National Security Inspectorate Sentinel House, 5 Reform Road Maidenhead SL6 8BY Website: nsi.org.uk Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 1 of 16 © NSI 2021 Code of practice for the provision of security services in a retail environment NCP 101 Issue 6 February 2021 Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 2 of 16 © NSI 2021 Contents 1. Security guarding ……………………………………………………………………………………………………………….. …… 4 2. Scope ……………………………………………………………………………………………………………….. ……………………….. 4 3. Application ……………………………………………………………………………………………………………….. ………………. 5 4. Requirements ……………………………………………………………………………………………………………….. ………….. 5 4 The Organisation ……………………………………………………………………………………………………………………………………………. 6 5 Resources ……………………………………………………………………………………………………………………………………………. …………..6 6 Service …………………………………………………………………………………………………………………………………………………………… 12 Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 3 of 16 © NSI 2021 Foreword In the absence of a specific British Standard code of practice, security services in a retail environment have been traditionally based on the recommendations given in BS 7499 but with assumptions that, in the retail guarding sector of the security industry, Basic Job Training and some aspects of the role are fundamentally different. Such differences are now even more apparent as companies extend their range of services from the provision of ‘uniformed retail guards’ to include ‘store detectives’, ‘test purchasing’ etc. This NSI code of practice highlights the fundamental differences, omissions and modifications when compared to BS 7499:2020 in order that it may form a consistent basis for auditing all aspects of security services normally provided in a retail environment. This document is to be read in conjunction with: • British Standard Code of Practice BS 7499:2020; • British Standard Code of Practice BS 10800:2020; and • the current version of NSI General Approval Criteria (MSF 571). No company shall hold out or claim that it adheres to this NSI code of practice unless compliance with the same has been confirmed by NSI and approval has been granted. Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 4 of 16 © NSI 2021 1. Security guarding The term “security guarding” used in this NSI Code of Practice applies to activities which are described as follows in the Private Security Industry Act 2001: a) Guarding premises against unauthorised access or occupation, against outbreaks of disorder or against damage; b) Guarding property against destruction or damage, against being stolen or against being otherwise dishonestly taken or obtained. References to guarding premises against unauthorised access include references to being wholly or partly responsible for determining the suitability for admission to the premises of persons applying for admission. References to guarding against something happening include references to so providing a physical presence, or carrying out any form of patrol or surveillance, as to deter or otherwise discourage it from happening; or to provide information, if it happens, about what has happened. 2. Scope The scope of this NSI Code of Practice covers all security services provided within in a retail environment, for example: a) ‘Uniformed retail officers’ who provide a highly visible presence often more as a deterrent to shoplifters. Such officers usually work in close harmony with the management and staff of the retail facility. b) ‘Store detectives’ who have to blend in with the normal profile of the retail customers. Store detectives also normally work in close harmony with the management and staff of the retail facility. c) ‘Mystery shoppers/test purchasers’ whose attendance at a particular retail facility may only be known to a level of management. Till operatives, customer service staff etc. will normally not be aware that such personnel are on site. d) ‘Uniformed static guarding duties associated with warehouses or distribution services and in some instances maintaining a presence at the retail facility during the hours of closure. e) ‘CCTV controller . Duties may include the manning of a CCTV control Centre for the retail complex. Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 5 of 16 © NSI 2021 BS 7499:2020 is the British Standard code of practice for a ‘Static Guarding Security Services’ and, because this service usually includes the deployment of uniformed security officers on a round the clock basis (often as lone workers), there is a clear requirement for a 24 hour manned Control Room where this applies. Services highlighted under d) fall entirely within the scope of BS 7499:2020 and organisations wishing to obtain an NSI approval must comply with BS 7499:2020 in its entirety. For the services highlighted under a) to c) inclusive, it would not normally be necessary to operate a 24 hour manned Control Room or to apply the full provisions of BS 7499:2020. For such services, only the applicable requirements of BS 7499:2020, as clarified within this NSI Code of Practice, apply to any organisation wishing to maintain an NSI approval. Note: Where the service under e) includes the manning of a CCTV (Closed Circuit Television) system for a retail complex, organisations can have their scope extended, under their NSI Approval, to show that they also comply with the requirements of BS 7958 Annex C – Contractor Responsibilities within BS 7958 3. Application As this NSI Code of Practice does not introduce any fundamentally new requirements for the provision of security services within a retail environment, it will be applied to all organisations wishing to obtain or maintain an NSI approval for the services listed above. 