Vetting Hub, Specialist Training Courses in Screening, Vetting and Compliance
Expert training for confident hiring, identity assurance and people based risk decisions, created by Graham and Vivianne Johnson with industry experience since 2006.
- Jan 20, 2026
Your BS7858 Screening Provider is Lying to You (And You're Paying £85+ Per Person to Stay Non-Compliant)
Your screening provider just sent you a BS7858 screening report for your new security officer.
They charged you £85. Maybe £120 if you went with a "premium" provider. The report looks professional. There's a nice header on it. Job done, right?
Wrong.
Here's what actually happened: you paid £85-120 for someone to collect data. Raw information. Criminal record checks, employment confirmations, identity verification. That's it.
And now—here's the part they never explain—you still have to do all the actual compliance work yourself.
You need to create the screening policy. Conduct the risk assessment. Make the employment decision. Audit the file. Document everything. Store it securely. Review it periodically.
All the things that actually make you compliant with ACS indicator 6.1.1? Those are still your responsibility.
So let me ask you a question: if you're doing all the compliance work anyway, why are you paying someone £85-120 per person to collect data you could collect yourself for £20-30 in actual check costs?
We built Vetting Hub because we saw security companies trapped in this expensive outsourcing cycle—paying thousands of pounds annually for screening services whilst remaining fundamentally non-compliant because they never understood that compliance isn't something you buy. It's something you build.
After working with security companies across the UK on BS7858 implementation, we're going to tell you something the screening industry desperately doesn't want you to know:
You can bring BS7858 screening in-house, take total control of your compliance, develop your team's expertise, and save thousands of pounds every year.
And Vetting Hub will show you exactly how to do it.
The Screening Industry's Dirty Secret: You're Doing the Work Anyway
Let me show you what actually happens when you "outsource" BS7858 screening to a provider.
You pay them £85-120 per person. They run checks. They send you a report. You file it away.
Then an ACS audit happens, and the auditor asks: "Show me your screening policy."
You don't have one. Your provider never gave you one because that's not their responsibility—it's yours.
"Show me your risk assessment for this role."
You don't have it. Your provider didn't do one because that's not their responsibility—it's yours.
"Show me your documented decision-making process for this disclosed conviction."
You don't have it. Your provider presented the information but making the employment decision is not their responsibility—it's yours.
"Show me your internal audit records for your screening process."
You don't have them. Your provider isn't auditing themselves because auditing your compliance process is not their responsibility—it's yours.
At this point, you realise something uncomfortable: the £85-120 you paid per person bought you data collection. It didn't buy you compliance.
Under ACS indicator 6.1.1, you—the approved contractor—must demonstrate that you "work to BS7858 standards." Not that you "paid someone to run BS7858 checks." That you work to the standard.
This requires:
A documented screening policy explaining your approach
Risk assessments for each role
Documented procedures for every screening component
Decision-making frameworks with documented reasoning
Internal audits of your screening process
Training for staff involved in screening
Secure record storage and GDPR compliance
Periodic reviews and updates
Your screening provider gives you NONE of this. Because these aren't data collection tasks—they're compliance management tasks. And those sit entirely with you.
So here's the question that should be keeping you awake at night: if you have to build all the compliance infrastructure anyway—the policies, procedures, risk assessments, decision frameworks, audit processes—why are you paying someone else to collect the data?
The actual cost of running the checks yourself:
DBS check via Update Service: £13-23 (or verify SIA licence at £0)
Employment references: £0 (telephone/email)
Identity verification: £0 (in-person or digital verification)
Credit check (where needed): £2-5
HMRC employment history: £0 (request directly)
Total actual cost: £20-30 per person for the checks themselves.
You're paying £85-120. That £55-90 markup? That's not for compliance—you still have to do that yourself. That's just for someone else to collect the data.
The Three Lies the Screening Industry Tells Security Companies
Let's be brutally honest about what the screening industry doesn't want you to know.
Lie #1: "We Make You BS7858 Compliant"
No, they don't. They run checks. Compliance requires documented policies, risk assessments, decision-making frameworks, and audit trails. Your provider gives you none of these things.
What they actually mean is: "We'll collect some data and present it in a format that looks professional."
The compliance bit? That's entirely on you.
Lie #2: "Outsourcing is Easier Than In-House"
Is it, though?
