National Security Inspectorate Sentinel House, 5 Reform Road Maidenhead SL6 8BY Website: nsi.org.uk NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 1 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 NSI Security Services Guarding, Cash & Specialist Services Scheme Approval Criteria MSF 571 Issue 15 March 2025 NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 2 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 Contents 1 Scope …………………………………………………………………………………………………………………………………………. 3 2 Structure of scheme ………………………………………………………………………………………………………………… 3 2.1 Structure ………………………………………………………………………………………………………………………………………………………………… 3 2.2 Scheme certification elements ………………………………………………………………………………………………………………………….. 5 2.3 Normative documents and scopes of approval ……………………………………………………………………………………………. 5 2.4 Scopes ……………………………………………………………………………………………………………………………………………………………………. 5 3 Definitions …………………………………………………………………………………………………………………………………. 7 4 Common criteria ………………………………………………………………………………………………………………………. 8 4.1 Premises ………………………………………………………………………………………………………………………………………………………………… 8 4.2 Insurances ……………………………………………………………………………………………………………………………………………………………… 8 4.3 Repute of management ……………………………………………………………………………………………………………………………………… 9 4.4 Finance (and experience of management) …………………………………………………………………………………………………….. 9 4.5 Contracts ……………………………………………………………………………………………………………………………………………………………… 10 4.6 Staff ………………………………………………………………………………………………………………………………………………………………………. 11 4.7 Compliance with standards, codes of practice, etc…………………………………………………………………………………….. 11 4.8 Security screening of personnel ……………………………………………………………………………………………………………………… 12 4.9 Customer communication ……………………………………………………………………………………………………………………………….. 12 4.10 Document control ……………………………………………………………………………………………………………………………………………… 13 4.11 Statutory and legal requirements…………………………………………………………………………………………………………………… 13 4.12 Records ………………………………………………………………………………………………………………………………………………………………… 14 4.13 Labour provision ………………………………………………………………………………………………………………………………………………… 14 4.14 Sub-contracting …………………………………………………………………………………………………………………………………………………. 15 4.15 Notification of change ……………………………………………………………………………………………………………………………………… 15 4.16 Audit frequency and coverage ……………………………………………………………………………………………………………………….. 16 4.17 Audit duration…………………………………………………………………………………………………………………………………………………….. 17 NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 3 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 1 Scope This document explains the scheme structure and lists the general criteria for companies that wish to achieve and maintain NSI Guarding, Cash & Specialist Services scheme approval. 2 Structure of scheme 2.1 Structure Guarding, Cash & Specialist Services is a modular NSI Security Services scheme in which there are different options for certification. The scheme has a ‘Gold’ and ‘Silver’ level that applies to each module. The structure of the scheme is shown overleaf. Important Note: BS 10800 – Provision of Security Services From 1 st April 2021 it is a requirement that all approved Guarding companies also hold approval to BS 10800 as an overarching standard for the provision of security services. This is currently applicable to those companies holding approval to BS 7499 Provision of Static Guarding Security Services, BS 7984-3 Provision of Mobile Security Services and BS 8406 Event Stewarding and Crowd Safety. As each of the security services standards are revised and re-published, they will also fall under the umbrella standard BS 10800. Applicable standards are: BS 7984-1 Keyholding and Response Services BS 7984-2 Lone Worker Response Services BS 7960 Door Supervision BS 7872 Cash and Valuables in Transit BS 8507-1 Close Protection Services within the UK BS 8507-2 Close Protection Operations Outside of UK BS 7958 CCTV Management and Operation BS 8517-1 General Purpose Security Dogs BS 8517-2 Use of Detection Dogs BS 8484 Provision of Lone Worker Services BS 8523 Management and Operation of Warden Schemes BS 8593 Deployment and use of Body Worn Video NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 4 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 NSI scheme NSI – SECURITY SERVICES Scheme component Scheme requirements Mandatory scopes Service related scopes (mandatory where applicable) This scheme gives confidence to end users that companies approved under the scheme deliver the contracted services (within the scope of activity set out in the company’s Guarding / Cash / Specialist Services Gold Guarding / Cash / Specialist Services Silver Scheme Approval Criteria (Gold) ISO 9001 Scheme Approval Criteria (Silver) BS 7858 – Security Screening • NSI/ACS Passport Specification • BS 10800 – Provision of Security Services • BS 7499 – Static Guarding Security Services including such services as Maritime and Port Security, Aviation Security and Rail Security Services • BS 7984 – Keyholding and response services • BS 7984-2 – Lone Worker response services • BS 7984-3 – Provision of Mobile Security Services • BS 8484 – Lone Worker Device Services • BS 7960 – Door Supervision Services • BS 8406 – Event stewarding and crowd safety