4. Requirements The clause reference numbers and titles, in Table 1 below, relate to the clause reference numbers and titles of BS 7499:2020. The requirements, listed under “Additions / Omissions / Modifications for Retail”, in conjunction with the corresponding clauses of BS 7499:2020, are the requirements that have to be satisfied by any organisation wishing to maintain an NSI approval for the retail services listed. Where additional text is reproduced in italics in Table 1, it is included as additional guidance rather than as a specified requirement. Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 6 of 16 © NSI 2021 Table 1 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail 4 The Organisation 4.1 Structure As specified in BS 7499:2020 and recommendations given in BS 10800:2020 8.2 Attention is drawn to the requirement that the organisation should operate a complaints management system in accordance with the guidance given in ISO 10002. 4.2 Finances As specified in BS 7499:2020 and recommendations given in BS 10800:2020, 7.2. 4.3 Insurance Insurance documentation shall be available to demonstrate that in addition to covering the standard risks outlined in BS 7499:2020 and BS 10800:2020, 7.3 , specific retail risks such as wrongful arrest, use of excessive force are covered. 4.4 Documented information As specified in BS 10800 7.1.1 5 Resources 5.1 Premises As specified in BS 7499:2020 and recommendations given in BS 10800:2020, 7.4. 5.2 Control room 5.2.1 Design, construction and layout For an organisation with retail security officers who only work during normal retail hours, a 24-hour manned Control Room will not normally be required. However, there must be clear evidence to show that the organisation has considered the need for such a facility, particularly in light of any lone worker risks and the full 5.2.2 Location within a secure facility 5.2.3 Control room procedures Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 7 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail 5.2.4 Control room information range of services that the organisation is contracted to supply. An exception to the requirement for a 24 hour Control Room will normally be allowed where: • Booking on and off is controlled by the store manager/supervisor; • Effective monitoring is done ‘in-store’ where the ‘lone worker’ risks are reduced • Incident reporting is normally done in-store • Emergency situations do not normally escalate because of team support at the same location Note: If a retail contract includes static or mobile patrol duties at a distribution centre, warehouse or retail facility outside of opening hours, then the full provisions of BS 7499:2020 and BS 10800:2020 will normally apply including the provision of a 24 hour manned Control Room. Where it is accepted that a Control Room, fully in accordance with BS 7499:2020 is not required, a manned operational centre shall be maintained during normal office hours. This will control ‘booking on’ of staff and ensure every endeavour is made to maintain the contractual requirements with respect to the number of personnel supplied and their hours worked etc. Outside of normal office hours, a duty roster of management shall be maintained so that assigned personnel can request the appropriate level of support/back-up in the event of an incident or any other situation that needs the immediate attention of senior management. 5.2.6 Control room staff 5.2.7 Escalation Procedures As specified in BS 7499:2020 5.2.5 Control Room Records Company procedures shall ensure that appropriate records are maintained in the Control Room or Operational Centre, including those generated in-store. These may include: A DOB book Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 8 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail Incident Report Sheets Search Register Civil Recovery Forms Witness Statements Holiday Request Forms Accident Report Forms Sickness Self-Cert Forms (The list is not exhaustive) Records should be made of all mobile patrol visits and supervisory visits. 5.3 Security Officers 5.3.1 General This requirement is generally as specified in BS 7499:2020. However, even where working under close supervision of the client at the place of work, an appropriate level of site supervisory visits shall be maintained by the organisation. Note: Attention is drawn to the fact that the isolation of retail security officers at sites can itself have particularly detrimental effects on: • The contractual arrangements: the Security Officer becomes more reliant on store management. His/her allegiance can shift from company to store. One set of rules for the store / another for the employer. • The Security Officer becoming nonchalant and standards of presentation / work being soon affected. 5.3.2 Selection As specified in BS 7499:2020 5.3.3 Screening As specified in BS 7499:2020 and recommendations given in BS 10800:2020 7.1 5.3.4 Health As specified in BS 7499:2020 and guidance in BS 10800 Annex A Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 9 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail 5.3.5 Terms and conditions As specified in BS 7499:2020 and guidance in BS 10800 Annex A 5.3.6 Disciplinary and Grievance code As specified in BS 7499:2020 and guidance in BS 10800 Annex A 5.3.7 Identification All assigned personnel shall be issued with and carry an appropriate identity card in accordance with the requirements of BS 7499:2020 and although such cards need not be displayed they should be produced on request. Note: Some retail establishments may require S/Os to wear their own corporate ID card rather than that of the guarding company. If this is the case, the S/O should still be issued with a company ID card that should be carried in their pocket. 5.4 Equipment and uniforms 5.4 Equipment and uniforms For uniformed retail officers, employed as ‘meet and greet’ personnel, the same requirements as BS 7499:2020 and BS 10800 7.6 apply except that the organisation (the service provider) may agree with the retailer that they provide a corporate uniform with the retailer’s insignia. Also, in the case of a store detective, it is accepted that the assigned personnel wear appropriate clothing in order to naturally blend in with the shoppers. 