National Security Inspectorate Sentinel House, 5 Reform Road Maidenhead SL6 8BY Website: nsi.org.uk NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 1 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 NACOSS Gold approval criteria SF 002 – Issue 9 October 2024 NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 2 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 These approval criteria are to be read in conjunction with the NSI Regulations. No company may hold out or claim to meet the NACOSS Gold approval criteria other than by virtue of holding NACOSS Gold approval. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 3 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Contents 1. Scope …………………………………………………………………………………………………………………………………………. 5 2. Scheme Structure …………………………………………………………………………………………………………………….. 5 3. Definitions …………………………………………………………………………………………………………………………………. 5 4. Standards and Codes of Practice ………………………………………………………………………………………….. 6 4.1 Primary Scheme Standards and Codes of Practice ………………………………………………………………………………………. 6 4.2 Managing standards updates …………………………………………………………………………………………………………………………… 7 5. General criteria …………………………………………………………………………………………………………………………. 7 6. Insurances …………………………………………………………………………………………………………………………………. 9 7. Experience of management……………………………………………………………………………………………………. 9 8. Repute of management ……………………………………………………………………………………………………….. 10 9. Finance ……………………………………………………………………………………………………………………………………. 10 10. Level of trading ……………………………………………………………………………………………………………………… 10 11. Contracts (general) ……………………………………………………………………………………………………………….. 11 12. Maintenance contracts …………………………………………………………………………………………………………. 11 13. Twenty-four hour cover ……………………………………………………………………………………………………….. 12 14. Staff………………………………………………………………………………………………………………………………………….. 12 15. Security screening of personnel …………………………………………………………………………………………. 12 16. Customer communications………………………………………………………………………………………………….. 13 17. Management of complaints ………………………………………………………………………………………………… 13 18. Management of sub-contracting (outsourcing) ………………………………………………………………. 13 19. Do-it-yourself kits …………………………………………………………………………………………………………………. 13 20. Wiring rules ……………………………………………………………………………………………………………………………. 14 21. Vehicles and equipment ………………………………………………………………………………………………………. 15 22. Police policies ………………………………………………………………………………………………………………………… 15 23. Agreed deviations …………………………………………………………………………………………………………………. 15 Appendix A Supplementary notes for premises criterion ……………………………………………….. 17 A.1 General comments…………………………………………………………………………………………………………………………………………….. 17 A.2 Structure of building …………………………………………………………………………………………………………………………………………. 17 A.3 Space available and so on ……………………………………………………………………………………………………………………………….. 18 NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 4 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 A.4 Physical security of premises …………………………………………………………………………………………………………………………… 18 A.5 Intruder alarm …………………………………………………………………………………………………………………………………………………….. 18 A.6 Reception of visitors………………………………………………………………………………………………………………………………………….. 18 A.7 Security of tenure ………………………………………………………………………………………………………………………………………………. 18 A.8 General presentation ………………………………………………………………………………………………………………………………………… 18 A.9 Examples of types of accommodation ………………………………………………………………………………………………………….. 18 A.9.1 Self-contained commercial premises ……………………………………………………………………………………………. 18 A.9.2 Commercial accommodation within a multi-occupancy building ………………………………………….. 19 A.9.3 Commercial accommodation within a “serviced office complex” …………………………………………… 19 A.9.4 Segregated area within residential premises (for very small companies only)…………………….. 19 A.10 Duty to notify changes ……………………………………………………………………………………………………………………………………… 21 A.11 Planning consent and business rating…………………………………………………………………………………………………………… 21 A.12 Health and Safety ………………………………………………………………………………………………………………………………………………. 22 Appendix B Procedure for agreed deviations …………………………………………………………………… 23 B.1 Self-authorisation by the approved company …………………………………………………………………………………………….. 23 B.1.1 Customer documentation ………………………………………………………………………………………………………………………………… 23 B.2 Authorisation endorsed by us …………………………………………………………………………………………………………………………. 24 B.3 General…………………………………………………………………………………………………………………………………………………………………. 24 Appendix C Terms and Conditions ……………………………………………………………………………………… 25 NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 5 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 1. Scope This document explains the scheme structure and lists the general criteria for companies that wish to achieve and maintain NACOSS Gold scheme approval. NACOSS Gold approval includes surveying, designing, installing, testing, commissioning, handing over, servicing and maintaining of security systems. In this document, text under the columns headed Criterion are criteria for approval. Text under the columns headed Guideline are guidelines for assessing compliance with the stated criteria. Nevertheless, we reserve a right to refuse approval if you do not meet the guidelines or to end your approval if you do not meet the guidelines. 2. Scheme Structure Intruder alarms, CCTV, and Access control are covered by the scheme. If your business carries out work in these areas, all work must be done under the scheme. 3. Definitions For Definitions, please refer to NSI Regulations Annex 1. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 6 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 4. Standards and Codes of Practice NSI certifies companies to the ‘primary’ scheme standards and Codes of Practice related to this scheme. You must meet these standards in order to achieve and maintain NACOSS approval. Note: Where requirements for “standards” are mentioned throughout these approval criteria this also includes the relevant Codes of practices. 4.1 Primary Scheme Standards and Codes of Practice Management System: • ISO 9001:2015 – Quality Management System – Requirements for use For intruder and hold-up alarms: • PD 6662:2017 – Scheme for the application of European Standards for intruder and hold up alarm systems • NCP 120 issue 1 – Supplementary Code of Practice for the Planning, Installation, Commissioning and Maintenance of Intruder Alarms For detector activated CCTV systems claiming compliance with BS 8418: • BS 8418:2015 – Installation and remote monitoring of detector activated CCTV systems – code of practice For other CCTV systems: • NSI NCP 104 issue 3 – Code of practice for the design, installation and maintenance of CCTV systems For access control systems: • NSI NCP 109 issue 3 – Code of practice for the design, installation and maintenance of access control systems For scaffolding alarm systems requiring compliance with NCP 115: • NSI NCP 115 issue 1 – Code of practice for the design, installation and maintenance of scaffolding alarm systems Criterion Guideline You must make sure that all your surveying, designing, installing, testing, servicing, maintaining and monitoring of electronic security system installations are done to the regulations and approval criteria. This includes any work or other functions or If your organisation does not carry out work in all disciplines associated with the primary standards of the scheme, for example if you do not install CCTV, you may still gain approval. However, if you begin to install NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 7 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Criterion Guideline activities that you sub-contract. It also includes work or other functions or activities that you accept as a sub- contractor. CCTV, all work carried out must be done in accordance with the requirements of NCP 104. Advise your NSI auditor and account manager of any changes in this regard. The primary scheme standards may call upon/require compliance with other standards. These standards are not certificated directly as part of the approval, however, NSI does require organisations to be able to demonstrate compliance to these standards where requirements are normative. In particular, every security system installation you install must be to the British Standards and other technical codes of practice and published documents listed in these approval criteria. You must have a quality management system that addresses the requirements of BS EN ISO 9001 and NSI quality schedule SSQS 101. ISO 9001 does not require documented procedures, however, within the scheme quality schedule SSQS 101, there are requirements for documented procedures. 4.2 Managing standards updates For the primary scheme standards NSI will provide information to approved companies regarding: • the approach to transition (for example whether extra audit time will be required); • the impact of the new standard on your business regarding new/prior installations, and any transitional arrangements; • timeframes associated with transition (for example when companies must meet the standard for new contracts); and • any other requirements considered relevant or necessary by NSI. You must maintain an awareness of the latest version of any standards called upon by the primary scheme standards. 5. General criteria Criterion Guideline You must operate from suitable and adequately secure premises or use a virtual office environment that conforms to NSI document – OP2-085. Where you operate from a physical office, we prefer non – residential business / commercial premises and this is what we normally expect. However, if you are a very small company, we may agree to accept a suitably adapted and segregated secure area within residential NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 8 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Criterion Guideline NOTE: Where you operate or partially operate from a virtual office environment, you will need to demonstrate that company data is secure and is offered adequate protection from cyber attack, OP2-085 details requirements e.g. holding cyber essentials certification. premises or a suitably constructed outbuilding within the grounds of a private residence. Where you operate from a physical office on application for approval, we expect you to show us that you have reasonable security of tenure of the premises (for example, freehold; leasehold with at least three years to run; or a long history of occupying the premises and no reason to expect that you will have to leave). Where you operate exclusively from a virtual office environment, we expect you to provide dedicated meeting space to allow confidential NSI audits to take place securely and without interruption. Further guidance is given in Appendix A to this document. Where you operate or partially operate from a physical office, your premises must have a remotely notifying, police-calling intruder alarm system. Exceptionally we may agree an intruder alarm system that is not police-calling (only if we agree in writing) if there is evidence that: a) Your premises are manned permanently by at least one person; or b) Private (non-police) response for your premises is provided under contract by a company holding NSI approval in relation to BS 7984 for this type of response service; or c) You hold NSI approval against BS 7984 for private (non-police) response and your personnel are directed to provide this service to your premises; or d) You have demonstrated to our satisfaction (in relation to relevant clauses of BS 7984) that your personnel are trained, equipped, available and able to provide this response service to your premises and are directed to do so. In cases (b), (c) and (d) we need to be satisfied that the private response is likely to be no less prompt than police-response. