BS 7858 is the British Standard for the vetting of individuals working in security-related or other trusted positions. For security companies pursuing ACS accreditation, or simply trying to operate responsibly, understanding this standard and applying it correctly is essential.
This guide explains what BS 7858 requires, how the vetting process works in practice, and what the common mistakes are that leave companies exposed.
What Is BS 7858?
BS 7858 is a published standard produced by the British Standards Institution (BSI). It sets out the procedures for screening and vetting individuals before and during employment in roles where they will have access to sites, assets, or information that requires a degree of trust.
The standard is widely adopted across the security industry and is referenced directly in the ACS framework. It is also increasingly expected by clients in sectors including retail, healthcare, finance, and critical infrastructure.
The most recent version of the standard updates the original guidance and is available from BSI. Security companies operating under ACS should ensure they are working to the current version.
What Does BS 7858 Require?
The standard requires a pre-employment check covering a minimum five-year period. This check must verify:
Identity
The individual’s identity must be confirmed against an original, valid document. Acceptable forms include a passport, driving licence, or national identity card. Copies are not sufficient for initial verification; the original document must be checked.
Five-Year History
The vetting must account for every month of the five years preceding the employment start date. For each period, the individual must provide evidence of their activity: employment, education, self-employment, or other verifiable activity. Gaps in history must be explained and, where possible, verified.
Right to Work
The individual’s right to work in the UK must be confirmed separately. This is a legal requirement independent of BS 7858.
Criminal Record Check
A Disclosure and Barring Service (DBS) check must be obtained. The level of check required depends on the role. Basic disclosure is the minimum, and enhanced disclosure may be required for certain assignments.
References
Employment references should be sought from previous employers. The standard provides guidance on how references should be requested and what information they should cover.
What Happens When There Are Gaps in the History?
Gaps in the five-year history are common and do not automatically disqualify a candidate. The BS 7858 process requires that gaps are investigated. The individual should be asked to explain the gap and provide supporting evidence where possible.
If the gap cannot be adequately explained or verified, the vetting result is inconclusive. How your company handles an inconclusive result must be documented. Deploying someone before vetting is complete, or ignoring an unresolved gap, is a compliance failure.
How Long Does BS 7858 Vetting Take?
Thorough vetting takes time. Chasing employment references, waiting for DBS results, and verifying documentation across a five-year period can take two to four weeks in straightforward cases. Where previous employers are slow to respond or records are incomplete, it can take longer.
This creates a practical challenge for security companies that need to fill shifts quickly. The standard does not prohibit deployment before vetting is complete in all cases, but it does require that any deployment of an unvette individual is managed through a defined interim process, that the individual is supervised appropriately, and that the vetting is completed as a priority.
The safer approach is to build a vetted reserve. Having a pool of fully vetted operatives available for deployment means you are not forced to make a compliance compromise every time a shift needs filling at short notice.
Ongoing Vetting and Record Maintenance
BS 7858 is not a one-time check. The standard requires that vetting records are reviewed periodically and that any changes in an individual’s circumstances that may affect their suitability are identified and acted on.
Records must be stored securely, in line with GDPR requirements, and must be accessible for review if required by a client, assessor, or regulator. Poor record storage, records that cannot be located, or records that are incomplete are among the most common BS 7858 compliance failures.
Common Mistakes to Avoid
Starting employment before vetting is complete without appropriate controls. Every week without oversight that an unvetted person works unsupervised is a period of undocumented risk.
Relying on photocopied documents. Identity documents must be checked as originals. A photocopy does not satisfy the standard.
Treating vetting as a one-off task. Vetting must be reviewed. An operative who passed vetting five years ago and has had their circumstances change since then is not necessarily still suitable without review.
Inconsistent record formats. If vetting records are stored across paper files, emails, and spreadsheets, they are difficult to audit and easy to lose. Consistent, accessible records are a basic requirement.
Failing to document inconclusive results. If a reference was chased and never returned, that outcome must be recorded, not simply ignored.
BS 7858 and ACS
Under ACS, the vetting criterion requires evidence that BS 7858 has been applied correctly across your workforce. Assessors will review a sample of vetting files and check for completeness, consistency, and appropriate documentation of how any issues were handled.
If you cannot produce clean, complete vetting records for your operatives, this criterion will affect your ACS score regardless of how well the rest of your business operates.
Interested in how TacDesk manages BS 7858 vetting records digitally? Explore the ACS Compliance Module or see how TacDesk tracks all seven ACS criteria in one platform.
Book a demo at tacdesk.co.uk. Starting from £49/month, no setup fees, no contracts.