Outsourcing requires you to:
Understand BS7858 yourself (so you know what to ask for)
Create screening policies and procedures
Conduct internal audits of outsourced files
Make all employment decisions yourself
Maintain compliance documentation
Train your staff on their responsibilities
Store records securely
Review and update processes
In-house requires you to:
Understand BS7858 yourself (so you know what to do)
Create screening policies and procedures
Conduct the actual checks
Make employment decisions
Maintain compliance documentation
Train your staff
Store records securely
Review and update processes
Notice anything? The lists are nearly identical. The only difference is "conduct the actual checks" vs "audit outsourced checks." And guess which one takes less time and costs less money?
Lie #3: "You Need Us Because BS7858 is Too Complex"
BS7858 isn't complex. It's detailed, but it's not complex.
The screening industry wants you to believe you need expert specialists to implement it. Why? Because if you realised how straightforward it actually is, you'd stop paying them £85-120 per person.
Here's the truth: with proper training (like our BS7858 Screening Standard Course (£85)), an intelligent administrator or HR professional can absolutely conduct BS7858 screening to a higher standard than most budget providers.
Because your internal team will:
Actually care about getting it right (their job depends on it)
Have direct access to candidates for clarification
Understand your company's risk tolerance
Be properly trained on your specific procedures
Have oversight from management who understand the stakes
Compare this to a budget screening provider charging £85 per check, processing hundreds of applications per month, with offshore teams working from templates who've never met your candidates and don't understand your industry.
Who do you trust more?
The SIA's Post-Manchester Arena Reality: Control Matters More Than Ever
Let's talk about something uncomfortable.
The Manchester Arena Inquiry revealed catastrophic failures in security arrangements, including inadequate vetting and supervision of security staff. The SIA proposed mandatory business licensing and extended in-house security licensing requirements.
These proposals weren't implemented. According to the SIA's 2023-2026 strategic plan, they were "disappointed" but stated that their work to "fundamentally reset the voluntary approvals scheme for security businesses is more critical than ever."
Translation: they can't force mandatory licensing, so they're making ACS requirements more rigorous.
For security companies, this creates an environment where:
ACS audits will be more thorough than ever
Expectations for documented compliance will be higher
"We paid a provider" won't be an acceptable defence
Public protection concerns will override business convenience
In this environment, control matters.
When you outsource screening, you're trusting a third party with the foundation of your ACS compliance. If they cut corners, make errors, or fail to follow procedures properly—and you never audited their work closely enough to catch it—you're the one who loses ACS approval.
When you bring screening in-house:
You control the process from start to finish
You see exactly what's being done and how
You can intervene immediately if issues arise
You have direct accountability over quality
You're not dependent on a provider's competence or integrity
Post-Manchester Arena, the question isn't "can I afford to bring screening in-house?"
The question is: "can I afford NOT to have direct control over my screening process?"
What In-House BS7858 Screening Actually Looks Like
Let me show you what bringing BS7858 screening in-house actually involves for a security company.
Step 1: Get Your Team Properly Trained
This is the foundation. Your screening team (even if it's one person initially) needs to understand BS7858:2019 inside and out.
Our BS7858 Screening Standard Course (£85) covers:
Every component of BS7858:2019 in practical detail
What ACS indicator 6.1.1 actually requires
How to conduct each type of check properly
Risk-based decision-making frameworks
Common mistakes and how to avoid them
Record-keeping and GDPR compliance
This isn't optional. You cannot implement a standard you don't understand.
Cost: £85 per person (one-time training investment)
Step 2: Build Your Compliance Infrastructure
You need documented policies, procedures, and frameworks. This sounds daunting, but it's not—if you have the right templates and guidance.
Our Complete UK Screening & Vetting Governance Toolkit (£199) provides:
Pre-built screening policy templates (customisable for your company)
Step-by-step procedures for every BS7858 component
Risk assessment frameworks
Decision-making templates
Audit checklists
GDPR documentation
Training materials for your team
You're not starting from scratch. You're adapting proven frameworks to your specific operations.
Cost: £199 (one-time toolkit investment)
Step 3: Set Up Your Check Processes
Now you need access to the actual checks:
DBS Checks:
Register as a DBS organisation (free)
Use the DBS Update Service for renewals (£13/year per person)
Our Understanding DBS Checks (UK) Course (£49) shows you exactly how
Identity Verification:
Implement GPG45-compliant verification in-person or digitally
Our Digital ID & GPG45 Compliance Course (£59) explains the standards
Employment History & References:
Direct contact with previous employers (telephone/email)
HMRC employment history requests (free)
Documented procedures for verification
Credit Checks (where appropriate):
Commercial credit check accounts (£2-5 per check)
Risk-based determination of when required
SIA Licence Verification:
Online checker (free)
Documented verification process
Total per-person check costs: £20-30
Compare this to paying £85-120 to a provider for the same checks.
