Start a security company in Ireland
We deal with many consultancy clients who wish to start a security company in Ireland. The number of clients who actually go through the process is small in comparison to the large number of enquiries we get about setting up security companies in Ireland. We are always happy to help and talk people through the process but more often than not when they hear the pitfalls and costs involved as well as the margins at which many companies are operating they rarely go ahead. This is not to put a negative spin on running a security company in Ireland as there are some fantastic small security companies out there. The reality is that running a small security company is tough work. Its expensive, time consuming and risky. Regulation has played a huge part in creating significant barriers to entry and in recent years that regulation has become even tighter. In this article we will talk through the process of setting up a security company in Ireland and more specifically about the new PSA31:2019 quality standard for new security companies.
In 2019 the Private Security Authority made some significant changes to the audit process for new security companies. The intention is absolutely to make sure that the right people are running security companies in Ireland and those people are fit to do so. One of the biggest changes is clause 3.14 of the standard. This clause says that any person wishing to provide a security service in Ireland must have 5 years operational experience in the last 10 years in that sector. They do have a caveat in there that says if you don’t have that experience you must show you have the required skills and experience to run a company. In theory it’s a good principle to introduce but to paly devils advicate her there are a number of issues with it that recieve criticism form smaller providers.
- The directors of many of the large and medium sized existing providers do not have 5 years operational experience in the last 10 years.
- Just because someone has 5 years experience in security doesn’t make them fit to run a security company.
- Would the clause stand up to a legal challenge in court if a company met all other aspects of the standard? (which is why the PSA are now requiring you to fulfil this section before they will even consider your application).
It’s not a perfect clause but it’s done for the right reasons so once a new provider can meet the critieria to apply then we can move on swiftly to the rest of the standard.
The regulator has become stricter on companies having the correct amounts and sources of finance to operate a security company. This is a positive step to ensure good governance and risk management is at the forefront of business even for small providers. The first and most important element is that the auditor will want to see that the potential company has start up capital sitting in the company account to start trading. Realistically an applicant will need at least the first 3 months trading expenses sitting in an account. This includes your rent, insurance, utilities, payroll and all of the other things you will have to spend money on to get your first contracts up and running. Realistically it may take a month to get a contract, staff it for another month and then get paid on 30 days credit so this is a sensible clause.
Once the auditor sees that the money is in the company account then they will want to see where that money came from. If it is from personal savings they want to see the account that it came from. If it is a loan or funding of some sort they want to the see the source and the terms. They will also want to see who can access your account and anybody who has a material interest or can benefit form your company. Again this is a good clause to stop any rogue directors who may not be able to get a licence themselves from setting up through another person. Some may see this part as going beyond the remit of a regulator but it is again for good reason.
The next step is to produce a cash flow plan for the first 6 months of business with all of your projected sales, costs and expenses as well as expected profits (if any). This should detail start up loans and repayments etc. You also have to break down where your sales estimates are coming from and the auditor must believe that your rates and estimated hours are realistic and achievable.
Every security company needs an office. While the days of starting your security company from a kitchen table are not quite gone it is becoming harder and harder to do so. The requirements are for a safe and secure space from which the business can be administered. A kitchen table is rarely still an appropriate option. Of course a spare room may be but there are stipulations. These include the room being alarmed and this alarm must be installed and monitored by a PSA licenced company. The room must have adequate safe and secure storage for files, documents and keys and may have to function as a command and control centre for the company. Bear this in mind when deciding whether to operate from an office or home.
The reality is that it is almost impossible for a start up company to get the required insurance for the door supervisor sector. This is due in the main to the conduct of existing security businesses and the number of claims under the deliberate act section making it very hard to underwrite a new business. Even for the event sector it is getting increasingly difficult to obtain good insurance without very high excess on the policy. The regulator has identified this and in addition to having the required insurance in place they also require a new business to set aside 3 times the value of any excess on their policy in the event of claims in the first year.