5.5 Training 5.5.1 General As specified in BS 7499:2020. The organisation should follow the recommendations given in BS 10800:2020, 7.71 and 7.7.3 with regard to counter-terrorism training. 5.5.2 Induction training As specified in BS 7499:2020 and recommendations given in BS 10800:2020, 7.7.2. 5.5.3 Operational training As specified in BS 7499:2020 and recommendations given in BS 10800:2020, 7.7.2. The requirement to include additional hours for subject specific modules Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 10 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail that relate to the role to be undertake, is retained in BS 7499:2020, e.g. although an SIA SG licence covers uniformed retail guarding, it is also appropriate to include an additional module that focuses on the specific risks that can be faced in a retail environment. Therefore, where relevant, the following shall also be addressed: – Vulnerable Items – Vulnerable Areas – Store Watch – Approach Procedures – PACE Act – Arrest/Detention Procedures – Relate facts (Arrest) – Store Codes – Action for a Lost Child – Staff Search – Staff Purchase – Cash Escorts – Emergency Procedures – Evacuations (public and staff) – Banned People – Procedures for the handling of incidents involving children – Trespass – Radio Procedure – Credit Card Fraud – Suspect Packages – Store Keys – Incident Reporting Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 11 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail – Statements – CCTV This list is not exhaustive There may be additional training for store detectives – such as covert operations, approach procedures, calling for uniformed support etc. Note: The SIA (Security Industry Authority) recognises that it is essential for all security personnel working in the private security industry to have undergone a structured programme of learning and education resulting in recognised qualifications if they are to be effective and professional in their role. Where the assigned roles fall within a category requiring licensing of individuals by the SIA, then it shall be a condition of any NSI approval that all such individuals are in possession of the appropriate SIA licence, and displaying it upon their person whilst on duty. 5.5.4 Assignment-specific training As specified in BS 7499:2020 and recommendations given in BS 10800:2020, 7.7.4, with particular emphasis on contracted duties. Note: Where a Company has a contract for a large retail client and the general layout of the stores is very similar, it may be acceptable for generic training to be given, particularly when assigned personnel are regularly moved from store to store. However, in all cases where an individual is assigned to a new site, the organisation shall ensure that any necessary additional training is identified and delivered. 5.5.5 Control room training May not be applicable in retail manned guarding, but where it does apply (see 5.2), BS 7499:2020 applies. 5.5.6 Supervisory training As specified in BS 7499:2020 5.5.7 Specialist training As specified in BS 7499:2020, with particular emphasis on roles such as: Store detectives, mystery shoppers, test purchasing. Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 12 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail Note: Retail security officers are sometimes required contractually to stack shelves, perform cash escorts, make arrests, clean up, patrol externally (list not exhaustive). In these cases, especially where the task requires an element of skill or puts the Security Officer at risk, NSI expect relevant training modules to have been produced along with supporting documentation that the training had taken place. Note: Any additional risk the Security Officer may be subject to by performing the above tasks should be incorporated into the Health and Safety risk assessment. 5.5.8 Takeovers As specified in BS 7499:2020 5.5.9 Refresher training As specified in BS 7499:2020 including updates to PACE (Police and Criminal Evidence Act 1984) and relevant parts of the law. 5.5.10 Continuous professional development As specified in BS 7499:2020. The organisation should encourage employees to pursue relevant sector-specific CPD. 5.5.11 Training records As specified in BS 7499:2013 and recommendations given in BS 10800:2020, 7.7.6. 6 Service 6.1 Customers 6.1.1 General As specified in BS 7499:2020. As specified in BS 7499:2020. The organisation should follow the recommendations given in BS 10800:2020, 8.3 (Sale of services) and 8.7 (Suppliers of bought-in-labour and subcontracted services) ) 6.1.2 Contract records As specified in BS 7499:2020. The organisation should follow the recommendations given in BS 10800:2020, 7.1.1. (Documented information and 8.3.5 (Contracts) ( 6.2 Site surveys Organisations shall follow the general principles of BS7499:2020 and the recommendations given in Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 13 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail BS 10800:2020 8.4 and shall have a clearly defined process to identify and communicate to all relevant personnel the generic and specific risks that may be faced. Note: Organisations are reminded that site inspections are to do with identifying hazards & measuring risk levels; this includes security risks and Health and Safety risks. a) Security Risk Assessment Where an organisation is being sub-contracted by a store to provide retail guarding activity (which may be part of a multi-national enterprise), the store may have its own comprehensive procedures that the Security Officer will be required to follow. In this case, the organisation’s own security risk procedures may cross- reference the specific store assignment instructions. b) Health and Safety Risk Assessment In the case of Health and Safety, there are two aspects: 1. The customer has a duty of care to its employees and sub-contractors (which includes the retail guarding employees) 2. The sub-contractor (retail guarding company) also has a duty of care to its own security officers. Note: In the H&SE publication, “Management of Health and Safety at Work Regulations 2007”, it is recommended that consultation takes place between companies to ensure all aspects of an employee’s health and safety are identified and documented. This consultation shall result in a competent Health and Safety risk assessment being produced for the retail security officer on that site. 6.3 Assignment Instructions 6.3.1 General Generally as specified in BS 7499:2020 and in BS 10800:2020 8.5, but with the exception that Assignment Instructions do not need to be signed to demonstrate that they have been agreed by both parties. Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 14 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail Note: Assignment instructions in retail guarding vary from site to site and customer to customer. In the case of a national contract which might include say, 100 retail outlets, it would be an onerous task to provide a set of individual Assignment instructions to each site on the first day of a contract and to subsequently maintain and review them on each location. For this reason NSI supports the practice of producing a generic set of Assignment Instructions for national contracts. However, there shall be provision to agree and record any local instructions that relate to specific duties to be undertaken at individual stores. (See 6.2(a) above). These two sets of documentation (generic and local instructions) together shall form the Assignment instructions for an individual site. Where a retail guarding company contracts with a single outlet, NSI would expect the clauses of BS 7499:2020 6.3.1 and BS 10800:2020 8.5 to be followed as closely as possible to the guarding format (i.e. the production of Assignment instructions for each outlet. 6.3.2 Content With respect to 6.3.1 General, NSI would expect the following clauses to be contained in the generic Assignment instructions: 6.3.2 c), d) (if applicable), f), and the following clauses to be a part of the locally produced Assignment instructions: 6.3.2: a), b), e), g) and h)1, h)2, h)3, h)4, h)5 6.3.3 Amendments As specified in BS 7499:2020 6.3.4 Review As specified in BS 7499:2020 6.4 Sites 6.4.1 Information As specified in BS 7499:2020, and additionally as in 6.3 as part of this NSI code of practice. 6.4.2 Duties As specified in BS 7499:2020 and as detailed in 6.4.2 Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 15 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail 6.4.3 Site Records As specified in BS 7499:2020 ‘Daily register’ in the standard, may be referred to as Daily Occurrence Book (DOB). It is normal to see a separate form used for the writing-up of all incidents (perhaps the store’s own). Where an incident does occur, it should be cross- referenced in the DOB. 6.4.4 Site visits As specified in BS 7499:2020 Note: Each middle manager responsible for a portfolio of contracted sites should ideally maintain a plan detailing the minimum frequency of visits to each site which should be based upon due consideration of the complexity of the duties carried out and the nature of the business conducted by the client. As the visits are carried out they should be recorded so that it is fairly transparent if there are sites that have not been visited for some time. Requirements for recording findings on such visits should be clearly defined and a documented procedure should be maintained to cover the reporting and closure of any adverse findings or actual incidents. Even if there is an on-site manager, there should still be a level of independent visits although the frequency of such visits may be less than that required for sites where there is no site management. 6.5 Performance evaluation 6.5.1 Contract performance monitoring The organisation should follow the recommendations for contract performance monitoring given in BS 7499:2020 and BS 10800:2020, 9.2. 6.5.2 Employee performance monitoring 6.5.2.1 Welfare Check As specified in BS 7499:2020. Note: NSI will not insist on the completion of an individual report for each officer or that it is always filed in the security officers file. For example, if the form Code of practice for the provision of security services in a retail environment Document no. NCP 101 Document issue no. 6 Document issue date February 2021 Document owner Head of Field Operations – Services Last review date February 2021 Document classification PUBLIC (RESTRICTED) Page 16 of 16 © NSI 2021 BS 7499: 2020 clauses Additions / Omissions / Modifications for Retail utilised has provision to clearly record each officer interviewed on a management visit to a particular site, a tick-box style can be utilised to indicate compliance with specified requirements for the team as a whole, as long as there is provision to individually record any welfare or training issues and to comment in more depth on any adverse findings. 6.5.2.2 Performance review The organisation should follow the recommendations for contract performance monitoring given in BS 7499:2020 6.5.3 Annual performance monitoring The organisation should follow the recommendations for performance appraisal visits given in BS 10800:2020, 9.4. 6.6 Control of customer property 6.6.1 General The organisation should follow the recommendations for contract performance monitoring given in BS 7499:2020 6.6.2 Control and movement of keys on sites It is unusual to find retail security officers with responsibility for keys as a part of their duties, but not unheard of. Where there is responsibility for keys as part of the Assignment instructions, NSI would expect that the sentiments of this clause would be incorporated as ‘best practice’