Why UK Security Tender Bids Fail: 7 Reasons + Fixes (2026)

Most UK public-sector security bids do not lose on quality. They lose at the SQ gate before the quality team reads anything. No SIA ACS approval. No BS 7858 vetting evidence. Insurance shortfall. Generic operational copy that any contractor could submit. Weak social value commitments. No Martyn's Law readiness on contracts that touch venues above 200 capacity. Late portal upload because somebody confused the format requirements with the deadline.

If your security firm's hit rate is below one in five, you are almost certainly making at least three of these seven mistakes. Each one is fixable inside a month, sometimes a week. The discipline of getting them all right at the same time is the bit nobody talks about.

Wrong-fit bids: geography, scale, or scope mismatch. Council civic-centre contracts go to local SMEs that match the patrol radius, not national contractors with the cheapest quote.
No SIA ACS approval. Auto-fail at SQ on most council, NHS, MoD and CCS framework lots.
BS 7858 vetting evidence missing or partial. Buyers want a documented vetting file per deployed operative, not just SIA licence numbers.
Generic operational copy instead of named patrol procedures. "24/7 mobile patrol" loses to "hourly patrol Mon-Sun 18:00-06:00 with named tour points and Deister wand reporting".
Underweight social value. PPN 002 floor of 10% (1 Oct 2025); council security tenders often weight higher.
No Martyn's Law readiness on bids touching 200+ capacity venues. Standard tier April 2027; buyers already asking how contractors will support compliance.
Late or unchecked submission. Portal closes at deadline; corrupt PDFs, blank pricing cells, and signature-block omissions catch out tired bid teams.

The biggest single hit-rate lever for UK security SMEs is bid selection, not bid writing. The contracts you walked from cost you nothing. The ones you bid and lost cost you 30-60 hours per submission.

What's in this guide¶

The 7 mistakes that kill UK security bids
Why each one fails the bid before quality is read
The fix for each, in plain steps
What a winning security bid looks like vs a losing one
FAQs on ACS, BS 7858, Martyn's Law, social value

The 7 mistakes that kill security bids¶

1. Bidding contracts that do not fit your business

The biggest single mistake. Security contracts are intensely local. Manned guarding requires a relief pool within 30-45 minutes of every site. Mobile patrol requires a marked-vehicle response radius the buyer can verify on a map. National contractors win the very biggest lots; regional SMEs win the council civic-centre, housing-estate, and small-NHS work. Bidding outside that pattern wastes 30-60 hours per submission.

Three filters before you read the spec. Geography (response radius achievable from your existing depot). Scale (contract value below 2x your annual turnover). Scope (manned vs mobile vs CCTV vs concierge, only bid the lots you actually deliver). If you are unsure whether ACS is required by name on the contract, the SIA ACS guide covers the buyer-by-buyer pattern in detail.

2. No SIA ACS approval

ACS is voluntary in law (Private Security Industry Act 2001) but mandatory in practice on most UK public-sector security tenders. Crown Commercial Service workplace services frameworks specify it. NHS Shared Business Services security lots specify it. Council contracts above £100,000 specify it almost without exception.

Without ACS, you are auto-failed at the SQ gate. The fix: apply now. Total elapsed time to certificate is 4-6 months. Total first-year cost: £1,500-£3,500. The four main SIA-approved Assessing Bodies are NSI, SSAIB, SafeContractor for Security, and BAFE.

3. BS 7858 vetting evidence missing or partial

BS 7858 is the British Standard for screening personnel in security environments. Most council and NHS security tenders require it on every deployed operative. The evidence is a documented vetting file: 5-year employment history verification, two character references, identity check, right-to-work confirmation, criminal record check (DBS Standard or Enhanced depending on contract), confirmation of qualifications.

Common partial evidence: SIA licence numbers without the underlying vetting. Right-to-work documents without the 5-year history. DBS certificates from earlier employment that have lapsed. Buyers audit the vetting file per operative on demand. If your method statement says "all operatives BS 7858 vetted" but the file is incomplete, you have created misrepresentation risk under the Procurement Act 2023 exclusion grounds.

The fix: run BS 7858 in-house through HR (most ACS contractors do) or partner with a specialist vetting bureau. Maintain a documented file per operative with renewal dates diaried.

4. Generic operational copy instead of named patrol procedures

Quality questions are not asking for your sales pitch. They are asking how you will run this contract on this site, with this staffing model, against this specification.

