What questions should you ask a security company before hiring them

What should you ask a security company before they start work on your premises?

You should ask about staff licensing, vetting, training, accreditations, site-specific planning, compliance, oversight, insurance, and communication. A suitable provider should be able to explain each area clearly, show evidence where needed, and describe how its service fits your site rather than offering vague assurances.

Security guards, reception officers, mobile responders, and control room staff may all have access to people, property, and sensitive routines. Allowing any provider onto your site therefore calls for more than a quick price comparison. A few well-chosen questions can show whether a company works to a clear standard or relies on general claims

Are your security personnel fully licensed, vetted, and trained?

Credentials matter because the person standing at your entrance or patrolling your building may be dealing with visitors, contractors, deliveries, incidents, and confidential information. If the basics are weak, the service can look presentable on day one and still create avoidable problems later.

Ask these points early:

• Which roles on my site require a Security Industry Authority (SIA) licence, and how do you verify that each licence is current?
• What staff screening and background checks do you carry out, including right to work checks and any DBS checks where relevant?
• What induction processes do your officers complete before arriving on site?
• How often do staff receive refresher training and compliance checks?
• Can you explain how training differs for front of house, guarding, key holding, or specialist assignments?

An SIA licence is a legal requirement for many guarding roles, but it does not tell you everything about a person’s readiness for your site. A licensed officer may still need site induction, assignment-specific instruction, and regular refresher training to perform well in a live environment.

Vetting deserves the same attention. Staff background checks, identity checks, employment history, and right to work checks all form part of a more reliable recruitment process. Where a role involves added safeguarding concerns, a company should be able to explain whether DBS checks apply and how they are handled.

Training should also be ongoing, not treated as a one-off step. Incident reporting, conflict management, access control, customer-facing conduct, and emergency procedures all benefit from regular review. In companies that work under structured quality systems such as ISO 9001, those training records are usually easier to track and audit.

A provider that cannot explain who checks licences, who signs off inductions, or how refresher training is scheduled may be relying on assumptions instead of process.

What accreditations and industry standards do you hold?

Accreditations matter because they show whether a company has submitted parts of its operation to outside review. They do not guarantee flawless delivery, although they can indicate that systems, audits, and compliance frameworks are in place.

Several standards and schemes appear often in security procurement:

• SIA Approved Contractor Scheme: shows that a security business has been independently assessed against recognised operational criteria.
• ISO 9001: relates to quality management, including documented procedures, reviews, and audit trails.
• SAFEcontractor: focuses on health and safety assessment and related management practices.
• Action Counter Terrorism participation: indicates engagement with recognised awareness and preparedness initiatives.
• Infologue Top 100: reflects industry visibility and market presence, although it is not a compliance standard in the same sense as the schemes above.

What matters is the meaning behind the badge. ISO 9001, for example, suggests that quality management is documented and reviewed. The SIA Approved Contractor Scheme points to external assessment beyond basic licensing. SAFEcontractor can show that health and safety processes have been examined in a formal way.

Independent audits are useful for the same reason building regulations are useful. They do not build the structure for you, but they do show whether certain standards have been tested by someone outside the business itself.

Verification is straightforward. Ask for the full accreditation name, certificate details where relevant, and the expiry date. If a provider uses logos heavily yet struggles to explain what they cover, that gap tells you something important.

How do you tailor security solutions to different sites and risk profiles?

A warehouse with vehicle movements, a residential block with concierge needs, and a retail site facing stock loss all require different security planning. Generic packages tend to miss those differences, which can leave one site overstaffed and another exposed.

A professional provider should begin with a site survey and a structured risk assessment. That process usually looks at access points, opening hours, lone working, public footfall, asset protection, emergency procedures, and any health and safety constraints. Forthcoming legal expectations, including Martyn’s Law, have also pushed many organisations to think more carefully about site-specific threat planning.

The key questions are practical ones.

1. Will you visit the site before proposing a service?
2. How do you assess risks for this type of building and occupancy?
3. What changes would you recommend for our opening hours, access control, patrol pattern, or staffing profile?
4. How often will the assignment be reviewed after it starts?
5. How do you adapt the service if our risk profile changes?

Sector makes a real difference. Corporate offices often place more emphasis on reception conduct, visitor management, and discreet incident handling. Residential developments may need a balance between resident service and access control. Retail operations often require stronger loss prevention awareness and visible floor presence.

An experienced operator should be able to explain those distinctions without turning every site into a specialist project. In practice, firms such as Double Check Security Group tend to structure delivery around the site itself, with surveys, assignment instructions, and review points built into the service rather than added later.

Good planning also changes over time. A premises refurbishment, a change in tenant mix, longer opening hours, or a new public event schedule can all alter risk in ways that a fixed package may miss.

What is your approach to compliance, health and safety, and regulatory obligations?

Compliance affects day-to-day reliability as much as it affects legal position. A company that runs proper records, updates procedures, and reports incidents consistently is usually easier to work with than one that treats compliance as paperwork for tenders.

Health and safety should be visible in the way officers are deployed, briefed, supervised, and equipped. That includes risk assessments, lone worker arrangements where relevant, safe patrol expectations, incident reporting, and clear escalation routes. Security staff often work in active environments with contractors, visitors, cleaning teams, delivery drivers, and members of the public, so a weak safety culture tends to show up quickly.

Regulatory compliance covers a wider frame. SIA licensing sits within that, but so do employment checks, record keeping, assignment instructions, data handling, and any sector-specific obligations. Some settings bring added standards into view, such as the Railway Industry Supplier Qualification Scheme or hygiene-related processes aligned with bodies such as the British Institute of Cleaning Science where cleaning and security services overlap on one site.

