Analysis
Building Assessment Certificate application workspace
One-line thesis: Build a narrow BAC application-readiness and regulator-request workspace for principal accountable persons, accountable persons, managing agents and specialist building-safety consultancies operating higher-risk residential buildings in England.
Opportunity takeaway
This is a credible but narrow compliance-workflow opportunity. The strongest version is not another “golden thread” repository. It is a submission-readiness control room for the moment when the Building Safety Regulator tells a principal accountable person (PAP) to apply for a Building Assessment Certificate (BAC), asks for a safety case report, requests more information, or needs evidence that resident engagement, mandatory occurrence reporting, complaints and information-sharing systems are actually operating.
The novelty test versus the existing golden-thread/safety-case corpus is important. The broader golden-thread opportunity already exists as a generic evidence workspace for occupied higher-risk buildings. This BAC version only earns its own slot if it stays closer to regulator-facing application operations: BAC call-in deadlines, exact submission pack status, evidence owner assignment, BSR follow-up handling, version control, decision/remediation tracking, and consultant-to-operator handoff. If it drifts into “store all building safety documents,” it becomes a weaker clone of incumbent golden-thread and risk-assessment tools.
Recommendation: MAYBE / narrow BUILD. Build only as a BAC-readiness overlay that plugs into SharePoint, consultant folders and existing risk platforms, then sells the board-level question: “If BSR called this building in tomorrow, what is missing, who owns it, and what pack would we submit?”
ICP
Best first customer:
- Managing agents with several higher-risk residential buildings and a named building-safety/compliance lead coordinating PAPs, RMC directors, fire engineers, surveyors and resident comms.
- Specialist consultancies preparing safety case reports, resident engagement strategies, MOR processes and BAC packs for clients, then needing a cleaner handoff and follow-up workspace.
- Housing providers or freeholders with a small-to-mid HRB portfolio that is too operationally exposed for spreadsheets but not ready for an enterprise building-safety platform rollout.
Avoid first:
- Generic property managers without higher-risk buildings.
- New-build gateway/construction teams; completion/gateway evidence is adjacent but a different sales motion.
- Large enterprise landlords that already have mature asset, compliance, resident portal and document-control systems.
Pain evidence
The first-party requirement is concrete. BSR’s BAC guidance says the PAP must apply when BSR tells them to do so. For a BAC application, the PAP must provide three core items: the resident engagement strategy, information about the mandatory occurrence reporting (MOR) system, and the safety case report. The same guidance warns not to wait until BSR requests the application: these documents should be prepared as soon as possible when the building is occupied or becomes occupied, or when the organisation becomes the PAP.
The submission pack is only the visible tip. BSR says it assesses whether APs have taken all reasonable steps to prevent and reduce building-safety risks and whether residents and owners are informed and involved. It can ask for more information after submission and can issue a certificate with prescribed terms, refuse an application, or tell the PAP what to fix by a deadline before enforcement action.
The source documents create multiple operational workstreams that are easy to lose across consultants, folders and inboxes:
- Safety case report: BSR says the PAP must send a copy when told to apply for a BAC or any time BSR asks for it. The report should include a date or version number, basic building information, HRB registration number, AP details, construction and fire/structural-risk information, resident profile, management arrangements, and summaries of relevant incidents/enforcement.
- Resident engagement strategy: BSR says the PAP must submit a copy when told to apply for a BAC. The strategy should be building-specific, reflect residents’ needs, and be reviewed at least every two years, after a mandatory occurrence report, and after significant material alterations. The PAP must record each review.
- MOR system: BSR says the PAP must operate a single MOR system, review it regularly, and when told to apply for a BAC submit information showing the system allows reporting/recording, timely assessment, BSR notification as soon as possible, full reports within required timescales, and record keeping.
- Complaints: BSR says the PAP must keep records of relevant complaints for 7 years, including complaint content, AP response steps, regulator involvement and the outcome. The complaints process must also explain how issues are raised, handled and stored.
- Information sharing: APs must keep information electronically, safely transferable without corruption, accurate, secure, clear, accessible in response to requests, and updated with who changed it and when. APs/PAPs must provide information to other APs, residents/owners, relevant landlords, fire and rescue authorities and BSR in defined situations.
The pain is not “we do not know the law.” It is “we have a professional report, a resident strategy PDF, a MOR policy, a complaint spreadsheet, a SharePoint folder, and a consultant inbox — but no single operational view of BAC readiness or regulator-request response.”
Commercial evidence is moderate. RiskBase markets a fire and building risk-assessment platform for property managers and says it helps maintain a golden thread. Twinnedit positions itself as a continuous building-assurance platform for residential HRBs and other sectors, bringing building records, live data and safety information into one system. These competitors prove budget and category awareness, but they also raise the bar: a new entrant should not compete as a broad platform. It should target the narrower BAC “submission pack + regulator request + handoff/version control” job.
Why now
The regime has moved from abstract policy into operational guidance. BSR’s BAC guidance was updated on 1 April 2026 and now gives clearer application-decision language. Occupied higher-risk buildings are already registered, PAP/AP duties are live, and BSR can request the safety case report at any time. The readiness gap is acute because the BAC request is event-driven: a team may not know its precise call-in date, but once contacted it needs to assemble a defensible package quickly.
