GPS security attendance app: how to prove to the client that the security guard was actually on site
Field Service

GPS security attendance app: how to prove to the client that the security guard was actually on site

May 15, 2026 · 14 min

It is 8.10 am on a Monday morning in November. You are the operations manager of a private security firm in the province of Modena; you have sixty-two security guards on duty, around a hundred sites – including fixed posts and night patrols – and you’re looking at last week’s Excel spreadsheet. As you drink your second coffee, you scroll through the patrols in the industrial area east of the ring road – the one with the three logistics warehouses and the fuel depot – and your eye is caught by a row that doesn’t add up. Guard Rossi clocked in at 23:47 on Thursday at Point 4 – the forecourt behind the depot – with a WhatsApp message sent to his colleague in the operations room: ‘Point 4 OK, everything normal’. The problem is that last night, Saturday, you drove past there at 23:50 and that checkpoint was dark, with no patrol car, and the barrier at the entrance was in exactly the same position as you’d seen it two hours earlier. Perhaps Rossi really did pass through and you didn’t notice. Perhaps he never went there at all and sent the WhatsApp message from his sofa at home, twenty kilometres away.

On Wednesday, the client from the fuel depot calls. An attempted break-in on Thursday night; a CCTV camera captured a shadow at 11.52 pm on the south side of the forecourt, exactly five minutes after Rossi’s supposed visit. He wants to know where the guard was. He wants the access log. He wants proof. And all you have is a WhatsApp message saying ‘Point 4 ok, everything’s fine’. No coordinates, no photos, no motion sensor at the driveway triggered. Just Rossi’s word against the doubts of a client who pays €4,200 a month in security fees and is now threatening not to renew the contract. You already know how it will end: either you give in and offer a discount on this month’s fee, or the contract goes to a competitor who has a certified tracking system. Either way, you lose out.

This is a scenario that every owner or operations manager of a security firm has experienced at least once. It’s almost never down to bad faith on the part of the guard – though sometimes it is – but more often it’s the seasoned guard who, after three hundred rounds a month, skips a check because they know that “nothing ever happens in that car park anyway”; it’s the young new recruit who forgets a check and covers it up with a quick message; it’s the patrol officer who parks outside so as not to waste time with the automatic gate. The problem isn’t the individual incident. It’s that without a chain of objective evidence, every client – whether in the public sector, healthcare, banking or industry – knows that your defence amounts to nothing more than a word and a signature on a paper log. And in a world that demands digital logs for everything, that’s worth less and less.

If a security guard who skips a patrol is left with no defence when confronted by a bank customer, two weeks’ worth of digital logs plug the gap.

No credit card required; up and running in 2 minutes.

Look at the sector

Why self-declared presence no longer holds water in security

In the security sector, proof of presence is the very product you’re selling. When a pharmaceutical company signs a contract for night-time patrols comprising 11 rounds per night, it isn’t buying ‘a person in uniform who goes round’: it is buying eleven chronological and geographical assurances per night, every night, seven days a week. If you cannot objectively demonstrate those eleven certainties, you are selling a service that is structurally identical to that of your competitor, and at that point the client’s decision comes down solely to price. Worse still: the moment something goes wrong – and sooner or later something always does – it is up to you to prove that you have done your job. It is not up to the client to prove that you haven’t.

The paper log of patrols, the ‘daily report’ filled in at the end of a shift at the operations room desk, the radio call with the tired voice of the dispatcher saying ‘patrol complete’, the magnetic key swiped across a wall-mounted reader: these are all systems that have worked for thirty years because nobody had any alternatives. Today, alternatives do exist; your competitors are using them, and your clients – especially institutional ones – are specifying them in their tender documents. Public hospitals, banks, local authorities, energy network operators: recent tenders increasingly include the clause “digital system for tracking access with timestamps and geolocation, data exportable at the client’s request”. If your organisation doesn’t have this, you won’t even be considered for the contract.

On the internal front, the vulnerability is even more serious. A security guard who skips a patrol and covers it up via WhatsApp is not just a service issue: it is a criminal risk for you. If something happens at the site that night – a theft, a fire, or an intrusion with serious consequences – and the investigation reveals that the declared patrol never took place, the security firm will be held liable for breach of contract, possible contributory negligence, and in the most serious cases, the Prefecture may suspend or revoke the licence pursuant to Article 134 of the TULPS. You are building your defence – both with the client and with the authorities – on a WhatsApp message and on human memory. That is not a defence.

