SIA Approved Contractor Scheme: A Complete Guide

The SIA Approved Contractor Scheme is a voluntary, company-level approval for UK private security firms. It runs three-year cycles, costs £400 to £2,400 to apply plus assessor fees and an annual £15 per licensable individual on the books, and lets approved contractors deploy up to 15% of their workforce under licence dispensation while SIA applications are pending, something non-approved firms cannot legally do at all.

Two regulatory layers often get conflated. SIA licences are individual permissions issued under the Private Security Industry Act 2001, mandatory for every guard, door supervisor or CCTV operator in a licensable role. SIA ACS approval is voluntary and sits at company level. This guide covers what the scheme requires, the two routes to approval, the assessment cycle and surveillance cadence, what costs to budget for, and what procurement teams should check on the SIA register before signing a contract.

What the SIA Approved Contractor Scheme actually is

The Approved Contractor Scheme exists to raise performance standards in UK private security through independent company-level assessment against published quality criteria. The Security Industry Authority runs it under the Private Security Industry Act 2001, grants approval at company level, and renews it every three years with annual surveillance in between. The scheme is voluntary in law but routinely required in public-sector and large-corporate procurement.

Three confusions undermine credibility on this topic and are worth clearing up at the outset. ACS is not a licence: SIA licences are issued to individuals, ACS to companies. It is not an industry-wide kitemark either, because approval is granted per licensable activity rather than company-wide, so a firm approved for security guarding may have no approval at all for cash-in-transit work. And, strictly speaking, it is not a certification. The SIA's official term is approval, granted on the recommendation of an approved certification body, and the slip from "approval" to "certification" reliably signals an outsider account.

The seven licensable activities are security guarding, door supervision, CCTV public space surveillance, close protection, key holding, cash and valuables in transit, and vehicle immobilisation. Approval for security guarding is not approval for cash-in-transit; buyers procuring through a single contractor must check the activity-specific scope on the register, not just an ACS badge on the supplier's website. Training providers, alarm installers and security consultants fall outside ACS. Those activities are not SIA-licensed.

Who can apply: eligibility for ACS approval

Three eligibility gates apply regardless of size. The company must have been trading for at least 12 months. It must have deployed at least two licensed operatives per applied-for activity for at least 12 months. And every director, including executives, non-executives, shadow directors, parent-company representatives and anyone exercising directorial control on behalf of a corporate entity, must hold a valid SIA licence relevant to the company's activities.

The director-licensing gate is the one most often misread; it catches investor-appointed non-executives and corporate-entity directors of group structures, not just the operational MD. The gov.uk guidance on becoming an SIA approved contractor sets out the scope. Beyond the gates, the SIA runs a fit and proper assessment covering identity, criminality, financial standing and integrity at director level. The expected staff-screening baseline is BS 7858-aligned screening, referenced rather than tested in the workbook but expected to be operating when the visit reaches the People Management domain.

The two application routes: Standard and Passport

There are two routes into SIA ACS. The Standard Route runs through the SIA's Self-Assessment Workbook (SAW), an eligibility check, and a verification visit by a chosen approved certification body. The Passport Route lets applicants holding a qualifying UKAS-accredited certification (typically NSI Gold, which itself bundles BS 7499 manned guarding and BS 7858 screening) substitute that existing assessment for the workbook and verification visit, shortening the path and reducing duplicate assessor fees.

On the Standard Route the applicant completes the workbook, submits it with the application fee, and names NSI or SSAIB on the form. The SIA runs an eligibility check, the chosen body conducts the verification visit, findings are addressed through an action plan, and approval is granted on the body's recommendation. The gov.uk application guidance sets out the live procedure.

The Passport Route is for companies already operating to a UKAS-accredited security-sector standard. Qualifying schemes listed on gov.uk include NSI Gold (which packages BS 7499 manned guarding and BS 7858 screening into a single accreditation) and equivalent SSAIB schemes. ISO 9001 alone does not qualify; it covers generic quality management, not a sector-specific assessment. Any firm holding NSI Gold should be applying through Passport rather than Standard; assessor effort drops by roughly half.

