Multi-site guide
How to deploy lockdown, invacuation, and real-time mustering across an entire portfolio, not just your headquarters.
Introduction
For most of the past twenty years, venue security was treated as best practice. You did it because it was sensible, because your insurer expected it, or because something had gone wrong somewhere and prompted a policy update. The decision of how much to invest, and how, was largely yours to make.
That has changed.
Martyn's Law takes its name from Martyn Hett, one of the twenty-two people killed in the 2017 Manchester Arena attack, and from the campaigning work of his mother, Figen Murray. The Manchester Arena Inquiry found significant failures in communication, perimeter control, and clarity over who was responsible for key decisions on the night of the attack. The legislation is, in part, a direct response to those findings.
The Terrorism (Protection of Premises) Act 2024 converts venue security from a judgment call into a statutory legal obligation. For the first time, qualifying venues must be able to demonstrate, to a regulator, that they have documented procedures, trained staff, and working systems in place to respond to a terrorist incident.
The word "demonstrate" is doing a lot of work in that sentence. Good intentions are not sufficient. A plan filed in a drawer is not sufficient.
You need auditable evidence that your estate can execute a lockdown, communicate with everyone inside, and account for every person on site.
For organisations managing a single building, that is a significant undertaking. For those managing a distributed portfolio of sites, it is considerably more complex.
The multi-site problem is recognisable: a corporate real estate team managing a headquarters and twelve regional offices, an NHS trust with sites across three counties, an FM provider holding contracts across forty venues. Each site has its own capacity, its own hardware, its own procedures. Under Martyn's Law, a compliance failure at one site creates regulatory exposure for the whole organisation.
A patchwork of site-by-site solutions, each managed locally, does not give you the portfolio visibility the legislation demands. The organisations who will find compliance straightforward are those running a single, centralised platform across their entire estate.
Chapter 1
The Act creates two tiers of obligation, determined by the maximum capacity of the venue. The capacity thresholds and specific duties below reflect the Act and Home Office guidance as understood at the time of writing. Your legal team should confirm the precise requirements for each site in your portfolio.
Standard Tier
Foundational obligations
Enhanced Tier
Everything in Standard, plus:
The portfolio reality
Your HQ may be Enhanced Tier. Your regional offices, Standard Tier. Your smaller satellite locations may sit below the threshold entirely but still require clear procedures as a matter of good practice and insurer expectation.
Managing different obligations across different sites, each with potentially different hardware and different local managers, using different systems, is where organisations run into difficulty. The answer is a cloud-based platform that gives you a single view of compliance status across the whole estate, regardless of tier.
Chapter 2
Most fire and evacuation training focuses on getting people out. Martyn's Law introduces a different and equally important scenario: keeping a threat out while protecting the people inside.
Lockdown
Sealing entry points and preventing further access to the building.
Invacuation
Bringing people into a secure area of the building rather than evacuating them.
Both require something traditional access control systems often cannot deliver: the ability to change the state of specific doors and zones instantly, from a central point, under pressure.
A modern access control platform allows central operations to lock down individual doors, specific zones, or entire buildings with a single command. You do not need to send someone to physically lock a door. You do not need to call a site manager who then calls a security guard. The command goes from the platform to the hardware in seconds.
For a multi-site estate, this matters enormously. A security lead at HQ should be able to initiate a lockdown at a regional site remotely, without any dependency on local staff being available or knowing what to do.
Zone-based control also allows you to protect specific areas while keeping others accessible. You might lock external entry points while keeping internal corridors passable for emergency services. A system without zone-level granularity cannot do that.
Locking a door without telling the people inside what is happening creates its own problems. A lockdown procedure only works if the people it is designed to protect understand what is happening and what they are expected to do.
A properly integrated system communicates lockdown or invacuation status instantly to all registered users via a mobile app. Staff, contractors, and visitors who have been registered into the system receive a notification the moment a status is triggered. They know to stay put, which zones are secure, and what to do next.
For Enhanced Tier venues, this kind of documented, auditable communication trail is part of what the SIA will expect to see.
Communication and software controls are only as reliable as the hardware they depend on. Two things matter here.
Secure-side relays route the power supply to the lock through the secure side of the door. If someone attempts to physically attack the reader or its power supply to force entry, the door fails locked rather than open. This is a basic requirement for any door expected to hold under threat, and a surprising number of standard installations omit it.