What a GPS security attendance app really needs to do

An attendance app designed for security work is not a generic time-recording system that has simply been adapted. It must recognise that the work of a security guard has specific characteristics that software designed for offices or cleaning services cannot handle. The first is the dual nature of fixed posts and mobile patrols: a guard at a hospital entrance needs a single geofenced clock-in at their post, with a minimal margin of tolerance, whilst a patrol officer covering eleven checkpoints across six different sites requires a sequence of timed check-ins, each linked to a narrow geographical perimeter and an expected time of passage. The same app must handle both scenarios without forcing the operations manager to configure two separate systems.

The second is tamper resistance. A GPS surveillance system that merely reads the phone’s location can be bypassed in five minutes using a mock location app, and that is precisely what every ‘experienced’ security guard knows how to do. Three levels of protection are required: detection of fictitious locations at operating system level, a server-signed timestamp at the moment of the tap (not at the moment of synchronisation, which the guard can deliberately delay), and correlation between the check-in coordinates and a consistent sequence of previous check-ins; if Mr Rossi clocks in at 23:47 in Modena and at 23:52 forty kilometres away, the system must automatically flag the anomaly to the operations centre, not at the end of the month in the report.

The third requirement is integration with rest periods. Italian legislation on night work, as applied to the National Collective Labour Agreement for Private Security and Trust Services, imposes precise limits on consecutive hours of service and on rest periods between shifts. An app that merely records clock-in times is not enough: it must show the scheduler, whilst drawing up the weekly rota, whether security guard Rossi – whom you have assigned to the 22:00–06:00 shift on Monday – can legally also be assigned to the 14:00–22:00 shift on Tuesday, or whether they are accumulating hours that will lead to a trade union complaint or an INL inspection. Finally, the fourth feature is the exportable evidence package: every night, it must be able to automatically generate, at the client’s request, a PDF containing the timings of all patrols, coordinates, any photos taken by the guard, reported anomalies, and a cryptographic verification reference. The fuel depot client who calls you on Wednesday doesn’t want an explanation: they want the document. You send it to them by email in three minutes and the conversation is over.

GDPR and the regulatory framework: tracking is lawful, but it must be done properly

The security sector is one of the contexts in which the Data Protection Authority has repeatedly reaffirmed the legitimacy of GPS tracking of workers, recognising the specific purpose of protecting the client’s assets and ensuring the safety of the security guard themselves, who works alone at potentially exposed sites. Article 4 of the Workers’ Statute, in its post-Jobs Act version, explicitly authorises these systems when they are functional to the organisation of the service. The National Collective Labour Agreement for Private Security, supplemented by the ASSIV (Italian Association of Security and Trust Services) protocols, sets out the framework for informing employees. Article 134 of the TULPS and the implementing regulations assign to the Prefecture the responsibility for verifying the lawfulness of the organisation’s operating procedures, and the use of digital tracking systems is now viewed as a positive factor in periodic inspections.

Try GeoTapp free for 14 days

No credit card required. Get started in 2 minutes.

Start free trial

However, what distinguishes a compliant system from one that is at risk is how it is actually managed: data minimisation (collecting location data only during shifts, not 24 hours a day on a personal mobile phone), retention periods consistent with the purpose (90–180 days as a rule, plus the technical time required for any potential litigation), access to data restricted to the operations room and the security manager, a clear and signed privacy notice, and the option for the employee to request access to their own data. An app designed for the sector includes all of this as standard; it doesn’t leave you to manage it with a Word document and a handshake. And when an institutional client – such as a hospital, bank or local authority – asks you during the tender process to appoint an external data processor, you have a document ready to sign rather than having to rush to consult a specialist.

What changes for the client when they see the digital log

There is a psychological effect to delivering the log that is at least as valuable as the objective data itself. The security manager at the fuel depot who calls on Wednesday in a huff, and receives a PDF ten minutes later showing the guard’s patrol route, the exact times, the coordinates, perhaps even a photo of the forecourt taken at 23:48 with the timestamp superimposed, changes his tone in real time. Not because you have ‘won’ the argument, but because they have realised that your organisation operates to professional standards different from what they expected. The conversation shifts from suspicion about the guard to collaboration on how to improve coverage, perhaps by adding a twelfth patrol or bringing the first night patrol forward by half an hour. The contract is renewed – and is often renewed at a higher rate – because the client realises they are paying for a certified service, not a promise.

