The 7 ACS Compliance Criteria Explained
A complete guide to the 7 ACS compliance criteria that UK security companies must meet to achieve Approved Contractor Scheme accreditation from the SIA.
By Michael Bryce · 28 March 2026 · Updated 25 April 2026 · 5 min read
For ACS compliance, this is important. The Approved Contractor Scheme (ACS) is built around seven criteria. These are the pillars the SIA uses to assess whether a security company is operating to the standard required for accreditation. Each criterion covers a distinct area of your business, from how you screen your staff to how you respond to complaints.
Understanding what each criterion requires is the foundation of any serious ACS preparation. This guide breaks each one down clearly.
Criterion 1: SIA Licence Management
Every operative deployed in a licensable role must hold a valid, in-date SIA licence. This is not just an ACS requirement. It is a legal requirement under the Private Security Industry Act 2001. Deploying an unlicensed guard is a criminal offence.
For ACS purposes, you need more than a one-time check. You need a system that monitors licence expiry dates in advance and flags operatives whose licences are approaching renewal or have lapsed. Assessors want to see that your business has controls in place to prevent non-licensed individuals from being scheduled to site.
It is worth noting that the licence requirement applies to operatives in licensable roles. Administrative staff, control room operators, and management personnel who do not perform licensable activities are not required to hold an SIA licence.
Criterion 2: Staff Vetting (BS 7858)
BS 7858 is the British Standard for vetting personnel who work in positions of trust, including the security industry. Under this standard, new hires must undergo a minimum five-year employment and identity check before being deployed.
The vetting process includes verifying identity documents, confirming previous employment history, checking for any gaps in that history, and conducting a criminal record check. The standard also requires that vetting is reviewed periodically and that records are maintained and accessible.
For ACS, assessors want to see that vetting has been completed correctly for all staff, that records are stored appropriately, and that your business has a process for handling vetting that comes back with concerns. Incomplete or missing vetting records are one of the most common ACS failure points.
Read our full guide to BS 7858 vetting
Criterion 3: Training and Development
This criterion covers the ongoing development of your workforce. It is not enough to confirm that staff hold their front-line SIA licence. Assessors want to see a structured approach to training that includes induction, ongoing development, and a record of what training each individual has completed.
Training records need to be accurate and current. If a guard attended a first aid course two years ago and the certificate has expired, that record should reflect the current status, not just the completion date. A training matrix that shows every operative’s qualifications, expiry dates, and upcoming renewal requirements is the kind of evidence that demonstrates a well-managed development programme.
This criterion also covers management development. If you have supervisors and managers, their professional development should be planned and tracked too.
Criterion 4: Assignment Instructions
Assignment instructions are the documented procedures that tell a guard exactly what to do at a specific site. They cover access routes, emergency procedures, escalation contacts, restricted areas, reporting requirements, and any site-specific risks or rules.
Every site your company operates must have assignment instructions. They must be relevant and up to date. A document that was written two years ago and never reviewed is not a compliant assignment instruction, it is a liability. Assessors will check that instructions are site-specific, that guards have confirmed they have read and understood them, and that they are reviewed regularly.
Good assignment instructions are also a critical tool for reducing incident risk. A guard who knows exactly what to do in an emergency is far safer than one working from memory or assumptions.
Criterion 5: Risk Assessments
Every assignment your company operates must be supported by a formal risk assessment. This means identifying the hazards at each site, assessing the likelihood and severity of harm, and documenting the controls you have put in place to reduce that risk.
Risk assessments must be site-specific. A generic document applied to every contract will not satisfy an assessor. They should be reviewed when circumstances change, for example when a site’s use changes, when an incident occurs, or on a defined periodic basis.
Linked to assignment instructions, risk assessments provide the evidence that your company has thought carefully about the environment in which its staff are working and has taken appropriate steps to protect them.
Criterion 6: Key and Asset Management
Many security assignments involve the management of keys, access cards, vehicles, equipment, or other sensitive assets. This criterion covers your processes for controlling and recording the movement of these items.
A key register is the most common form of evidence. It records which keys exist, who holds each key, when they were signed out and returned, and the condition of the item. For sites with significant key holdings, this register must be current and accurate at all times.
This criterion is broader than just keys. Any asset that could be misused, lost, or stolen, and where that loss would have significant consequences, should be tracked. Assessors want to see that your company takes asset control seriously and has systems to demonstrate accountability.
Criterion 7: Complaints and Quality
How a company handles complaints says a great deal about its culture. This criterion requires a formal complaints procedure, a record of complaints received, and evidence of how each one was handled and resolved.
The SIA is not expecting a zero-complaint business. What it wants to see is that complaints are taken seriously, investigated properly, and used as an opportunity to improve. A complaint log that shows a complaint was received, investigated, and that changes were made as a result is more compelling than a company that claims to have received none.
This criterion also encompasses broader quality management. Internal audits, management reviews, and KPI tracking all contribute to demonstrating that your company is actively monitoring its own performance and making improvements.
Managing All Seven Criteria in One Place
The challenge for most security companies is not understanding what each criterion requires. It is maintaining the evidence across all seven areas consistently, every day, not just in the week before an assessment.
That is the operational problem that purpose-built compliance software solves. TacDesk’s Compliance Module tracks all seven criteria in a single platform, with real-time dashboards showing your compliance position across every area.
Explore how TacDesk tracks ACS compliance, or see how TacDesk Verified Compliance works as a parallel standard that runs alongside the SIA’s own scheme.
Ready to see it in action? Book a demo at tacdesk.co.uk. Plans start from £49/month, and there are no setup fees or long-term contracts.
Related Articles
- → How to Prepare for an ACS Audit: A Practical Checklist
- → How to Stay SIA Compliant: A Complete Guide for UK Security Companies
- → What Is SIA ACS and How Do You Get Approved?
- → Digital vs Paper Compliance: Why Spreadsheets Are Killing Your ACS Score
- → Right to Work Checks for Security Guards: The UK Security Company Guide
Explore all TacDesk features · Book a free demo · View pricing
Michael Bryce
Founder of TacDesk. Writes about SIA compliance, operations, and running a UK security company — from someone who actually works the shifts.
Connect on LinkedIn →See TacDesk in action
Win tenders, pass SIA audits, and run your whole operation from one place. Book a free 30-minute demo.
Book a Free DemoRelated reading
SIA Licence Expiry: How to Manage Renewals Across a Security Workforce
A single expired SIA licence on a live deployment is a criminal offence. Here is how to track and manage licence renewals across your entire security workforce — without relying on spreadsheets.
Working Time Regulations for Security Guards: What UK Security Employers Need to Know
The Working Time Regulations 1998 set strict limits on hours, rest breaks, and night work for security guards. Here’s what UK security employers must know to stay compliant in 2026.
Why UK Security Companies Are Moving Away From Legacy Workforce Software
Generic workforce management platforms were built for general use and retrofitted to security. The result is a product that charges enterprise prices for features that don’t fit the industry. Here’s why UK security companies are switching to purpose-built alternatives.