Defence, Security & Space

Security and investigation compliance checklist

Use this checklist to confirm you have met every regulatory obligation that applies to your security or investigation business — from workplace health and safety through to SIA licensing, installer certification and data protection.

UK-wide
On this page
UK-wide

Related guides in Compliance & Legal

Work through every section that applies to your business. Tick off each item when you have confirmed it is in place. If an item does not apply — for example you do not install alarm systems — skip that section.

Section 1 — Health and safety at work

  • Have you identified your general duties as an employer (or self-employed person) under the Health and Safety at Work etc. Act 1974?
  • Have you carried out a suitable and sufficient risk assessment covering your premises, equipment, work activities and the specific risks of security work — including violence at work, lone working, night shifts and fatigue?
  • If you employ five or more people, have you recorded the significant findings of your risk assessment in writing?
  • Have you appointed a competent person to help you comply with health and safety law?
  • Have you set up arrangements for first aid, accident reporting (RIDDOR) and emergency procedures?
  • Have you provided your employees with the information, instruction, training and supervision they need to work safely?
  • Have you consulted your employees (or their safety representatives) on health and safety matters?
  • Have you displayed the HSE-approved health and safety law poster (or given each employee the equivalent leaflet)?

Section 2 — Fire safety

  • Have you carried out a fire risk assessment of your own premises (offices, control rooms, monitoring centres, training sites)?
  • Have you identified and maintained clear escape routes and exits?
  • Have you installed appropriate fire detection, alarms and firefighting equipment?
  • Have you provided fire safety training to your staff?
  • Do you have a written fire emergency plan, and have you practised it?

Section 3 — Employers' liability insurance

  • Do you employ anyone (including part-time staff, sub-contracted operatives on your payroll, apprentices or family members)?
  • If yes, do you hold employers' liability insurance with a minimum cover of £5 million from an authorised insurer?
  • Have you displayed the certificate (or made it available electronically to employees)?

Section 4 — Equality and data protection

  • Do you understand your duties under the Equality Act 2010 (or the equivalent Northern Ireland legislation) not to discriminate against employees, job applicants or members of the public on the basis of the protected characteristics — including in entry and refusal decisions by door supervisors?
  • Have you made reasonable adjustments for disabled employees and service users?
  • Have you registered with the ICO for data protection (unless exempt)?
  • Have you identified a lawful basis under UK GDPR for each type of personal data you process — CCTV footage, body-worn video, alarm-monitoring records, access logs, investigation case files, client records, staff payroll?
  • Do you have a privacy notice informing individuals how you use their data?
  • Have you set appropriate retention periods for CCTV footage, body-worn video and other surveillance records?
  • Are personal data stored securely — both paper records and electronic systems?
  • Do you have a process for responding to subject access requests within one calendar month?

Section 5 — SIA licensing (if applicable)

  • Do any of your staff carry out manned guarding, door supervision, close protection, CVIT, public space surveillance (CCTV operation), keyholding or alarm response?
  • If yes, does every individual carrying out that activity hold a valid front-line SIA licence for the correct licence sector?
  • Do your directors, partners or managers who manage or supervise front-line operatives hold a valid non-front-line (management) SIA licence?
  • Do you verify SIA licences before deployment and periodically thereafter using the SIA's online licence checker?
  • Are you confident that no unlicensed person is carrying out licensable security activity on your behalf?

Section 6 — Approved Contractor Scheme (if applicable)

  • If you supply security services to buyers who require ACS accreditation, have you applied for and obtained ACS status from the SIA?
  • Are you maintaining the standards required for annual ACS reassessment?

Section 7 — Installer certification (if applicable)

  • If you install, maintain or monitor intruder alarm, CCTV or access-control systems, are you certified by NSI or SSAIB?
  • Are you installing to the relevant British and European standards?
  • If you offer monitored alarm systems, have you obtained police-response unique reference numbers (URNs) — which typically require NSI or SSAIB certification?

Section 8 — Private investigation (if applicable)

  • Are you aware that the private investigator licensing power under the Private Security Industry Act 2001 has never been commenced, and that private investigation work is currently unlicensed?
  • Even though unlicensed, are you complying with the Data Protection Act 2018 and UK GDPR when processing personal data in the course of investigations?