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 9 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 6. Insurances Criterion Guideline You need to hold employer’s liability insurance and public liability insurance. None. You need to hold products liability insurance extending to wrongful advice and failure to perform. Your insurance cover must be wide enough to cover all of your work and services of surveying, designing, installing, testing, servicing and maintaining security system installations. The limit of indemnity for any one event and also in total for any one twelve month period of insurance needs to be not less than five million pounds sterling. `Wrongful advice’ and `failure to perform’ are specialized forms of insurance cover not necessarily included in ordinary business policies. We advise you to check the scope and extent of your cover before you apply for approval. Some of your commercial contracts are likely to require you to hold cover for more than five million pounds sterling. 7. Experience of management Criterion Guideline You need to have suitably experienced managers, known as “qualifying managers”. These are the people within your company who are responsible for the security systems side of the business and for the overall business and financial management of the business. This includes being responsible for all the work and service provided by any sub-contractors. At least one of the “qualifying managers” needs to have relevant technical and engineering experience. This experience needs to include experience of specifying and designing security system installations. At least one of the “qualifying managers” needs to be a director or senior manager who has relevant business management and commercial experience. The number of qualifying managers you need will depend on the size of your company and on the nature and extent of your company’s security systems operations. For a small company, one qualifying manager is enough, if they have the appropriate technical and engineering experience and also the appropriate business management experience. A qualifying manager is normally expected to have at least three years’ relevant experience in a management or supervisory capacity in electronic security systems. The experience may have been gained within your company or during previous employment / trading. The experience needs to be of a standard acceptable to us. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 10 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 8. Repute of management Criterion Guideline The people who manage, control and have principal interests in the ownership of your company must be demonstrably reputable and of good standing. During the application process and at any time after approval is issued, we may ask specific individuals within your organisation to provide, through completion of NSI personal data forms and/or other methods, relevant personal information, evidence of character and repute, references, guarantors and so on, to our satisfaction. When we are assessing whether a company meets this criterion, we can take into account all the information we have about the people concerned. The mere absence of information against a person is not necessarily enough. We can refuse to approve a company if we are not satisfied that we have the necessary positive evidence of repute and good character. Similarly, if we are not satisfied, we can end approval or set a condition (for example a condition that your approval can only continue if you remove a named individual from office). 9. Finance Criterion Guideline We can withhold approval or end approval if we have reason to believe that: • your company does not have sufficient financial stability to be able to trade; • the financial affairs of your company are not being (or have not been) carried on in a responsible and prudent manner; or • your company is not trading lawfully, meeting its just debts and other financial obligations. We usually get a report from a credit reference agency. We may view public records such as statutory accounts and county court judgments. To help us form a clear picture, we may ask you to send us financial information such as annual accounts, monthly management accounts and forward financial plans (projections). We do not usually grant Gold approval to companies that have been trading for less than two years. However, we can allow an exception if there is evidence of substantial financial backing. 