An ACS audit is not a surprise inspection. You know it is coming, you have a date, and you have time to prepare. The companies that struggle are not the ones who are blindsided. They are the ones who have not built and maintained the right systems in the months before the assessor arrives.
This guide gives you a practical checklist to work through as you prepare. It covers what assessors look for across each of the seven criteria, where most companies fall short, and how to make sure your evidence is in order.
Understanding What Assessors Are Looking For
Before going through the checklist, it helps to understand the assessor’s mindset. They are not there to catch you out. They are there to determine whether your company genuinely operates to the ACS standard, not just whether you can produce documents on demand.
The difference between a company that passes with confidence and one that scrapes through (or fails) is usually whether the evidence reflects day-to-day operations or was assembled specifically for the assessment. Assessors are experienced. They can spot a paper trail that was built in the two weeks before the audit.
The goal is to walk into your assessment knowing that your compliance posture is real, current, and maintained year-round.
The ACS Audit Preparation Checklist
Criterion 1: SIA Licence Management
- [ ] Compile a complete list of all operatives and their SIA licence numbers
- [ ] Verify every licence is currently in date via the SIA’s public licence checker
- [ ] Confirm your monitoring system flags expiries at least 60, 30, and 7 days in advance
- [ ] Ensure no operative is currently scheduled on site with an expired or unknown licence status
- [ ] Confirm your records distinguish between licensable operatives and non-security roles (admin, control room, management) who are not subject to the SIA licence requirement
Criterion 2: BS 7858 Vetting
- [ ] Confirm all current staff have a complete five-year employment and identity check on file
- [ ] Check vetting records are stored securely and are accessible for review
- [ ] Verify the format and depth of vetting meets the current BS 7858 standard
- [ ] Confirm there is a process for reviewing vetting when staff are promoted, change roles, or when a specified period elapses
- [ ] Check that any staff with gaps in their employment history have had those gaps addressed and documented
Criterion 3: Training and Development
- [ ] Produce a training matrix showing every operative’s qualifications and certificate expiry dates
- [ ] Identify any operatives with expired qualifications and resolve before the audit
- [ ] Confirm induction training is documented for all staff
- [ ] Evidence any CPD or ongoing training that has taken place
- [ ] Confirm management and supervisor training records are maintained too
Criterion 4: Assignment Instructions
- [ ] Confirm every active site has a current, site-specific assignment instruction document
- [ ] Check the last review date on each document and update any that are out of date
- [ ] Ensure guards have signed to confirm they have read and understood the instructions for their current site
- [ ] Check that instructions include emergency procedures, escalation contacts, and site-specific risks
- [ ] Remove any generic or templated instructions that have not been tailored to the specific site
Criterion 5: Risk Assessments
- [ ] Confirm every active site has a risk assessment on file
- [ ] Check review dates and update any assessments that have not been reviewed within the required period
- [ ] Ensure risk assessments are genuinely site-specific, not copies of a generic template
- [ ] Check that any incidents or near misses since the last review have prompted a reassessment
- [ ] Confirm risk assessments are accessible to the operatives working at each site
Criterion 6: Key and Asset Management
- [ ] Confirm a key register exists and is current for every site where you manage keys
- [ ] Spot-check the register against physical key holdings to verify accuracy
- [ ] Ensure there is a clear process for signing keys in and out, with timestamps and signatures
- [ ] Confirm any other tracked assets (access cards, radios, vehicles) have equivalent records
- [ ] Check the process for handling lost or unaccounted-for keys
Criterion 7: Complaints and Quality
- [ ] Retrieve the complaints log and confirm it is complete and up to date
- [ ] Prepare a brief summary of how each complaint was handled and resolved
- [ ] Confirm your complaints procedure is documented and accessible to staff
- [ ] Evidence any internal audits or quality reviews conducted since the last assessment
- [ ] Prepare KPI data if you track performance metrics across your contracts
Before the Assessment: Final Steps
Book a mock audit. Walk through the evidence with someone who was not responsible for producing it. A fresh pair of eyes will find gaps you have become blind to.
Organise your documentation. Assessors will review a large volume of records. Organised, clearly labelled evidence makes the process faster and creates a better impression. Disorganised files signal a disorganised operation.
Brief your senior team. The assessor may interview managers as well as reviewing documents. Make sure your key people understand the criteria and can speak confidently about how your business meets each one.
Check your digital systems. If you use compliance software, ensure all records are current, dashboards are accurate, and any pending items are resolved before the assessment date.
Maintaining Readiness Year-Round
Passing an ACS audit should be the natural outcome of running a well-managed operation, not a sprint you do once every two years. The companies that score highest are the ones that maintain their compliance posture as a matter of daily routine.
If your current systems make that hard, the problem is not with your staff. It is with the tools. Spreadsheets, paper records, and disconnected filing systems make it difficult to maintain seven compliance areas simultaneously. Purpose-built software designed for security company compliance changes this fundamentally.
TacDesk’s ACS Compliance Module tracks all seven criteria in real time, with dashboards, automated expiry alerts, and audit-ready evidence at any moment. See how it works, or explore TacDesk Verified Compliance as a structured pathway to ACS readiness.
Book a demo at tacdesk.co.uk. Starting from £49/month with no contracts and no setup fees.