A school gate with a buzzer and a receptionist looking at a screen is a form of access control. So is a networked system with biometric readers, visitor management software and real-time integration with CCTV. Most schools sit somewhere between those two points and are trying to work out whether their current setup is good enough, and if not, what they should be looking at instead. This guide is written for headteachers, business managers and facilities leads who want a clear, practical understanding of access control technology, without having to wade through vendor brochures.
At its most basic, an access control system replaces mechanical keys with digital credentials. The reason this matters is that when a key is lost or a member of staff leaves, a mechanical lock has to be replaced or re-keyed. That is expensive, slow and often does not happen. A digital credential can be deactivated in seconds from the management software, and the audit trail shows exactly when it was last used.
Beyond that core function, a modern access control system gives you time-based restrictions (a contractor can only access specific areas between 8am and 5pm on weekdays), role-based permissions (cleaning staff can access corridors and classrooms but not the server room), visitor management (every person who enters the building is logged with their name, the time they arrived and who authorised their visit), and integration with other systems (a door forced open triggers an alarm and flags the nearest camera to start recording).
In a school context, this last point matters enormously for Keeping Children Safe in Education compliance. KCSiE requires schools to know who is on site at all times. A proper access control system makes that possible in a way that a paper sign-in book genuinely cannot.
The credential is what a person presents to gain access. There are four main types in use in UK schools.
Proximity cards and fobs are the most common. They use radio-frequency identification (RFID) technology, meaning the card or fob does not need to touch the reader, just come within range. They are durable, cheap to replace and easy for staff and older pupils to use. The main risk is that they can be shared or lent, which undermines the audit trail.
Biometric readers use a fingerprint or facial recognition to authenticate the person rather than a physical credential. The significant advantage is that the credential cannot be shared or lost. The main consideration for schools is data protection: biometric data is special category data under UK GDPR, which means stricter rules apply to how it is collected, stored and processed. Schools considering biometrics need to take data protection advice before deployment.
Mobile credentials use a smartphone app with Bluetooth or NFC to open doors. Increasingly common in workplaces, they are less widely used in schools given that many pupils do not carry phones during the school day. They are practical for staff and suitable for sites where a phone-based workflow makes sense.
PIN codes are the least secure option because they can be shared and observed. They are useful as a secondary authentication factor, such as card plus PIN for a high-security area, or for low-security access points, but should not be the primary credential for a school's main entrance.
Understanding what you are buying helps you evaluate whether a quote is reasonable and whether a system will actually do what you need.
Readers are the devices mounted at the door or gate that scan the credential. External readers need to be weatherproof. High-traffic entry points benefit from faster-reading hardware. Some readers support multiple credential types, which is useful if you want to issue cards to most staff but also support mobile credentials for senior leadership.
Door controllers are the hardware that process the access decision. When a credential is presented to the reader, the controller checks whether that credential has permission to open that door at that time. If yes, it signals the electronic lock to release. Controllers can be standalone (one per door) or networked (one controller managing several doors). Networked systems are more flexible and easier to manage centrally.
Electronic locks come in two main types. Fail-safe locks release when power is lost, which is the correct configuration for fire escape routes. In a fire alarm situation, power is cut and doors open automatically. Fail-secure locks remain locked when power is lost, appropriate for high-security areas. The specification matters for fire safety compliance and should be reviewed against your fire risk assessment.
Management software is where you enrol users, set permissions, review the access log and generate reports. The quality and usability of this software varies enormously. A system that is difficult to use tends to be badly managed, which undermines its value. Look for software that makes it easy to add and remove users quickly, set time-based rules without needing an engineer visit, and export reports in a useful format.
A standalone access control system is useful. An access control system that talks to your CCTV and intruder alarm is substantially more powerful.
The most common integration is with CCTV. When a credential is presented at a reader, the nearest camera is triggered to capture the event. This means every door opening is accompanied by a timestamped image of the person who opened it. For investigation purposes, this is far more useful than an access log alone. If an access credential is used at an unexpected time or location, you can check the footage in seconds.
Integration with intruder alarms means that a door forced open, or held open beyond a defined time, triggers an alert. The system can be configured to send that alert to a monitoring centre or to a nominated mobile number. It can also be used to lock down specific zones in response to an alarm event.
Integration with fire systems is a safety requirement rather than an optional extra. Fail-safe door locks must release automatically when the fire alarm is activated. A properly integrated system handles this automatically. A system where someone has to manually unlock doors during an evacuation is a system that will eventually cause a serious problem.
A few practical points that are worth raising with any supplier before you commit to anything.
Scalability. How easy is it to add doors and users as the school grows or its requirements change? A system that requires an engineer visit to add a new user is not well-suited to a busy school environment.
Integration capability. Will it work with your existing CCTV and alarm systems, or does it only integrate with the same manufacturer's products? Proprietary ecosystems can be a false economy if they lock you into expensive hardware for future upgrades.
Software support and updates. Access control software needs to be kept current, particularly given the pace of change in cybersecurity. Ask about the supplier's update policy and what happens to the system when the software reaches end of life.
Data protection compliance. The access log is personal data. Ask how it is stored, who has access and how long it is retained. The supplier should be able to demonstrate that the system supports GDPR-compliant data handling, including data deletion when no longer needed.
Training and ongoing support. The system is only useful if the people managing it know how to use it. Ensure that comprehensive training is included in the installation contract, and that there is a clear support arrangement for faults and questions after handover.
A free site survey is the most useful starting point. We assess your site, talk through your requirements and give you a clear, costed recommendation. No obligation, no pressure.
Get in Touch →