BS 7858 Vetting Explained: What UK Security Companies Need to Know
A plain-English guide to BS 7858 vetting for UK security companies. Learn what the standard requires, the five-year check timeline, and how to stay compliant.
By Michael Bryce · 28 March 2026 · Updated 23 April 2026 · 4 min read
For ACS compliance, this is important. BS 7858 is the British Standard for the vetting of individuals working in security-related or other trusted positions. For security companies pursuing ACS accreditation, or simply trying to operate responsibly, understanding this standard and applying it correctly is essential.
This guide explains what BS 7858 requires, how the vetting process works in practice, and what the common mistakes are that leave companies exposed.
What Is BS 7858?
BS 7858 is a published standard produced by the British Standards Institution (BSI). It sets out the procedures for screening and vetting individuals before and during employment in roles where they will have access to sites, assets, or information that requires a degree of trust.
The standard is widely adopted across the security industry and is referenced directly in the ACS framework. It is also increasingly expected by clients in sectors including retail, healthcare, finance, and critical infrastructure.
The most recent version of the standard updates the original guidance and is available from BSI. Security companies operating under ACS should ensure they are working to the current version.
What Does BS 7858 Require?
The standard requires a pre-employment check covering a minimum five-year period. This check must verify:
Identity
The individual’s identity must be confirmed against an original, valid document. Acceptable forms include a passport, driving licence, or national identity card. Copies are not sufficient for initial verification; the original document must be checked.
Five-Year History
The vetting must account for every month of the five years preceding the employment start date. For each period, the individual must provide evidence of their activity: employment, education, self-employment, or other verifiable activity. Gaps in history must be explained and, where possible, verified.
Right to Work
The individual’s right to work in the UK must be confirmed separately. This is a legal requirement independent of BS 7858.
Criminal Record Check
A Disclosure and Barring Service (DBS) check must be obtained. The level of check required depends on the role. Basic disclosure is the minimum, and enhanced disclosure may be required for certain assignments.
References
Employment references should be sought from previous employers. The standard provides guidance on how references should be requested and what information they should cover.
What Happens When There Are Gaps in the History?
Gaps in the five-year history are common and do not automatically disqualify a candidate. The BS 7858 process requires that gaps are investigated. The individual should be asked to explain the gap and provide supporting evidence where possible.
If the gap cannot be adequately explained or verified, the vetting result is inconclusive. How your company handles an inconclusive result must be documented. Deploying someone before vetting is complete, or ignoring an unresolved gap, is a compliance failure.
How Long Does BS 7858 Vetting Take?
Thorough vetting takes time. Chasing employment references, waiting for DBS results, and verifying documentation across a five-year period can take two to four weeks in straightforward cases. Where previous employers are slow to respond or records are incomplete, it can take longer.
This creates a practical challenge for security companies that need to fill shifts quickly. The standard does not prohibit deployment before vetting is complete in all cases, but it does require that any deployment of an unvette individual is managed through a defined interim process, that the individual is supervised appropriately, and that the vetting is completed as a priority.
The safer approach is to build a vetted reserve. Having a pool of fully vetted operatives available for deployment means you are not forced to make a compliance compromise every time a shift needs filling at short notice.
Ongoing Vetting and Record Maintenance
BS 7858 is not a one-time check. The standard requires that vetting records are reviewed periodically and that any changes in an individual’s circumstances that may affect their suitability are identified and acted on.
Records must be stored securely, in line with GDPR requirements, and must be accessible for review if required by a client, assessor, or regulator. Poor record storage, records that cannot be located, or records that are incomplete are among the most common BS 7858 compliance failures.
Common Mistakes to Avoid
Starting employment before vetting is complete without appropriate controls. Every week without oversight that an unvetted person works unsupervised is a period of undocumented risk.
Relying on photocopied documents. Identity documents must be checked as originals. A photocopy does not satisfy the standard.
Treating vetting as a one-off task. Vetting must be reviewed. An operative who passed vetting five years ago and has had their circumstances change since then is not necessarily still suitable without review.
Inconsistent record formats. If vetting records are stored across paper files, emails, and spreadsheets, they are difficult to audit and easy to lose. Consistent, accessible records are a basic requirement.
Failing to document inconclusive results. If a reference was chased and never returned, that outcome must be recorded, not simply ignored.
BS 7858 and ACS
Under ACS, the vetting criterion requires evidence that BS 7858 has been applied correctly across your workforce. Assessors will review a sample of vetting files and check for completeness, consistency, and appropriate documentation of how any issues were handled.
If you cannot produce clean, complete vetting records for your operatives, this criterion will affect your ACS score regardless of how well the rest of your business operates.
Interested in how TacDesk manages BS 7858 vetting records digitally? Explore the Compliance Module or see how TacDesk tracks all seven ACS criteria in one platform.
Book a demo at tacdesk.co.uk. Starting from £49/month, no setup fees, no contracts.
Michael Bryce
Founder of TacDesk. Writes about SIA compliance, operations, and running a UK security company — from someone who actually works the shifts.
Connect on LinkedIn →See TacDesk in action
Win tenders, pass SIA audits, and run your whole operation from one place. Book a free 30-minute demo.
Book a Free DemoRelated reading
SIA Licence Expiry: How to Manage Renewals Across a Security Workforce
A single expired SIA licence on a live deployment is a criminal offence. Here is how to track and manage licence renewals across your entire security workforce — without relying on spreadsheets.
Working Time Regulations for Security Guards: What UK Security Employers Need to Know
The Working Time Regulations 1998 set strict limits on hours, rest breaks, and night work for security guards. Here’s what UK security employers must know to stay compliant in 2026.
Why UK Security Companies Are Moving Away From Legacy Workforce Software
Generic workforce management platforms were built for general use and retrofitted to security. The result is a product that charges enterprise prices for features that don’t fit the industry. Here’s why UK security companies are switching to purpose-built alternatives.