Step 4: Implement Documented Decision-Making
This is where your training pays off. For each screening, your team:
Reviews all information obtained
Identifies any gaps, discrepancies, or adverse findings
Conducts risk assessment against the specific role
Makes documented employment decision with clear reasoning
Stores complete file securely
Our DBS Employer Decision Framework (£59) provides the structured approach for making these decisions consistently and defensibly.
Step 5: Conduct Regular Internal Audits
Monthly or quarterly, review a sample of screening files to ensure:
All procedures are being followed correctly
Documentation is complete and detailed
Decisions are consistent and risk-based
Records are stored securely
Any issues are identified and corrected quickly
Our toolkit includes audit checklists that make this straightforward.
The Real Cost Comparison: In-House vs Outsourced
Let's do the maths for a security company screening 50 officers per year.
Outsourced Screening:
50 checks × £85 = £4,250/year (minimum)
50 checks × £120 = £6,000/year (premium providers)
Plus you still need policies, procedures, audits, training (£500-1,000 annually)
Total annual cost: £4,750 - £7,000
And you have:
No direct control over quality
Dependency on provider's competence
Risk of provider errors that you're liable for
No in-house expertise development
In-House Screening:
First year costs:
BS7858 training for 2 staff: £170
Complete Governance Toolkit: £199
Understanding DBS course: £49
Digital ID course: £59
DBS Employer Decision Framework: £59
Actual check costs: 50 × £25 = £1,250
Total first year: £1,786
Ongoing annual costs:
Check costs: 50 × £25 = £1,250
Annual audit/review time: minimal (part of existing compliance)
Total ongoing: £1,250/year
Savings: £3,500 - £5,750 per year
And you have:
Complete control over your screening process
Developed in-house expertise
Direct accountability
Immediate intervention capability
No dependency on external providers
Staff development and skill-building
Over 5 years, you save £17,500 - £28,750.
That's real money. And that's assuming only 50 screenings per year. If you're screening 100+ officers annually, the savings double.
The Limited Screening Reality That Proves You Need In-House Control
Here's something that perfectly demonstrates why in-house control matters: Limited Screening.
BS7858:2019 includes provisions for "Limited Screening"—a reduced level allowing new officers to start work whilst full screening is being completed.
Sounds reasonable. But here's the reality we see constantly:
Security companies are using Limited Screening completely wrong, and their outsourced providers aren't stopping them.
Limited Screening under BS7858 requires:
Temporary duration only (4-6 weeks maximum, not 18 months)
Additional supervision by fully screened personnel
Risk limitations (not appropriate for all roles)
Documented policy and procedures
Timeline for completing full screening
What actually happens with outsourced screening:
Provider runs basic checks
Security company deploys officer immediately
Officer works unsupervised for months
Full screening never completed, or completed 6-12 months later
No documented supervision arrangements
No risk assessment of whether Limited Screening is appropriate
Your provider doesn't stop this because they're not responsible for how you use their checks. They provide data. You make operational decisions.
But when the ACS audit happens, you're the one who fails. Not them.
With in-house screening:
Your trained team understands Limited Screening requirements
Your procedures explicitly define when it's appropriate
Your supervisors know what supervision is required
Your timelines ensure full screening is completed quickly
Your audits catch any process failures immediately
This is the difference between having a provider who collects data and having an in-house team who understands compliance.
You can't outsource this level of operational integration. You need direct control.
When Outsourcing Makes Sense (And It's Rarer Than You Think)
Let me be balanced here: there are situations where outsourcing some components of BS7858 makes sense.
Overseas Criminal Record Checks: If you regularly screen candidates who've lived abroad, overseas checks can be complex and time-consuming. Using a provider with established international networks can be more efficient than managing these directly.
High-Volume Temporary Screening: If you're hiring 200+ security officers for a major event over 2-3 weeks, outsourcing the administrative burden might be justified to handle the volume spike.
Complex Regulated Sectors: If you're screening for positions that require specialist sector knowledge (aviation security with CAA requirements, for example), using a provider who specialises in that sector might add value.
But here's the critical point: even in these situations, you still need in-house expertise.
You still need to:
Understand BS7858 yourself
Have documented policies and procedures
Conduct internal audits of outsourced work
Make employment decisions
Maintain compliance documentation
The outsourcing should be for specific, complex components—not for your entire screening function.