services • BS 7499 and NCP 101 – Provision of retail security services • BS 7958 – Management and operation of closed circuit television (CCTV) schemes • BS 8507-1 and BS 8507-2 – Close protection • BS 102000 – Investigative Services • BS 8517-1 and BS 8517-2 – Security Dogs • BS 8477 – Customer Service • NCP 106 – Management and operation of cash centres • NCP 107 – Provision of control room services • NCP 110 – Technical surveillance countermeasures • NCP 111 – Security screening services • NCP 112 – Real-time counter eavesdropping detection • NCP 117 – Low value cash collection services • NCP 119 – Provision of labour in the security and events sectors • BS 7872 – Secure transportation of cash and valuables including counting and processing, courier services, storage and vaulting, and transportation and distribution including ATM Services NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 5 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 NSI certificate of approval) to the NSI Approval Criteria and the appropriate technical standards/Codes of Practice. 2.2 Scheme certification elements Certifications within the scheme are done so at a modular level. • Guarding (Gold or Silver) • Cash Services (Gold or Silver) • Specialist Services (Gold or Silver) Depending on the level of certification (Gold or Silver), the following types of certification will be included: Product certification: The scheme (both at Silver and Gold level) involves “Product Certification” as defined in BS EN ISO 17065. Product certification is carried out to the relevant British Standards, Codes of Practice or other normative documents. Management System Certification: At Gold level, the product certification(s) is supported by requirements for a quality management system (BS EN ISO 9001) and is therefore also recognised as a “Quality Management Systems Certification”. 2.3 Normative documents and scopes of approval Mandatory for Gold level: • Guarding Cash & Specialist Services Approval Criteria • BS EN ISO 9001 (applies to Gold level only) • British Standards / Codes of Practice other normative requirements that describe the ‘scope’ of the certification. These are listed in Section 2.4 . Mandatory for Silver level: • Guarding Cash & Specialist Services Approval Criteria • British Standards / Codes of Practice other normative requirements that describe the ‘scope’ of the certification. These are listed in Section 2.4 . 2.4 Scopes Guarding: • Security Services – BS 10800 • NSI/ACS Passport Specification NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 6 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 • Static guarding security services, including such services as Maritime & Port Security, Aviation Security and Rail Security Services – BS 7499 • Keyholding and response services – BS 7984 • Lone Worker response services – BS 7984-2 • Mobile Security Services – BS 7984-3 • Door Supervision Services – BS 7960 • Event stewarding and crowd safety services – BS 8406 • Security screening of individuals in a security environment – BS 7858 • Retail security services – BS 7499 and NCP 101 • Management and operation of closed-circuit television (CCTV) schemes – BS 7958 • Close protection – BS 8507-1 and BS 8507-2 • Security Dogs – BS 8517-1 and BS 8517-2 • Customer Service – BS 8477 • Provision of control room services – NCP 107 • Low value cash collection services – NCP 117 Cash and Valuables in Transit: • NSI/ACS Passport Specification • Security screening of individuals in a security environment – BS 7858 • Secure transportation of cash and valuables including counting and processing, courier services, storage and vaulting, and transportation and distribution including ATM Services – BS 7872 • Management and operation of cash centres – NCP 106 Specialist Services: • Lone Worker Device Services – BS 8484 • Technical surveillance countermeasures – NCP 110 • Security screening services – BS 7858 and NCP 111 • Real-time counter eavesdropping detection – NCP 112 • Investigative Services – BS 102000 • Provision of labour in the security and events sector – NCP 119 Where the size, nature, complexity and context of the business is such that some requirements in the relevant British Standard Codes of Practice are excessive NSI will consider concessions based on the spirit of the relevant British Standard Codes of Practice unless the health, safety and welfare of the employees are put at risk. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 7 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 3 Definitions 3.1 “ Inspectorate ” shall mean the National Security Inspectorate (NSI); being the trading division of Insight Certification Ltd – a company limited by guarantee. 3.2 “ Company ” shall mean an organisation, corporation, firm, enterprise, institution, charity, sole trade, association, or parts or combination thereof. A company can be public or private. 3.3 “ Product ” shall mean the service, provided to the appropriate Technical Standard e.g. BS 7499, BS 7872, etc. 3.4 “ PSIA ” shall mean the Private Security Industry Act 2001. 3.5 “ UKAS ” shall mean the United Kingdom Accreditation Service. 