For the facilities management ("FM") sector, compliance is a significant issue that covers an expanding range of statutory and regulatory areas. Here we consider some of the most significant areas of compliance risk that FM providers and customers face, and how they can be tackled in order to mitigate the risks and associated impacts.


At the root of health and safety compliance is the aim of ensuring the safety of the people who provide and use the facilities. That includes the people providing FM services and customers who benefit from those services.

The potential danger of equipment or facilities failure resulting in injury or even death can be managed and reduced by complying with standards and regulations set forth by public and professional bodies (such as the UK Health and Safety Executive). Regular and consistent inspection and maintenance to ensure compliance to these standards is crucial in managing and mitigating potential risks.

Various compliance processes for areas including fire, electrical, gas, water, air, asbestos, and hazardous waste handling necessitate qualified personnel to monitor and maintain equipment, documented permits to work, risk assessments, and method statements, as well as regular inspections and maintenance schedules. Frequent audits of processes and systems are also imperative. In certain specialised sectors, such as healthcare, facility and equipment management may entail additional regulations.

For this, FM providers need accountability and control across their workforce. Recipients of FM services should embed these obligations in their contracts with FM providers. Providers of FM services should (and generally do) have safety and compliance at the forefront of their minds.


FM service providers need to consider:

  • Are the right people employed for the job?
  • What level of control is needed to ensure your compliance with required standards?
  • Do you have the necessary documentation in place to prove that colleagues with the appropriate qualifications are working in your business?
  • Do you have the appropriate records demonstrating that colleagues are permitted to work in your sector?
  • Are the training records available in the system, with renewal dates noted?
  • What measures are in place to ensure that they are working in a compliant manner?

It is therefore essential that clear records are retained by the FM service provider to ensure that all legal, regulatory, and contractual compliance obligations have been met.

Information Security and Data

As more and more FM data becomes digitised, the greater the risk of security breaches. As HR records, contractual and financial information is increasingly stored by FM service providers (and their customers), it is crucial that all such data is securely stored and shared in ways that are compliant with applicable data protection laws (such as UK GDPR) and potentially standards such as ISO 27001.

In addition to legal and regulatory compliance, all significant FM outsourcing arrangements should stipulate how data (including personal data) is handled.

Contractual Resilience

We have previously published blogs on the importance of contractual resilience. From the perspective of FM service providers, it is crucial that they can effectively manage their supply chains and mitigate the risk of performance delivery issues to the end customer. From a customer's perspective, a clear and robust services agreement sets expectations around the level and scope of service they are to receive.

It is also important to ensure that you store and manage your contracts effectively. We recommend thinking of a contract as a "living and breathing" document – which can be used by both service providers and customers to drive maximum value and efficiencies out of a relationship. If an agreement is varied, are those variations being stored and tracked properly? It is surprising how many organisations fail to ensure proper version control following one or more changes during the term of a contract.

Brodies will be launching our new contract management system for clients very soon which will address these issues.

Reputational Risk

The risks we discuss above carry a significant impact for businesses that fail to address them, including injury or death (in the case of health and safety matters), financial exposure, lost management time, regulatory fines and also reputational risk.

If you require advice on any of the issues discussed in this blog, please do not hesitate to contact our team.