Useful points to raise in conversation include:

• How do you keep up with regulatory updates and changes to working practices?
• What incident reporting process do you use, and who reviews reports?
• How are health and safety responsibilities divided between your company and the client?
• What evidence can you provide of audits, risk mitigation, and compliance management?
• How do you investigate and record near misses, accidents, or breaches of procedure?

A strong answer should connect compliance to real operations. You should hear how supervisors check standards, how records are retained, and how lessons from incidents feed back into training or updated procedures. References to HSE guidance, documented audits, and quality systems such as ISO 9001 are useful because they show a method, not just intent.

If compliance is described as a box to tick before mobilisation, the service may depend too heavily on individuals instead of a dependable operating system.

How do you ensure operational oversight and service quality on an ongoing basis?

Security services can weaken quietly if nobody is watching performance after the contract starts. Uniforms may still look smart, but reporting can slip, handovers can become inconsistent, and site knowledge can fade if oversight is light.

Ongoing management usually includes regular site visits, assignment reviews, spot checks, incident trend analysis, and some form of control centre support. A 24-hour control centre can be particularly useful where lone workers, alarm response, or out-of-hours escalation form part of the service.

One sign of a well-run provider is visible accountability. Supervisors know the site, managers review performance data, and client feedback leads to action rather than sitting in an inbox. Double Check Security Group is one example of a provider model that places weight on site reviews, control room support, and operational reporting across longer-term contracts.

Look for evidence of these mechanisms:

• scheduled supervisory visits and documented findings
• performance monitoring systems or audit frameworks
• clear incident escalation and management review
• regular service reviews with the client
• a process for replacing, retraining, or supporting staff where standards slip

Set and forget rarely works in security. Buildings change, occupiers change, and pressure points shift through the year. A company that notices those patterns early is in a better position to correct small issues before they affect residents, staff, or visitors during a busy period.

What insurance cover and liability protections do you provide?

Insurance often receives attention only after an incident, which is late in the process to find gaps. Before any officers arrive on site, you should understand what cover exists, what the limits are, and whether the documents are current.

Most buyers will want to ask about three areas:

• public liability insurance, which may respond where third-party injury or property damage is alleged
• employer’s liability insurance, which is generally expected where staff are employed
• professional indemnity insurance, where advisory or specialist elements of the service create that need

Policy names on their own are not enough. Ask to see insurance certificates and check dates, indemnity limits, and any exclusions that may affect your site type or service scope. A provider supplying manned guarding, key holding, CCTV monitoring, or specialist security work may not have the same exposure in every contract, so the policy position should match the assignment.

Some clients assume insurance covers every possible failure automatically. That is rarely how policies work. Contract terms, reporting timescales, conditions of cover, and limits on certain incidents can all affect the position after a claim.

Liability should also be discussed in plain language. If your team controls access lists, issues visitor permits, or manages building systems alongside the security provider, responsibilities may be shared. That is worth clarifying before mobilisation, especially where incident response depends on both parties acting within a set timeframe.

A current certificate is useful evidence, but a short conversation about exclusions and contractual liability usually tells you more than the document alone.

How do you communicate with clients and handle incidents or emergencies?

Imagine a contractor forces entry through the wrong gate at 06:30, a fire alarm follows ten minutes later, and your site contact is off duty. In that moment, availability matters, although clear procedure matters more.

Day-to-day communication should cover shift handovers, occurrence reports, visitor issues, access anomalies, and routine updates. During an emergency, the provider should be able to explain who logs the incident, who is alerted first, what the escalation path looks like, and how the client is kept informed without confusion.

These questions usually get to the point quickly:

1. How are incidents recorded, escalated, and closed?
2. Who contacts the client during an urgent event, and how quickly?
3. Do you use a control centre or another central point for out-of-hours support?
4. What information is included in routine reports and post-incident reviews?
5. How do you separate minor issues from incidents that need immediate escalation?

Good communication is proactive. That means officers report changes before they become disputes, supervisors flag recurring issues, and incident logs are written clearly enough for management review. Open lines are useful, but structure matters more than availability on its own.

Picture a repeated access control failure at a loading bay. A weaker provider may log each event separately and move on. A stronger one will spot the pattern, report the operational risk, and suggest a change to staffing, timing, or physical controls before the issue disrupts deliveries again.

Post-incident debriefs matter too. Once the immediate problem is handled, the provider should be able to explain what happened, what action was taken, and whether any procedure now needs to change.

What are common misconceptions when selecting a security company and what should you really focus on?

Security buying decisions often drift toward the most visible features: price, headcount, uniforms, or a polished proposal. Those details matter, but they do not reveal much about how the service will perform after the first month on site.

Several assumptions regularly mislead buyers:

• Lowest price means best value. In practice, low pricing can reflect thin supervision, limited training, or weak staffing resilience.
• All licensed providers operate to a similar standard. Licensing sets a baseline for relevant roles, but management quality and site delivery can vary widely.
• Accreditations prove the service will be excellent. They show systems and assessments, which is useful, but they do not replace scrutiny of day-to-day operations.
• A visible guard presence is enough. Many sites need reporting discipline, escalation procedures, and client communication just as much as they need deterrence.
• Security requirements stay fixed. Buildings, tenant profiles, trading patterns, and public risk all change, so the service should be able to adapt.

The more useful approach is to look for operational substance. Ask how the company recruits, checks, supervises, reports, reviews, insures, and updates its service over time. Ask how it responds when conditions shift. Ask what evidence sits behind the proposal.

Those questions tend to separate firms that simply supply people from firms that manage risk in a structured way. Once you focus on that difference, choosing a security company becomes a clearer and more informed decision.