3.6 “ NSI Guarding (Gold / Silver) ” – the approval scheme element administered by NSI, and relating to the provision of guarding services and/or other manned security services (except cash services), and which assesses conformance of the product or service against a Technical Standard (or equivalent) and (in the case of Gold level) where the supporting management system element conforms to ISO 9001. Companies approved under this scheme element are granted permission to display the applicable NSI Security Services logo. Also, subject to the applicable UKAS rules, the applicable NSI Security Services logo may be used in conjunction with the appropriate UKAS ‘tick and crown’ logos. (Refer to the NSI Publication “Guide to using the NSI Logo” and /or the NSI Web Site). 3.7 “ NSI Cash (Gold / Silver) ” – the approval scheme element administered by NSI, and relating to the provision of cash services (e.g. cash-and valuables in-transit; storage/vaulting; cash processing and banking support services), which assesses conformance of the product or service against a Technical Standard (or equivalent), and (in the case of Gold level) where the supporting management system element conforms to ISO 9001. Companies approved under this scheme element are granted permission to display the applicable NSI Security Services logo. Also, subject to the applicable UKAS rules, the applicable NSI Security Services logo may be used in conjunction with the appropriate UKAS ‘tick and crown’ logos. (Refer to the NSI Publication “Guide to using the NSI Logo” and/or the NSI Web Site). 3.8 “ NSI Specialist Services (Gold / Silver) ” – the approval scheme element administered by NSI, and relating to the provision of security screening services and/or other specialist security / or security related services (excluding cash and guarding services), which assesses conformance of a product or service against a Technical Standard (or equivalent), and (in the case of Gold level) where the supporting management system element conforms to ISO 9001. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 8 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 Companies approved under this scheme element are granted permission to display the applicable NSI Security Services logo. Also, subject to the applicable UKAS rules, the applicable NSI Security Services logo may be used in conjunction with the appropriate UKAS ‘tick and crown’ logo. (Refer to the NSI Publication “Guide to using the NSI Logo” and/or the NSI Web Site). 3.9 “Labour provider” – provides a single individual or more than one person to a company to support the company’s own resources to deliver the contracted services to its customer. The labour provider does not have the responsibility for delivering the end customer contract. 3.10 “Sub-contractor” – a person or organisation that is responsible for delivering an element of the service provided to the customer on behalf of the approved company, i.e. they provide and manage the personnel on site and are responsible for ensuring the service is delivered in line with any service level agreements as specified in the contract. Agency staff, labour providers or individuals acting as labour are not considered to be sub-contractors. 4 Common criteria 4.1 Premises The Company shall operate from suitable and adequate secure premises as defined within the relevant Industry Standard or Code of Practice. Note: It is a condition of Approval that NSI auditors shall be permitted access to inspect and examine all premises, tools, equipment documentation, records, management systems, procedures and contracted sites, which are relevant to the scope of the NSI Approval. 4.2 Insurances The Company shall maintain appropriate insurance as defined within the relevant Industry Standard or Code of Practice. Note: Where the organisation is solely providing a service in-house (and not contracting to provide such services to third parties) then efficacy insurance and some other types of insurance mentioned above may not be needed. Guidance: Evidence of appropriate insurance should be presented at the time of applying for approval. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 9 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 4.3 Repute of management The persons managing, controlling and having principal interests in the ownership of the Company shall be demonstrably reputable persons of good standing and be suitably licensed in accordance with the PSIA, where required. A Curriculum Vitae (i.e. a résumé of personal and career history) shall be supplied on request for all Principals, Directors, Partners, Company Secretary and Major (10% or more) Shareholders, also a signed declaration stating whether or not there are any criminal convictions, discharges or un-discharged bankruptcy of a Principal, Director, Partner, Company Secretary and Major Shareholders, and these individuals shall, if called upon to do so by the Inspectorate, provide such further relevant personal information, evidence of character and repute, efficacies, guarantors and the like to the satisfaction of the Inspectorate (refer also to the NSI Application Form and the relevant Industry Standard). Where the reason for not granting approval is based