The SSAIB, the Security Services Scheme and the Security Industry

First of all, I must say that I’m absolutely delighted with how my team members have reacted to the changes driven by the pandemic. It has been difficult not being able to see them face-to-face, although I did manage to complete a couple of face-to-face audits between lockdowns with deputy Security Services Scheme manager and Security Industry Authority (SIA) lead Keith Rogers and our newest assessor Stuart Tisseman.

We’re probably liaising more than ever now as we’re having regular Microsoft Teams meetings so that has been a positive development. Overall, I’m extremely pleased in terms of how everyone has worked so diligently and adapted so quickly and so well to the new conditions.

We’ve successfully conducted remote audits since the first week of lockdown in March last year and then combined audits (eg part on-site and part remote) when it was safe to do so.

From my own perspective, I believe that we could absolutely incorporate online audits in the future once everything returns to ‘normal’ again. The documentation could be reviewed remotely, with our team members talking to the audited firms’ personnel, and that would then give us more time to spend on the site visits themselves. The site visits are crucial as it’s the front line staff who are the customer interface. It’s so important that we see them how they actually are as opposed to how the security business under audit wants us to see them.

Ideally, and if it was up to me, I would like to see partly remote assessments, where you would review all of the information, and then unannounced site visits. I realise we’re dealing with the security industry and it’s not as easy as that. What we would have to do is make arrangements with the companies being audited and ask them for a site list. Then, over a given period (eg three months), we will be visiting those sites at some point when the security service is operational and would include night, weekend or daytime visits.

Firms would need to make their customer(s) aware of that and the assessors would carry letters of authorisation from the company under audit and the SSAIB, as well as our SSAIB ID card, such that we could turn up and conduct some form of ‘mystery shopping’ of sorts. That way, we would be able to see exactly what the customer sees which would then benefit the firms and ensure continuous delivery of an excellent service, not to mention opportunities for continual improvement.

Likely scenario

Going forward, what I think will happen with the assessments is that we will still have a remote element, say half-a-day reviewing documentation, and the rest of the time will be spent looking at specific things at the firm’s site such as screening, vetting and payroll, etc. We would then conduct site visits to observe the front line staff.

The assessment team at the SSAIB, along with myself, all prefer some sort of face-to-face on-site audit. We’re all finding it a bit frustrating that we cannot transact the on-site element at present. As I stated earlier, the team members have all adapted very well, though, and they seem quite happy with the current situation. We’re working on combined assessments, so we’re doing Part One remotely and then, within six months, taking care of Part Two at firms’ offices and conducting site visits.

In terms of those organisations where Part Two hasn’t been completed come the end of last month, we’re abandoning that Part Two and instead determining to complete a full indicator assessment next year as well as adding on the day that was missed this year, where relevant, such that we can deliver a more detailed assessment than normal to compensate.

Like I said, the team members have missed conducting the on-site audits. The operational findings have reduced. The majority of them are found during site visits or when we’re looking at screening, vetting and payroll, which we’re not able to do at present due to the confidential nature of that information.

The pandemic has affected all aspects of the security industry over the last 12 months, but a good many companies have been amazing and really adapted to monitor COVID queues, for instance. Unfortunately, some security companies have been hit really badly. I’m thinking here of the event security-focused businesses and those in the door supervision market, but some have adapted and are flying to the point that they’ve witnessed their best year ever. That’s amazing to hear.

Sadly, some companies have not been able to survive. Those that could not adapt have fallen on hard times, with some just about clinging on by their fingertips. However, most of them are doing well and have a brighter future going forward, which is fantastic.

Continuation of certification

Many companies have been able to continue due to the continuation of their certification. The SSAIB is, of course, one of the certification bodies for the SIA’s Approved Contractor Scheme (ACS).

We also work with the product standards – eg BS 10800 for the Provision of Security Services, BS 7958 focused on CCTV Management and Operation and also the Surveillance Camera Commissioner Code of Practice – and management systems certification such ISO 9001 (Quality Management Systems), ISO 45001 (Health and Safety Management Systems) and ISO 14001 (Environmental Management SystemS).

For those companies that feel like they wouldn’t gain the full benefit of the ACS scheme, they can have other standards – such as management systems and product standards – which means that they’ve met the requirements for their specific sector. That could open doors for new opportunities. However, most companies will only recognise and sub-contract to other ACS companies if they’re an ACS company themselves.

The ACS is a very good standard, it must be said. It’s based on other standards and has been developed on the back of input from industry. It’s recognised by buyers, purchasers and other security companies so it represents a good level of attainment for security businesses.

My stock answer whenever anyone asks me if they should ‘go for ACS’ is: “Are you going to realise more work as a result of doing so?” If there’s no chance of further work as a result of becoming ACS registered, it may be better to go for the ISO 9001 Quality Management Systems standard and the product standard(s). This can open doors for organisations not fully familiarised with the ACS. For its part, the SSAIB offers all of those assessments which already includes management of the supply chain.

Online achievement record

At the end of last year, the SIA removed the online achievement record. Any new applicants had to implement the online achievement record – which is, in essence, rather like the Self-Assessment Workbook – and update it throughout the year. The assessors would then use that as part of the assessment process.

The SIA is introducing an interactive PDF. However, we do not know the timescales for this new way of doing things to be introduced, so there’s currently an interim period where the Self-Assessment Workbook is not fully operational.

For our firms, if they have the details that were included in the old Self-Assessment Workbook, then they need to retain that information in something like a Word document or an Excel spreadsheet which shows the indicator-by-indicator scores and then input the evidence to show how they’ve met all of the indicators. That work will not be wasted as they should be able to cut and paste the necessary into the new interactive Self-Assessment Workbook.

The interactive Self-Assessment Workbook will be owned by the firm and not the SIA (as it used to be). The firm will be responsible for the interactive Self-Assessment Workbook and will send it to the SSAIB for review and acceptance. We will input our scores and then the document will be returned to the firm such that the business holds a year-on-year record of its own scores, our scores and the accompanying evidence. It should be a good method of gathering everything together, but it’s yet to be released.

Good position

Aside from COVID-19, I think the security industry as a whole is in a really good position right now. I’ve been in the sector since 1983. I was the youngest known female operations manager in the latter part of that decade, working for a contracted security company where I was responsible for around 200 male security officers. I’ve been involved with the SIA since the very first assessors’ course, which then saw me become the first female ACS assessor back in the mid-2000s.

The industry has improved and has become far more professional with the SIA coming on board, but I would like to see the SIA’s ACS become mandatory so that every security company has to be assessed. Currently, it’s a voluntary scheme. The SIA had been thinking of bringing in business licensing, but this has been put on hold. However, if that was to be enacted at some stage then at least we would know which security companies were out there, what they’re doing, where they’re based and who’s undercutting the ACS companies who’ve actually gone to the trouble – and the expense – to obtain the required level of approval and certification.

All in all, I do think the security industry is booming. Most security personnel are now seen as key workers and they should be. They’re in charge of multi-million-pound assets as well as people and buildings. They should be recognised and better respected for the work that they do.

Now there’s more of a career path outlined in the security industry, hopefully more people will join the ranks with longevity in mind rather than viewing it as just a stop-gap until they can find a ‘proper’ job.

Lynn Watts-Plumpkin is Security Services Scheme Manager at the Security Systems and Alarms Inspection Board (SSAIB)