Offline resilience means that if the network goes down during an incident, doors continue to operate using locally cached permissions. The lockdown state is maintained at the reader. When connectivity is restored, all activity is logged and synced to the platform.
Chapter 3
If lockdown and invacuation are the most significant new requirements of Martyn's Law, emergency mustering is the capability that makes them credible.
A paper roll call works like this: a fire marshal grabs a list, walks to an assembly point, and starts calling names. Staff put up their hands. The marshal ticks them off. Anyone missing is reported to the fire service.
In a building with fifty people and no contractors, that is just about manageable. In a building with three hundred people, twenty contractors, and four agency staff who started this week and are not on the list, it is not.
Paper registers go out of date the moment they are printed. Contractors are rarely on them. Visitors almost never are. The fire marshal covering the north car park assembly point has a list that was last updated six weeks ago. The deputy fire marshal covering the south point cannot find the clipboard.
By the time you have completed a verbal roll call and reported to the incident commander, the fire service has been waiting for twelve minutes. Nobody knows for certain whether the person unaccounted for is genuinely missing or simply went home early.
Under the Terrorism (Protection of Premises) Act 2024, that process is not a credible response to an incident. It is not auditable, it is not repeatable, and it does not give emergency services what they need in the time they need it.
Time to all persons accounted for
From a recent drill at a multi-site healthcare organisation.
A modern emergency mustering system integrates directly with the fire panel. When an alarm triggers, all doors unlock to allow free evacuation. Simultaneously, the system logs the last known location of every person in the building based on their most recent access event.
RFID readers at muster points detect staff, contractor, and visitor badges automatically as people arrive at safe zones. There is no scanning, no tapping in, no manual process. People walk to the muster point and the system registers them.
Emergency coordinators get a live dashboard on a tablet, with three status categories applied automatically:
Instead of a fire marshal shouting names in a car park, you are looking at a live, accurate map of your building. You know within seconds whether everyone is out, which floor the unaccounted person was last on, and whether the building can be confirmed clear.
Standard Tier venues. The ability to execute a documented, auditable evacuation is a core procedural requirement. A system that produces a timestamped, exportable record of the evacuation is demonstrably compliant. A paper roll call is not.
Enhanced Tier venues. The bar is higher. You need to show the SIA that your emergency procedures work under realistic conditions, that everyone on site at the time of an incident is accounted for, and that the process is repeatable. Electronic mustering with a full audit trail is the only credible way to do that. In an investigation or regulatory audit, being able to produce timestamped access and mustering records aligned with your documented procedures will carry significantly more weight than retrospective accounts from staff.
Chapter 4
For organisations managing a single venue, compliance is a building-level problem. For everyone else, it is a portfolio problem.
A cloud-based access control platform gives you a live view of every site in your estate from a single browser window. Real-time occupancy, door status, active alarms, and compliance indicators, all visible at once.
When an incident occurs at a regional office, your security lead at HQ sees it immediately. They can initiate a remote lockdown, communicate with registered users at that site, and monitor the evacuation in real time without being physically present.
For FM providers holding multiple client contracts, this single-pane view is what makes portfolio-level compliance management feasible. You are not relying on individual site managers to escalate correctly and in time. The information is centralised, and the controls are centralised with it.
Portfolio compliance overview
Estate-wide status, refreshed every 60 seconds
Beyond live incident response, the central dashboard gives you a standing view of compliance health across your estate. A red, amber, green traffic light system flags sites with overdue fire drills, expired staff training records, hardware issues, or gaps in visitor logging.
This is not just operationally useful. When a regulator asks how you monitor compliance across your estate, a dashboard that shows the current status of every site, with a timestamped history of alerts and resolutions, is a substantially better answer than a spreadsheet updated monthly by local managers.
Insurers are also moving on this. Organisations that can demonstrate centralised, auditable security management across their estate are increasingly better positioned at renewal than those that cannot.
One of the more significant compliance risks in a multi-site estate is contractors. A subcontractor who has completed induction and holds valid credentials for Site A should not automatically have access to Site B. A contractor barred from one venue for a safety reason should not be able to turn up at another site in your portfolio and be admitted.
Centralised contractor management means credentials, certifications, DBS records, and induction completions are held at the portfolio level, not the site level. Access is granted based on verified, current credentials. A bar or suspension applied centrally takes effect across the entire estate immediately.