upon information received from outside of the certification process, the applicant will normally be given the right to comment upon such information received, but the source of such information may have to remain confidential. The above requirements have always been a feature of the NSI schemes and they also reflect the more detailed requirements specified in the NSI Regulations. The NSI Regulations and Scheme Criteria are deemed to also satisfy the first clause of the general lead into the Regulator’s principles that is designed to ensure that approved businesses are run by proper persons that have the appropriate experience, training and skills for all the activities carried out. Guidance: In assessing compliance with the defined Criteria, the Inspectorate may take into account all information known to it regarding the persons concerned. The mere absence of information against a person is not necessarily sufficient; a company may be refused approval by the scheme or approval may be withdrawn or the company may be required (as a condition of remaining an approved company) to remove from office specific persons, where in the opinion of the Inspectorate the required positive evidence of repute and good standing is absent. 4.4 Finance (and experience of management) Approval may be withheld or withdrawn from any company that, in the opinion of the Inspectorate, has not demonstrated to the satisfaction of the Inspectorate that it is trading lawfully, meetings it’s just debts and other financial obligations, or where, in the opinion of the Inspectorate, the financial information provided is such as to indicate that the financial affairs of the company are not being or have not been carried out in a responsible and prudent manner (see also the relevant Industry Standards). NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 10 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 Guidance: a) Companies seeking approval as specified in the Industry Standard or Code of Practice are normally required to present annual accounts covering the two years immediately prior to application. Note: In the case of sole traders and partnerships, annual accounts as prepared by an independent accountant (i.e. accounts which would be sent to the HMRC) should be provided. In the case of incorporated companies, audited annual accounts (or other statutory accounts, where the company is exempt from audit), trading profit and loss statements and directors’ reports should be sent. b) In all cases, the capital structure of the company should be clear, (for example in the case of a limited company the amount of the paid-up Issued Share Capital should be stated). c) Companies that have been trading for less than two years are not normally granted approval. An exception may be permitted at the discretion of the Inspectorate where there is evidence of the following matters which in each case shall be appropriate to the size of the Company and the type of work undertaken: – • Adequate financial backing demonstrating how they intend to meet their business plan and commitments. • Relevant business and/or security management experience • Sufficient management resources to cover all functions/activities • Forward business plan (financial plan) appropriate in each case to the size of the company and the type of work undertaken. Note: Bank details should be supplied so that bank references may be taken up. 4.5 Contracts a) The Company shall not seek to impose upon customers, contract conditions that are unreasonable. b) For approval to each relevant British Standard or Code of Practice, applicant and approved companies must have at least one current contract providing services covered by the relevant British Standard Codes of Practice. On a case by case basis where a company is seeking approval to a number of related British Standard Codes of Practice and there is significant overlap, limited concessions may be possible e.g. if a company has static guarding and mobile patrol contracts as covered by BS 7499, then limited initial approval to BS 7984 may also be NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 11 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 possible for Key-holding and Alarm Response on the basis that there is Key- holding for the static sites and the mobile patrol sites and it would be the mobile patrol officers who also respond to any future contract for Alarm Response. c) Where an approved company does not have contracts in place at the time of their subsequent annual audit a time extension of no more than six months may be granted; alternatively, if the company can still demonstrate they have the capability to provide the relevant service any requirement for a visit to a contracted site may be waived until the following year. In cases where the site visit is waived until the following year, continued approval is also conditional upon demonstration that specified requirements were satisfied during the period of their last contract, that policies and processes remain fit for purpose and that key individuals continue to have the relevant knowledge and understanding of requirements. d) Where an approved and licensed company does