WHS Obligations for Security Companies in Australia

Security work is inherently physical, unpredictable, and often performed in high-risk environments. From close protection details in crowded public venues to static guarding at construction sites after hours, security operators face hazards that few other professions encounter on a daily basis. For security business owners and managers, understanding and meeting workplace health and safety (WHS) obligations is not optional — it is a legal duty with serious consequences for non-compliance.

This article explains the WHS duties that apply specifically to security companies operating in Australia, the most common risks in the industry, and practical steps for building a compliant safety management system.

WHS Duties for Security Business Operators (PCBU)

Under the model Work Health and Safety Act — adopted in all Australian states and territories except Victoria and Western Australia, which maintain their own broadly equivalent legislation — the primary duty of care rests with the Person Conducting a Business or Undertaking (PCBU). If you run a security company, you are a PCBU.

The PCBU's primary duty, set out in section 19 of the model WHS Act, is to ensure, so far as is reasonably practicable, the health and safety of workers while they are at work in the business or undertaking. This duty extends to:

• Providing and maintaining a work environment without risks to health and safety
• Providing and maintaining safe plant, structures, and systems of work
• Ensuring the safe use, handling, and storage of substances
• Providing adequate facilities for the welfare of workers
• Providing information, training, instruction, and supervision necessary to protect workers from risks to their health and safety
• Monitoring the health of workers and conditions at the workplace

Importantly, the PCBU duty is non-delegable. You cannot contract out of it by engaging subcontractors or labour hire firms. If a subcontracted security operator is injured on an assignment you manage, your WHS obligations as a PCBU still apply. Multiple PCBUs can share duties concurrently — for example, both the security company and the client whose premises the operator is working at may have overlapping WHS responsibilities.

Officers of the PCBU — typically directors and senior managers — also carry personal duties under section 27 of the model WHS Act. Officers must exercise due diligence to ensure the PCBU complies with its duties. This includes keeping up to date with WHS matters, understanding the hazards and risks associated with the business, and ensuring the business has appropriate resources and processes to manage those risks.

Penalties for breach of WHS duties are substantial. Category 1 offences — where a duty holder's reckless conduct exposes a person to a risk of death or serious injury — can attract fines of up to $3 million for a body corporate and up to $600,000 and five years' imprisonment for an individual.

Common WHS Risks in Security Operations

Security work presents a distinctive set of hazards that must be identified, assessed, and controlled. The following are among the most significant risks facing security operators in Australia.

Violence and aggression. Security operators frequently interact with hostile, intoxicated, or mentally unwell individuals. The risk of physical assault is significantly higher than in most other occupations. WHS regulations require that you assess the likelihood and severity of violence-related risks at each work location and implement controls — such as de-escalation training, communication equipment, buddy systems, and withdrawal procedures.

Fatigue and shift work. Security rosters often involve long shifts, night work, and irregular hours. Fatigue impairs judgement, reaction time, and situational awareness — all of which are critical in security work. Managing fatigue is a WHS obligation, not merely a human resources preference. Rosters should comply with fatigue management guidelines, and operators should be trained to recognise and report fatigue symptoms.

Lone working. Many security assignments involve a single operator working in isolation, sometimes at remote or poorly lit locations. Lone workers face elevated risks because they cannot call on immediate assistance if something goes wrong. Controls include regular check-in protocols, duress alarms, GPS tracking, and clear escalation procedures.

Environmental hazards. Security operators work outdoors in extreme heat, cold, rain, and other adverse conditions. Heat stress is a particularly serious concern in Australian summers. Providing access to water, shade, and appropriate personal protective equipment (PPE) is a basic duty.

Psychosocial hazards. Exposure to traumatic events, verbal abuse, and high-stress situations contributes to psychosocial risks including anxiety, depression, and post-traumatic stress. Under recent amendments to WHS regulations in most jurisdictions, PCBUs are now explicitly required to manage psychosocial risks in the same systematic way as physical risks.

Documenting Risk Assessments and Safety Plans

Meeting your WHS duties requires more than awareness — it requires documentation. Regulators expect to see evidence that you have systematically identified hazards, assessed risks, implemented controls, and monitored their effectiveness.

Site-specific risk assessments. Before deploying operators to a new site or assignment, conduct a risk assessment that identifies the specific hazards at that location. For a close protection detail, this might include assessing venue layouts, crowd density, entry and exit points, potential threat actors, and communication coverage. The assessment should rate each risk by likelihood and consequence, and specify the controls that will be applied.

Standard operating procedures (SOPs). Develop written SOPs for common scenarios, including response to aggression, emergency evacuation, medical incidents, and use of force. SOPs should be regularly reviewed and updated to reflect lessons learned and changes in legislation.

Incident reporting and investigation. Implement a clear process for reporting and investigating incidents, near-misses, and hazards. Under the model WHS Act, certain incidents — including deaths, serious injuries, and dangerous incidents — must be notified to the relevant state or territory WHS regulator. Failure to notify is an offence.

Training records. Maintain records of all WHS training provided to operators, including induction training, site-specific briefings, first aid, and de-escalation training. These records serve as evidence of compliance and are critical in the event of a regulatory investigation or civil claim.

Review and continuous improvement. WHS management is not a set-and-forget exercise. Schedule regular reviews of your safety management system, risk assessments, and SOPs. Involve operators in the review process — they are often the first to identify emerging hazards and practical improvements.

Using Technology to Manage WHS Compliance

The volume of documentation, monitoring, and reporting required for WHS compliance can be overwhelming, especially for security businesses managing multiple sites, clients, and operators simultaneously. Paper-based systems and disconnected spreadsheets create gaps — assessments get lost, training records fall out of date, and incidents go unreported.

Modern security operations platforms offer a far more effective approach. EP-CP, Australia's command platform for executive protection and close protection, provides integrated tools for managing the WHS obligations that security companies face every day.

With EP-CP, you can build risk assessments directly into mission planning, ensuring that every assignment is evaluated before operators are deployed. Operator credentials — including training qualifications, first aid certifications, and licence details — are stored centrally with automated expiry alerts. Mission logs and incident reports are captured in real time, creating a verifiable audit trail that satisfies regulatory requirements.

For lone workers and remote assignments, EP-CP's communication and tracking features provide the visibility you need to monitor operator welfare and respond quickly if something goes wrong. All data is stored securely in compliance with Australian data sovereignty requirements.

US workplace safety comparison. In the United States, workplace safety for security companies is governed by the Occupational Safety and Health Administration (OSHA) at the federal level, with additional state-level OSHA plans in approximately 22 states. While the regulatory framework differs from Australia's model WHS Act and PCBU duties, the practical obligations are similar: employers must identify and mitigate workplace hazards, maintain injury and illness records, provide appropriate training, and report serious incidents. US security companies face the same elevated risks — violence, fatigue, lone working, and psychosocial hazards — and the same expectation from both regulators and clients that these risks are systematically managed. Workers compensation in the US is also state-based, creating the same multi-jurisdictional compliance challenge that Australian companies face.

WHS compliance in the security industry is not a peripheral concern — it is central to running a responsible, sustainable business in both Australia and the United States. By combining rigorous processes with the right technology, you can protect your operators, satisfy your legal obligations, and build the kind of safety culture that clients trust.