What the assessment covers: three conformance domains

The Self-Assessment Workbook is structured around three conformance domains. Strategy and Leadership tests directorial competence, business planning, financial probity, and senior-management visibility. The assessor expects a documented business plan, accountant-prepared financials, a current risk register, director CVs with licensing currency, and current insurance certificates (typically employer's liability of £10m and public liability of at least £5m for guarding).

Service Delivery and Resource Management tests how the company actually delivers contracted work: assignment instructions for every contract dated and version-controlled, patrol records with timestamps that withstand scrutiny, incident reports filed in real time with photographs, a scheduled customer feedback system, key-holding records with chain of custody, and sub-contractor due diligence demonstrating the chain rule. Onward-contracted work goes only to other ACS-approved firms. Common findings cluster here: incomplete patrol records, incidents recorded shifts after the event, customer feedback that exists in inbox threads rather than a documented system.

People Management tests recruitment, BS 7858 screening, training, supervision, retention and welfare. The assessor expects screening files retrievable for every operative, training matrices, SIA licence renewal tracking, supervision records, documented welfare arrangements (lone working in particular), and turnover data.

Each indicator is scored, and the SIA publishes an aggregated approval score on the public register, an indicative band rather than a precise quality measure. The top 15% of approved contractors receive the Pacesetters designation, used by buyers as a discriminator when ACS alone is the table-stakes requirement. A score moves with surveillance and re-approvals, and procurement teams comparing two ACS-approved suppliers regularly use it and the Pacesetters flag as deciding factors.

NSI or SSAIB: choosing your assessing body

Two UKAS-accredited bodies assess against the ACS standard. NSI (the National Security Inspectorate) operates a national footprint and a broader certification suite covering BS 7499 manned guarding, BS 7858 screening and adjacent fire-and-security schemes; a sensible fit for firms inside the NSI ecosystem or planning to layer multiple certifications. SSAIB (the Security Systems and Alarms Inspection Board), based in Whitley Bay, is widely used across manned guarding and has publicly stated it will pick up applicants mid-process from another body, which matters if you need to switch certifying bodies during a cycle.

Both are accredited by UKAS under the SIA's terms of approval. The choice goes on the SIA application form, and a contractor can switch between bodies at the end of an approval cycle. Assessor fees vary by company size, number of sites and audit complexity; both quote on enquiry. The right question is not which body is "better" but which has existing relationships in your sector, which can scope your sites without disproportionate travel, and whether you intend to hold parallel certifications under their wider schemes.

Costs, timelines, and what to expect on the day

Three cost blocks apply to SIA ACS approval. The SIA application fee is set centrally and tiered by company size. The assessor fee is paid separately to NSI or SSAIB. The largest single cost is rarely either. The biggest cost is internal preparation, particularly for firms without a mature quality management system in place when they apply.

On top of the application fee sits an annual registration fee of £15 per licensable individual deployed; for a 50-operative firm, that is £750 a year. Both fees are non-refundable and go to the SIA, not the assessing body. The assessing body sets its own fee based on company size, geographic spread, and audit scope; both quote on enquiry.

The largest practical cost is internal preparation. Companies without an existing ISO 9001 or equivalent system typically spend several months building the documentation the workbook expects, and that work routinely consumes more management time than the assessor fee itself. The Passport Route compresses this for holders of a qualifying UKAS-accredited certification.

The verification visit runs on-site across one to three assessor days, with the MD or operations director present. The assessor will ask for the live workbook, current assignment instructions, sampled BS 7858 files, training matrices, recent financials, and the customer feedback log. Findings on a first assessment almost always arise; they are written up as non-conformities and addressed through an action plan. That is a normal part of the process rather than a fail signal.

After approval: surveillance, re-approval, and staying on the register

Approval lasts three years. During that period the company is subject to annual surveillance, which is lighter than the initial visit and focused on continued conformance, follow-up on any open action plan items, and a sampled review of evidence. At year three, re-approval runs at roughly three-quarters of the initial scope. The cadence keeps the public register meaningful: a company on the register today has been independently assessed within the last year.

A major non-conformity at surveillance, an unaddressed action plan, or an unreported structural change can trigger suspension or withdrawal. Continuous obligations include notifying the SIA of changes in ownership or directorship, keeping director SIA licences current, renewing BS 7858 screening, and maintaining the training matrix. Approval is a state, not a milestone. It is maintained operationally rather than just paid for.