Chapter 5
Martyn's Law compliance sits within a broader security picture. This is where a modern platform extends beyond the door.
A digital visitor management system can check new arrivals against a central security watchlist before they are admitted. The watchlist can be maintained at the portfolio level, shared across all sites, and updated in real time.
A visitor or contractor flagged at one site triggers an alert at every site. The system prompts the host before the visit, flags the arrival at sign-in, and prevents a photo ID badge being printed until the situation has been reviewed. For Enhanced Tier venues where documented visitor screening is a regulatory requirement, this is the mechanism that makes screening both reliable and auditable.
Public inquiries into recent attacks have repeatedly highlighted failures in communication, perimeter control, and clarity over who held responsibility for key decisions. Martyn's Law is designed to address those gaps, and the capabilities in this section are one way to operationalise that intent.
Access control events can be linked directly to your Video Management Software. A forced door, a failed access attempt, or a triggered alarm automatically tags the corresponding CCTV footage. Security teams do not need to manually search through hours of recording. They pull the access event and the footage is queued.
Access event
Forced door, Reception West
Verified by
Camera 12, Reception lobby
Footage queued
14:22:30–14:24:00, 90 seconds, auto-tagged
For incident response and regulatory reporting, this matters. An Enhanced Tier venue where a forced-entry event was not reviewed promptly and could not be reconstructed afterwards is not in a strong position with the SIA. A platform that links access events to verified footage, with timestamps, changes that picture considerably.
Chapter 6
The technology described in this guide is widely available. But Martyn's Law compliance is not just a software question. It is a life-safety systems question, and the distinction matters.
When you integrate access control with a fire panel, when your mustering system is linked to real-time RFID tracking at muster points, when your lockdown capability depends on hardware that must hold under physical attack, you are implementing life-safety infrastructure.
If a door fails to lock during a lockdown drill, you cannot afford to be told it is a software issue by your access control provider and a hardware issue by the company who installed the readers, with neither accepting responsibility. In a drill, that is embarrassing and expensive. In an actual incident, it is something else entirely.
The organisations that end up in that position are usually those who procured software from one supplier and installation from another, or whose supplier presents as end-to-end but quietly subcontracts physical installation to third-party engineers who have never worked with the software.
The questions to ask before you sign anything are straightforward. Are the engineers who install and commission this system employed directly by you? Who is responsible for a door fault, end to end, from diagnosis to fix? Who do we call at 11pm if a door is not responding and a drill is scheduled for 8am?
A supplier who answers those questions clearly, with a single point of accountability and an employed UK engineering team, is a fundamentally different proposition from one who does not.
The answers tell you more about what Martyn's Law compliance actually looks like in practice than any product demonstration.
Why this approach works best
If you are evaluating more than one option, four principles separate platforms genuinely built for Martyn's Law compliance from those that have bolted it on.
One team responsible from reader to cloud means no accountability gap and no finger-pointing if a door does not behave as it should during a drill or an incident.
Employed engineers who handle both the hardware install and the software configuration mean the system that gets installed is the system that gets supported.
Martyn's Law tier requirements, fire panel integration, and mustering built into the platform from the ground up, not added as optional modules after the fact.
HQ gets real-time visibility of every site, every compliance indicator, and every live incident, from a single dashboard.
Making your decision
Three things are worth being clear on before your first call.
Map every site against the capacity thresholds and identify whether you are managing Standard Tier, Enhanced Tier, or a mix. That determines the specification you need.
A lockdown procedure that exists as a document but has never been tested against your access control hardware is not a working procedure. An evacuation process that relies on a printed list is not a compliant mustering system.
In a multi-site estate with multiple suppliers, the accountability question is the most important one. If something fails during an inspection or an actual incident, you need to know who owns it.
Before your first call
Score your readiness in five minutes
Take the 10-question readiness checker. Surfaces specific gaps in your current estate before you speak to anyone.
Forward this guide
Send it to whoever owns estates, facilities, and legal in your organisation, with one question: if the SIA audited our largest venue tomorrow, what would they find?
Then book the audit
Speak with a UK-based specialist who will review your current lockdown capabilities, access control hardware, and fire-roll procedures across your estate, and only then set out what a compliant, centralised platform could look like for you.