not have any current contracts in place that relate to their approval against a relevant British Standard or Code of Practice then it is a condition of approval that NSI will maintain a list of such companies and supply it to the Regulator on request. e) With the exception of companies approved for the provision of labour in the security and events sector, where a company has direct contracts with customers but contracts out the service provision it is still possible to obtain and maintain NSI approval to the relevant British Standard Codes of Practice. However, NSI Certificates of Approval shall refer to “the management of” the relevant services rather than “the provision of”. f) Labour providers approved to NCP 119 are not permitted to source and provide additional labour from other labour providers unless they hold NCP 119 certification and have written authorisation from their customer. 4.6 Staff The Company shall have a minimum of 2 employees (where operating in an SIA regulated sector a minimum of 2 SIA licensed employees) in order to be eligible to apply, and should ensure it has a sufficient number of suitably trained and qualified employees to meet its obligations to its customers and as required by the relevant Industry/Technical Standards. All relevant personnel shall be suitably licensed in accordance with the PSIA. 4.7 Compliance with standards, codes of practice, etc. The Company (or part of the Company) approved under a NSI scheme shall adhere to, and conduct its business in accordance with the Scheme Rules and demonstrate compliance with the appropriate British or European Standard, NSI Code of Practice or NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 12 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 an agreed and authorised Technical Specification. Where a British Standard is issued as a Code of Practice e.g. BS 7499, compliance with the recommendations given in the British Standard Code of Practice is to be regarded as mandatory for all companies approved under the NSI schemes, subject to any interpretations formally issued as a Technical Bulletin by the Inspectorate that are within the public domain. Attention is drawn to Section 1, item 1.4 with regard to concessions due to size, nature, complexity and context of the business. 4.8 Security screening of personnel a) Where specified in the relevant product standard or Code of Practice the Company shall adhere to and comply with the recommendations given in British Standard 7858 (“Security screening of individuals employed in a security environment – Code of practice”) in respect of personnel identified in the relevant Technical Standards, Code of Practice, etc. b) Where the required security screening to BS 7858 is subcontracted to a third party, the company providing such security screening must hold NSI Certification for the provision of security screening services in accordance with BS 7858 and NSI NCP 111. Alternatively, if the subcontractor maintains other specific UKAS Accredited Certification for the provision of security screening services this may be acceptable but in such cases NSI reserve the right to also initially audit the subcontractor to verify the robustness of the certification. Note 1: In special circumstances and subject to prior written approval by the Inspectorate, alternative security screening arrangements may be accepted. Note 2: BS 7858 is normally addressed in conjunction with other Industry Standards, but there are a limited number of scopes where the service is mainly the provision of security screening services in accordance with BS 7858. In such cases the requirements of NSI NCP 111 are also applied to ensure that the premises, insurance, finance and structure of the Company are acceptable. Note 3: If the scope of the services for which approval is required falls within the categories regulated in accordance with the PSIA, then NSI shall be entitled to verify that all relevant employees are in possession of a current Security Industry Authority licence. Failure to demonstrate compliance with any such statutory or legal requirement may also be grounds to refuse to grant approval or terminate any existing approval. 4.9 Customer communication The Company shall operate a complaints management system to enable: NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 13 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 a) a record of all complaints to be kept relating to the requirements of the relevant Technical Standard/Code of Practice, etc. and make these records available to the Inspectorate when requested; b) appropriate action to be taken with respect to such complaints and any deficiencies found that affect compliance with the relevant Technical Standard/Code of Practice, etc.; c) actions taken to be documented. Note: Although the majority of the relevant Technical Standards/Codes of Practice contain a guidance note referencing BS ISO 10002 “Quality management – guidelines for complaint handling in organisations” (or previously BS 8600:1999 “Complaints management systems, Guide to design and implementation”) as a recommended form of complaints management system, the Inspectorate will accept other forms of complaints management system provided that the system adopted is such that it ensures that all complaints are document, investigated and action taken as appropriate. 