What scores 4 out of 10: "24/7 mobile patrol with industry-standard reporting". What scores 8-9: "Hourly patrol of the perimeter Monday-Sunday 18:00-06:00, four named tour points (north gate, plant room, refuse compound, accessible parking). Deister Inpro wand reporting at each tour point with timestamp upload. Two named on-call supervisors. SIA licence and BS 7858 vetting numbers attached as appendix."

Name the patrol equipment (Deister, Patrolman, Pegasus). Name the tour-point reporting cadence. Name the supervisor and assistant supervisor. Name the relief cover protocol for sickness or operational incidents. Marking matrices reward density of relevant evidence, not prose length.

PPN 002 (Social Value Model) became mandatory for central government tenders on 1 October 2025 with a 10% minimum scoring weight. Local authority security tenders often weight higher. NHS Trust security lots have run social value at 15%.

Most security bids treat social value as a tick-box at the end. Two community sponsorship lines, mention of Real Living Wage, done. That scores 4 out of 10. The winning answer treats social value as a 10-15% scoring lever and quantifies five commitments mapped to the five PPN 002 themes (jobs, growth, wellbeing, environment, equal opportunity).

Strong security-targeted examples: "Two long-term unemployed local residents recruited and trained to SIA Door Supervisor licence in year one". "Quarterly community-safety walkabouts in partnership with the local Neighbourhood Watch". "Mental health first aid training across 100% of operative shift coverage in year one". "Switch operational vehicle fleet to hybrid by year three within the M25 ULEZ". "Apprenticeship programme partnership with the local further-education college, two starts in year one."

6. No Martyn's Law readiness on 200+ capacity venues

The Terrorism (Protection of Premises) Act 2025, known as Martyn's Law, takes effect April 2027. Standard tier covers venues 200-799 expected attendees and requires public protection procedures. Enhanced tier covers venues 800+ and adds documented public protection plans.

Buyers operating Martyn's Law venues will want documented terrorism-protection capability from their security contractor. From 2026 onwards, this is showing up in tender packs as a quality scoring criterion even on contracts that won't trigger the duty until 2027. Mention named ACT (Action Counters Terrorism) training, named regulator notification support, and named exercise programmes. Generic "we follow industry best practice on terrorism awareness" loses points on this criterion.

7. Late or unchecked submission

The portal closes at the published deadline. Not a minute later. Late bids are non-compliant under the Procurement Act 2023. Buyers do not have discretion to accept them.

Most late bids are not actually late by clock. They are late by file size. By format. By signature. By a missing pricing schedule. The portal accepts the upload, then the buyer's QA opens it on Monday and finds a corrupt PDF, a blank cell on the pricing matrix, or an unsigned declaration.

The fix is a fixed pre-submission cadence. The week before deadline is QA, not writing. D-7: internal review by someone who did not write the bid. D-3: portal upload (even with placeholder text on minor sections, so you have learned the upload mechanics). D-1: full QA pass on the live submission. Final upload at least 24 hours before deadline.

What a winning bid looks like vs a losing one¶

Stage	Losing bid	Winning bid
Tender selection	Bids contracts more than 60 minutes from depot	Filters by geography (response radius), scale, scope match in 10 minutes
SQ stage	Started CHAS / SafeContractor / SMAS application this week. ACS application not started.	ACS approved 12+ months. SafeContractor renewed. ISO 9001 + 14001 + 45001 in place. BS 7858 file per operative.
Pricing	Last year's hourly rate plus 4%. SIA Door Supervisor mark-up not modelled.	Modelled against current SIA licence cost (£190 per 3 years), supervisor uplift, employer NI, holiday pay, sickness contingency, social value cost loaded in
Method statement	Generic "24/7 mobile patrol with reporting"	Site-by-site: hourly patrol times, four named tour points, Deister Inpro wand reporting, named supervisor and reliefs
Social value	Two community sponsorships, Real Living Wage mention	Five quantified commitments mapped to PPN 002 themes (jobs, growth, wellbeing, environment, equal opportunity)
Martyn's Law readiness	Not mentioned	Named ACT training programme, exercise schedule, support for client public protection plan, named contact for regulator notification
Submission	Uploaded 90 minutes before deadline, no internal QA, signature block blank	QA'd a week early, uploaded 48 hours before deadline, every section signed

Side-by-side: typical losing bid characteristics vs winning bid characteristics on a UK public-sector security tender.

