Key holding and alarm response is one of the most valuable — and most liability-laden — services a UK security company can offer. Done well, it delivers a recurring revenue stream, deepens client relationships, and positions your company as a full-service security provider. Done poorly, it exposes you to significant legal, insurance, and reputational risk.
This guide explains the regulatory requirements, insurance considerations, operational standards, and technology practices that UK security companies need to run a compliant key holding and alarm response operation.
What Is Key Holding?
Key holding is the service whereby a security company holds a set of keys to a client’s premises and takes responsibility for responding to alarm activations and emergency situations on their behalf. It removes the need for a business owner, manager, or employee to attend the premises at unsociable hours — instead, a trained security officer attends, assesses the situation, and takes appropriate action.
Key holding is often paired with alarm response — the contractual commitment to attend a premises within a specified timeframe following an activation. Many clients expect an attendance time of 20 to 30 minutes, though this will vary by contract and geography.
The service typically includes:
- Attending alarm activations (intruder, fire, panic)
- Securing the premises after a break-in or false alarm
- Meeting police or fire services at the premises
- Locking up after authorised access events
- Reporting on the condition of the premises at each visit
SIA Licensing Requirements
Security officers attending key holding and alarm response callouts must hold a valid SIA licence. The relevant licence sector for key holding and alarm response work is the Security Guard licence, which covers protecting premises and property.
Door supervisor licence holders may also conduct key holding work, as their licence covers security guarding activities. Vehicle immobiliser licence holders do not — their licence is specific to that activity.
As the employing security company, it is your legal obligation to ensure that every officer attending a key holding callout holds a current, valid SIA licence before they carry out that work. The SIA Public Register is the authoritative source for licence verification — you should check it before deploying any officer, not just at the point of employment.
Officers whose licences have lapsed — even by a single day — must not conduct licensable activity. The consequences of deploying an unlicensed officer include criminal prosecution of the officer, prosecution of the security company, and invalidation of your insurance for incidents that occur during unlicensed deployments.
Insurance Considerations for Key Holders
Key holding carries unique insurance considerations that are distinct from static guarding. When you hold a client’s keys, you take on custodial responsibility for those keys and, by extension, for the consequences of their misuse or loss.
Your insurance programme should address:
- Key custody — covers claims arising from the loss, theft, or misuse of keys held on the client’s behalf
- Employers’ liability — mandatory, covering your officers for injury during callouts
- Public liability — covers third-party injury or property damage during alarm response visits
- Professional indemnity — covers claims arising from professional errors or omissions (e.g. incorrectly securing a premises)
Verify with your insurer that your policy explicitly covers key holding and alarm response activities — some general liability policies exclude this. If you use subcontracted officers from another company to provide cover, check whether your policy extends to subcontractors and whether they must hold their own policy.
The BS 8584 Standard
The British Standard BS 8584:2015 is the code of practice for security companies providing key holding and alarm response services. While not a legal requirement, it is increasingly referenced in contract tender documents and by loss adjusters assessing claims. The National Security Inspectorate (NSI) and the Security Systems and Alarms Inspection Board (SSAIB) both use it as a framework for third-party accreditation of key holding operators.
BS 8584 covers the following areas:
- Key security and storage — how keys must be stored, labelled, and protected from unauthorised access
- Response time commitments and how they should be defined in contracts
- Officer training requirements for key holding assignments
- Documentation requirements — including records of each callout and the actions taken
- Client communication protocols following an activation
Obtaining accreditation against BS 8584 demonstrates to clients and insurers that your key holding operation meets a recognised professional standard.
Key Storage and Security
The physical security of the keys themselves is a fundamental requirement. Industry best practice — and the requirements of most insurance policies — specifies that:
- Keys must be stored in a locked, secure key cabinet when not in use, ideally in an alarmed and access-controlled facility
- Keys must not be identifiable to the premises they serve — no address labels, property-identifying tags, or client names on the key fob
- Each key set must have a unique reference code that can be cross-referenced against a secure register held separately
- Access to stored keys must be restricted to authorised personnel only, with an audit log of who accessed which key set and when
- Key sets must be audited regularly to ensure they are all present and accounted for
When keys are issued to a response officer, that issuance must be recorded. Upon return, the keys must be checked against the register and any discrepancies investigated immediately.