10. Level of trading Criterion Guideline You must maintain a level of trading activity in security system installations, enough for our representatives to assess and examine the standard of work carried out and the management system applicable. Normally, for initial approval, you are expected to have installed a sufficient number of security systems to the relevant standards to enable us to assess the standard of your work. For approval to be maintained, you should NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 11 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Criterion Guideline normally issue at least twenty certificates each year. 11. Contracts (general) Criterion Guideline You shall not engage in misleading, unfair or pressurised selling techniques and shall observe and maintain high standards of fairness and integrity. You shall create and approve contracts for the installation and/or maintenance of security systems. Prior to installation commencing a Company shall either: 1) have a signed acceptance of the contract; or 2) where oral acceptance has been given have sent to the customer a written confirmation of that acceptance. See Appendix C for further details. Professional advice is recommended when drawing up full Terms and Conditions to ensure they are fair and reasonable and do not contravene legislation. 12. Maintenance contracts Criterion Guideline You need to adopt a company policy that you always draw the customer’s attention to the need for security systems to be adequately maintained and that you encourage your customers to enter into a maintenance service agreement with you (or another NACOSS Gold approved company) and to continue in the maintenance service agreement. Note: Security systems on police response must continue to be maintained to remain on police response. None. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 12 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Criterion Guideline Note: See also the ‘maintenance’ provisions in the relevant primary scheme standard. 13. Twenty-four hour cover Criterion Guideline You must provide a maintenance service in accordance with the standards, codes of practice and published documents in section 4.1. The primary standards or codes of practice listed in Section 4.1 Primary Scheme Standards and Codes of Practice may list other standards/Codes of practice that contain further requirements relating to the provision of maintenance, these must also be complied with 14. Staff Criterion Guideline You need to have suitably trained and qualified people, sufficient to meet your obligations to your customers and to NSI. As a minimum, you need to have at least two suitably trained and qualified ‘staff personnel’ available for maintenance call- out. ‘Staff personnel’ here means the managing partners of your company, the directors of your company, and employees who are on the payroll of your company. Where sub-contractors are used they must be used only as allowed in NSI Quality Schedule SSQS 101. NOTE: See criterion number 15 below. None. 15. Security screening of personnel Criterion Guideline You must keep to the recommendations given in BS 7858 – British Standard code of See further requirements in SSQS101. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 13 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Criterion Guideline practice for security screening of individuals employed in a security environment. 16. Customer communications Criterion Guideline You must establish and keep to the requirements for communication as per the NSI quality schedule SSQS 101 and ISO 9001. None. 17. Management of complaints Criterion Guideline You must keep to the requirements for management of complaints in NSI quality schedule SSQS 101 for the application of BS EN ISO 9001 to NACOSS Gold approval. None. 18. Management of sub-contracting (outsourcing) Criterion Guideline You must keep to the requirements for sub- contracting in NSI quality schedule SSQS 101 for the application of BS EN ISO 9001 to NACOSS Gold approval. None. 19. Do-it-yourself kits Criterion Guideline If you supply D – I – Y security systems or equipment you must not in any way associate yourself with the installation or maintenance of those systems or equipment. Also, you must not say or write anything that might in any way link D-I-Y systems or equipment with NSI. None. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 14 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 20. Wiring rules Criterion Guideline You must make sure that all your electrical wiring and installations keep to good safety practice and they meet the applicable standards and regulations. We draw your attention to BS 7671 Requirements for Electrical Installations (also known as the “IET Wiring Regulations”). It is important you take particular care over protective earthing and bonding. It is important you take particular care that wiring carrying mains voltage is electrically segregated from wiring carrying extra-low voltages, and that electrical separation between circuits operating at these different voltages is achieved and maintained. If you connect into an existing electrical circuit, you need to check the existing circuit is safe and is suitable for what you are going to use it for. You may need to make certain electrical safety tests on the existing electrical installation. For example, you may need to check the type of supply system, the protective electrical (equipotential) bonding, the means (fuses or circuit breakers) for automatic disconnection, and you may need to measure the earth fault loop impedance and to verify whether the impedance is low enough to give an adequate automatic disconnection time. You need to be sure the appropriate test and inspection report(s) and certificate(s) are in place. For your own protection, you