CDM 2015 is widely understood as a health and safety regulation. What’s less well understood is that it creates specific, enforceable legal duties around site access — and failing to meet them can result in unlimited fines, work stoppages, and imprisonment for directors.
This isn’t a grey area. The Health and Safety Executive actively prosecutes for access control failures, and the consequences are severe enough that “we had fencing up” rarely constitutes an adequate defence.
The complication for principal contractors is that CDM compliance and effective site security aren’t the same thing — but they’re deeply intertwined. Understanding where one ends and the other begins is harder than most project managers assume, and getting it wrong is expensive.
The duty to prevent unauthorised persons from accessing construction sites sits across several parts of CDM 2015. Principal contractors are specifically required under the regulations to take reasonable steps to prevent unauthorised access to the construction site — a duty that applies throughout the entire construction phase.
Separately, Regulation 17 requires that action be taken, so far as is reasonably practicable, to ensure no person uses access to or egress from a construction site that doesn’t comply with requirements for safe access and a safe working environment. And Schedule 2 reinforces that construction sites must, so far as is reasonably practicable, have their perimeters identified by suitable signs and be fenced off where this is necessary in the interests of health and safety.
That phrase — so far as is reasonably practicable — carries significant legal weight throughout. It doesn’t mean “we put a fence up.” It means demonstrating that the measures implemented were proportionate to the foreseeable risk, properly maintained, and actively monitored.
The HSE’s interpretation is broader than many contractors expect. A padlocked gate that was inspected once at mobilisation and never checked again does not satisfy the standard. Neither does fencing with a known gap that wasn’t repaired promptly.
What the regulations are primarily concerned with is preventing members of the public — particularly children — from wandering into environments where excavations, scaffolding, plant machinery, and falling object risks are present. The safety intent is clear. But the measures required to satisfy it are functionally identical to robust site security.
The regulations don’t prescribe specific measures. They don’t tell you the fencing must be 2.4 metres, that you need CCTV, or that guards are required. What they require is that you can demonstrate proportionate action was taken relative to the risk level of your specific site.
That creates a judgement call — and judgement calls have consequences when they’re wrong.
A residential urban site adjacent to a school carries a materially different risk profile to a remote commercial development. The measures that satisfy “reasonably practicable” on one site may fall significantly short on the other. The Construction Phase Plan must reflect that distinction, and the security arrangements must actually deliver it.
Most principal contractors understand the principle. Fewer have the specialist knowledge to translate it into a defensible, site-specific security arrangement — and fewer still have the time to monitor and maintain it throughout a project lifecycle.
That’s the gap where HSE enforcement tends to find its cases.
A professional construction security provider doesn’t just install fencing. The value is in the assessment, the documentation, and the ongoing management that turns a legal obligation into a demonstrable, auditable compliance posture.
When an HSE inspector arrives — whether reactively after an incident or as a scheduled inspection — what they want to see is evidence. A Construction Phase Plan with a credible, site-specific security section. Inspection logs. Incident records. Evidence that breaches were identified and responded to promptly.
Contractors who work with specialist security providers have that evidence. Those who’ve treated site security as an afterthought generally don’t.
The practical measures that support CDM compliance — perimeter security, access control, lighting, CCTV, manned patrols — also serve as significant deterrents to the construction theft that costs the UK industry an estimated £800 million to over £1 billion annually, according to figures from insurer Allianz Cornhill and more recent industry analysis. It’s the same investment serving two purposes: legal protection and asset protection.
CDM Regulation 12 requires the Construction Phase Plan to be drawn up before the construction site is set up — before work begins. The security and access control section of that document is frequently underdeveloped, and it’s one of the first things the HSE examines when an incident occurs.
A credible Construction Phase Plan security section should address designated access points and how they’re controlled, out-of-hours arrangements including who holds emergency contact responsibility, visitor management and induction procedures, and how the site will respond to and document perimeter breaches.
Vague language doesn’t hold up under scrutiny. “Site will be secured appropriately” is not a documented procedure. Specific, proportionate, site-specific arrangements are.
At Veritech Security, we work with principal contractors to ensure that site security arrangements satisfy CDM 2015 requirements — and that there’s a documented, auditable record to demonstrate it.
Our support includes a CDM access control compliance assessment against your specific site risk profile, drafting the security section of your Construction Phase Plan in language that reflects HSE expectations, installation and maintenance of perimeter security, access control, lighting, and CCTV, and 24/7 monitoring with documented incident response.
The result is a security arrangement that protects your workforce and the public, satisfies your CDM obligations, deters theft, and provides the evidence base that matters if the HSE ever comes knocking.
If you’re mobilising a new project or have concerns about your current site’s compliance posture, speak to Veritech.
Call: 0800 799 9800 (available 24/7) Email: info@veritech-security.com Or request consultation online.
Veritech Security is an SIA-approved contractor holding ISO 9001, ISO 14001, Constructionline, SafeContractor, and RISQS accreditations. We provide construction site security to tier-1 contractors, housebuilders, and infrastructure projects across the UK, with NSI-certified 24/7 monitoring and SC-cleared personnel available for government contracts.
Head Office
18-20 Millbrook Road East,
Southampton, Hampshire, SO15 1HY
Tel: 0800 799 9800
Email: info@veritech-security.com
Hours: Monday - Sunday: Open 24 Hours
Simply complete our quick survey below