That makes “pre-call-in readiness” a sellable wedge. A managing agent or consultant can run a BAC-readiness review now, assign missing owners, lock versions, and maintain a live evidence index so the eventual BSR request is a workflow event rather than a scramble.
MVP
Weekend-buildable v1:
- Building dashboard: HRB registration number, PAP/APs, responsible consultants, current BAC-readiness status, BSR contact log, and “if called in today” missing-items list.
- BAC pack builder: required sections for safety case report, resident engagement strategy and MOR system information, each with owner, version/date, evidence link, confidence and sign-off status.
- Regulator-request tracker: log BSR requests, deadlines, response owner, requested artifacts, submitted version, evidence of submission and follow-up decision.
- Evidence ownership and version control: attach or link files from SharePoint/Drive; capture source, owner, review date, change log, and whether this version is approved for BAC submission.
- Readiness checklists mapped to first-party BSR guidance: safety case report content, resident strategy reviews, MOR process evidence, complaints record evidence, information-sharing duties.
- Consultant handoff mode: consultant uploads pack components, maps them to BAC evidence requirements, records assumptions/gaps, and transfers ownership to PAP/managing agent.
- Export pack: ZIP/PDF index for “BAC application pack,” “BSR additional-information request,” “fire and rescue authority pack,” or “new managing agent handoff.”
Do not build BIM/CAD viewers, a generic property-management platform, resident portal, full risk-assessment authoring, contractor procurement, leaseholder finance, or all-purpose golden-thread storage in v1.
Distribution wedge
- Lead magnet: “BAC call-in readiness scan” for one building. The user uploads a document list or folder export and gets a red/amber/green BAC pack status.
- Consultant channel: give building-safety consultants a branded client workspace that reduces chasing, makes gaps visible, and creates a cleaner handoff after the report is written.
- Managing-agent webinars: “What happens if BSR asks for your safety case report tomorrow?” with a practical pack checklist rather than generic Building Safety Act commentary.
- RMC/freeholder boards: sell the governance angle — evidence ownership, approved versions, and audit trail — not just document storage.
- Pricing: per building/month plus setup sprint. A plausible early package is £99-£299 per HRB/month, with higher-touch onboarding for the first pack build.
Competition / substitutes
The strongest substitutes are manual and incumbent:
- SharePoint/OneDrive plus spreadsheets: most likely default, especially when consultants provide static trackers.
- Specialist consultants: they can prepare safety case reports, resident strategies and BAC advice, but the operator still needs a living readiness board after handoff.
- RiskBase: credible adjacent software for fire/building risk assessment and golden-thread maintenance, likely strong where survey/risk workflows are central.
- Twinnedit: broader continuous building-assurance positioning for residential HRBs; likely stronger for organisations wanting a full connected building record.
- Property-management and resident-portal systems: may hold complaint, resident communication, repair and contact records, but often do not map those records to BAC submission evidence.
- Broad golden-thread tools: useful for storage and lifecycle information, but may not be optimized for regulator-call-in workflow, deadline response, pack versioning and consultant-to-PAP operational handoff.
Standalone test:
Pass if the buyer says: “Our documents exist, but nobody can tell the board whether this building is BAC-ready or produce the BSR-request pack without days of chasing.”
Fail if the buyer says: “Our golden-thread/risk platform already gives us a BAC pack, request tracker, approved versions and consultant handoff.”
Risks
- Market size: higher-risk residential buildings are a bounded niche; the product needs high per-building value or a strong consultant channel.
- Incumbent absorption: RiskBase, Twinnedit, enterprise asset/compliance systems or consultancies can add BAC-readiness dashboards.
- One-event wedge: BAC call-in is episodic. Retention must come from ongoing BSR requests, safety case updates, resident strategy reviews, MOR/complaint evidence and handoffs.
- Legal/compliance liability: the tool must be operational evidence software, not a guarantee of compliance or professional judgement.
- Data sensitivity: safety case materials, resident profiles, complaints and fire/structural information need strong access controls, audit logs and clear data-retention rules.
- Workflow complexity: BSR may ask for additional information beyond the simple core pack; the system must handle bespoke requests rather than hard-code a static form.
- Service-charge/procurement friction: RMCs and managing agents may need board approval and clarity on recoverability before paying recurring SaaS fees.
What might be wrong here?
The weakest assumption is that BAC application readiness is distinct enough from the broader golden-thread/safety-case workflow to support a standalone product. Many buyers may reasonably expect their golden-thread vendor, consultant or property-management stack to handle the application pack. The second weakness is urgency: because BSR tells PAPs when to apply, the deadline is not a single market-wide cliff that makes every buyer act at once. The third weakness is evidence: first-party rules clearly prove the workflow and risk, but direct public complaints from APs/PAPs about BAC pack assembly are harder to find than vendor/consultant marketing.
The counterargument is that regulator-request operations are a different product surface from document storage. BAC readiness requires named owners, approved versions, BSR request/deadline tracking, submission evidence, follow-up terms/refusal remediation, and clean handoff between consultants and accountable operators. If interviews confirm that these steps still live in spreadsheets and inboxes, the narrow BAC workspace is meaningfully differentiated.