should keep a copy (or details) on your file. You need to keep to the relevant health and safety at work law. You need to keep to the relevant provisions of the Building Regulations (for example Part P for residential and similar premises in England and Wales). NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 15 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 21. Vehicles and equipment Criterion Guideline You need to have suitable tools, equipment, test instruments and vehicles. They need to be available and in use. None. 22. Police policies Criterion Guideline You must comply with the applicable police policies and requirements if you have signed-up with the Police Service as a ‘police compliant company’ or if you apply for police response to a security system. See National Police Chief’s Council (NPCC) and Police Scotland policies on police response to security systems. 23. Agreed deviations NACOSS Gold approval requires electronic security systems to be installed meeting the standards, technical codes and published documents identified in these approval criteria. However, there are particular occasions on which fully meeting the standards, technical codes and published documents may not be necessary (or practically possible). With this in mind, you are allowed limited use of agreed deviations against the standard, technical code or published document, as explained below and in Appendix B . Criterion Guideline Security system installations may deviate from the standards, technical codes and published documents if the deviations are limited in nature and extent, provided you have authorised and documented the deviations in line with the requirements described in Appendix B 1 to this document. or where deviations are limited in nature but are common to a special situation then a separate agreement with NSI must be None. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 16 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Criterion Guideline sought in line with requirements described in Appendix B2 to this document. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 17 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Appendix A Supplementary notes for premises criterion The following supplementary notes expand on the guidelines for the premises criterion (see section 5 above) and are intended to assist applicant companies by indicating how we (NSI) are likely to judge various situations and types of premises. A.1 General comments You must demonstrate you operate from suitable and adequate secure premises or from a virtual office environment, meeting the requirements of OP2-085. This means you must be able to show you have the capability to support a correctly run installation business where properly organised documentation can be kept secure and in conformity with NACOSS Gold Rules and Codes of Practice (including British Standards where appropriate). Consideration must be given to privacy and data security where staff work away from a secure physical company premises. A.2 Structure of building Where you operate or partially operate from a physical office the structure of the building should meet these guidelines. Many different forms of construction are in use on commercial and industrial sites. We do not seek to stipulate any particular rules or guidelines concerning the type of construction for buildings used by security companies as business accommodation on commercial or industrial sites. However, such buildings must be of: • masonry construction, or • reasonably robust structure and construction not more vulnerable to intruders than a building of normal masonry construction, or • reasonably robust structure and construction supplemented by other means (such as by siting the building within a secure compound) such that, overall, the premises are not more vulnerable to intruders than a building of normal masonry construction. In the case of portable, transportable or pre-fabricated buildings on a commercial or industrial site, evidence of appropriate planning consent should be available and short-term or temporary planning consent would not enable A.7 or A.11 below to be complied with. In addition, clear evidence that the building meets the provisions of A.2 above will need to be provided. In the case of office accommodation within a private home or in an outbuilding within the grounds of a private home, masonry construction is required; attention is drawn to A.9.4 below, and particularly to A.9.4 (f) . NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 18 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 A.3 Space available and so on Adequate space must be available to conduct the ordinary business and administration of the company un-impeded by space constraints. If it is likely that large drawings/plans need to be examined, the space available needs to be adequate for this to take place. If drawings/plans are to be worked-on (generated, modified, or annotated), the space available needs to be adequate for this to take place, and appropriate drafting facilities need to be provided. A.4 Physical security of premises Reasonable and prudent physical security provisions should be adopted. For example, good quality door locks should be provided and used. Window locks should be provided and used. Consideration should be given to providing additional physical security on vulnerable windows and any other vulnerable areas, so as to eliminate the vulnerability. A.5 Intruder alarm A police-calling intruder alarm is