Security Industry Standards:
Tony Brachmanski, CQP MCQI, IRCA Principal Auditor, provides an insight into the purpose and structure of the Approved Contractor Scheme (ACS), and the approach third party ACS- approved auditors are applying to assess businesses against the standard.
For many years, the private security industry has been perceived to have a poor reputation, with negative press about unscrupulous firms operating unethically, illegally and not working to the standards expected. In light of this situation, the Security Industry Authority (SIA) introduced its own quality standard called ACS (Approved Contractor Scheme) in 2006, which provides a recognised hallmark of quality within the private security industry.
Although there are many business benefits to be gained by achieving this standard, its main purpose is to “protect the public and maintain and improve standards in the private security industry”. The standard, which is voluntary, was developed in consultation with representatives from across the industry, and covers only parts of the industry that are regulated by the Security Industry Authority (SIA) and the Private Security Industry Act 2001.
The latest update to the ACS standard includes streamlining the scoring system – which is recorded at each annual third party assessment year-on-year to measure an organisation’s performance and improvement – and realigning some of the main headings, which are more conducive to the security industry. The seven headings, that businesses are being audited to under the current standard, include:
- Commercial relationship management
- Financial management
There are approximately 800 private security companies that hold approval. The standard is only available to organisations that provide licensable security services as defined in the Private Security Act 2001.
The licensable activities cover:
- Cash and valuables in transit;
- Close protection;
- Door supervision;
- Key holding;
- Public space surveillance (CCTV);
- Security guarding.
In general, the ACS standard includes the key requirements set out in ISO 9001 and the existing British security standards (BS 7499 Security Guarding, and BS 7858 – Screening of individuals working in a secure environment), while challenging to review its approaches in other areas covered by the EFQM Model. The standard also covers statutory legal requirements, including:
- Employed staff are appropriately licensed.
- Employees are at least paid the minimum/national living wage.
- Staff receive a pay slip and are not paid cash to avoid HMRC company tax payments.
- Health and safety arrangements for lone workers.
- Staff are aware of the company pension scheme.
The ACS workbook states that an organisation that conforms to all the requirements of ISO 9001 can expect to meet around two-thirds of the ACS standard.
Before a security firm’s application to be assessed to the standard is accepted by the SIA, the directors and business owners – those with a controlling influence (recorded on Companies House) – must meet the fit and proper due diligence checks. The checks include any previous convictions, and trends of liquidating previous firms. If the application is successful, the company can move to the assessment stage, which must be carried out by an SIA ACS-approved certification body. There are currently four certification bodies that security firms can choose from, which are all UKAS accredited. The four bodies are:
- Chamber Certification Assessment Services Ltd (ccas.org.uk)
- Alcumus (ISOQAR) (alcumusgroup.com)
- SSAIB (ssaib.org)
- NSI (nsi.org.uk)
Components of the ACS standard
Security firms must meet the ACS standard criteria to gain approval. The requirements are generic and can be applied to all organisations regardless of their size or sector. The criteria are broken down into several sub-criteria that, when met, should demonstrate how excellent service delivery and sound business management are achieved.
This clause requires an SIA approved contractor to have a clear, strategic direction; enabling it to deliver value to all stakeholders.
This criterion has five subclauses. The SIA-approved contractor can demonstrate that it:
1.1 Has a coherent plan and approach to business.
1.2 Has clear mechanisms for improving the standard of service delivery.
1.3 Handles internal and external communications effectively.
1.4 Actively manages the impact of its services on society and the environment.
1.5 Measures and improves on performance indicators.
Auditors approach to auditing this criterion include on-site face-to-face interviews with directors, individual and focus group meetings with staff, and review of records to determine that goals, objectives and targets are clearly visible for all levels of the organisation.
Procedures have been defined to ensure conformance to working standards or British Standard codes of practice. Organisations should hold up-to-date copies of relevant standards, while staff must be able to demonstrate that they understand the codes of practice that are relevant to them.
An SIA-approved contractor should have robust processes in place that ensure service delivery to its customers and stakeholders.
This criterion has six subclauses. The SIA-approved contractor must demonstrate that it:
2.1 Has in place effective service delivery processes.
2.2 Has a plan to ensure continuity of service delivery.
2.3 Identifies and responds appropriately to what customers require of a security service.
2.4 Manages service delivery to customers/consumers in a consistent manner.
2.5 Monitors internal processes, taking appropriate action to make improvements, when necessary.
2.6 Measures and improves performance against key customer and consumer indicators.
Auditors approach to auditing this criterion include face-to-face interviews with directors, managers, staff, security operatives working on the front line at customer premises, as well as on-site interviews with customers and service users to determine that the organisation has identified key aspects of the business that are critical to its operation.
This criterion requires an SIA-approved contractor to develop and implement plans that ensure its people are suitably trained, developed and cared for.
It has five subclauses. The SIA approved contractor must demonstrate that it:
6.1 Manages its people effectively.
6.2 Deploys competent people.
6.3 Appropriately supports its people.
6.4 Complies with its legal obligations when employing people.
6.5 Measures and improves staff performance and perceptions of the organisation.
Auditors approach to assess this criterion include: one-to-one interviews and focus group meetings; review of records used to gather information to determine the organisation works to BS7858 or equivalent for screening individuals; evidence that interviews are undertaken for all potential recruits; interview notes are documented and retained for one year, and evidence that the organisation checks the validity of licenses and right to work in the UK.
Benefits of gaining ACS status
Achieving SIA ACS status is an effective way for security firms to demonstrate that they are offering a quality service that can be trusted by operating ethically, legally, and employing licensed trained staff who have been security screened.
The SIA ACS standard is not only helping the SIA fulfil its main objective of protecting the general public, but it also providing confidence to all stakeholders, eg customers, consumers, the police force, and end users, that they are dealing with a highly professional security firm.
Attribute to original publisher/ publishing organization: Tony Brachmanski, CQP MCQI, IRCA Principal Auditor, https://www.quality.org/knowledge/raising-standards-private-security-sector
Read More: ISO 9001 Risk Management and Cybersecurity