4.10 Document control An appropriate document change and control procedure shall be maintained in order to ensure that the current issues of documents are authorised at the appropriate level and are readily available to relevant personnel. It should also ensure that obsolete issues are removed or segregated. A master list of documents shall be maintained and this shall include both internal and external documents. Document control should include all advertising, marketing and promotional documents and data. This could include information displayed on websites or by other electronic means. Guidance: Current editions of external documents can usually be limited to those that are referenced as part of the approval criteria for the relevant NSI Scheme and to those necessary to demonstrate compliance with certain statutory requirements. Where documents such as British Standards are only required for an individual bid or contract it is acceptable for the Company to mark the document as uncontrolled and only confirm its status if a later contract is negotiated that requires compliance with the current edition. 4.11 Statutory and legal requirements a) Where statutory and legal requirements are relevant to the service provided, it is a condition of approval that companies demonstrate their awareness and compliance e.g. PSIA licensing, working time regulations, HMRC, transport regulations, etc. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 14 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 b) Any suspected non-compliance with the PSI Act 2001 will be advised to the Regulator and where it is clear that an offence under the PSIA or other enactment has been committed, it will be treated as an NSI 1 Month major non-conformance (corresponds with Regulators definition for a major non-conformity) that also warrants consideration of immediate suspension or withdrawal of certification. This will generally result in suspension of certification at the time it is raised and withdrawal of certification if not responded to and closed out within one month. c) Where any other NSI major non-conformance is raised the company shall submit within 21 days, an acceptable corrective action response that demonstrates that effective corrective action will be completed within 3 Months. The corrective action response shall also demonstrate that the root cause of the non-conformity has been identified. If satisfactory corrective action is not demonstrated at the subsequent visit such that the major non-conformance can be closed out or downgraded to an NSI minor non-conformance then it shall be escalated to a 1 Month major non-conformance that will result in suspension or withdrawal of certification if not addressed. d) Where it is necessary to raise multiple NSI minor non-conformance s they shall be consolidated as an NSI major non-conformance if collectively they indicate overall weakness in processes. e) Isolated NSI minor non-conformance s still have to have an acceptable corrective action response within 21 days but confirmation of the effectiveness of the actions taken can be verified on the next scheduled audit, which must take place within twelve months. 4.12 Records Records shall be established and maintained to provide evidence of conformity to specified requirements. Records shall remain legible, identifiable and retrievable. Unless specified in the Technical Standard, the period of retention shall be sufficient to demonstrate that activities are carried out in a consistent manner and be sufficient to allow identification of any repetitive problems. 4.13 Labour provision To ensure integrity of the supply chain, with effect from 31st December 2021 all companies approved under the NSI Security Services scheme (Guarding, Cash and Specialist Services), are required to: a) only source additional labour from labour providers approved by NSI to ‘NCP 119: The provision of labour in the security and events sector’, or equivalent; or b) demonstrate at audit that your company has completed an internal audit of each labour provider against the requirements of NCP 119. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 15 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 Note: In order to understand how to safeguard your business from financial and reputational risk, companies that use bought in labour should also ensure that due diligence is undertaken on labour providers in line with HMRC guidance “Supply chain due diligence principles.” 