required (see premises criterion and also A.9.4 (e) below). A.6 Reception of visitors There must be suitable and adequate accommodation for meeting customers (and other visitors attending for business purposes) and for NSI audits to take place. A suitable office would suffice for this purpose. A shop or showroom is not necessary, nor is a public reception area. Where you operate from a virtual office environment, suitable well-presented office space where secure confidential meetings can take place must be made available. A.7 Security of tenure At the time of making the application, where you operate or partially operate from a physical office, you are expected to demonstrate you have reasonable security of tenure (for example freehold, or leasehold with a number of years to run, or with every reasonable expectation of renewal) or in the case of short tenancies or licences to occupy, you have a record of occupation with no reason to anticipate termination. A.8 General presentation Premises (and their grounds/environs) should be clean, tidy, of good appearance, and kept- up to a reasonable standard. A.9 Examples of types of accommodation A.9.1 Self-contained commercial premises The ideal premises for a NACOSS Gold company would be secure, self-contained commercial premises with their own individual access. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 19 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 A.9.2 Commercial accommodation within a multi-occupancy building There is no objection to a multi-occupied building, so long as your premises are separate from other occupants, and are individually alarmed and where staff from other organisations do not have free access to the area occupied by your business. A.9.3 Commercial accommodation within a “serviced office complex” Another possible type of business arrangement is the “serviced office complex” in which there are a number of small self-contained offices within one building. These offices are generally leased with the services of a common secretary/receptionist who answers the telephone on behalf of each business. Word processing and postal/fax facilities may also be available as part of the package. In the context of a security company, there are potential issues and problems with this type of accommodation. We will want to discuss the practical arrangements and will need to be fully satisfied that the arrangements pose no risk of a security breach. In addition, the following safeguards need to be in place: a) The confidential nature of any correspondence regarding security systems creates potential security risk. Thus a receptionist not employed directly by you must not deal with your written confidential communications such as system specifications and contracts. Alternative arrangements will therefore be required. b) You must make clear to the receptionist of the “serviced office complex” that calls for emergency service from customers have to be passed immediately to you, and alternative arrangements, if all your staff are out of the office, must be clearly understood. This is to preserve your ability to achieve the response to emergencies within the requirements of the British Standards and Codes of Practice (particularly for intruder alarm installers who have to meet a four hour maximum response time). c) The office accommodation where your security screened personnel work (and the place where records are kept) needs to be separate from other occupants, and to be independently alarmed and where staff from other organisations do not have free access. It is unlikely we would approve the use of “serviced office complex” premises if another of the enterprises contained within the complex and sharing the same receptionist facility was a non-NSI security system installation business. Such an arrangement would be vulnerable to charges, rightly or wrongly, of providing a joint NSI/non NSI security system installation facility. A.9.4 Segregated area within residential premises (for very small companies only) As indicated in the premises guidelines, it is not absolutely necessary to operate from NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 20 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 commercial premises. In the case of very small businesses, we will consider applications from companies operating from a suitably adapted and segregated area within residential premises, or from other non-commercial premises. You will need to review the suitability and adequacy of the premises from time to time as the business grows, or if the business takes on large contracts or block-contracts. Operating from residential premises is appropriate for very small companies only. Where you operate from a segregated area within the proprietor’s (or director’s) home, or from a separate building within the grounds of the home, the following safeguards need to be complied with: a) The office accommodation must be entirely separate from the ordinary domestic arrangements. b) The office accommodation should have its own separate access. However, access through a porch, lobby, corridor, hallway or foyer of the proprietor’s (or director’s) home is acceptable if residents use the porch, lobby, corridor, hallway or foyer only to enter and leave the home. Access through a porch, lobby, corridor, hallway or foyer that is used by residents moving around within the home is not acceptable. Access through a living room, dining room, kitchen or bedroom is not acceptable. Access via an internal stairway that is