This checklist is structured around the Enhanced tier requirements of Martyn's Law, which apply to stadiums and venues where 800 or more individuals may reasonably be expected. Items marked S apply to Standard tier (100+) as well.
Overall Compliance Progress
0 of 32 items complete
Standard Tier: 100–799 capacity
Enhanced Tier: 800+ capacity
Documentation & Security Planning
0/6
Written preparedness plan exists and is current (reviewed within 12 months)
Must describe how the venue would respond to a terrorist attack at or near the premises.
Formal risk assessment completed and documented
Enhanced tier requirement. Must evaluate terrorist threat likelihood and potential consequences specific to the venue.
Security plan is in place and implemented (not just written)
Enhanced tier requires both documentation and implementation of proportionate security measures.
Named Responsible Person (RP) designated for Martyn's Law obligations
The Act requires a specific individual to hold legal responsibility for compliance.
SIA registration completed (when registration opens)
Enhanced duty premises will be required to register with the Security Industry Authority.
Security plan reviewed and updated following any significant incident or change to the venue
Plans should be living documents, not one-off exercises.
⚠️ You have incomplete items in this section. Documentation gaps are the most common cause of SIA compliance failures.
CCTV & Video Surveillance
0/7
CCTV covers all entry and exit points, concourses, and public areas
No significant coverage gaps across the entire spectator footprint.
Footage is recorded and retained for a minimum of 31 days
Retention periods should align with your security plan and any guidance from your local police liaison.
Camera health is monitored automatically — faults trigger real-time alerts
Manual camera checks are not sufficient for large-scale venues. Automated health monitoring (e.g. Wavestore HealthMonitor) is recommended.
Footage export process is defined and can be fulfilled within 24 hours of a request
Police and SIA requests for footage must be fulfilled promptly. Test your export workflow.
VMS provides unified management of all cameras across the venue (single interface)
Fragmented systems with multiple interfaces increase operator error risk and complicate audits.
Perimeter and car park areas are covered
Threats frequently originate outside the main building. External coverage is essential for Enhanced tier venues.
CCTV system is encrypted and access-controlled (cybersecurity compliance)
Insecure camera systems represent a vulnerability. Ensure login credentials are managed and network access is controlled.
⚠️ CCTV coverage gaps are a primary audit risk. A unified VMS with automated health monitoring is the most effective mitigation.
Access Control
0/5
All public entry points have controlled access with the ability to close rapidly
Gate management systems must support rapid lockdown, not just routine ticket checking.
Restricted areas (media, operations, plant rooms) have separate access control with audit logs
Zone-level access control with logged entry events supports both security management and audit evidence.
Access control is integrated with CCTV — entry events trigger video association
Integration enables operators to visually verify access events in real time rather than reviewing logs retrospectively.
Vehicle access to the venue footprint is controlled and monitored
Vehicle-borne threats are a primary stadium risk. Barrier control and ANPR should be documented in the security plan.
Lockdown procedure is documented and operationally tested within 12 months
A written lockdown plan that has never been exercised will not satisfy SIA scrutiny.
⚠️ Unintegrated access control is a common gap. Consider integrating access logs into your central VMS for a unified audit trail.
Evacuation, Communications & Staff Readiness
0/7
Evacuation, invacuation, and lockdown plans are documented for all scenarios
Separate plans for each response type (move out, move in, stay still) are required by ProtectUK guidance.
PA/mass notification system covers all areas of the venue including toilets and concessions
Partial PA coverage is a known life-safety risk. Test coverage maps against seating bowl plans.
All public-facing staff have received CT awareness training (e.g. ACT Awareness e-learning)
The Act expects that staff at Enhanced venues are trained to identify and report suspicious behaviour.
Plans account for vulnerable visitors and provide designated marshals
Evacuation plans must include provisions for wheelchair users, those with hidden disabilities, and unaccompanied children.
Emergency assembly points reviewed and communicated to all staff annually
Assembly points should be reviewed for adequacy at capacity events, not just routine operations.
Live full-scale evacuation exercise conducted within 24 months
Tabletop exercises alone are not sufficient for Enhanced venues at this scale.
First aid resources are stocked and located based on expected crowd volumes
First aid provision must be proportionate to capacity and risk. Ensure locations are known to all stewards.
⚠️ Staff training records are frequently requested by auditors. Ensure CT awareness completion is logged and can be evidenced.
Stadium Control Room & Audit Trail
0/7
All security systems feed into a single unified control room platform
CCTV, access control, intrusion, and analytics should be visible from one interface. Fragmented systems reduce response speed and complicate audits.
All system events are logged with timestamps and operator attribution
The audit log should capture: what happened, when, which system, which operator responded, and what action was taken.
Compliance reports (uptime, incident frequency, response times) can be generated on demand
The ability to produce structured reports quickly is essential for SIA audits and internal governance reviews.
Role-based access ensures compliance managers can review logs without full system access
Auditors and compliance officers should have read-only dashboards, not shared operator credentials.
Control room has redundancy — secondary failover in place if primary systems fail
Single points of failure in the control room are a critical risk at Enhanced venues. Document your resilience architecture.
Incident playback capability: video + access + alarm events on a single timeline
Post-incident review and evidence production require the ability to reconstruct events across all systems simultaneously.
Control room operators have received formal VMS and security systems training within 12 months
Untrained operators are a liability risk. Training records should be maintained and available to auditors.
⚠️ Disconnected control room systems are the most common stadium compliance gap. A unified platform like WaveFusion addresses this directly.
Ready to Close Your Compliance Gaps?
Speak with a Wavestore Systems Architect who specialises in stadium and venue security. We'll review your current setup and map a practical path to Martyn's Law readiness.