And for most security companies doing standard security officer screening? You don't need to outsource at all. The checks are straightforward, the candidates are UK-based, and the roles are consistent.
Bring it in-house. Take control. Save money. Build expertise.
What About "We Don't Have the Resources"?
This is the objection we hear most often: "We don't have the internal resources to do screening in-house."
Let's examine this honestly.
Time Investment:
Conducting a BS7858 screening in-house: 2-4 hours per person (including checks, review, documentation)
Reviewing an outsourced BS7858 screening properly (auditing file, assessing findings, making decision, documenting): 1-2 hours per person
So you're actually saving 1-2 hours by doing it in-house?
No. You're spending an extra 1-2 hours per person. But you're also:
Saving £55-90 per person on provider markup
Building in-house expertise that compounds over time
Maintaining direct control and accountability
Developing your team's capabilities
Eliminating dependency on external providers
Staff Requirements: You don't need a dedicated screening department. For most security companies:
1 trained administrator can handle 50-100 screenings annually
1 senior manager provides oversight and decision-making
Total time: 5-10 hours per month
This is part-time work, not a full-time role. And it's work that develops valuable expertise within your company.
Training Investment:
BS7858 course: Half day
Supporting courses: 1-2 days total
Ongoing learning: Minimal (stay current with guidance updates)
This isn't a massive training burden. It's professional development that pays dividends forever.
The "resources" argument doesn't hold up. What it actually means is: "We haven't invested in building this capability, so we've become dependent on outsourcing."
Break the dependency. Build the capability.
The Vetting Hub Solution: Complete In-House Screening Capability
Here's what Vetting Hub provides to security companies ready to take control:
Foundation Training: BS7858 Screening Standard Course (£85) - Complete understanding of the standard and how to implement it
Specialist Knowledge:
Understanding DBS Checks (UK) Course (£49) - Identity verification and criminal record checking
Digital ID & GPG45 Compliance Course (£59) - Modern verification standards
Right to Work Checks & Legal Requirements Course (£49) - Legal compliance integration
Fraud Awareness in Pre-Employment Screening Course (£59) - Identify fraudulent applications
Complete Implementation Framework:
Complete UK Screening & Vetting Governance Toolkit (£199) - Policies, procedures, templates, audit checklists
DBS Employer Decision Framework (£59) - Structured decision-making approach
BS7858 Employer & Applicant Guidance Pack (£69) - Ready-to-use guidance materials
Complete Package Options:
BS7858 Screening Compliance Bundle - Everything needed for BS7858 implementation
Security Industry Essentials Compliance Bundle - Comprehensive training for all ACS requirements
Total investment to build complete in-house capability: £500-700 (one-time)
Compare this to:
Outsourcing costs: £4,750-7,000 annually
Payback period: 6-8 weeks
Ongoing savings: £3,500-5,750 every year
This isn't an expense. It's an investment that pays for itself in 2 months and continues saving you money forever.
What You Need to Do Right Now
If you're a security company currently outsourcing BS7858 screening, here's your action plan:
Step 1: Calculate Your Real Costs
Pull up your screening invoices for the last 12 months:
How many screenings did you conduct?
How much did you pay per screening?
What was your total annual cost?
What additional compliance work did you do anyway?
Now calculate what in-house would cost:
£500-700 for training and toolkits (one-time)
£20-30 per person for actual checks (ongoing)
Compare the numbers
The savings will be obvious.
Step 2: Get Your Team Trained
Start with our BS7858 Screening Standard Course (£85). This is the foundation. Your screening administrator and oversight manager both need this.
Then add specialist courses based on your needs:
Understanding DBS Checks (UK) Course (£49) - Essential
Digital ID & GPG45 Compliance Course (£59) - Identity verification
Right to Work Checks & Legal Requirements Course (£49) - Legal compliance
Total training investment: £200-300 for key personnel.
Step 3: Build Your Framework
Get our Complete UK Screening & Vetting Governance Toolkit (£199).
This gives you:
Policy templates you can customise immediately
Step-by-step procedures for every BS7858 component
Risk assessment frameworks
Decision-making templates
Audit checklists
Everything documented and ready to implement
You're not building from scratch. You're adapting proven frameworks.
Step 4: Set Up Your Systems
Register for direct access to checks:
DBS organisation registration (your trained team knows how)
Credit check account (where appropriate)
Document verification processes
Reference check procedures
File storage and management
Our toolkit includes implementation guidance for all of this.