also used by residents moving around within the home is not acceptable. c) There must be a suitable WC facility and adjacent hand wash facility. Preferably, these facilities should be separate from the main bathroom and WC of the home, and preferably they should be accessible from the office accommodation without passing through a living room, or through a kitchen, and without using a stairway that leads up to a bedroom/sleeping area of the home. These facilities must be accessible without passing through a bedroom. d) Current business records should be kept within the office accommodation. Archived records may be stored in another part of the home but should be no less secure than if they were stored within the office accommodation. e) The office accommodation must be alarmed (see A.5 above) separately from parts of the home used for domestic purposes (see NOTE below), and must be provided with adequate means of ensuring its physical security (see A.4 above). The alarm system for the office accommodation should extend to the place where archived records are stored (unless that area is constructed with enhanced physical security such that intrusion is unlikely). Parts of the home used for domestic purposes should also be alarmed. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 21 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Note: The business accommodation can be treated as an area (or areas) of an alarm system supervising the business and domestic parts of the premises, provided the part (or parts) of the alarm system supervising the business accommodation can be “set” independently of the remainder of the alarm system and further provided that alarm signals originating from the business accommodation are separately identifiable at the alarm receiving centre. In such a case, control equipment and signalling equipment should be located with the businesses accommodation or within an area that is permanently supervised by the alarm system. f) Where the office accommodation is within the proprietor’s (or director’s) home or is in a separate building (an outbuilding) within the grounds of the proprietor’s (or director’s) home, the office accommodation should be of permanent construction, and of masonry construction equivalent to the standard of construction for habitable buildings. However, single-brick construction may be acceptable where a former garage has been converted to an office, provided that the access door is suitable and the office is appropriately appointed internally. Portable, transportable or pre- fabricated homes are not acceptable. Portable, transportable or pre- fabricated outbuildings within the grounds of a home are not acceptable as office accommodation. Converted garden sheds, summerhouses, conservatories and the like are not acceptable as office accommodation. g) There should be a tidy and adequate engineering stores facility, which at our discretion may be shared with household items, for example within a garage or utility room. Physical security should be appropriate to the value and nature of the items stored. The store area should be constructed and maintained in such a way that items are not likely to become adversely affected by environmental conditions such as dampness. A.10 Duty to notify changes As a condition of continuing any application (and subsequently as a condition of continued approval) you are required to notify us within 14 days of any changes of location or any other substantial changes to their premises or the way in which the premises are used. A.11 Planning consent and business rating Matters relating to planning consent and business rates are not central, but ought to be taken into account. It is not our role to act in any enforcement capacity. Nonetheless, we would not knowingly grant approval where it was plain that the applicant was operating from premises without an appropriate planning status, or which were not NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 22 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 appropriately registered for council tax and rating purposes (for example, Uniform Business Rate). Quite apart from the ethical aspect, we would not wish to grant approval to a company whose continued operation was dependent upon working from premises without proper planning permission or which was not paying its proper business rate. We would wish to avoid a situation where enforcement action by the rating or planning authorities might mean that an approved company might suddenly be unable to continue in business. A.12 Health and Safety We draw your attention to the Health and Safety at Work Act and similar legislation. Where a business is run from a home, parts of the home may be deemed to be a workplace to which the provisions of the Act apply. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 23 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Appendix B Procedure for agreed deviations B.1 Self-authorisation by the approved company You can authorise a deviation against the standards, technical codes or published documents provided that the deviation is limited in nature and extent, if all six of the following are met: 1. Each request for a deviation is considered individually on a case-by-case basis by a senior manager within your company, and each is separately documented, and a register of agreed deviations maintained, clearly showing the name of the person who has authorised each of them. 2. Each agreed deviation applies only to a single security system installation, and not to a block or group of them. 3. The number of deviations allowed must be kept to a minimum, and only a limited number of deviations may be authorised, affecting only a few of your security system installations. 