Documenting Every Callout
Every alarm response visit must be documented in a contemporaneous report. This serves multiple purposes: it demonstrates the service has been delivered as contracted, it creates an evidence trail in the event of a disputed insurance claim, and it provides a communication record for the client.
A compliant callout report should include:
- Date, time of alarm activation notification, and time of officer arrival
- Name and SIA licence number of the attending officer
- Site address and client reference
- Nature of the activation (intruder alarm zone, fire alarm zone, panic button, etc.)
- Condition of the premises on arrival — including any signs of forced entry, damage, or unusual circumstances
- Actions taken (secured premises, awaited police, contacted client, etc.)
- Time of departure and premises status at departure
- Any incidents observed or reported to police or emergency services
Paper-based callout reports are increasingly inadequate — they can be lost, falsified, or simply incomplete. Digital reporting, completed at the site by the attending officer using a mobile device, provides a time-stamped, GPS-verified record of the visit.
Technology for Key Holding Operations
Guard management platforms such as TacDesk provide security companies with the infrastructure to run key holding and alarm response operations to a professional standard. Key capabilities include:
- GPS clock-in and out — verifies that an officer attended the correct premises at the correct time, providing incontrovertible evidence for client invoicing and insurance claims
- Mobile incident and patrol reports — officers complete digital reports at the site, eliminating paper and ensuring nothing is missed
- Check call management — lone workers attending alarm response callouts can be monitored with timed check calls, triggering escalation if an officer fails to check in
- SIA licence auto-sync — continuous monitoring of officer licence status against the SIA Public Register, alerting managers if a licence is due to expire or has lapsed
- Management dashboard — gives operations managers real-time visibility of which officers are deployed, where they are, and what reports have been filed
Lone Worker Safety
Officers responding to alarm activations — often alone, at night, in potentially hostile environments — are lone workers under the Health and Safety at Work Act 1974 and the Management of Health and Safety at Work Regulations 1999. You have a duty of care to ensure their safety.
Lone worker requirements for key holding operations include:
- A check call protocol specifying when officers must report in before, during, and after each visit
- Clear escalation procedures if an officer misses a check call
- Risk assessments for high-risk sites (e.g. sites with a history of violent confrontation)
- Clear guidance on when an officer should wait for police before entering premises
Many security companies now require officers to never enter premises alone if there are signs of a forced entry — the officer waits outside, secures the perimeter, and awaits police attendance.
Frequently Asked Questions
Do key holding officers need an SIA licence?
Yes. Any officer performing key holding or alarm response duties is carrying out licensable security guarding activity under the Private Security Industry Act 2001. They must hold a valid SIA Security Guard or Door Supervisor licence.
What response time should I commit to in my key holding contracts?
Industry standard is typically 20 to 30 minutes, but this depends on your operational geography. Be realistic about what you can consistently achieve — overpromising on response times creates liability if you routinely miss them. Always define response time as “from receipt of activation notification” rather than “from the alarm triggering.”
What should I do if a key is lost?
Report the loss to the client immediately. The client will need to assess whether to rekey the premises. Document the loss in writing, notify your insurer, and review your key storage and issuance procedures to identify how the loss occurred and prevent recurrence.
Is key holding covered by a standard liability insurance policy?
Not always. Standard public liability policies may exclude key custody risks. Ensure your policy specifically covers key holding, key custody, and alarm response activities. Discuss your specific operations with your broker.
Summary
Key holding and alarm response is a high-value, high-responsibility service. UK security companies that operate it well — with proper licensing, insurance, documentation, and lone worker safety protocols — are well-positioned to win and retain valuable contracts. Those that cut corners on compliance risk legal exposure, insurance voidance, and the kind of incidents that damage reputations permanently.
Investing in the right operational processes and technology from the outset is far less costly than managing the aftermath of a compliance failure.
Want to see how TacDesk supports compliant key holding operations? Explore our guard management platform — built for UK security companies that take compliance seriously.