Martyn’s Law marks a fundamental shift in how organisations protect the public from terrorist threats. For Enhanced Tier organisations, this means understanding what the SIA will assess — and ensuring your preparedness is supported by demonstrable, audit-ready evidence, with a practical checklist to guide the process.

The Challenge: Preparedness and Compliance Together

Enhanced Tier organisations face a practical reality: preparedness must work in the moment, and compliance must meet regulatory requirements.

These are not competing priorities, but they are demanding ones. The Designated Senior Individual (DSI) must demonstrate sustained oversight. Security and HSEQ managers must translate risk assessments into executable procedures, while operational teams must coordinate effectively under pressure — all within a framework that withstands regulatory scrutiny.

The answer cannot be a policy folder that sits on a shelf. Nor can it be a periodic reporting exercise disconnected from daily operations. What's required is a solution where preparedness and accountability work together — where the tools used to manage real incidents also generate the evidence required for compliance.

What the SIA Will Assess

The Security Industry Authority (SIA) will evaluate whether organisations have:

  • Documented and accessible Public Protection Procedures
  • Evidence of a "mature testing programme"
  • Functional communication systems under stress
  • Defensible decision-making with traceable audit trails
  • Continuous review and improvement mechanisms

The challenge is rarely understanding what is required. It is embedding these requirements into daily operations in a way that sustains operational control.

What to Look For

To meet Martyn's Law requirements effectively, organisations need a critical event management solution that addresses both operational readiness and regulatory compliance.  

1. Centralised Documentation That's Operationally Accessible

Public Protection Procedures cannot sit in a shared drive that no one accesses during an emergency. They must be:

  • Instantly accessible via mobile and desktop during incidents
  • Version-controlled with clear audit trails
  • Structured to support predefined escalation pathways and task assignments

The DSI needs visibility over where procedures are stored, when they were last reviewed, and who is responsible for executing them.

2. Structured Testing with Automatic Evidence Generation

The SIA expects a "mature testing programme." This means:

  • Regular drills that test procedures under realistic conditions
  • Timestamped records of who participated and what actions were taken
  • Post-exercise reports that identify gaps and drive improvements

Testing should build real capability while automatically generating the audit trail required for compliance — without creating parallel administrative work.

3. Live Coordination with Automatic Record-Keeping

During an incident, operational teams need:

  • Real-time communication across the response team
  • Clear task assignments with immediate visibility of who is doing what
  • Automatic logging of all actions and decisions as they happen

Coordination and record-keeping should not be separate activities. The system used to manage the response should automatically create the documented record of actions and reasoning required by Martyn's Law.

4. Continuous Improvement as Standard Practice

Martyn's Law requires ongoing review and refinement. The solution should:

  • Generate post-incident reports automatically after drills and real events
  • Enable lessons learned to be documented and procedures updated without leaving the platform
  • Maintain a "story of compliance" showing how procedures evolve based on testing and experience

Martyn's Law requires demonstrable evidence that the organisation is learning and adapting over time.

Evaluating Solutions: The Dual Lens

When evaluating potential solutions, apply this dual lens: each requirement should strengthen operational capability while supporting regulatory compliance. The table below shows how this works in practice:

Requirement
Strengthens Preparedness
Supports Compliance

Doument Public Protection Procedures

Ensures plans are accessible and ready to activate

Demonstrates procedures are current and version-controlled

Train & Test Staff

Builds confidence and coordination under pressure

Provides evidence of a structured testing programme

Clear Communication Systems

Enables rapid mobilisation and coordination

Shows communication systems are functional and reliable

Document Protective Measures and Reasoning

Ensures decisions are informed and proportionate to risk

Provides documented rationale required by Martyn's Law

Continuous Review

Embeds learning after exercises or incidents

Demonstrates ongoing improvement

How RAYVN can help

RAYVN’s critical event management solution is built around a continuous resilience cycle that addresses both operational preparedness and regulatory compliance.

This design reflects how mature organisations manage risk in practice.

PLAN PREPARE RESPOND ASSESS &  ADAPT RECOVER
RAYVN’s framework for integrated emergency preparedness and response
Plan - Operationalise Your Risk Assessment

RAYVN operationalises risk assessments through structured templates and centrally accessible Public Protection Procedures via mobile or desktop.

For the DSI: Immediate visibility over who is responsible for what, where procedures are stored, and when they were last reviewed. Oversight becomes a function of operational visibility rather than administrative compilation.

Prepare - Run Training Drills and Exercises

RAYVN enables training drills and exercises — from tabletop scenarios to full-scale simulations — with automatic timestamped reporting. Scenarios can be customised to reflect site-specific risks, generating records of participation, actions taken and response timing.

For Security and HSEQ Managers: A mature testing programme builds operational capability while automatically generating the required audit trail.

Respond - Instantly Mobilise Your Team During an Incident

When an actual incident occurs, RAYVN enables you to instantly mobilise your team, share situational awareness, and coordinate action. Real-time communication, structured task management, and automated time-stamped logs work together. Every action is attributed to a specific user as it happens.

For Operational Teams: Clear instruction, immediate communication, and confidence that actions are being recorded. Coordination and record-keeping are not separate activities — both occur simultaneously during the incident.

Recover - Collaborate with External Partners and Stakeholders

RAYVN enables collaboration with external partners and communication with stakeholders throughout response and recovery. Emergency services can be integrated into the response network, with communication logs maintained automatically to ensure transparency and accountability as operations stabilise.

For Governance and Oversight: Recovery procedures are documented, with supporting time-stamped logs, in automated/custom reports.

Assess & Adapt - Generate Reports and Continuously Improve

RAYVN generates custom reports, maintains timestamped logs, and enables continuous improvement of procedures. Post-incident reports are automatically generated after every drill or real incident, identifying gaps and enabling lessons learned to be documented and procedures updated without leaving the solution.

For Compliance: A "story of compliance" — demonstrable evidence that procedures are tested, reviewed, and refined over time based on actual experience.

Ready to Protect Lives, Ready to Demonstrate Compliance

Martyn's Law emerged from tragedy. Its purpose is clear: to ensure that organisations are genuinely prepared to protect people from terrorist threats — not just on paper but in practice.

Between now and enforcement in Spring 2027, Enhanced Tier organisations have a critical window to build the capabilities that matter: procedures that teams can execute under pressure, training programmes that build real confidence and coordination, and decision-making methods that work when seconds count.

The goal is not simply to comply. It is to be genuinely ready to defend the public — and to have clear evidence of that readiness when required.

RAYVN helps organisations achieve both: real-world preparedness that protects lives and audit-ready accountability that demonstrates compliance.

Caleb Robertson, RAYVN

Ready to see how RAYVN can streamline your preparedness and compliance?

Contact Caleb Robertson to discuss your venue's specific requirements.

Se webinaret

Vil du se integrasjonen i praksis? Vi arrangerte nylig et webinar sammen med Documaster-teamet, hvor vi demonstrerte dataflyten direkte og svarte på spørsmål om håndtering av øvelser kontra reelle hendelser.

Til webinaret

Talk to a RAYVN Expert

Don't just test a tool—optimize your strategy. Sit down with a RAYVN expert to verify our features meet your compliance needs and see how easy it is to manage complex incidents in real-time.

Get Started
Image

Latest news

Image

Martyn’s Law: What UK Venues and Event Organisers Need to Do

Martyns law - enhanced tier venue

Martyn’s Law: Enhanced Tier Preparedness & Compliance

A woman manages a digital archive on a laptop

Bridging Crisis Management and Archiving: The RAYVN + Documaster Integration