4.14 Sub-contracting Where the company subcontracts any support function or activity to another organization it shall retain responsibility for compliance and where it is an essential or significant process in terms of service delivery, the selection of the subcontractors shall include the requirement that they maintain approval by a current UKAS Certification Body whose accredited scope includes the relevant standards e.g. provision of security screening or control room services. Where there is any doubt as to the robustness or relevance of such certification NSI reserve the right to audit the work of the subcontractors as well as the company seeking approval. Where the company subcontracts any portion of a contract for delivery of security services to another company, the selection of sub-contractors shall include the requirement that they maintain NSI or ACS approval for the relevant scopes of approval. Labour providers approved to NCP 119 are not permitted to source and provide additional labour from other labour providers unless they hold NCP 119 certification and have written authorisation from their customer. Note: Agency staff, labour providers or individuals acting as labour are not considered to be sub-contractors. 4.15 Notification of change a) It is a condition of NSI approval that companies shall inform NSI of any significant changes to the following: • their legal, commercial or organisational status; • key managerial, decision making or technical staff; • the contact address or relocation of any approved premises; • the scope of the services or products referenced under an existing approval; • its Quality, Environmental, Health & Safety or general management system, as relevant to the individual scheme criteria; • any significant or intended modification to the product or service process that may affect the conformity of the product or service. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 16 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 b) Our NSI Regulations are relevant to all our schemes and as well as going into more detail concerning each approved company’s obligations they also detail the NSI obligations to each approved company. This includes the commitment to give adequate notice to all stakeholders if a scheme or level of approval is to be discontinued. 4.16 Audit frequency and coverage It is a condition of all approvals that there shall be as a minimum an annual audit of all regulated businesses. The nature and scope of the annual audit shall ensure that the following are also satisfied: a) The Initial Certification Audit shall cover all clauses of the relevant British Standard or NSI Codes of Practice. b) The Recertification Audit shall be completed every three years and shall cover all clauses of the relevant British Standard Codes of Practice. Additionally if gaps in certification are to be avoided it should normally be carried out before the existing three-yearly certificate of approval expires. c) With the exception of companies approved to NCP 119 for the provision of labour in the security and events sector, the annual surveillance audit shall include at least one customer site visit to observe service delivery for each regulated sector. d) Certain exceptions to requirement c) are however relevant where observation of service delivery is inadvisable e.g. for CVIT collections and delivery in accordance with BS 7872 UKAS have historically accepted that the client carries out so called unseen inspections of service delivery, reports the same and the certification body ensures this process is maintained. In such cases a representative selection of crew members performing the service shall be interviewed before or after departure from the CVIT branch or depot to verify they have sufficient awareness of policies and procedures that impact on their activity. e) The annual audit shall also verify that no employee receives less than the current national minimum wage rate per hour. f) The annual audit shall ensure that all relevant employees are security screened in accordance with BS 7858 and that identity and right to work in the UK is verified. g) When the number of required annual days’ audit exceeds one, the annual audit may be split into a series of separate visits and in such cases requirements c) to f) above do not need to conducted on each scheduled visit as long as they are covered during each twelve month period. NSI reference only Document no. MSF 571 Issue no . 15 Issue date March 2025 Page 17 of 17 Document owner Certification Services Document classification PUBLIC (RESTRICTED) © NSI 202 5 4.17 Audit duration a) NSI will determine the audit duration required, based on industry guidelines such as those issued by the International Accreditation Forum (IAF) and the International Organization for Standardization (ISO). NSI will take into account the number of relevant employees, the complexity of the business, the processes carried out, the number and nature of contracts held, etc. At its discretion, NSI may change the audit duration / frequency to ensure: • there is adequate evidence on which to base certification decisions; • the adequacy of service delivery can be verified for each regulated sector or scope. b) For NSI Gold approval, where the supporting management system has to satisfy BS EN ISO 9001, the initial certification audit shall always entail a separate stage 1 and 2 audit with an interval between. c) Where a company wishes to transfer its approvals to NSI from another Certification Body, NSI will evaluate the approvals held and determine required assessment time accordingly. For the purpose of transfer, NSI can only accept certifications issued by other UKAS Accredited Certification Bodies.