What buyers should check before signing a contract

Procurement teams have a public SIA ACS verification tool the trade press largely ignores: the SIA Register of Approved Contractors. Every approved company is listed by name, with the activities they are approved for, the validity dates, and their published score. Five minutes on the register before issuing a contract is the single most useful due-diligence step a buyer can take.

An entry tells you four useful things: scope: the licensable activities the company is approved for; validity dates: when the current approval cycle ends; score: useful for comparison between two approved suppliers competing for the same contract; and the Pacesetters flag for top-15% performance. A supplier claiming "ACS approved" on a tender response but appearing on the register only for door supervision when the contract calls for security guarding is technically accurate and operationally wrong.

Five questions to ask any ACS-approved supplier

1. Is your current approval valid for the licensable activity I'm contracting, and not just for an adjacent activity?
2. When was your last surveillance assessment, and were any non-conformities raised? If yes, are they closed?
3. What is your current public ACS score, and how does it compare with your previous cycle?
4. Are you on the Pacesetters tier? If not, what would you need to do to get there?
5. Where do you sub-contract, and are all sub-contractors also ACS-approved for the activities you delegate to them?

ACS is a management-system attestation, not a performance warranty. It does not guarantee zero incidents, certify staff on a given shift, or replace contract-specific SLAs. Buyers procuring well also verify insurance (employer's liability of at least £10m, public liability at least £5m for guarding), the BS 7858 screening process, the training matrix, and the incident-reporting system the supplier will use on the contract.

ACS in UK procurement: where it counts

SIA ACS approval is voluntary by statute and effectively required across most of the public sector and large-corporate FM. The Crown Commercial Service RM6262 Security Services framework treats ACS approval as a baseline expectation for manned-guarding lots; suppliers without it generally do not progress past tender qualification. NHS estates contracts routinely specify ACS, with most NHS trusts using it as a hard requirement rather than a weighted criterion. Local authority FM frameworks operated by consortia such as YPO and ESPO follow the same pattern for guarding work, where tender specs frequently conflate manned guarding, ARC monitoring and key holding as if they were a single deliverable.

Government departments reference ACS as a quality benchmark in line with GovS 007 functional standards. Private FM principals (the large integrators handling outsourced security for corporate clients) typically treat ACS approval as a pass/fail criterion when sub-contracting guarding to specialist suppliers. The Procurement Act 2023, which replaced the EU-derived regime in February 2025, allows contracting authorities to weight ACS approval as a quality and capability criterion under the Most Advantageous Tender framework, and most buyers of security services do.

Where ACS is not typically required: small private commercial contracts, one-off event security with no public-sector buyer, residential guarding for private clients. For those segments approval is a credibility marker rather than a binding procurement gate.

Operational systems behind ACS approval

The Self-Assessment Workbook is technology-neutral. It does not specify software for patrol records, incident reports or training matrices. What it specifies is the evidence the assessor expects on the day: real, current, complete, produced without a special project. The technology question is downstream: whether operational systems supply that evidence as a normal part of running the business, or whether assessment week becomes a documentation reconstruction exercise.

Patrol records are the representative case. The assessor samples rounds and looks at timestamps and completeness. A paper-based daily occurrence book can survive an assessment but generates disproportionate preparation work and is vulnerable to back-dating challenges. A handwritten time can be edited; an NFC scan with a server-side timestamp cannot. Incident reports follow the same logic: assessors regularly find gaps where incidents were recorded shifts later, photos are missing, or witness details were never captured.

A digital guard tour system like COREDINATE produces server-timestamped patrol records, in-the-moment incident reports with photos, and on-demand exports by contract, site or date range. It is not a substitute for the directorial commitment, training quality and customer focus ACS measures, but it removes the documentation friction that turns a three-month preparation project into a six-month one. For applicants migrating from a paper or legacy system, the timing matters: switching mid-cycle adds preparation overhead that compounds with the audit timeline. Assessors do not grade the tooling. The point is whether the answer to "show me last Tuesday's late shift records" is an export, or a long pause.

Frequently asked questions

---

Preparing for an ACS verification visit and need patrol and incident evidence on demand? Speak to our team or order the 14-day trial kit with real equipment.