What to do this week¶

Pull your last three lost security bids. Mark which of the seven mistakes each one made. The pattern will repeat.
If you do not hold ACS, start the application this week (4-6 month lead time, £1,500-£3,500 first year). Without it, most council and NHS contracts auto-fail you.
Audit your BS 7858 vetting files. One file per deployed operative. 5-year employment history, two references, ID, right-to-work, DBS, qualifications. Renewal dates diaried.
Build five social value commitments mapped to PPN 002 themes. Reuse on every bid with site-by-site adaptation.
Add Martyn's Law readiness to your method statement template. Even on contracts that don't trigger the duty until April 2027, naming ACT training and exercise programmes scores.
Set a pre-submission cadence: D-7 review, D-3 portal upload test, D-1 full QA. Stick to it.

Sources

Procurement Act 2023 (legislation.gov.uk) · Live for new procurements from 24 February 2025; underlying framework for security tender procedures
Private Security Industry Act 2001 (legislation.gov.uk) · Statutory basis for SIA, ACS, and individual operative licensing
Terrorism (Protection of Premises) Act 2025 (legislation.gov.uk) · Martyn's Law; standard tier (200-799) and enhanced tier (800+) duties; enforcement from April 2027
BS 7858 (BSI) · British Standard for screening personnel in security environments; required by most UK public-sector security tenders
PPN 002: Social Value Model (Cabinet Office) · Mandatory from 1 October 2025; 10% minimum social value weighting
SIA Approved Contractor Scheme (ACS) · Voluntary scheme; assessment areas, approved Assessing Bodies, register of approved contractors

FAQs

Frequently asked questions

Why do most UK security tender bids fail?

Most UK security bids fail at the Standard Selection Questionnaire stage, not the quality stage. Buyers run the SQ as pass-or-fail. Common rejections: no SIA ACS approval (mandatory in practice on most council, NHS, MoD, and CCS contracts), insurance shortfall (£10m public liability is the typical floor), missing BS 7858 personnel vetting files, expired ISO certificates. Bids that clear the SQ then lose mostly on social value (under-scoring against the 10% PPN 002 weighting) and on generic patrol-procedure copy that any contractor could submit. The fix: prepare ACS + BS 7858 + ISO once, then use the time saved to write site-by-site method statements with named patrol procedures.

Do I need SIA ACS to bid for council security contracts?

On council security contracts above approximately £100,000, yes in practice. ACS is voluntary in law under the Private Security Industry Act 2001 but specified by name in the SQ on most council civic-centre guarding, housing-estate patrol, and council-portfolio mobile contracts. Below-threshold contracts (under £30,000) sometimes accept SIA Operative Licences alone for individual operatives. Crown Commercial Service workplace services frameworks, NHS Shared Business Services security lots, and MoD contracts almost always specify ACS by name. If you bid public-sector security regularly, ACS is the qualifying gate. Cost: £1,500-£3,500 first year, 4-6 month application elapsed time.

What is BS 7858 and why does my security bid need it?

BS 7858 is the British Standard for screening personnel working in environments where the security and safety of people, goods, and property is a requirement. It covers 5-year employment history verification, two character references, identity check, right-to-work confirmation, criminal record check (DBS Standard or Enhanced depending on contract), and confirmation of qualifications. UK public-sector security tenders typically require BS 7858 vetting on every operative deployed to the contract, in addition to the SIA Operative Licence and the company's ACS approval. The vetting file is auditable on demand by the buyer's compliance team. Lapsed BS 7858 on any deployed operative is a contract breach trigger on most security contracts.

What does Martyn's Law mean for UK security contractors bidding from 2026?

The Terrorism (Protection of Premises) Act 2025, known as Martyn's Law, received Royal Assent in April 2025 and takes effect from April 2027. Standard tier covers venues 200-799 expected attendees and requires public protection procedures (evacuation, invacuation, lockdown, communication). Enhanced tier covers venues 800+ and adds documented public protection plans, proportionate measures, nominated person training. From 2026 onwards, buyers operating Martyn's Law venues will increasingly score security bids on documented terrorism-protection capability: ACT (Action Counters Terrorism) training records, support for client public protection plan development, and exercise programmes. Generic "industry best practice" copy loses points; named training partners and exercise programmes score.

How much social value scoring weight is on a UK security tender in 2026?

Minimum 10% under PPN 002 (Procurement Policy Note 002) on UK central government tenders, mandatory from 1 October 2025. Local authorities increasingly match or exceed that floor. NHS Trust security lots have run social value at 15%. The five PPN 002 themes are jobs, growth, wellbeing, environment, equal opportunity. Strong security-targeted commitments: long-term unemployed local residents trained to SIA Door Supervisor licence in year one; quarterly community-safety walkabouts with the local Neighbourhood Watch; mental health first aid training across 100% of operative shift coverage; hybrid operational vehicle fleet within ULEZ areas; apprenticeship partnership with the local further-education college. Quantify each commitment with a number and a date.