessment becomes much less painful.