This effect is amplified in public tenders and calls for tenders from institutional clients. Hospitals, local health authorities, county councils, port and airport authorities: all recent calls for tenders include a requirement for a ‘digital service reporting system with certified data’. Organisations that can attach technical evidence of the system in use to the tender specifications – including screenshots, sample datasets and GDPR compliance certificates – pass the technical stage. The others are excluded, even if they submit a more competitive financial bid. In the high-end private sector – banks, insurance companies and luxury goods clusters – the situation is even clearer: without certified tracking, you won’t even make it onto the shortlist of shortlisted suppliers.


The future that awaits you if you carry on using WhatsApp and paper records

Customer complaints keep coming in, and every time you find yourself on the defensive. The fuel depot doesn’t renew its contract, and word of mouth amongst security managers in the industrial district cuts you out of three other potential contracts this year. The more senior security guards keep skipping rounds at sites they consider ‘quiet’, and you only find out when a problem arises. On the day there really is a break-in at a poorly secured site, the client takes you to court, and you turn up in court with a paper log and a WhatsApp message as your only evidence of the service provided. The Prefecture, during its periodic inspection under Article 134 of the TULPS, highlights shortcomings in your reporting systems and orders you to make adjustments within tight deadlines. Meanwhile, the two largest competitors in the province, who invested in certified tracking two years ago, are winning public tenders and major private contracts, whilst you’re stuck in the low-end market – the one where competition is based solely on the hourly rate for security guards, with ever-shrinking margins and staff turnover spiralling out of control.

The future if you switch to a next-generation GPS system

On Monday morning, you open the app and see all the week’s patrols already consolidated: green for those completed on time, yellow for those slightly delayed, and red for automatically flagged anomalies. For the red ones, you’ve already opened a case on Friday evening; you’ve spoken to the security guard and documented the reason: a broken-down car, an unplanned additional check, or an authorised personal emergency. When the fuel depot client calls, you send them the PDF for Thursday night within three minutes, and the call is wrapped up in ten. You’re starting to win public tenders, because you breeze through the technical specifications with ease. The hourly rates you charge new clients are up by fifteen per cent compared to the price list from two years ago, and clients don’t argue, because they know what they’re getting. The younger security guards – those who understand digital technology – stay with your company because they find a modern organisation; the older ones adapt because the system protects them too, against unfounded accusations from difficult customers. As the operations manager or owner, you step out of your permanent role as a public defender and return to doing what you set the company up to do: selling a professional service to a market that recognises its value.

How to achieve this in practice

You need a tool designed specifically for the sector: geofencing for fixed locations and multiple checkpoints for patrols, detection of fictitious locations and server-signed timestamps, integrated management of rest periods and the limits set by the National Collective Labour Agreement for Security Services, automatic export of PDF reports for each client, documented GDPR compliance and the appointment of an external data protection officer ready to go. It must be a tool that the patrol officer uses without a second thought – a tap at the start and end of a checkpoint, an optional photo if an anomaly is reported – and one that the operations manager checks once a day to spot discrepancies before they turn into disputes.

GeoTapp was built precisely to meet this need, following discussions with security firms for whom the Monday-morning scenario was a routine occurrence. Geofencing of locations, multiple checkpoints for patrols, detection of tampering attempts, exportable PDF reports for each client, and management of GDPR privacy notices for staff. See how it works and try to imagine the next complaint call from a client asking where the guard was, with these tools at your disposal.

What about you? How many times have you found yourself having to defend a security guard’s service to a client demanding proof, only to have nothing but a paper log or a WhatsApp message to show for it? Share your story in the comments – it’s a pressure felt across the entire private security sector, and reading your experiences will also help other operations managers in the same situation.

Think of the next complaint call resolved with GPS tracking, a photo of the gate and the log already in the email.

See the security sector with tracked attendance. Fourteen days, paperless.

No credit card required; up and running in 2 minutes.

See the sector

Get articles like this in your inbox

Practical insights on GPS tracking, field operations and GDPR. No spam, just useful content.

Comments

No comments yet. Be the first.

Leave a comment

Related articles

Read also

Try GeoTapp free for 14 days

No credit card required. Get started in 2 minutes.

Start now

© 2026 GeoTapp — original content. You may quote it and reuse parts with a link to this page. Full republication or commercial use only with our permission.