The requirements for staffing are in general the same as for the later PSA28:2013 standard in that each employee must have a file with the required contents and each should have the relevant 5 year screening completed before being deployed to a site. Each director will also need a staff file and 10 year background screening. For anybody looking to start a company the amount of work to be completed in the hiring and screening process is not to be underestimated. There are significant time and money cost involved before a person can be deployed to site. The person has to be selected, interviewed, hired, trained, given a uniform, equipment and then screened. All of this before you make a cent.
You must appoint a competent person within the management team to oversee training. This doesn’t mean that the person must deliver the training but they must schedule it and book it and ensure the that trainers are competent to deliver it. In a small start up it is likely that this administrator will also be the MD or similar and that’s fine. They can deliver training themselves if they are qualified to do so or more than likely they can nominate a qualified person internally or externally to provide the training. Training is expensive whether you provide it internally or externally and you will be asked to show provision for induction training, refresher training, site training,specialist and supervisory training. To plan and do this right takes some time.
We have supported a number of companies to achieve the standard and the following PSA 28:2013 standard. Many come to us only after failing an initial audit. One of the biggest audit non compliance areas is in risk assessment. An applicant is required to have a risk assessment procedure, risk assessment survey and produce a safety statement. Straightforward in theory but so many miss out in this area. Some of the reasons for this are copy/paste safety statements and risk assessments from other employers. Using a template that works is fine as long you as you make the document your own and specific to your business and company. If you bring in a consultant to help with this then make sure the documents they supply suits your business. You will also need to show the auditor how you survey a new site and what risks you look for in a site specific risk assessment. This section is really about owning the risk in your business and not outsourcing it to copy/paste in MS Word.
The last section an applicant needs to fulfill is Operations. This section talks about the basics of incident and accident reports but most importantly about assignment instructions and command and control functions. The requirement is for a sample of an assignment instruction of a site similar to what you wish to undertake. So once again a ‘sample’ doesn’t mean a template with headings or a copy and paste document from another provider. There is an easy way by just copying the headings from the audit and writing a few lines in each but this defeats the purpose. To do the job right needs an investment of time and energy in writing an AI that will work for your business and your employees based on the resources and clients you intend to have. Again using outside help to build this is fine as long as you make it your own.
The command and control system is next and this is another hidden investment that is required. The level of detail auditors are going through this section with is growing and growing. This area details how a provoder will roster and deploy your staff and how you will supervise them in the field (in particualar lone wkrkersa dnthise on higher risk sites). Every company must have either a fixed command and control office or a shared or outsourced office. From this place all sites must be checked in with at least every two hours for the duration of their shift and phone records of this must be maintained. At the start of a company if you have 24 hour sites it isn’t reasonable to say that you will be making and taking those calls 24 hours a day. The easiest way to manage this is to outsource the out of hours calls to a monitoring centre and detail the escalation process for unanswered calls in the command and control procedures. Again though this has a cost to it. As many contingencies as possible should be planned for and detailed including absence from a site, failure to check in , lateness, illness, client complaint, emergency cover requests and more.
Following the audit
Following the audit the regulator will issue a report stating whether you passed (very unusual first time) or require further documents. You will then be given 5 weeks to supply these documents and achieve the standard. The standrd requires 100% compliance with all clauses to acheive. Only once this is done can a provider start looking for business and all of the time this business is costing money in the background. Once up and running a provider must engage a certification body to come back within 6 month and assess them against the PSA28:2013 standard but that’s another article.
Tge objective of this article is not to frighten potential applicants off from starting a security company but we do want people to be realistic. If you are considering starting a securuty company in Ireland then you need to go into it with your eyes open and with all of the information. Otherwise you can spend a significant amount of money without ever getting to trade a day. If you are considering it then do it right and do it professionally. If the thought has crossed your mind feel free to get in touch and we will happy to talk you through the process.