Step 5: Transition Gradually
You don't have to switch overnight. Start with:
New hires: conduct in-house screening
Renewals: bring in-house as existing screenings expire
Continue outsourcing only complex cases (overseas checks, specialist roles)
Within 6-12 months, you'll have:
Complete in-house capability
Developed expertise
Documented track record
Significant cost savings
Total control
Step 6: Document Everything
The beauty of in-house screening: you control the documentation quality.
Make sure every file includes:
Complete activity history with gap analysis
Detailed reference checks with actual responses
Risk assessment with documented reasoning
Employment decision with clear justification
Secure storage with GDPR compliance
This is what ACS audits actually look for. And it's much easier to ensure quality when you're doing it yourself than when you're auditing someone else's work.
The Hard Truth About BS7858 in the Security Industry
Let me end with absolute clarity.
The screening industry has convinced security companies that BS7858 compliance requires expensive outsourcing. It doesn't.
What BS7858 requires is:
Knowledge of the standard
Documented policies and procedures
Proper implementation of each component
Risk-based decision-making
Audit trails and record-keeping
All of these things are easier to achieve in-house than through outsourcing.
When you outsource:
You still need the knowledge (to oversee the provider)
You still need policies and procedures (provider doesn't give these)
You're dependent on provider's implementation quality
You still make all decisions yourself
You still maintain all records and audits
So you're paying £85-120 per person for data collection whilst doing all the actual compliance work yourself.
That's not efficiency. That's expensive dependency.
When you bring screening in-house:
You invest once in training and toolkits (£500-700)
You pay actual check costs (£20-30 per person)
You develop permanent in-house expertise
You maintain complete control and accountability
You save thousands annually
That's not just efficiency. That's strategic capability-building.
The question isn't "can we afford to bring screening in-house?"
The question is: "how much longer can we afford to pay outsourcing markups whilst remaining dependent on external providers for our ACS compliance?"
Post-Manchester Arena, with increased ACS scrutiny, with higher expectations for documented compliance, with public protection taking priority over business convenience—control matters more than ever.
You can't outsource accountability. You can't outsource expertise. You can't outsource the responsibility for getting this right.
So stop trying.
Bring BS7858 screening in-house. Get properly trained. Build the capability. Take control.
Vetting Hub will show you exactly how to do it.
Your screening provider lied to you when they told you that paying them £85-120 makes you compliant.
We're telling you the truth: compliance is something you build internally, not something you buy externally.
The training is available. The toolkits exist. The cost savings are proven. The strategic benefits are clear.
What you do next is up to you.
But if you do nothing and continue outsourcing whilst remaining fundamentally non-compliant, don't say nobody warned you.
Because I've just told you exactly what the problem is and exactly how to fix it.
Your choice.
Related Resources
For comprehensive guidance on employee screening and vetting, see our Complete Guide to Employee Screening and Vetting Training in the UK.
Essential Training & Resources for In-House BS7858 Screening
Foundation Training:
BS7858 Screening Standard Course (£85) - Essential foundation for bringing screening in-house
Specialist Knowledge:
Understanding DBS Checks (UK) Course (£49) - Identity verification and criminal record checking processes
Digital ID & GPG45 Compliance Course (£59) - Modern identity verification standards
Right to Work Checks & Legal Requirements Course (£49) - Integrate legal compliance with screening
Fraud Awareness in Pre-Employment Screening Course (£59) - Identify fraudulent applications and documentation
Complete Implementation:
Complete UK Screening & Vetting Governance Toolkit (£199) - Complete policies, procedures, templates, and audit frameworks
DBS Employer Decision Framework (£59) - Structured approach to disclosure decisions
BS7858 Employer & Applicant Guidance Pack (£69) - Ready-to-use guidance materials
Right to Work Compliance Toolkit (UK) (£59) - Complete right to work verification processes
Bundle Options:
BS7858 Screening Compliance Bundle - Complete package for implementing in-house BS7858
Security Industry Essentials Compliance Bundle - Comprehensive training for all ACS requirements
About the Authors: Graham and Vivianne Johnson created Vetting Hub to give security companies and employers complete control over their screening and vetting processes. We saw too many companies trapped in expensive outsourcing relationships whilst remaining fundamentally non-compliant. Our training programmes and toolkits provide everything needed to bring BS7858 screening in-house—saving thousands annually whilst building genuine, defensible compliance.
For security companies ready to take control of their ACS compliance, we provide the training and resources to move from expensive dependency to cost-effective in-house capability.