ACS accreditation is achievable for any well-run security company. It is not an elite standard reserved for large national contractors. But a significant number of companies either fail their initial assessment or achieve scores that do not reflect how professionally they actually operate.
The reasons are usually the same. Not a fundamental failure of management, but specific, avoidable gaps in documentation, systems, or processes. Understanding where companies commonly fail gives you the roadmap to make sure you are not one of them.
1. Expired SIA Licences on the Books
This is one of the most direct ways to fail, and one of the most preventable. If your records show operatives deployed to sites while holding expired SIA licences, the assessor has clear evidence of non-compliance. This is not a borderline case. It is a legal requirement and a fundamental criterion.
The failure usually happens not because a company ignores licences, but because its tracking system is inadequate. A spreadsheet that is updated occasionally will miss renewals. A filing cabinet of photocopied licences will not alert you when a licence expires next month.
You need a system that actively monitors every operative’s licence status and sends alerts before expiry, not after.
2. Incomplete or Missing BS 7858 Vetting Records
Vetting is the second most common failure point. The BS 7858 standard requires a five-year employment and identity check before deployment. The problems companies run into include:
- Vetting that was started but never formally completed
- Records that cover less than the required five-year period
- Documentation stored inconsistently, some on paper, some in emails, some nowhere at all
- No process for periodic review of existing vetting records
- Staff hired under time pressure and deployed before vetting was complete
An assessor who cannot find complete, consistent vetting records for your staff will have serious concerns regardless of how well the rest of your operation runs.
3. Generic Assignment Instructions
Assignment instructions are supposed to be specific to each site. What assessors frequently find instead are generic templates applied to multiple locations with minimal modification, or in some cases, no site-specific instructions at all.
A document that describes the general duties of a security guard is not an assignment instruction for a specific site. A compliant assignment instruction names the site, describes the specific layout and access points, lists the relevant emergency contacts, and addresses the particular risks and requirements of that location.
Assessors have reviewed hundreds of these documents. They can tell within seconds whether one was written for a specific site or produced to tick a box.
4. Risk Assessments That Have Never Been Reviewed
It is better to have no risk assessment than one that is two years out of date and bears no relation to current conditions at the site. At least the former might be explained. The latter suggests the document exists only for compliance purposes and is not connected to actual operations.
Risk assessments must be reviewed when:
- The nature of the assignment changes
- An incident or near miss occurs at the site
- The physical environment changes (new tenants, building works, changes in use)
- A defined review period elapses
Companies that create assessments once and file them indefinitely will have problems here.
5. Complaints Handling That Exists Only on Paper
Many security companies have a complaints procedure written into their staff handbook or quality manual. Far fewer have the evidence to show it is being used. The assessor wants to see a live complaints log, not just a policy document.
If your business has received no complaints in the past assessment period, that requires some explanation. It is not impossible, but it is unusual for any service business. What is more common is that complaints were received, handled informally, and never recorded.
The fix is simple: centralise your complaints log, make it easy to add entries, and ensure your team understands that recording a complaint is not an admission of failure. It is evidence of a functioning quality system.
6. Training Records That Are Out of Date
A training matrix is only useful if it is current. The ACS assessor wants to see not just that training occurred in the past, but that your company actively tracks where staff stand today, including which qualifications are approaching expiry and what upcoming training is planned.
First aid certificates, conflict management qualifications, and sector-specific training all have expiry dates. An operative whose first aid certificate lapsed six months ago is a gap in your compliance record. If multiple operatives are in the same position, it suggests the training tracking system is not working.
7. No Evidence of Internal Audits or Quality Reviews
The complaints and quality criterion is about continuous improvement, not just incident response. Companies that fail here typically have no formal internal audit process. There is no evidence that management has reviewed operations against a defined standard, identified gaps, and made improvements.
Internal audits do not need to be complex. A structured review of compliance records, a meeting with supervisors to discuss quality issues, and a written record of what was reviewed and what actions were agreed is sufficient. The key is that it is documented, regular, and acted on.
8. Leaving Preparation to the Last Minute
This is not a criterion failure, but it is a root cause of all the ones above. Companies that attempt to assemble compliance evidence in the weeks before an assessment are trying to reverse-engineer something that should have been built continuously.
Assessors look at dates. If every document was last updated in the month before the assessment, that pattern is visible. It suggests a compliance programme that exists on paper but not in practice.
The companies that pass with high scores are the ones where compliance is a daily operational habit, not an occasional documentation exercise.
Running through the seven ACS criteria in detail? Read our guide: The 7 ACS Criteria Explained.
TacDesk’s ACS Compliance Module is designed to keep your evidence current every day, with automated alerts, audit trails, and real-time dashboards that show exactly where your compliance gaps are. Book a demo, starting from £49/month, no contracts required.