4. No deviation may be authorised under this procedure unless you have evidence in writing your customer is content for such a deviation against the standards, technical codes or published documents to be allowed. 5. No deviation may be authorised under this procedure unless you have evidence in writing your customer is self-insured, or you have evidence in writing your customer’s insurer is aware such a deviation is proposed and is content for such a deviation to be allowed. 6. In the case of a security system installation that is or may be intended to be police-calling, no deviation may be authorised under this procedure unless you have evidence in writing issued by the relevant police service that the relevant police service is content for such deviation to be allowed. The file relating to the deviation must include a photocopy of the letter (or other document) issued by the relevant police service evidencing that the relevant police service is content for the deviation to be allowed. B.1.1 Customer documentation In every case where a deviation applies, the documentation you issue to the customer must state clearly that full compliance with the standards, technical codes and published documents has not been achieved, and must clearly state the nature and extent of the deviation. The NACOSS Gold certificate of compliance for the security system installation must be endorsed to the effect that full compliance has not been achieved, and either giving clear details of the nature and extent of the deviation or alternatively giving the NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 24 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 identifying reference of documentation within which, the details of the deviation are recorded. Note: A certificate may be endorsed by permanently attaching an explanatory note. B.2 Authorisation endorsed by us If it is not practical or not possible for the full provisions of 1 to 5 in B.1 to be met (see above), you may ask us to authorise the use of an Insight certificate for special situations, giving us such information about the proposed special situation and the reasons for requesting it and about the attendant circumstances as we require. You must use form SF 012 to apply in writing for our consideration of your proposed certification to a special situation. In this agreed special situation a NACOSS certificate of compliance must not be issued. This is to be replaced with afore mentioned Insight certificate for special situations. Note 1: Document SF 010 provides further detail for ‘the application and use of certificates for a security system in a special situation’ Note 2: If the requested special situation for a security system installation, is or may be intended to be police-calling, we will not permit the use of the application for a special situation, unless the provisions of 6 in B.1 above have been met and evidence of the agreement provided. B.3 General Please note we can withdraw the facility for a particular company to authorise deviations, or the request for a special situation or we can lay down special conditions or limitations. We might do this if we consider you have (or may have) made too much use of deviations, or you have agreed deviations that are not appropriate, or if we have other concerns or doubts. NACOSS Gold approval criteria NSI reference only Document no. SF 002 Issue no . 9 Issue date October 2024 Page 25 of 25 Document owner Director of Technical Services & Field Operations Document classification PUBLIC (RESTRICTED) © NSI 2024 Appendix C Terms and Conditions Terms and Conditions (some or all of which may be included within the quotation or system design proposal) shall be provided for each customer which shall include as a minimum: a) the relevant standard/Code of Practice to which the system is to be installed; b) whether the equipment is to be supplied on an outright sale basis or whether it is leased/rented; c) the period of guarantee or warranty; d) the initial contract price and any annual charges for maintenance and monitoring e) the obligations of the customer and the installer concerning any subsequent work carried out to the system, stating which work will be chargeable and which will not; This statement should provide clear guidance as to when call-out, labour and material charges will be applied. f) the arrangements for routine maintenance inspections and emergency corrective maintenance; g) the installer’s right of access for the purpose of maintaining and inspecting the installation; h) conditions regarding interference with the installation by persons other than the installer or his representative; i) terms and conditions concerning retention and use of data, as necessary for the Company to comply with its obligations under the Data Protection Act. Professional advice is recommended when drawing up full Terms and Conditions to ensure that they are fair and reasonable and do not contravene applicable legislation. Each contract shall be supported by, and refer to, a clear specification for the installation. For a security system incorporating CCTV or Access control, the specification shall draw attention to the Data Protection Act and to the fact that the customer may have a duty to register the system with the Information Commissioner.