If you run a UK security company, BS 7858 is one of the most important standards you need to understand. It governs the pre-employment screening of staff who work in environments requiring trust and reliability — and in the security industry, that means virtually everyone you hire.
Getting vetting wrong doesn’t just create legal exposure. It damages client relationships, puts ACS certification at risk, and can lead to incidents that are difficult to explain to an insurer or a court. This guide covers what BS 7858 actually requires, who it applies to, and how to build a vetting process that holds up to scrutiny.
What Is BS 7858?
BS 7858 is a British Standard published by the BSI (British Standards Institution) that sets out the minimum requirements for screening personnel who work in positions where trust is essential. The current version is BS 7858:2019+A1:2021.
In the security industry, BS 7858 applies to anyone whose role gives them access to clients’ premises, property, or sensitive information — which in practice means security guards, control room operators, supervisors, and management. The SIA’s ACS (Approved Contractor Scheme) requires member companies to comply with BS 7858 for all frontline staff, making it effectively mandatory for any serious security operator.
What Does BS 7858 Cover?
The standard sets out a five-year employment history check as its core requirement. For each period in that five years, a candidate must provide verifiable evidence of their activity — whether that’s employment, education, self-employment, unemployment, or other circumstances.
Specifically, BS 7858 requires:
- Identity verification — Confirming the candidate is who they say they are, using government-issued photo ID.
- Right to work check — Confirming the candidate has legal permission to work in the UK, as required by the Immigration, Asylum and Nationality Act 2006.
- Five-year activity history — Obtaining written references or documentary evidence for each period within the last five years, with no unexplained gaps.
- DBS check — A Disclosure and Barring Service check appropriate to the role. For SIA licensable roles, this is typically a Basic or Standard DBS, though Enhanced checks may be required for certain regulated environments.
- Financial background check — A credit reference check to identify county court judgements (CCJs), bankruptcies, or other financial indicators that may be relevant to trustworthiness.
- Social media screening — The 2019 revision introduced guidance on reviewing publicly available social media activity for evidence of behaviour incompatible with the role.
Who Is Responsible for Vetting?
The employing security company is responsible for carrying out BS 7858 vetting before a new employee begins work in a security role. This responsibility cannot be transferred to the candidate, a recruitment agency, or a third-party screening provider — although you can use a screening provider to carry out checks on your behalf, you remain accountable for ensuring the process meets the standard.
If you bring on subcontracted guards from another company, you should satisfy yourself that the subcontractor has carried out adequate vetting. A written declaration from the subcontractor and evidence of their vetting process are the minimum you should hold on file.
What Happens When a Gap Can’t Be Verified?
Unexplained gaps are one of the most common vetting challenges. A candidate may have been travelling abroad, caring for a family member, or simply unable to obtain a reference from a former employer who has since closed.
BS 7858 does not require absolute verification of every day — it requires that you make reasonable efforts to verify, and that any gaps are documented with a risk assessment. If a gap cannot be verified, you should record:
- What checks you attempted
- Why the gap could not be verified
- The risk assessment you carried out
- Any mitigating factors (e.g. evidence of overseas travel, a statutory declaration from the candidate)
- The decision made and who authorised it
This audit trail is essential if you’re ever asked to demonstrate compliance by a client, auditor, or insurer.
Vetting During the ACS Assessment
If your company holds or is seeking ACS certification, assessors will inspect your vetting records as part of the audit. Common findings that result in non-conformances include:
- Missing DBS certificates or expired checks where a refresh was due
- Reference gaps not documented with a risk assessment
- No written procedure for how vetting is carried out
- Records stored insecurely (e.g. paper files accessible to unauthorised staff)
- No evidence that right-to-work checks were completed before the start date
A robust document management system that stores vetting records against each employee — with alerts when certificates are due for renewal — is one of the most straightforward ways to prevent these findings.
Keeping Vetting Records Compliant
BS 7858 vetting records are personal data and must be handled in line with UK GDPR. You must:
- Store records securely, with access limited to those with a legitimate need
- Retain records for an appropriate period — the general guidance is six years after employment ends, to cover the limitation period for civil claims
- Have a documented retention and disposal policy
- Be able to respond to subject access requests within 30 days
Building a Scalable Vetting Process
For a small company with a handful of guards, vetting can be managed manually. As you grow, however, manual processes introduce risk — records get misfiled, alerts aren’t followed up, and a single audit finding can hold up a contract renewal.
A purpose-built guard management platform can centralise vetting records, track expiry dates for DBS checks and SIA licences, and flag upcoming renewals before they become a problem. TacDesk’s ACS compliance module keeps all guard documentation in one place and surfaces alerts when action is needed — so compliance stays proactive rather than reactive.
Whether you manage it manually or with software, the principle is the same: document everything, close every gap with a risk assessment, and make sure your records can withstand an audit at any point.
Summary: BS 7858 Key Points
- Applies to all frontline security personnel in the UK
- Requires a five-year verifiable activity history, identity check, right-to-work check, DBS check, and credit check
- ACS certification requires full compliance
- Unexplained gaps must be documented with a risk assessment — not ignored
- Records are personal data under UK GDPR and must be stored and retained accordingly
- Scalable record management becomes essential as your workforce grows
If you’d like to see how TacDesk handles guard documentation and ACS compliance, book a short demo — we’re happy to walk you through the compliance module.